last executing test programs: 5.965050285s ago: executing program 0 (id=994): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0xffffffff}, 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000005c0)={r0}, 0x4) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x11, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x40003, 0x0, 0x0, 0x0, 0x6}, [@call={0x85, 0x0, 0x0, 0x41}, @snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}}]}, &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xc848}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x0, 0xdc0, 0x0, &(0x7f0000000100), 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 5.609180417s ago: executing program 0 (id=1011): r0 = syz_usb_connect(0x5, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000007794608cd0c39007b90000000010902120001fc0000000904"], 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000000c0)={&(0x7f0000000280)=[{0x2000, 0x10, 0x0, 0x0}], 0x1}) 3.540529896s ago: executing program 2 (id=1018): r0 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NBD_CMD_CONNECT(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f0000000a80)={0x3c, r0, 0x1, 0x70bd2b, 0x0, {}, [@NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r1}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0x3ebc94020f3354a6}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0xffff}]}, 0x3c}, 0x1, 0x0, 0x0, 0x2000000}, 0x20000090) 3.534973153s ago: executing program 0 (id=1029): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x8031, 0xffffffffffffffff, 0xf8cde000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) pselect6(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 3.223456079s ago: executing program 2 (id=1022): syz_mount_image$hfsplus(&(0x7f0000000600), &(0x7f0000000640)='./file2\x00', 0x0, &(0x7f000000a180)={[{@gid}, {@barrier}, {@nls={'nls', 0x3d, 'koi8-u'}}, {@gid}, {@type={'type', 0x3d, "e481e91c"}}, {@nodecompose}, {@nodecompose}, {@nobarrier}]}, 0xfe, 0x5e5, &(0x7f0000000680)="$eJzs3UFvHGcZB/D/bGLHDlK6SZOmICSscgA1IrG9kQkSElAKslCFKnHp1Uo2tZVNGtlb5PYAAXFuv0I5mDMHTihIOXDmKxj1iODum9HMzno3ydZZJ8a7Cb+fNPs+s+/MO8/7aHYys1a0Af5vrX6QmUfzyeqV97bL9d2dVmd3p3W3Hyc5k6SRzCUpyrf/kuTL5EF6S77e7xhqn1J8vnpz/eFnl3trc/VSbV8ctt94DnJp9nKt2uMab/mFxxvMcCHJhbqFidvv++fI7hf8XAIA06xITo16v5mcrW/Wy+eA3l1x7x77pfZg0gkAAADACXhtL3vZzrlJ5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvk/r3/4t6afTjhRT93/+frd9LHb/UHk06AQAAAAAAAAA4Bt/ay162c66/vl9Uf/N/q1q5WL1+LR9nK+1s5mq2s5ZuutnMUpLm0ECz22vd7ubSGHsuj9xz+WTmCwAAAAAAAACvqN9ndfD3fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmAZFcqrXVMvFftxM43SSuSSz5XYPkof9+GX2aNIJAAAAwAl4bS972c65/vp+UT3zv1E998/l49xLNxvpppN2blXfBfSe+hu7O63O7k7rbrk8Pe5P/nOkNKoR0/vuYfSRF6stLh3ssZqf51e5koW8n81s5NdZSzftLOTdKlpLkWb97UWzn+fofH/82Nr7z8r1zSqT+dzORpXb1dzMR+nkVhrVHKptDj/i78rqFD+qjVmjW3VbzugXdTsdmlVFZg4qsljXvqzG+cMrccTz5MkjLaVx8B3UxeOr+Zl+cLZuy1q/O801n1keOvveOLwSyeLyv++vd+7dWb+9dWV6pvScnjwnWkOVuHzkSuzv7//2xKdwTGbravSuoke7Wr5V7XsuG/llPsqttHMji7mRlVxPKyv5QVaG6nppjM9a42jXt29/tw5mkvysbqdDWdfzQ3UdvtI1q77hdwZVunD8/wqc/kYdlCfrO1N3RTr/xLW5X4nXD6/EH/fL163OvTub62v3xzzed+q2rMBPn68Sp4++yzjK8+XCwfCPnx1l3+sj+5aqvosHfY2n+i4d9D3rkzpb38M9PdJy1Xd5ZF+r6ntzqG/UXQ4AU+/s22dn5/81/4/5L+b/ML8+/97cO2dunPnmbGb+fvqvp/7c+FPjh8Xb+SK/GTz/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz2/rk0/vrHU67U2BYPLBXJJxN+7/7tOkc35FgwlfmID/uWvdu/evbX3y6fc27q592P6wfe/60sry9euLK9+/ce32Rqe92HuddJoAwDEa3PRPOhMAAAAAAAAAAAAAAOCrnMR/J570HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgFfb6geZeZQiS4tXF8v13Z1Wp1z68WDLuSRFGfwtyZfJg/SWNIeGK77qOMXnqzfXH352eTDWXH/74rD9xvNYLo0ncnrR8ZZfeLzBDBeSXKhbmLj/BgAA//9gDAG4") r0 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) 3.223101503s ago: executing program 3 (id=1023): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f0000000100)={'wpan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NL802154_CMD_DEL_SEC_DEVKEY(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000004c0)={0x20, r2, 0x1, 0x70bd28, 0x25dfdbfd, {}, [@NL802154_ATTR_SEC_DEVKEY={0x4}, @NL802154_ATTR_IFINDEX={0x8, 0x3, r1}]}, 0x20}, 0x1, 0x0, 0x0, 0x80}, 0x20000084) 2.846175643s ago: executing program 3 (id=1026): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000000280)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f00000000c0)={r1}) 2.512386169s ago: executing program 2 (id=1031): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x400) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000040)={0x4000000, 0x9, 0x2}) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f0000000200)={0x4000000, 0x1, 0xfffffffffffffffd}) close(r0) 2.459669055s ago: executing program 5 (id=1033): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000001c0)={0x30, r1, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_REKEY_DATA={0x4}, @NL80211_ATTR_REKEY_DATA={0x10, 0x7a, 0x0, 0x1, [@NL80211_REKEY_DATA_REPLAY_CTR={0xc, 0x3, "9e0262d6caef575b"}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) 2.308200169s ago: executing program 1 (id=1034): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000440)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x8}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0x0, '\x00', 0x7, 0x5, 0x7, 0x6}}}}]}, 0x48}}, 0x0) 2.198671807s ago: executing program 2 (id=1035): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001180)={0x38, r1, 0x7, 0x0, 0x25dfdbfd, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x8800}, 0x4000080) 2.135525458s ago: executing program 1 (id=1036): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={0x0, 0xa0}}, 0x80) r0 = syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2) ioctl$sock_ifreq(r0, 0x8910, &(0x7f0000000000)={'veth0_vlan\x00', @ifru_ivalue=0x4}) ioctl$sock_netdev_private(r0, 0x89f5, &(0x7f0000000000)) 2.085069608s ago: executing program 5 (id=1037): setreuid(0x0, 0xee00) setrlimit(0x40000000000008, &(0x7f00000002c0)={0x4, 0x9}) r0 = shmget$private(0x0, 0x4000, 0x1000, &(0x7f0000ffc000/0x4000)=nil) shmctl$SHM_LOCK(r0, 0xb) 1.9380298s ago: executing program 1 (id=1039): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x280}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000140)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000100)={{&(0x7f000040a000/0x800000)=nil, 0x800000}, 0x2}) 1.898910445s ago: executing program 2 (id=1040): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x6, 0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="1800000000010000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000000000e7850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000b80)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xb}, 0x50) 1.840903494s ago: executing program 5 (id=1041): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}, @window={0x3, 0x0, 0x401}, @window], 0x20000000000000e4) 1.748001536s ago: executing program 3 (id=1043): madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.644497897s ago: executing program 1 (id=1044): r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="b4050000fdff7f006110580000000000c60000000000000095000000000000009f33ef60916e6e713f1eeb0b725ad99b817fd98cd824498949714ffaac8a6f770600dcca55f21f3ca9e822d182054d54d53cd2b6db714e4beb5447000001000000008f2b9000f22425e4097ed62cbc891061017cfa6fa26fa7088c60897d4a6148a1c1e43f00001bde60beac671e8e8fdecb03588aa623fa71f31bf0f871ab5c2ff88afc60027f4e5b5271ed58e835cf0d0000000098b51fe6b1b8d9dbe87dcff414ed000000000000000000000000000000000000000000000000000000b347abe6352a080f8140e5fd10747b6ecdb3540546bf636e3d6e700e5b0500000000000000eb9e1403e6c8f7a187eaf60f3a17f0f046a307a403c19d9829c90bd2114252581567acae715cbe1b57d5cda432c5b910400623d24195405f2e76ccb7b37b41215c184e731fb1"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001100)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x50) prlimit64(0x0, 0x7, &(0x7f0000000180)={0x1, 0x8}, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001240)={r0, r1, 0x26, 0x0, @val=@kprobe_multi=@addrs={0x0, 0x0, 0x0, 0x0, 0x3}}, 0x30) 1.576829264s ago: executing program 5 (id=1045): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000004000a98000000060a0b040000000000000000020000006c00048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000c08000340000000042c0001800a0001006c696d69740000001c0002800c00014000000000000000230c00024000000000000000010900010073797a30000000000900020073797a320000000014000000110001"], 0xc0}}, 0x0) close(r0) 1.394691254s ago: executing program 1 (id=1046): bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x10005}, 0x38) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1, 0xffffffffffffffff, 0x521}, 0x57) 1.326037766s ago: executing program 0 (id=1047): r0 = mq_open(&(0x7f0000001880)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8\x1c`\xbd\xe1e\x80\x7f\xd2&l0\xc1b\xac\x8b\xd8\x01YZy\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL%Jw\x99y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3\x05\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\x81W\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\x0f\xc8\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xc7\xa7\x82\xb9V}`\xb7\xfc@\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\xc2\x8dT\xda\x81g\xd9\x1a:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5m\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5n\x9a W\xb1e\xcc<$\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v>\x9b\n0\xb2 h\xad5\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\'/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f9\xce\x1eYV\xa2\xc4\x03PV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x9b\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xd1\x06F\xef\xbd\xeb\xf0\'\f\f\x003\xecp\x18\x9e\x1d\xeaH\xdaQ%+\xf4\xae\xab0\b\x17W\xba\xaf4E\xe62\xefm\xdd+\xb2\x1b:\xc0cc\x97\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x97s\x03`\xba\xf1\xdb\x05\xe5C)\x8f\xbchyL1:\xc2\xea\x8a\xfc\tq\xfa\xec&\xc7\xde\xf4\xf2\xb9\xe1\xa1\x80)1\xbe@Bt\xb7\xce\xc9\xee\xa8v\t\xfa,\xa2\x9a\xa3\\\xfbM\xb5\xfd\xa9\xe3\x9f\xf7\x85\x87w\x1d]& 8\xb5\xba\xea\xad\xa9\xd4V\xf1\xe9\xaaT\xc8\xff\xaf\xef\x91\xca\x9c\x80\xbeYd]\xfb\x1a\x96?\xb6\xd7{X\xa1H\xeb\xce\xd7\xb7\xf7\x15\xd6\x88\x91\xef{\xf8K@\xb6ch\x1e\x16\xd5m@\xa8\x91\xa5\xc5@\xa7\x00\xab\xc5\xc8\xc8\x9c\xe3:\xac\x1eG\xa0e\'/\x15G\x8e\xe5\x16\xd5S ]\xf8\xa1\xa46\x9a\xf0d!\xc8\x81S\xbc\x18\xdf\xa0\xfek\xb0(\xf7\xba5\x8e\xe5A\xd5l\xfbp\xcb\xa8\xf0b\x91\xc4\xd3+)Sy\x81\xe3\r%C\x03enM\xf1\xdf\xe3b\xb7\x9b\f\x82\xb1z\xcf^\x06\xcd\xa2\x96\xe3\xd5\xbd@1\xbe\x02\xad\\\x89\xd0\xe0\xa8\x11\xb4B\\\x14\\\xed5\x9c\xd7n\x8d\xec\xb5\xcc\xf8q', 0x42, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x0, 0x0) mq_timedsend(r0, 0x0, 0x0, 0xa, 0x0) mq_timedsend(r0, 0x0, 0x0, 0x6, 0x0) 1.273256295s ago: executing program 4 (id=1048): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x406, r0) r2 = dup2(r0, r1) ioctl$sock_inet_udp_SIOCINQ(r2, 0x541b, 0x0) 1.133672473s ago: executing program 4 (id=1049): r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0xffffffffffffffff, 0x181440) ioctl$INCFS_IOC_FILL_BLOCKS(0xffffffffffffffff, 0x80106720, &(0x7f0000000180)={0x0, &(0x7f0000000500)}) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$MON_IOCX_MFETCH(r0, 0xc0109207, &(0x7f0000000180)={0x0, 0xc, 0xffffffff}) 1.110735988s ago: executing program 0 (id=1050): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1400000042000501", @ANYRES64=r0], 0x14}}, 0x20000000) rename(0x0, 0x0) recvmmsg(r0, &(0x7f0000000000)=[{{0x0, 0x140, &(0x7f00000002c0)=[{&(0x7f00000004c0)=""/4091, 0x10e0}, {&(0x7f0000001580)=""/238, 0xf0}], 0x4, 0x0, 0x353}}], 0x40000000000002e, 0x2, 0x0) 953.169672ms ago: executing program 0 (id=1051): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000205f14120200000000000109022400010000600009040180020300000009210604000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="0003c3180f260236d74f2fee72add7a49e13d079"], 0x0, 0x0}, 0x0) 929.712241ms ago: executing program 4 (id=1052): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x4000002, 0x5d031, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_COPY(r0, 0x8010aa01, &(0x7f0000000240)={&(0x7f0000673000/0x4000)=nil, &(0x7f0000b07000/0x3000)=nil, 0x4000, 0x2}) 708.491939ms ago: executing program 4 (id=1053): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x12, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffc}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000010400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x2000002, 0xe, 0x0, &(0x7f0000000200)="df33c9f7b9a60000000200000000", 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) 690.278683ms ago: executing program 5 (id=1054): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000180)={[{@iocharset={'iocharset', 0x3d, 'cp850'}}, {@fmask={'fmask', 0x3d, 0x9e}}, {@errors_remount}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@fmask={'fmask', 0x3d, 0x5}}, {@dmask}, {@gid}, {@dmask={'dmask', 0x3d, 0x1}}, {@errors_continue}, {}], [{@hash}, {@obj_role}, {@subj_role={'subj_role', 0x3d, 'iso8859-7'}}, {@obj_type={'obj_type', 0x3d, '9p\x00'}}, {@fscontext={'fscontext', 0x3d, 'system_u'}}]}, 0x1, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=") mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x101000, 0x190) getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8) 651.971327ms ago: executing program 3 (id=1055): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="3400000013000100000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000014001a80100004800c000680080001"], 0x34}}, 0x0) 569.135359ms ago: executing program 4 (id=1056): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a98010000060a0b0400000000000000000200000064010480600101800a0001006d617463680000005001028008000240000000000b000100706f6c696379000038010300ebae551382395afa4d23edfcbe6d55b57cb15e63c15c46395916e2b388abc3d6ce2316334e8278ad51f6d123a616cf3eb44b275fe6bc6bf402a3f9335458bb7a92f23fc0aa88f2495ff70157ea6b29f7fab11ec362920cab3350208c749f342b38e0df9334cea6fe1e331d76beb7094102d5d409992dcd236e3fd7a8785f97ae9d01b0822c161a491bef0501f8e81ddd66d1b676e8c9f0b2159c2cc0b069669b5af546f644c39bedd627181d27d9c185aae5d910550f08822c6fec60302779b9e812403a2ff826781b4c761bd14eb7515ae224260c9534891afdd05d18b2ffe91f4052766a0b9fe3955bfb1866142e7c1caceb88de7d6e8a5c08ce052bb461f0c7ee914ca5c98c19442d0262a6d04a8e3e29360a9b5871812e08542d54775f5843d70b15871bc247e30d66b83560c014f50000000900010073797a30000000000900020073797a3200000000050007419d00000014000000110001"], 0x1c0}, 0x1, 0x0, 0x0, 0x8010}, 0x4000800) close(0x3) 541.210191ms ago: executing program 2 (id=1057): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000004500)={{'fd', 0x3d, r0}, 0x2c, {'rootmode', 0x3d, 0x4000}}) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 366.847985ms ago: executing program 1 (id=1058): getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) syz_genetlink_get_family_id$ethtool(&(0x7f0000000440), 0xffffffffffffffff) madvise(&(0x7f0000000000/0x600000)=nil, 0x60005f, 0x19) 258.008984ms ago: executing program 3 (id=1059): syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/ipc\x00') mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) r0 = syz_open_procfs(0x0, &(0x7f00000001c0)='oom_score_adj\x00') readlinkat(r0, &(0x7f0000000100)='./mnt\x00', &(0x7f0000000200)=""/65, 0x41) 255.56448ms ago: executing program 5 (id=1060): socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r0, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0x60ae0}], 0x318, 0x0, 0xdb0, 0xf5ffffff}, 0x0) close(r0) sendmsg$tipc(r1, &(0x7f0000000240)={0x0, 0x18, &(0x7f00000000c0), 0x31}, 0x0) 192.170463ms ago: executing program 4 (id=1061): r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000106a05310300000000000109022400010000800009040002010300010009210000000122f80409058103"], 0x0) syz_usb_connect$midi(0x6, 0x45, &(0x7f0000000180)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x20, 0x1430, 0x474b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x33, 0x1, 0x1, 0x0, 0x0, 0x6, "", {{{0x9, 0x4, 0x0, 0x0, 0x2, 0x1, 0x3, 0x20, 0x9, [], [{{0x9, 0x5, 0x9, 0x5, 0x400, 0xbb, 0xff, 0x80, {0xb, 0x25, 0x1, 0x7, "2c069e77d9e955"}}}, {{0x9, 0x5, 0xc, 0xc, 0x8, 0x0, 0x0, 0x6, {0x4}}}]}}}}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 0s ago: executing program 3 (id=1062): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)={0x3c, r1, 0x1, 0x70bd2c, 0x25dfdbfd, {}, [@NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x7}, @NBD_ATTR_SOCKETS={0x10, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_TIMEOUT={0xc, 0x4, 0x1}]}, 0x3c}, 0x1, 0x0, 0x0, 0x80c1}, 0x4000) kernel console output (not intermixed with test programs): orted. [ 126.576100][ T5763] DVB: Unable to find symbol dib7000p_attach() [ 126.577455][ T6257] loop4: detected capacity change from 0 to 40427 [ 126.605046][ T5763] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 126.652650][ T6257] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 126.695089][ T6257] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 126.779365][ T6257] F2FS-fs (loop4): invalid crc value [ 126.877514][ T5763] rc_core: IR keymap rc-dib0700-rc5 not found [ 126.901126][ T5763] Registered IR keymap rc-empty [ 126.934503][ T5763] dvb-usb: could not initialize remote control. [ 126.967721][ T5763] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 127.037210][ T5763] usb 6-1: USB disconnect, device number 3 [ 127.268725][ T5763] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 127.314358][ T6257] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 127.419782][ T6257] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 127.453621][ T6271] loop2: detected capacity change from 0 to 32768 [ 127.457339][ T6257] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 127.481385][ T6271] (syz.2.173,6271,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.527175][ T6271] (syz.2.173,6271,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 127.596332][ T6271] JBD2: Ignoring recovery information on journal [ 127.781150][ T6271] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 127.854160][ T6304] loop1: detected capacity change from 0 to 256 [ 127.868393][ T6304] exfat: Deprecated parameter 'utf8' [ 127.942428][ T5620] syz-executor: attempt to access beyond end of device [ 127.942428][ T5620] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 127.971531][ T6304] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x47dfe6af, utbl_chksum : 0xe619d30d) [ 128.025558][ T5620] CPU: 1 UID: 0 PID: 5620 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 128.025602][ T5620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 128.025622][ T5620] Call Trace: [ 128.025633][ T5620] [ 128.025645][ T5620] dump_stack_lvl+0x100/0x190 [ 128.025690][ T5620] f2fs_stop_checkpoint+0x600/0x9b0 [ 128.025744][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.025787][ T5620] ? errseq_set+0xe3/0x150 [ 128.025842][ T5620] ? errseq_set+0xe3/0x150 [ 128.025900][ T5620] f2fs_write_end_io+0xf59/0x1340 [ 128.025963][ T5620] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 128.026026][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.026078][ T5620] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 128.026132][ T5620] bio_endio+0x78f/0x8f0 [ 128.026182][ T5620] submit_bio_noacct+0x64c/0x2000 [ 128.026229][ T5620] f2fs_submit_write_bio+0x135/0x340 [ 128.026284][ T5620] __submit_merged_bio+0x331/0x780 [ 128.026351][ T5620] __submit_merged_write_cond+0x3fe/0x510 [ 128.026418][ T5620] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 128.026488][ T5620] ? __pfx___might_resched+0x10/0x10 [ 128.026537][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.026589][ T5620] f2fs_write_cache_pages+0x20e9/0x2630 [ 128.026649][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.026700][ T5620] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 128.026741][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.026782][ T5620] ? bpf_ksym_find+0x124/0x1c0 [ 128.026838][ T5620] ? __lock_acquire+0x4a5/0x2630 [ 128.026904][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.026946][ T5620] ? __lock_acquire+0x4a5/0x2630 [ 128.027050][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.027097][ T5620] ? rcu_is_watching+0x12/0xc0 [ 128.027154][ T5620] f2fs_write_data_pages+0x799/0x16d0 [ 128.027208][ T5620] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.027264][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.027308][ T5620] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 128.027359][ T5620] do_writepages+0x278/0x600 [ 128.027418][ T5620] ? __pfx_do_writepages+0x10/0x10 [ 128.027471][ T5620] ? do_raw_spin_unlock+0x145/0x1e0 [ 128.027526][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.027567][ T5620] ? _raw_spin_unlock+0x28/0x50 [ 128.027609][ T5620] filemap_writeback+0x22d/0x2e0 [ 128.027668][ T5620] ? __pfx_filemap_writeback+0x10/0x10 [ 128.027724][ T5620] ? check_noncircular+0x97/0x160 [ 128.027809][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.027852][ T5620] ? find_held_lock+0x2b/0x80 [ 128.027901][ T5620] ? f2fs_sync_dirty_inodes+0x3a6/0x990 [ 128.027944][ T5620] ? f2fs_sync_dirty_inodes+0x3a6/0x990 [ 128.027985][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.028039][ T5620] f2fs_sync_dirty_inodes+0x469/0x990 [ 128.028100][ T5620] block_operations+0x2a6/0xfc0 [ 128.028138][ T5620] ? __bfs+0x150/0x2a0 [ 128.028178][ T5620] ? __pfx_block_operations+0x10/0x10 [ 128.028222][ T5620] ? check_noncircular+0x97/0x160 [ 128.028321][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.028374][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.028418][ T5620] ? rcu_is_watching+0x12/0xc0 [ 128.028471][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.028525][ T5620] f2fs_write_checkpoint+0x582/0x5550 [ 128.028579][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.028625][ T5620] ? _raw_spin_unlock_irq+0x2e/0x50 [ 128.028664][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.028709][ T5620] ? __wait_for_common+0x1f3/0x4c0 [ 128.028755][ T5620] ? __pfx_schedule_timeout+0x10/0x10 [ 128.028825][ T5620] ? __pfx___wait_for_common+0x10/0x10 [ 128.028873][ T5620] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 128.028930][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.028976][ T5620] ? rcu_is_watching+0x12/0xc0 [ 128.029029][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.029074][ T5620] ? kthread_stop+0x280/0x640 [ 128.029119][ T5620] kill_f2fs_super+0x3f1/0x4a0 [ 128.029165][ T5620] ? __pfx_kill_f2fs_super+0x10/0x10 [ 128.029232][ T5620] ? lockdep_hardirqs_on+0x78/0x100 [ 128.029278][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.029332][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.029393][ T5620] deactivate_locked_super+0xc1/0x1b0 [ 128.029442][ T5620] deactivate_super+0xe7/0x110 [ 128.029493][ T5620] cleanup_mnt+0x21f/0x450 [ 128.029552][ T5620] task_work_run+0x150/0x240 [ 128.029597][ T5620] ? __pfx_task_work_run+0x10/0x10 [ 128.029643][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.029683][ T5620] ? rcu_is_watching+0x12/0xc0 [ 128.029739][ T5620] exit_to_user_mode_loop+0x100/0x4a0 [ 128.029779][ T5620] ? srso_alias_return_thunk+0x5/0xfbef5 [ 128.029826][ T5620] do_syscall_64+0x706/0xf80 [ 128.029868][ T5620] ? irqentry_exit+0x117/0x790 [ 128.029916][ T5620] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 128.029951][ T5620] RIP: 0033:0x7f0393d9e017 [ 128.029979][ T5620] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 128.030010][ T5620] RSP: 002b:00007ffd86c6dfa8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 128.030042][ T5620] RAX: 0000000000000000 RBX: 00007f0393e32120 RCX: 00007f0393d9e017 [ 128.030063][ T5620] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd86c6e060 [ 128.030086][ T5620] RBP: 00007ffd86c6e060 R08: 00007ffd86c6f060 R09: 00000000ffffffff [ 128.030110][ T5620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd86c6f0f0 [ 128.030134][ T5620] R13: 00007f0393e32120 R14: 000000000001f332 R15: 00007ffd86c6f130 [ 128.030184][ T5620] [ 128.631512][ T5620] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 128.648322][ T6306] loop5: detected capacity change from 0 to 2048 [ 128.864256][ T6306] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 129.017230][ T6311] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1314: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters [ 129.218774][ T5623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 129.242958][ T5619] ocfs2: Unmounting device (7,2) on (node local) [ 129.427420][ T5879] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 129.617664][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 129.672179][ T5879] usb 5-1: unable to get BOS descriptor or descriptor too short [ 129.691274][ T5879] usb 5-1: config 0 has no interfaces? [ 129.714570][ T5879] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 129.742442][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.774542][ T5879] usb 5-1: Product: syz [ 129.779482][ T5879] usb 5-1: Manufacturer: syz [ 129.786978][ T6323] netlink: 28 bytes leftover after parsing attributes in process `syz.0.186'. [ 129.798523][ T5879] usb 5-1: SerialNumber: syz [ 129.805911][ T5879] usb 5-1: config 0 descriptor?? [ 130.174520][ T6315] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 130.272214][ T6315] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 130.325293][ T5879] usb 5-1: USB disconnect, device number 2 [ 130.581829][ T6336] loop0: detected capacity change from 0 to 1024 [ 130.857173][ T5879] usb 5-1: new full-speed USB device number 3 using dummy_hcd [ 131.057147][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 131.102628][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 131.150366][ T5879] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 131.180404][ T5879] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 131.221238][ T5879] usb 5-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 0.00 [ 131.240073][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.252110][ T5879] usb 5-1: config 0 descriptor?? [ 131.260918][ T6348] loop3: detected capacity change from 0 to 2048 [ 131.280353][ T5879] usbtouchscreen 5-1:0.0: probe with driver usbtouchscreen failed with error -12 [ 131.311885][ T6348] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 131.327168][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 131.481689][ T5879] usbhid 5-1:0.0: can't add hid device: -71 [ 131.501993][ T5879] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 131.554590][ T5879] usb 5-1: USB disconnect, device number 3 [ 131.563351][ T10] usb 6-1: Using ep0 maxpacket: 8 [ 131.585348][ T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0 [ 131.585387][ T10] usb 6-1: config 0 has no interface number 0 [ 131.585440][ T10] usb 6-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 131.585500][ T10] usb 6-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 131.585540][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.623027][ T10] usb 6-1: config 0 descriptor?? [ 131.674205][ T5621] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 131.783917][ T10] iowarrior 6-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 131.944421][ T5763] usb 6-1: USB disconnect, device number 4 [ 132.206527][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.215049][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.239867][ T5879] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 132.428762][ T5879] usb 4-1: Using ep0 maxpacket: 16 [ 132.456472][ T5879] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 132.509095][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 132.555765][ T5879] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 132.574735][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.583273][ T5879] usb 4-1: Product: syz [ 132.592651][ T5879] usb 4-1: Manufacturer: syz [ 132.605860][ T5879] usb 4-1: SerialNumber: syz [ 132.628258][ T5879] usb 4-1: config 0 descriptor?? [ 132.675106][ T5879] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 132.713047][ T5879] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 132.750059][ T6377] loop4: detected capacity change from 0 to 1024 [ 132.772495][ T6379] loop5: detected capacity change from 0 to 64 [ 133.006089][ T6385] Zero length message leads to an empty skb [ 133.293843][ T5879] em28xx 4-1:0.0: chip ID is em2710 [ 133.495772][ T5879] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 133.499963][ T5879] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 133.499995][ T5879] em28xx 4-1:0.0: No AC97 audio processor [ 133.553546][ T5879] usb 4-1: USB disconnect, device number 4 [ 133.558639][ T5879] em28xx 4-1:0.0: Disconnecting em28xx [ 133.642785][ T5879] em28xx 4-1:0.0: Freeing device [ 134.015590][ T6408] netlink: 104 bytes leftover after parsing attributes in process `syz.1.225'. [ 134.030499][ T6406] 8021q: adding VLAN 0 to HW filter on device macsec1 [ 134.072284][ T5782] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 134.337114][ T5782] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 134.508325][ T5782] usb 6-1: Using ep0 maxpacket: 32 [ 134.528064][ T5782] usb 6-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.551052][ T5782] usb 6-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 134.567159][ T5625] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 134.577203][ T5782] usb 6-1: config 0 interface 0 has no altsetting 0 [ 134.594749][ T5782] usb 6-1: New USB device found, idVendor=5543, idProduct=3031, bcdDevice= 0.00 [ 134.608021][ T6423] tmpfs: Cannot change global quota limit on remount [ 134.627120][ T5782] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.658943][ T5782] usb 6-1: config 0 descriptor?? [ 134.739543][ T5625] usb 4-1: config 0 has an invalid interface number: 50 but max is 0 [ 134.779089][ T5625] usb 4-1: config 0 has no interface number 0 [ 134.813387][ T5625] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 134.882379][ T5625] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 134.915923][ T5625] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.946376][ T5625] usb 4-1: Product: syz [ 134.956482][ T5625] usb 4-1: Manufacturer: syz [ 134.966608][ T5625] usb 4-1: SerialNumber: syz [ 134.969825][ T6410] loop4: detected capacity change from 0 to 32768 [ 134.998991][ T5625] usb 4-1: config 0 descriptor?? [ 135.012651][ T6410] (syz.4.224,6410,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 135.055959][ T5625] yurex 4-1:0.50: USB YUREX device now attached to Yurex #0 [ 135.059746][ T6410] (syz.4.224,6410,0):ocfs2_block_check_validate:400 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 135.155479][ T6410] JBD2: Ignoring recovery information on journal [ 135.280374][ T6410] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 135.313850][ T5782] usb 6-1: language id specifier not provided by device, defaulting to English [ 135.353538][ T5879] usb 4-1: USB disconnect, device number 5 [ 135.393991][ T5879] yurex 4-1:0.50: USB YUREX #0 now disconnected [ 135.515208][ T5782] uclogic 0003:5543:3031.0001: failed retrieving Huion firmware version: -71 [ 135.545964][ T5782] uclogic 0003:5543:3031.0001: failed probing parameters: -71 [ 135.579029][ T5782] uclogic 0003:5543:3031.0001: probe with driver uclogic failed with error -71 [ 135.640081][ T5782] usb 6-1: USB disconnect, device number 5 [ 135.900941][ T5620] ocfs2: Unmounting device (7,4) on (node local) [ 137.430120][ T6476] loop0: detected capacity change from 0 to 256 [ 137.471189][ T6476] exfat: Deprecated parameter 'utf8' [ 137.497158][ T5879] IPVS: starting estimator thread 0... [ 137.513654][ T6476] exfat: Deprecated parameter 'utf8' [ 137.538867][ T6476] exfat: Deprecated parameter 'namecase' [ 137.570083][ T6476] exfat: Deprecated parameter 'utf8' [ 137.607210][ T6476] exfat: Deprecated parameter 'namecase' [ 137.623293][ T6487] IPVS: using max 23 ests per chain, 55200 per kthread [ 137.684399][ T6476] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 140.200890][ T6554] loop0: detected capacity change from 0 to 16 [ 140.293815][ T6554] erofs (device loop0): mounted with root inode @ nid 36. [ 140.407362][ T6554] erofs (device loop0): bogus lookback distance 1 @ lcn 0 of nid 89 [ 140.434317][ T6554] erofs (device loop0): readahead error at folio 0 @ nid 89 [ 140.481053][ T6554] syz.0.276: attempt to access beyond end of device [ 140.481053][ T6554] loop0: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 140.645489][ T6554] erofs (device loop0): bogus lookback distance 1 @ lcn 0 of nid 89 [ 140.713208][ T6554] erofs (device loop0): read error -117 @ 0 of nid 89 [ 140.768979][ T30] audit: type=1800 audit(1777328345.814:7): pid=6554 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.276" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 141.458400][ T6566] loop3: detected capacity change from 0 to 4096 [ 141.525526][ T6556] syz.0.276 (6556): drop_caches: 2 [ 141.565507][ T6569] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 142.217865][ T6583] loop2: detected capacity change from 0 to 256 [ 142.545019][ T6590] warning: `syz.4.291' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 143.012056][ T5856] kernel write not supported for file /comedi4 (pid: 5856 comm: kworker/1:7) [ 143.500153][ T6614] process 'syz.3.312' launched '/dev/fd/4' with NULL argv: empty string added [ 144.352256][ T6634] netlink: 'syz.3.309': attribute type 10 has an invalid length. [ 144.438740][ T6634] 8021q: adding VLAN 0 to HW filter on device netdevsim1 [ 144.483377][ T6634] team0: Port device netdevsim1 added [ 144.567347][ T5776] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 144.743087][ T5776] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 144.776136][ T5776] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.825137][ T5776] usb 5-1: config 0 descriptor?? [ 144.856101][ T5776] cp210x 5-1:0.0: cp210x converter detected [ 144.858360][ T6622] loop1: detected capacity change from 0 to 32768 [ 145.487397][ T5776] cp210x 5-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 145.500588][ T6652] loop5: detected capacity change from 0 to 256 [ 145.517616][ T5776] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 145.543706][ T5776] usb 5-1: cp210x converter now attached to ttyUSB0 [ 145.595406][ T5776] usb 5-1: USB disconnect, device number 4 [ 145.610366][ T6652] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 145.675693][ T5776] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 145.710753][ T5776] cp210x 5-1:0.0: device disconnected [ 145.986294][ T6656] loop2: detected capacity change from 0 to 64 [ 146.143522][ T6660] loop0: detected capacity change from 0 to 128 [ 146.555317][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.555317][ T138] loop0: rw=1, sector=141, nr_sectors = 1 limit=128 [ 146.600438][ T138] Buffer I/O error on dev loop0, logical block 141, lost async page write [ 146.650965][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.650965][ T138] loop0: rw=1, sector=142, nr_sectors = 1 limit=128 [ 146.657179][ T5776] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 146.709481][ T138] Buffer I/O error on dev loop0, logical block 142, lost async page write [ 146.728858][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.728858][ T138] loop0: rw=1, sector=143, nr_sectors = 1 limit=128 [ 146.743130][ T138] Buffer I/O error on dev loop0, logical block 143, lost async page write [ 146.752859][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.752859][ T138] loop0: rw=1, sector=144, nr_sectors = 1 limit=128 [ 146.766587][ T138] Buffer I/O error on dev loop0, logical block 144, lost async page write [ 146.775341][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.775341][ T138] loop0: rw=1, sector=145, nr_sectors = 1 limit=128 [ 146.789908][ T138] Buffer I/O error on dev loop0, logical block 145, lost async page write [ 146.802371][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.802371][ T138] loop0: rw=1, sector=146, nr_sectors = 1 limit=128 [ 146.816605][ T138] Buffer I/O error on dev loop0, logical block 146, lost async page write [ 146.840060][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.840060][ T138] loop0: rw=1, sector=148, nr_sectors = 1 limit=128 [ 146.866266][ T138] Buffer I/O error on dev loop0, logical block 148, lost async page write [ 146.885793][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.885793][ T138] loop0: rw=1, sector=149, nr_sectors = 1 limit=128 [ 146.905353][ T5776] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.930691][ T5776] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.945760][ T138] Buffer I/O error on dev loop0, logical block 149, lost async page write [ 146.959125][ T5776] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 146.974471][ T138] kworker/u8:6: attempt to access beyond end of device [ 146.974471][ T138] loop0: rw=1, sector=150, nr_sectors = 8 limit=128 [ 146.990257][ T5776] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.032844][ T5776] usb 3-1: config 0 descriptor?? [ 147.072642][ T6654] loop1: detected capacity change from 0 to 32768 [ 147.518241][ T5776] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 147.547524][ T5776] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 147.564505][ T5776] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 147.586446][ T5776] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 147.609654][ T5776] playstation 0003:054C:0DF2.0002: unknown main item tag 0x0 [ 147.704084][ T5776] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.2-1/input0 [ 147.727141][ T5763] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 147.831793][ T5776] playstation 0003:054C:0DF2.0002: Invalid byte count transferred, expected 20 got 0 [ 147.877795][ T5776] playstation 0003:054C:0DF2.0002: Failed to retrieve DualSense pairing info: -22 [ 147.911524][ T5763] usb 4-1: config 220 has too many interfaces: 184, using maximum allowed: 32 [ 147.930459][ T5776] playstation 0003:054C:0DF2.0002: Failed to get MAC address from DualSense [ 147.954406][ T5763] usb 4-1: config 220 has 1 interface, different from the descriptor's value: 184 [ 147.969924][ T5776] playstation 0003:054C:0DF2.0002: Failed to create dualsense. [ 147.995793][ T5763] usb 4-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=e1.85 [ 148.036024][ T5763] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.057853][ T5776] playstation 0003:054C:0DF2.0002: probe with driver playstation failed with error -22 [ 148.117806][ T5776] usb 3-1: USB disconnect, device number 3 [ 148.144263][ T5763] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 148.208414][ T6686] fido_id[6686]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 148.259982][ T957] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 148.323403][ T5763] gspca_sn9c2028: read1 error -32 [ 148.339991][ T5763] gspca_sn9c2028: read1 error -32 [ 148.447359][ T957] usb 6-1: Using ep0 maxpacket: 32 [ 148.457376][ T10] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 148.479823][ T957] usb 6-1: unable to get BOS descriptor or descriptor too short [ 148.495965][ T957] usb 6-1: config 0 has no interfaces? [ 148.516146][ T957] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 148.531266][ T957] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.558068][ T957] usb 6-1: Product: syz [ 148.564254][ T957] usb 6-1: Manufacturer: syz [ 148.573595][ T957] usb 6-1: SerialNumber: syz [ 148.604753][ T5763] usb 4-1: USB disconnect, device number 6 [ 148.606219][ T957] usb 6-1: config 0 descriptor?? [ 148.647110][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 148.658425][ T10] usb 1-1: unable to get BOS descriptor or descriptor too short [ 148.673201][ T10] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64 [ 148.707862][ T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 148.725100][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.757420][ T10] usb 1-1: Product: syz [ 148.780110][ T10] usb 1-1: Manufacturer: syz [ 148.795238][ T10] usb 1-1: SerialNumber: syz [ 148.925758][ T6688] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 148.976880][ T6688] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 148.979995][ T6696] tc_dump_action: action bad kind [ 149.030423][ T5782] usb 6-1: USB disconnect, device number 6 [ 149.051319][ T6690] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 149.273356][ T6702] loop4: detected capacity change from 0 to 64 [ 149.313945][ T957] kernel write not supported for file /input/event2 (pid: 957 comm: kworker/0:2) [ 150.011911][ T6708] loop2: detected capacity change from 0 to 32768 [ 150.026782][ T10] cdc_ncm 1-1:1.0: SET_CRC_MODE failed [ 150.034447][ T5782] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 150.043745][ T10] cdc_ncm 1-1:1.0: SET_NTB_FORMAT failed [ 150.054723][ T6708] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 150.063619][ T6708] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 150.099440][ T6708] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 150.115657][ T957] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 150.125595][ T957] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 150.139673][ T10] cdc_ncm 1-1:1.0: bind() failure [ 150.170351][ T10] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 150.221530][ T10] cdc_ncm 1-1:1.1: bind() failure [ 150.295633][ T5782] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 150.313468][ T10] usb 1-1: USB disconnect, device number 3 [ 150.333246][ T5782] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 150.386516][ T5782] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 150.443117][ T5782] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 150.509552][ T5782] usb 6-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 0.00 [ 150.551108][ T5782] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 150.586097][ T957] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 460ms [ 150.603882][ T5782] usb 6-1: config 0 descriptor?? [ 150.621804][ T957] gfs2: fsid=syz:syz.0: jid=0: Done [ 150.641596][ T5782] usbtouchscreen 6-1:0.0: probe with driver usbtouchscreen failed with error -12 [ 150.652708][ T6708] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 150.790178][ T6708] gfs2: fsid=syz:syz.0: found 1 quota changes [ 150.827181][ T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 150.838509][ T5782] usbhid 6-1:0.0: can't add hid device: -71 [ 150.844897][ T5782] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 150.867731][ T5782] usb 6-1: USB disconnect, device number 7 [ 151.007789][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 151.024381][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.042498][ T5619] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed - function = gfs2_qd_dispose, file = fs/gfs2/quota.c, line = 129 [ 151.058931][ T5619] CPU: 1 UID: 0 PID: 5619 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 151.058979][ T5619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 151.059002][ T5619] Call Trace: [ 151.059014][ T5619] [ 151.059027][ T5619] dump_stack_lvl+0x100/0x190 [ 151.059074][ T5619] gfs2_assert_warn_i.cold+0x3a/0x118 [ 151.059131][ T5619] ? __pfx_gfs2_assert_warn_i+0x10/0x10 [ 151.059198][ T5619] ? srso_alias_return_thunk+0x5/0xfbef5 [ 151.059252][ T5619] gfs2_qd_dispose+0x5dd/0x720 [ 151.059309][ T5619] gfs2_quota_cleanup+0x361/0x770 [ 151.059377][ T5619] ? __pfx_gfs2_quota_cleanup+0x10/0x10 [ 151.059444][ T5619] ? srso_alias_return_thunk+0x5/0xfbef5 [ 151.059494][ T5619] ? __pfx___might_resched+0x10/0x10 [ 151.059547][ T5619] ? srso_alias_return_thunk+0x5/0xfbef5 [ 151.059593][ T5619] ? up_write+0x28c/0x4f0 [ 151.059650][ T5619] gfs2_make_fs_ro+0x11d/0x370 [ 151.059696][ T5619] ? __pfx_gfs2_make_fs_ro+0x10/0x10 [ 151.059745][ T5619] ? srso_alias_return_thunk+0x5/0xfbef5 [ 151.059795][ T5619] ? __pfx___might_resched+0x10/0x10 [ 151.059846][ T5619] ? gfs2_put_super+0x149/0x670 [ 151.059889][ T5619] ? srso_alias_return_thunk+0x5/0xfbef5 [ 151.059947][ T5619] gfs2_put_super+0x1a4/0x670 [ 151.059997][ T5619] ? __pfx_gfs2_put_super+0x10/0x10 [ 151.060043][ T5619] generic_shutdown_super+0x167/0x360 [ 151.060098][ T5619] kill_block_super+0x3b/0xa0 [ 151.060147][ T5619] gfs2_kill_sb+0x4a9/0x590 [ 151.060190][ T5619] deactivate_locked_super+0xc1/0x1b0 [ 151.060245][ T5619] deactivate_super+0xe7/0x110 [ 151.060299][ T5619] cleanup_mnt+0x21f/0x450 [ 151.060367][ T5619] task_work_run+0x150/0x240 [ 151.060417][ T5619] ? __pfx_task_work_run+0x10/0x10 [ 151.060465][ T5619] ? srso_alias_return_thunk+0x5/0xfbef5 [ 151.060510][ T5619] ? rcu_is_watching+0x12/0xc0 [ 151.060571][ T5619] exit_to_user_mode_loop+0x100/0x4a0 [ 151.060617][ T5619] ? srso_alias_return_thunk+0x5/0xfbef5 [ 151.060667][ T5619] do_syscall_64+0x706/0xf80 [ 151.060712][ T5619] ? irqentry_exit+0x117/0x790 [ 151.060762][ T5619] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 151.060801][ T5619] RIP: 0033:0x7f7f00f9e017 [ 151.060829][ T5619] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 151.060864][ T5619] RSP: 002b:00007ffc77d46ef8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 151.060922][ T5619] RAX: 0000000000000000 RBX: 00007f7f01032120 RCX: 00007f7f00f9e017 [ 151.060946][ T5619] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc77d46fb0 [ 151.060969][ T5619] RBP: 00007ffc77d46fb0 R08: 00007ffc77d47fb0 R09: 00000000ffffffff [ 151.060992][ T5619] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc77d48040 [ 151.061014][ T5619] R13: 00007f7f01032120 R14: 0000000000024d6f R15: 00007ffc77d48080 [ 151.061065][ T5619] [ 151.069029][ T10] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 151.443701][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.475573][ T10] usb 1-1: config 0 descriptor?? [ 152.006865][ T10] mcp2221 0003:04D8:00DD.0003: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 152.199595][ T6754] loop1: detected capacity change from 0 to 4096 [ 152.432921][ T5763] usb 1-1: USB disconnect, device number 4 [ 152.454522][ T6754] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 152.515345][ T6745] orangefs_mount: mount request failed with -4 [ 152.564357][ T6754] ntfs3(loop1): Failed to initialize $Extend/$ObjId. [ 152.845882][ T6770] ntfs3(loop1): ino=1e, "file1" attr_set_size_ex [ 152.882527][ T5776] IPVS: starting estimator thread 0... [ 152.951464][ T30] audit: type=1800 audit(1777328357.994:8): pid=6754 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.353" name="file1" dev="loop1" ino=30 res=0 errno=0 [ 153.007566][ T6776] IPVS: using max 22 ests per chain, 52800 per kthread [ 153.112152][ T6770] ntfs3(loop1): ino=1e, "file1" attr_set_size_ex [ 153.330381][ T6785] loop3: detected capacity change from 0 to 256 [ 153.481283][ T6785] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 153.817619][ T5776] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 153.912537][ T6799] loop3: detected capacity change from 0 to 128 [ 153.942160][ T6799] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 153.999280][ T5776] usb 1-1: Using ep0 maxpacket: 32 [ 154.027211][ T5776] usb 1-1: unable to get BOS descriptor or descriptor too short [ 154.069342][ T5776] usb 1-1: config 0 has no interfaces? [ 154.085783][ T6767] loop2: detected capacity change from 0 to 32768 [ 154.095832][ T5776] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 154.150744][ T5776] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.169102][ T6767] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 154.211751][ T5776] usb 1-1: Product: syz [ 154.222872][ T5776] usb 1-1: Manufacturer: syz [ 154.232757][ T5776] usb 1-1: SerialNumber: syz [ 154.249177][ T5776] usb 1-1: config 0 descriptor?? [ 154.383208][ T6767] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 154.486231][ T138] FAT-fs (loop3): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 154.500592][ T6767] XFS (loop2): Starting recovery (logdev: internal) [ 154.565229][ T6792] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.603321][ T6767] XFS (loop2): Ending recovery (logdev: internal) [ 154.622024][ T6792] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.665355][ T5776] usb 1-1: USB disconnect, device number 5 [ 154.841791][ T6819] macvtap1: entered promiscuous mode [ 154.853239][ T6782] loop4: detected capacity change from 0 to 32768 [ 154.870280][ T6819] macvtap1: entered allmulticast mode [ 154.911088][ T6782] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.363 (6782) [ 155.075718][ T6782] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 155.124645][ T6782] BTRFS info (device loop4): using blake2b checksum algorithm [ 155.163031][ T5619] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 155.217383][ T5776] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 155.429162][ T5776] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 155.490511][ T5776] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 155.531120][ T5776] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.531185][ T6782] BTRFS info (device loop4): enabling ssd optimizations [ 155.552806][ T5776] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 155.577220][ T6782] BTRFS info (device loop4): turning on async discard [ 155.603752][ T6782] BTRFS info (device loop4): enabling free space tree [ 155.614015][ T5776] usb 1-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 0.00 [ 155.627745][ T6782] BTRFS info (device loop4): use zstd compression, level 3 [ 155.653885][ T5776] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.691920][ T5776] usb 1-1: config 0 descriptor?? [ 155.697621][ T5763] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 155.733380][ T5776] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -12 [ 155.769013][ T30] audit: type=1800 audit(1777328360.814:9): pid=6782 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.363" name="file1" dev="loop4" ino=260 res=0 errno=0 [ 155.887875][ T5763] usb 4-1: Using ep0 maxpacket: 8 [ 155.899256][ T5763] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 155.912748][ T5763] usb 4-1: config 0 has no interface number 0 [ 155.929565][ T5763] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 155.943972][ T5763] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 155.955368][ T5776] usbhid 1-1:0.0: can't add hid device: -71 [ 155.966298][ T5776] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 155.976243][ T5763] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.994046][ T5776] usb 1-1: USB disconnect, device number 6 [ 156.033272][ T5763] usb 4-1: config 0 descriptor?? [ 156.091685][ T5763] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 156.249049][ T5620] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 156.348144][ T5776] usb 4-1: USB disconnect, device number 7 [ 156.577345][ T6861] loop1: detected capacity change from 0 to 2048 [ 156.834441][ T6861] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 158.387094][ T5856] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 158.568406][ T5856] usb 4-1: Using ep0 maxpacket: 32 [ 158.607706][ T5856] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 158.637085][ T5856] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.688237][ T5856] usb 4-1: config 0 descriptor?? [ 158.937364][ T5856] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 158.988044][ T5856] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 159.021480][ T5856] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 159.049190][ T5856] usb 4-1: media controller created [ 159.106217][ T5856] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 159.126620][ T6907] loop2: detected capacity change from 0 to 128 [ 159.137950][ T6891] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 159.216616][ T5856] az6027: usb out operation failed. (-71) [ 159.234711][ T6907] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 159.258364][ T5856] az6027: usb out operation failed. (-71) [ 159.268653][ T5856] stb0899_attach: Driver disabled by Kconfig [ 159.269150][ T6907] ext4 filesystem being mounted at /64/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 159.285130][ T5856] az6027: no front-end attached [ 159.285130][ T5856] [ 159.297284][ T5856] az6027: usb out operation failed. (-71) [ 159.303642][ T5856] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 159.363650][ T5856] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input11 [ 159.400919][ T5856] dvb-usb: schedule remote query interval to 400 msecs. [ 159.409046][ T5856] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 159.435619][ T5856] usb 4-1: USB disconnect, device number 8 [ 159.659560][ T6916] loop5: detected capacity change from 0 to 16 [ 159.710028][ T6916] erofs (device loop5): mounted with root inode @ nid 36. [ 159.721758][ T5619] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 159.748258][ T5856] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 159.760443][ T6916] syz.5.404: attempt to access beyond end of device [ 159.760443][ T6916] loop5: rw=524288, sector=12296, nr_sectors = 8 limit=16 [ 159.781892][ T6916] syz.5.404: attempt to access beyond end of device [ 159.781892][ T6916] loop5: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 159.830322][ T6916] syz.5.404: attempt to access beyond end of device [ 159.830322][ T6916] loop5: rw=0, sector=12296, nr_sectors = 8 limit=16 [ 159.859099][ T6921] loop1: detected capacity change from 0 to 128 [ 159.870749][ T6916] erofs (device loop5): read error -5 @ 0 of nid 89 [ 159.887435][ T30] audit: type=1800 audit(1777328364.934:10): pid=6916 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.404" name="file2" dev="loop5" ino=89 res=0 errno=0 [ 160.708979][ T6940] loop2: detected capacity change from 0 to 512 [ 160.810007][ T6940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 160.930475][ T6940] EXT4-fs warning (device loop2): ext4_group_add:1734: No reserved GDT blocks, can't resize [ 161.118109][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 162.025966][ T6975] loop2: detected capacity change from 0 to 256 [ 162.069845][ T6975] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 162.102219][ T6975] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 162.463601][ T6983] netlink: 4 bytes leftover after parsing attributes in process `syz.1.433'. [ 164.588551][ T7025] tipc: Started in network mode [ 164.601404][ T7025] tipc: Node identity ac14140f, cluster identity 4711 [ 164.603214][ T7030] loop3: detected capacity change from 0 to 128 [ 164.609606][ T7025] tipc: New replicast peer: 255.255.255.255 [ 164.674074][ T7025] tipc: Enabled bearer , priority 10 [ 165.002779][ T7043] netem: change failed [ 165.127167][ T5782] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 165.288259][ T5782] usb 6-1: Using ep0 maxpacket: 16 [ 165.308497][ T5782] usb 6-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.364647][ T5782] usb 6-1: config 0 interface 0 has no altsetting 0 [ 165.391217][ T5782] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 165.428743][ T5782] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.482342][ T5782] usb 6-1: config 0 descriptor?? [ 165.525469][ T7060] xt_hashlimit: size too large, truncated to 1048576 [ 165.707142][ T10] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 165.781995][ T5879] tipc: Node number set to 2886997007 [ 165.867232][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 165.883861][ T10] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 165.921448][ T10] usb 2-1: config 0 has no interface number 0 [ 165.946763][ T10] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 165.972702][ T10] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 165.986218][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.009453][ T5782] mcp2221 0003:04D8:00DD.0004: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.5-1/input0 [ 166.048787][ T10] usb 2-1: config 0 descriptor?? [ 166.079315][ T10] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 166.373930][ T5782] usb 2-1: USB disconnect, device number 2 [ 166.467282][ T10] usb 6-1: USB disconnect, device number 8 [ 167.968674][ T7103] loop1: detected capacity change from 0 to 2048 [ 168.023441][ T7103] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 168.134734][ T7103] UDF-fs: error (device loop1): udf_verify_fi: directory (ino 1376) has entry where CRC length (0) does not match entry length (44) [ 168.839217][ T7101] tun0: tun_chr_ioctl cmd 1074025672 [ 168.885988][ T7101] tun0: ignored: set checksum disabled [ 169.165999][ T7115] loop5: detected capacity change from 0 to 128 [ 169.226634][ T7115] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 169.506665][ T37] FAT-fs (loop5): Invalid FSINFO signature: 0x00000000, 0x61417272 (sector = 1) [ 169.555591][ T7126] can0: slcan on ttynull. [ 169.647171][ T5625] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 169.838220][ T5625] usb 1-1: Using ep0 maxpacket: 8 [ 169.855642][ T5625] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 169.882323][ T5625] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 169.887887][ T7132] loop1: detected capacity change from 0 to 1024 [ 169.905567][ T5625] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 169.951824][ T7126] can0 (unregistered): slcan off ttynull. [ 169.968335][ T5625] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 170.049738][ T5625] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 170.094380][ T5625] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.170369][ T7140] hfsplus: can't free extent: start 2889, count 1 [ 170.336649][ T7146] Set syz1 is full, maxelem 0 reached [ 170.451228][ T5625] usb 1-1: GET_CAPABILITIES returned 0 [ 170.490162][ T5625] usbtmc 1-1:16.0: can't read capabilities [ 170.728967][ T5625] usb 1-1: USB disconnect, device number 7 [ 171.155139][ T7171] netlink: 8 bytes leftover after parsing attributes in process `syz.3.506'. [ 171.188150][ T7171] netlink: 4 bytes leftover after parsing attributes in process `syz.3.506'. [ 171.850571][ T7189] loop5: detected capacity change from 0 to 512 [ 171.993407][ T7189] EXT4-fs error (device loop5): ext4_xattr_inode_iget:436: comm syz.5.513: Parent and EA inode have the same ino 15 [ 172.084043][ T7189] loop5: lost filesystem error report for type 5 error -117 [ 172.087559][ C0] EXT4-fs (loop5): error count since last fsck: 1 [ 172.103010][ C0] EXT4-fs (loop5): initial error at time 1777328378: ext4_xattr_inode_iget:436 [ 172.112134][ C0] EXT4-fs (loop5): last error at time 1777328378: ext4_xattr_inode_iget:436 [ 172.141284][ T7189] EXT4-fs warning (device loop5): ext4_expand_extra_isize_ea:2859: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 172.195840][ T7189] EXT4-fs error (device loop5): ext4_xattr_inode_iget:436: comm syz.5.513: Parent and EA inode have the same ino 15 [ 172.297449][ T7189] loop5: lost filesystem error report for type 5 error -117 [ 172.356183][ T7189] EXT4-fs (loop5): 1 orphan inode deleted [ 172.454921][ T7189] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.715776][ T7216] loop2: detected capacity change from 0 to 16 [ 172.769024][ T7216] erofs (device loop2): mounted with root inode @ nid 36. [ 172.783244][ T5623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.855711][ T7216] erofs (device loop2): bogus lookback distance 1 @ lcn 0 of nid 89 [ 172.897177][ T7216] erofs (device loop2): readahead error at folio 0 @ nid 89 [ 172.940933][ T7216] syz.2.522: attempt to access beyond end of device [ 172.940933][ T7216] loop2: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 173.043040][ T7216] erofs (device loop2): bogus lookback distance 1 @ lcn 0 of nid 89 [ 173.097372][ T7216] erofs (device loop2): read error -117 @ 0 of nid 89 [ 173.141769][ T7223] loop1: detected capacity change from 0 to 2048 [ 173.156069][ T30] audit: type=1800 audit(1777328379.187:11): pid=7216 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.522" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 173.262364][ T7223] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 173.676681][ T5622] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 173.767778][ T5782] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 173.787127][ T5776] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 173.930729][ T5782] usb 6-1: Using ep0 maxpacket: 16 [ 173.965025][ T5782] usb 6-1: config index 0 descriptor too short (expected 52, got 36) [ 173.987096][ T5776] usb 5-1: Using ep0 maxpacket: 16 [ 173.988834][ T5782] usb 6-1: config 0 has an invalid interface number: 251 but max is 0 [ 174.003892][ T5776] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.044187][ T5782] usb 6-1: config 0 has no interface number 0 [ 174.051541][ T5776] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 174.054857][ T7221] syz.2.522 (7221): drop_caches: 2 [ 174.087163][ T5782] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 174.089799][ T5776] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.117531][ T5782] usb 6-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 174.149855][ T5782] usb 6-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 174.184109][ T5782] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.186200][ T5776] usb 5-1: config 0 descriptor?? [ 174.215899][ T5782] usb 6-1: Product: syz [ 174.234610][ T5782] usb 6-1: Manufacturer: syz [ 174.261877][ T5782] usb 6-1: SerialNumber: syz [ 174.319489][ T5782] usb 6-1: config 0 descriptor?? [ 174.365664][ T7238] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 174.397554][ T7238] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 174.504132][ T7254] Set syz1 is full, maxelem 14 reached [ 174.557132][ T5625] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 174.636622][ T7238] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 174.658737][ T7238] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 174.714719][ T5776] mcp2221 0003:04D8:00DD.0005: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 174.732888][ T5625] usb 1-1: Using ep0 maxpacket: 32 [ 174.744249][ T5625] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 174.763233][ T5625] usb 1-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 174.774175][ T5625] usb 1-1: config 0 interface 0 has no altsetting 0 [ 174.785180][ T5625] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 174.827080][ T5625] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.867586][ T5625] usb 1-1: Product: syz [ 174.877881][ T5625] usb 1-1: Manufacturer: syz [ 174.882668][ T5625] usb 1-1: SerialNumber: syz [ 174.909460][ T5625] usb 1-1: config 0 descriptor?? [ 175.050626][ T7261] loop2: detected capacity change from 0 to 256 [ 175.083231][ T7261] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 175.194615][ T5776] usb 5-1: USB disconnect, device number 5 [ 175.286948][ T5782] asix 6-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 175.320549][ T7250] loop1: detected capacity change from 0 to 32768 [ 175.334401][ T5782] asix 6-1:0.251 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffb9 [ 175.380428][ T5782] asix 6-1:0.251: probe with driver asix failed with error -71 [ 175.380785][ T5625] gs_usb 1-1:0.0: Configuring for 1 interfaces [ 175.484020][ T5782] usb 6-1: USB disconnect, device number 9 [ 175.802639][ T5625] gs_usb 1-1:0.0: Disabling termination support for channel 0 (-EPROTO) [ 176.024818][ T5625] usb 1-1: USB disconnect, device number 8 [ 176.287985][ T5782] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 176.335001][ T7281] loop2: detected capacity change from 0 to 128 [ 176.375365][ T7281] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 176.432043][ T7281] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 176.507362][ T5782] usb 5-1: Using ep0 maxpacket: 32 [ 176.556920][ T5782] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 176.596611][ T5782] usb 5-1: config 0 has no interface number 0 [ 176.624154][ T5782] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 176.652801][ T5782] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.694502][ T5782] usb 5-1: Product: syz [ 176.719864][ T5782] usb 5-1: Manufacturer: syz [ 176.739952][ T5782] usb 5-1: SerialNumber: syz [ 176.782977][ T37] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 176.842150][ T5782] usb 5-1: config 0 descriptor?? [ 176.892138][ T5782] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 177.030398][ T7296] loop2: detected capacity change from 0 to 64 [ 177.046120][ T7297] loop5: detected capacity change from 0 to 64 [ 177.052727][ T7296] MINIX-fs: mounting file system with errors, running fsck is recommended [ 177.156485][ T5782] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 177.222467][ T5782] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 177.529796][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 177.539419][ T10] usb 5-1: USB disconnect, device number 6 [ 177.547850][ T7304] loop0: detected capacity change from 0 to 128 [ 177.592659][ T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 177.646812][ T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 177.660082][ T5782] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 177.705584][ T10] quatech2 5-1:0.51: device disconnected [ 177.802455][ T7311] block nbd2: shutting down sockets [ 177.837489][ T5782] usb 2-1: Using ep0 maxpacket: 16 [ 177.861109][ T5782] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 177.882532][ T5782] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 177.903456][ T5782] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.946100][ T5782] usb 2-1: config 0 descriptor?? [ 178.291234][ T7320] loop4: detected capacity change from 0 to 256 [ 178.313155][ T7320] exfat: Deprecated parameter 'utf8' [ 178.350939][ T7320] exfat: Deprecated parameter 'utf8' [ 178.376183][ T7320] exfat: Deprecated parameter 'utf8' [ 178.421132][ T5782] mcp2221 0003:04D8:00DD.0006: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0 [ 178.468929][ T7320] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 178.616954][ T7325] can0: slcan on ttynull. [ 178.858743][ T7325] can0 (unregistered): slcan off ttynull. [ 178.921656][ T957] usb 2-1: USB disconnect, device number 3 [ 178.945379][ T7331] input: syz0 as /devices/virtual/input/input12 [ 179.067461][ T5749] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 179.261962][ T5749] usb 3-1: New USB device found, idVendor=0572, idProduct=cb01, bcdDevice=26.65 [ 179.309611][ T5749] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.352393][ T5749] usb 3-1: Product: syz [ 179.373783][ T5749] usb 3-1: Manufacturer: syz [ 179.394781][ T5749] usb 3-1: SerialNumber: syz [ 179.443358][ T5749] usb 3-1: config 0 descriptor?? [ 179.533791][ T7315] loop3: detected capacity change from 0 to 32768 [ 179.654114][ T7315] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 179.702525][ T5749] usb 3-1: ignoring: probably an ADSL modem [ 179.850941][ T7358] tipc: Started in network mode [ 179.886807][ T7358] tipc: Node identity ac14140f, cluster identity 4711 [ 179.920729][ T7358] tipc: New replicast peer: 255.255.255.255 [ 179.960894][ T7358] tipc: Enabled bearer , priority 10 [ 180.093176][ T7315] XFS (loop3): Ending clean mount [ 180.117630][ T5749] cxacru 3-1:0.0: usbatm_usb_probe: bind failed: -19! [ 180.374121][ T5776] usb 3-1: USB disconnect, device number 4 [ 180.454941][ T7372] loop4: detected capacity change from 0 to 16 [ 180.471627][ T5621] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 180.523293][ T7372] erofs (device loop4): mounted with root inode @ nid 36. [ 180.634117][ T7372] erofs (device loop4): bogus lookback distance 1 @ lcn 0 of nid 89 [ 180.689988][ T7372] erofs (device loop4): readahead error at folio 0 @ nid 89 [ 180.768465][ T7372] syz.4.577: attempt to access beyond end of device [ 180.768465][ T7372] loop4: rw=524288, sector=1056, nr_sectors = 16 limit=16 [ 180.842048][ T7377] loop1: detected capacity change from 0 to 512 [ 180.896580][ T7372] erofs (device loop4): bogus lookback distance 1 @ lcn 0 of nid 89 [ 180.951450][ T7377] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.969811][ T5782] tipc: Node number set to 2886997007 [ 180.989072][ T7372] erofs (device loop4): read error -117 @ 0 of nid 89 [ 181.008629][ T30] audit: type=1800 audit(1777328387.047:12): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.577" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 181.037716][ T7377] ext4 filesystem being mounted at /105/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 181.184673][ T7382] EXT4-fs (loop1): shut down requested (1) [ 181.222791][ T7342] loop5: detected capacity change from 0 to 32768 [ 181.290502][ T7342] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.571 (7342) [ 181.368059][ T7342] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 181.412821][ T7342] BTRFS info (device loop5): using blake2b checksum algorithm [ 181.465687][ T5622] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.495830][ T1124] Quota error (device loop1): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 181.724651][ T7342] BTRFS info (device loop5): enabling ssd optimizations [ 181.780928][ T7342] BTRFS info (device loop5): turning on async discard [ 181.824352][ T7342] BTRFS info (device loop5): enabling free space tree [ 181.842660][ T7342] BTRFS info (device loop5): use zstd compression, level 3 [ 181.962850][ T7413] netlink: 8 bytes leftover after parsing attributes in process `syz.1.582'. [ 182.009564][ T30] audit: type=1800 audit(1777328388.047:13): pid=7342 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.571" name="file1" dev="loop5" ino=260 res=0 errno=0 [ 182.483625][ T7375] syz.4.577 (7375): drop_caches: 2 [ 182.539241][ T5623] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 182.597574][ T5749] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 182.787081][ T5749] usb 4-1: Using ep0 maxpacket: 16 [ 182.849715][ T5749] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.909732][ T5749] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 182.951108][ T5749] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.055372][ T5749] usb 4-1: config 0 descriptor?? [ 183.579565][ T5749] mcp2221 0003:04D8:00DD.0007: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.3-1/input0 [ 184.063073][ T5749] usb 4-1: USB disconnect, device number 9 [ 184.091194][ T7458] can0: slcan on ttynull. [ 184.112503][ T7417] loop0: detected capacity change from 0 to 32768 [ 184.196927][ T7460] loop4: detected capacity change from 0 to 2048 [ 184.225816][ T7417] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 184.246121][ T7466] loop1: detected capacity change from 0 to 16 [ 184.287821][ T7458] can0 (unregistered): slcan off ttynull. [ 184.301879][ T7466] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 184.322049][ T7460] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.459668][ T7417] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 184.566555][ T7417] XFS (loop0): Starting recovery (logdev: internal) [ 184.716624][ T7417] XFS (loop0): Ending recovery (logdev: internal) [ 185.089591][ T7487] capability: warning: `syz.1.602' uses 32-bit capabilities (legacy support in use) [ 185.201623][ T7489] netlink: 88 bytes leftover after parsing attributes in process `syz.5.601'. [ 185.396404][ T7479] loop2: detected capacity change from 0 to 32768 [ 185.410776][ T7479] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 185.419826][ T7479] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 185.429667][ T5618] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 185.492641][ T7479] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 1ms [ 185.525160][ T957] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 185.545186][ T7490] block nbd4: shutting down sockets [ 185.581253][ T957] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 185.802055][ T7500] netlink: 8 bytes leftover after parsing attributes in process `syz.5.606'. [ 186.073373][ T957] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 492ms [ 186.114394][ T957] gfs2: fsid=syz:syz.0: jid=0: Done [ 186.156477][ T7479] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 186.469055][ T7479] gfs2: fsid=syz:syz.0: found 1 quota changes [ 187.937912][ T7556] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 188.026619][ T7555] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 188.419865][ T7575] loop1: detected capacity change from 0 to 512 [ 188.486308][ T7575] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2810: inode #11: comm syz.1.631: corrupted xattr block 95: invalid header [ 188.520611][ T7575] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 188.524741][ T7575] EXT4-fs error (device loop1): ext4_validate_block_bitmap:431: comm syz.1.631: bg 0: block 7: invalid block bitmap [ 188.534302][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 188.534358][ C0] EXT4-fs (loop1): initial error at time 1777328394: ext4_expand_extra_isize_ea:2810: inode 11 [ 188.534415][ C0] EXT4-fs (loop1): last error at time 1777328394: ext4_expand_extra_isize_ea:2810: inode 11 [ 188.702495][ T7575] loop1: lost filesystem error report for type 5 error -117 [ 188.726600][ T7575] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 188.771702][ T7575] loop1: lost filesystem error report for type 5 error -117 [ 188.773401][ T7575] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2972: inode #11: comm syz.1.631: corrupted xattr block 95: invalid header [ 188.824986][ T7575] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 188.825515][ T7575] EXT4-fs warning (device loop1): ext4_evict_inode:287: xattr delete (err -117) [ 188.829911][ T7579] loop2: detected capacity change from 0 to 4096 [ 188.855460][ T7575] EXT4-fs (loop1): 1 orphan inode deleted [ 188.889504][ T7575] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 188.912894][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 188.939397][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 188.951386][ T7579] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 188.986693][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 189.042495][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 189.090945][ T957] rtc rtc0: __rtc_set_alarm: err=-22 [ 189.153794][ T7579] ntfs3(loop2): ino=19, mi_enum_attr [ 189.173770][ T7579] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 189.355052][ T7579] ntfs3(loop2): failed to convert "c46c" to cp865 [ 189.410421][ T5622] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 189.451714][ T7579] ntfs3(loop2): ino=20, mi_enum_attr [ 189.694577][ T7602] loop5: detected capacity change from 0 to 16 [ 189.733526][ T7604] loop1: detected capacity change from 0 to 64 [ 189.745450][ T7602] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 189.791117][ T7604] MINIX-fs: mounting file system with errors, running fsck is recommended [ 190.023424][ T7610] netlink: 24 bytes leftover after parsing attributes in process `syz.4.641'. [ 190.148562][ T5749] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 190.322626][ T7617] loop5: detected capacity change from 0 to 512 [ 190.327725][ T5749] usb 4-1: Using ep0 maxpacket: 32 [ 190.343979][ T5749] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 190.367764][ T7617] EXT4-fs: Ignoring removed orlov option [ 190.380946][ T5749] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.414508][ T7620] loop4: detected capacity change from 0 to 1024 [ 190.434932][ T7617] EXT4-fs (loop5): Test dummy encryption mode enabled [ 190.448318][ T5749] usb 4-1: config 0 descriptor?? [ 190.477273][ T7617] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 190.549000][ T7617] EXT4-fs (loop5): 1 truncate cleaned up [ 190.558554][ T7620] hfsplus: can't free extent: start 2889, count 1 [ 190.657558][ T7617] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 190.684451][ T5749] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 190.703910][ T5749] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 190.716923][ T5749] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 190.736447][ T5749] usb 4-1: media controller created [ 190.860560][ T5749] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 190.984269][ T5623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.996159][ T7628] netlink: 8 bytes leftover after parsing attributes in process `syz.4.650'. [ 191.008630][ T5749] az6027: usb out operation failed. (-71) [ 191.037834][ T5749] az6027: usb out operation failed. (-71) [ 191.052952][ T5749] stb0899_attach: Driver disabled by Kconfig [ 191.081513][ T5749] az6027: no front-end attached [ 191.081513][ T5749] [ 191.111198][ T5749] az6027: usb out operation failed. (-71) [ 191.133457][ T5749] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 191.153052][ T7600] loop0: detected capacity change from 0 to 32768 [ 191.160987][ T5749] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input13 [ 191.222250][ T5749] dvb-usb: schedule remote query interval to 400 msecs. [ 191.233487][ T5749] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 191.246307][ T7600] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 191.323208][ T5749] usb 4-1: USB disconnect, device number 10 [ 191.435182][ T7600] XFS (loop0): Ending clean mount [ 191.512713][ T5749] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 191.965786][ T7651] loop5: detected capacity change from 0 to 4096 [ 192.009248][ T7651] ntfs3(loop5): Different NTFS sector size (4096) and media sector size (512). [ 192.297462][ T7658] loop1: detected capacity change from 0 to 256 [ 192.414230][ T30] audit: type=1800 audit(1777328398.457:14): pid=7658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.659" name="file1" dev="loop1" ino=1048631 res=0 errno=0 [ 192.676824][ T5618] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 192.998357][ T7666] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 193.056675][ T7664] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 193.644712][ T1310] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.653676][ T1310] ieee802154 phy1 wpan1: encryption failed: -22 [ 193.758299][ T7678] loop0: detected capacity change from 0 to 32768 [ 193.781659][ T7678] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 193.830405][ T7678] XFS (loop0): Ending clean mount [ 193.847123][ T7678] XFS (loop0): Quotacheck needed: Please wait. [ 193.912784][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 193.976890][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 194.058406][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 194.124581][ T957] rtc_cmos PNP0B00:00: Alarms can be up to one day in the future [ 194.133670][ T7678] XFS (loop0): Quotacheck: Done. [ 194.159068][ T957] rtc rtc0: __rtc_set_alarm: err=-22 [ 194.254226][ T5618] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 194.342229][ T7676] loop3: detected capacity change from 0 to 32768 [ 194.405923][ T7676] XFS (loop3): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 194.629348][ T7676] XFS (loop3): Ending clean mount [ 194.772132][ T30] audit: type=1800 audit(1777328400.817:15): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.667" name="file1" dev="loop3" ino=5766 res=0 errno=0 [ 194.857125][ T30] audit: type=1800 audit(1777328400.857:16): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.667" name="file1" dev="loop3" ino=5766 res=0 errno=0 [ 195.001083][ T5621] XFS (loop3): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a [ 195.077441][ T5749] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 195.245319][ T5749] usb 6-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 195.278787][ T5749] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.321663][ T5749] usb 6-1: Product: syz [ 195.353235][ T5749] usb 6-1: Manufacturer: syz [ 195.370063][ T5749] usb 6-1: SerialNumber: syz [ 195.399769][ T5749] usb 6-1: config 0 descriptor?? [ 195.886400][ T5749] usb 6-1: Firmware: major: 0, minor: 16, hardware type: ATUSB (0) [ 196.092370][ T5749] usb 6-1: failed to fetch extended address, random address set [ 196.188071][ T7745] loop0: detected capacity change from 0 to 256 [ 196.229395][ T5749] usb 6-1: USB disconnect, device number 10 [ 196.248631][ T7745] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 196.503771][ T7752] loop3: detected capacity change from 0 to 4096 [ 196.523961][ T7752] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 196.772628][ T7752] ntfs3(loop3): ino=19, mi_enum_attr [ 196.809303][ T7752] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 196.939032][ T7755] loop1: detected capacity change from 0 to 2048 [ 196.974100][ T7752] ntfs3(loop3): failed to convert "c46c" to cp865 [ 197.003860][ T7755] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 197.015091][ T7752] ntfs3(loop3): ino=20, mi_enum_attr [ 197.327136][ T5749] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 197.507103][ T5749] usb 6-1: Using ep0 maxpacket: 32 [ 197.521551][ T5749] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 197.544059][ T5749] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.567260][ T5749] usb 6-1: config 0 descriptor?? [ 197.829965][ T5749] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 197.884263][ T5749] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 197.933839][ T5749] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 197.940362][ T7784] loop3: detected capacity change from 0 to 256 [ 197.968301][ T5749] usb 6-1: media controller created [ 198.013844][ T30] audit: type=1800 audit(1777328404.057:17): pid=7784 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.706" name="file1" dev="loop3" ino=1048633 res=0 errno=0 [ 198.058154][ T7762] az6027: more than 2 i2c messages at a time is not handled yet. TODO. [ 198.072709][ T5749] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 198.182207][ T5749] az6027: usb out operation failed. (-71) [ 198.212968][ T5749] az6027: usb out operation failed. (-71) [ 198.237397][ T5749] stb0899_attach: Driver disabled by Kconfig [ 198.261759][ T5749] az6027: no front-end attached [ 198.261759][ T5749] [ 198.290325][ T5749] az6027: usb out operation failed. (-71) [ 198.335574][ T5749] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 198.391119][ T5749] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input14 [ 198.469659][ T5749] dvb-usb: schedule remote query interval to 400 msecs. [ 198.501773][ T5749] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 198.543092][ T7795] loop3: detected capacity change from 0 to 2048 [ 198.545231][ T5749] usb 6-1: USB disconnect, device number 11 [ 198.620938][ T7795] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 198.716294][ T7805] loop0: detected capacity change from 0 to 1024 [ 198.839878][ T957] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 198.878875][ T7805] hfsplus: can't free extent: start 2889, count 1 [ 198.931157][ T5749] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 199.033495][ T957] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 199.078879][ T957] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.113119][ T957] usb 3-1: Product: syz [ 199.132751][ T957] usb 3-1: Manufacturer: syz [ 199.157527][ T957] usb 3-1: SerialNumber: syz [ 199.201238][ T957] usb 3-1: config 0 descriptor?? [ 199.251139][ T957] hub 3-1:0.0: bad descriptor, ignoring hub [ 199.285134][ T957] hub 3-1:0.0: probe with driver hub failed with error -5 [ 199.363809][ T7816] loop4: detected capacity change from 0 to 2048 [ 199.485581][ T957] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 199.528389][ T7818] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 199.584560][ T957] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 199.645025][ T957] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 199.703421][ T957] usb 3-1: media controller created [ 199.810473][ T957] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 200.041573][ T7818] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 200.062474][ T957] DVB: Unable to find symbol dib7000p_attach() [ 200.073006][ T7818] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 200.086199][ T957] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 200.137289][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 200.153243][ T7818] Remounting filesystem read-only [ 200.182989][ T5620] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 200.314280][ T7810] loop1: detected capacity change from 0 to 131072 [ 200.337613][ T7810] F2FS-fs (loop1): Test dummy encryption mode enabled [ 200.339490][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 200.396007][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 200.407687][ T957] rc_core: IR keymap rc-dib0700-rc5 not found [ 200.431621][ T957] Registered IR keymap rc-empty [ 200.445157][ T10] usb 4-1: config 0 has no interfaces? [ 200.464595][ T7810] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 200.466131][ T957] dvb-usb: could not initialize remote control. [ 200.487369][ T7810] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b [ 200.527437][ T10] usb 4-1: New USB device found, idVendor=05ac, idProduct=7700, bcdDevice=eb.3a [ 200.557728][ T957] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 200.570421][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.622638][ T10] usb 4-1: Product: syz [ 200.652406][ T10] usb 4-1: Manufacturer: syz [ 200.684460][ T957] usb 3-1: USB disconnect, device number 5 [ 200.694434][ T10] usb 4-1: SerialNumber: syz [ 200.798268][ T10] usb 4-1: config 0 descriptor?? [ 200.936821][ T7811] loop5: detected capacity change from 0 to 32768 [ 200.993779][ T957] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 201.086791][ T7811] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 201.146733][ T5782] usb 4-1: USB disconnect, device number 11 [ 201.431383][ T7811] XFS (loop5): Ending clean mount [ 201.749118][ T7833] loop2: detected capacity change from 0 to 32768 [ 201.750207][ T5623] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 201.852477][ T7833] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 201.913633][ T7833] JBD2: Ignoring recovery information on journal [ 201.933394][ T7852] kernel read not supported for file /file0 (pid: 7852 comm: syz.3.731) [ 201.958634][ T30] audit: type=1800 audit(1777328407.987:18): pid=7852 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.731" name="file0" dev="mqueue" ino=15396 res=0 errno=0 [ 202.203371][ T7833] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 202.664306][ T7860] loop3: detected capacity change from 0 to 128 [ 202.727329][ T7860] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 202.780162][ T7833] OCFS2: ERROR (device loop2): ocfs2_validate_gd_self: Group descriptor #32 has an invalid fs_generation of #1 [ 202.812753][ T7860] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 202.822485][ T7864] loop5: detected capacity change from 0 to 2048 [ 202.835844][ T7833] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 202.835882][ T7833] OCFS2: File system is now read-only. [ 202.835902][ T7833] (syz.2.725,7833,1):ocfs2_search_chain:1913 ERROR: status = -30 [ 202.835987][ T7833] (syz.2.725,7833,1):ocfs2_search_chain:2036 ERROR: status = -30 [ 202.836029][ T7833] (syz.2.725,7833,1):ocfs2_claim_suballoc_bits:2123 ERROR: status = -30 [ 202.836071][ T7833] (syz.2.725,7833,1):ocfs2_claim_suballoc_bits:2176 ERROR: status = -30 [ 202.836113][ T7833] (syz.2.725,7833,1):__ocfs2_claim_clusters:2557 ERROR: status = -30 [ 202.836153][ T7833] (syz.2.725,7833,1):__ocfs2_claim_clusters:2565 ERROR: status = -30 [ 202.836196][ T7833] (syz.2.725,7833,1):ocfs2_local_alloc_new_window:1197 ERROR: status = -30 [ 202.836238][ T7833] (syz.2.725,7833,1):ocfs2_local_alloc_new_window:1222 ERROR: status = -30 [ 202.836281][ T7833] (syz.2.725,7833,1):ocfs2_local_alloc_slide_window:1296 ERROR: status = -30 [ 202.836495][ T7833] (syz.2.725,7833,1):ocfs2_local_alloc_slide_window:1315 ERROR: status = -30 [ 202.836587][ T7833] (syz.2.725,7833,1):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -30 [ 202.836632][ T7833] (syz.2.725,7833,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 202.836702][ T7833] (syz.2.725,7833,1):ocfs2_reserve_clusters_with_limit:1266 ERROR: status = -30 [ 202.848661][ T7833] (syz.2.725,7833,1):ocfs2_reserve_clusters_with_limit:1315 ERROR: status = -30 [ 202.848714][ T7833] (syz.2.725,7833,1):ocfs2_symlink:1924 ERROR: status = -30 [ 202.854006][ T7833] (syz.2.725,7833,1):ocfs2_symlink:2078 ERROR: status = -30 [ 202.888065][ T7864] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 203.093556][ T5619] ocfs2: Unmounting device (7,2) on (node local) [ 203.155931][ T7869] netlink: 256 bytes leftover after parsing attributes in process `syz.0.737'. [ 203.160731][ T5628] Bluetooth: hci3: command 0x2016 tx timeout [ 203.751640][ T7879] netlink: 4 bytes leftover after parsing attributes in process `syz.5.741'. [ 203.954649][ T7883] loop2: detected capacity change from 0 to 2048 [ 204.378544][ T7900] loop4: detected capacity change from 0 to 256 [ 204.511386][ T7896] loop3: detected capacity change from 0 to 4096 [ 204.555386][ T7896] ntfs3(loop3): Different NTFS sector size (2048) and media sector size (512). [ 205.177586][ T7907] 8021q: adding VLAN 0 to HW filter on device bond1 [ 205.225867][ T7907] bond0: (slave bond1): Enslaving as an active interface with an up link [ 205.247544][ T5636] Bluetooth: hci3: command 0x2016 tx timeout [ 205.679404][ T30] audit: type=1326 audit(1777328411.717:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7922 comm="syz.4.755" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0393d9cdd9 code=0x0 [ 205.727886][ T7929] loop3: detected capacity change from 0 to 8 [ 205.756104][ T7929] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 205.824690][ T5889] udevd[5889]: incorrect cramfs checksum on /dev/loop3 [ 205.929317][ T5889] udevd[5889]: incorrect cramfs checksum on /dev/loop3 [ 206.995000][ T7957] loop1: detected capacity change from 0 to 256 [ 207.049655][ T7957] FAT-fs (loop1): unable to read block(805306368) for building NFS inode [ 207.134026][ T7963] loop2: detected capacity change from 0 to 64 [ 207.317421][ T5633] Bluetooth: hci3: command 0x2016 tx timeout [ 207.530000][ T7947] loop0: detected capacity change from 0 to 40427 [ 207.569200][ T7947] F2FS-fs (loop0): Invalid SB checksum offset: 0 [ 207.589596][ T7947] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 207.641066][ T7947] F2FS-fs (loop0): invalid crc value [ 207.659181][ T7949] loop3: detected capacity change from 0 to 32768 [ 207.702454][ T7967] loop9: detected capacity change from 0 to 524287999 [ 207.763085][ T7949] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 207.925631][ T7947] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 207.929915][ T7949] XFS (loop3): Ending clean mount [ 207.986117][ T7947] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 208.028888][ T7947] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 209.505780][ T5618] syz-executor: attempt to access beyond end of device [ 209.505780][ T5618] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 209.621642][ T5621] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 209.643271][ T8011] loop4: detected capacity change from 0 to 512 [ 209.682007][ T8011] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 209.710446][ T5618] CPU: 1 UID: 0 PID: 5618 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT(full) [ 209.710507][ T5618] Tainted: [L]=SOFTLOCKUP [ 209.710520][ T5618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 209.710542][ T5618] Call Trace: [ 209.710555][ T5618] [ 209.710568][ T5618] dump_stack_lvl+0x100/0x190 [ 209.710618][ T5618] f2fs_stop_checkpoint+0x600/0x9b0 [ 209.710677][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.710725][ T5618] ? errseq_set+0xe3/0x150 [ 209.710788][ T5618] ? errseq_set+0xe3/0x150 [ 209.710850][ T5618] f2fs_write_end_io+0xf59/0x1340 [ 209.710917][ T5618] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 209.710987][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.711044][ T5618] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 209.711118][ T5618] bio_endio+0x78f/0x8f0 [ 209.711172][ T5618] submit_bio_noacct+0x64c/0x2000 [ 209.711223][ T5618] f2fs_submit_write_bio+0x135/0x340 [ 209.711284][ T5618] __submit_merged_bio+0x331/0x780 [ 209.711355][ T5618] __submit_merged_write_cond+0x3fe/0x510 [ 209.711433][ T5618] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 209.711509][ T5618] ? __pfx___might_resched+0x10/0x10 [ 209.711563][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.711619][ T5618] f2fs_write_cache_pages+0x20e9/0x2630 [ 209.711686][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.711734][ T5618] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 209.711777][ T5618] ? __bfs+0x150/0x2a0 [ 209.711810][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.711857][ T5618] ? __bfs+0x150/0x2a0 [ 209.711896][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.711942][ T5618] ? __kasan_check_byte+0x13/0x50 [ 209.711997][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712045][ T5618] ? unwind_next_frame+0x3be/0x2090 [ 209.712102][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712148][ T5618] ? rcu_is_watching+0x12/0xc0 [ 209.712202][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712265][ T5618] ? bpf_ksym_find+0x124/0x1c0 [ 209.712378][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712428][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712474][ T5618] ? add_lock_to_list+0x99/0x110 [ 209.712536][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712582][ T5618] ? rcu_is_watching+0x12/0xc0 [ 209.712644][ T5618] f2fs_write_data_pages+0x799/0x16d0 [ 209.712703][ T5618] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 209.712745][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712802][ T5618] ? do_writepages+0x4b5/0x600 [ 209.712861][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.712916][ T5618] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 209.712964][ T5618] do_writepages+0x278/0x600 [ 209.713030][ T5618] ? __pfx_do_writepages+0x10/0x10 [ 209.713088][ T5618] ? do_raw_spin_unlock+0x145/0x1e0 [ 209.713149][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.713194][ T5618] ? _raw_spin_unlock+0x28/0x50 [ 209.713240][ T5618] filemap_writeback+0x22d/0x2e0 [ 209.713306][ T5618] ? __pfx_filemap_writeback+0x10/0x10 [ 209.713422][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.713468][ T5618] ? preempt_schedule_common+0x42/0xc0 [ 209.713513][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.713560][ T5618] ? preempt_schedule_thunk+0x16/0x30 [ 209.713640][ T5618] f2fs_sync_dirty_inodes+0x469/0x990 [ 209.713706][ T5618] block_operations+0x2a6/0xfc0 [ 209.713749][ T5618] ? __bfs+0x150/0x2a0 [ 209.713794][ T5618] ? __pfx_block_operations+0x10/0x10 [ 209.713840][ T5618] ? check_noncircular+0x97/0x160 [ 209.713931][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.713983][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.714030][ T5618] ? rcu_is_watching+0x12/0xc0 [ 209.714083][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.714145][ T5618] f2fs_write_checkpoint+0x582/0x5550 [ 209.714200][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.714246][ T5618] ? _raw_spin_unlock_irq+0x2e/0x50 [ 209.714286][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.714331][ T5618] ? __wait_for_common+0x1f3/0x4c0 [ 209.714377][ T5618] ? __pfx_schedule_timeout+0x10/0x10 [ 209.714448][ T5618] ? __pfx___wait_for_common+0x10/0x10 [ 209.714498][ T5618] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 209.714557][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.714604][ T5618] ? rcu_is_watching+0x12/0xc0 [ 209.714658][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.714704][ T5618] ? kthread_stop+0x280/0x640 [ 209.714750][ T5618] kill_f2fs_super+0x3f1/0x4a0 [ 209.714796][ T5618] ? __pfx_kill_f2fs_super+0x10/0x10 [ 209.714863][ T5618] ? lockdep_hardirqs_on+0x78/0x100 [ 209.714910][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.714957][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.715019][ T5618] deactivate_locked_super+0xc1/0x1b0 [ 209.715077][ T5618] deactivate_super+0xe7/0x110 [ 209.715138][ T5618] cleanup_mnt+0x21f/0x450 [ 209.715204][ T5618] task_work_run+0x150/0x240 [ 209.715252][ T5618] ? __pfx_task_work_run+0x10/0x10 [ 209.715302][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.715347][ T5618] ? rcu_is_watching+0x12/0xc0 [ 209.715410][ T5618] exit_to_user_mode_loop+0x100/0x4a0 [ 209.715457][ T5618] ? srso_alias_return_thunk+0x5/0xfbef5 [ 209.715508][ T5618] do_syscall_64+0x706/0xf80 [ 209.715554][ T5618] ? irqentry_exit+0x117/0x790 [ 209.715606][ T5618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.715646][ T5618] RIP: 0033:0x7f275bd9e017 [ 209.715675][ T5618] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 209.715718][ T5618] RSP: 002b:00007ffcf47fdc38 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 209.715753][ T5618] RAX: 0000000000000000 RBX: 00007f275be32120 RCX: 00007f275bd9e017 [ 209.715777][ T5618] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcf47fdcf0 [ 209.715801][ T5618] RBP: 00007ffcf47fdcf0 R08: 00007ffcf47fecf0 R09: 00000000ffffffff [ 209.715826][ T5618] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcf47fed80 [ 209.715850][ T5618] R13: 00007f275be32120 R14: 0000000000032def R15: 00007ffcf47fedc0 [ 209.715901][ T5618] [ 210.300588][ T7993] loop1: detected capacity change from 0 to 131072 [ 210.341645][ T5618] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 210.391135][ T7993] F2FS-fs (loop1): invalid crc value [ 210.496596][ T7993] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 210.529207][ T7993] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 210.560353][ T8011] EXT4-fs (loop4): 1 truncate cleaned up [ 210.568520][ T8011] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.816165][ T7993] F2FS-fs (loop1): access invalid blkaddr:67123201 [ 210.823407][ T7993] CPU: 0 UID: 0 PID: 7993 Comm: syz.1.779 Tainted: G L syzkaller #0 PREEMPT(full) [ 210.823464][ T7993] Tainted: [L]=SOFTLOCKUP [ 210.823477][ T7993] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 210.823499][ T7993] Call Trace: [ 210.823511][ T7993] [ 210.823524][ T7993] dump_stack_lvl+0x100/0x190 [ 210.823573][ T7993] __f2fs_is_valid_blkaddr+0xa5b/0x1340 [ 210.823645][ T7993] ? f2fs_get_read_data_folio+0x97f/0x1040 [ 210.823686][ T7993] f2fs_is_valid_blkaddr+0xd0/0x2b0 [ 210.823726][ T7993] ? f2fs_put_dnode+0x1ce/0x3f0 [ 210.823790][ T7993] f2fs_get_read_data_folio+0x97f/0x1040 [ 210.823830][ T7993] ? f2fs_find_data_folio+0x2e4/0x7c0 [ 210.823880][ T7993] ? __pfx_f2fs_get_read_data_folio+0x10/0x10 [ 210.823919][ T7993] ? __lock_acquire+0x4a5/0x2630 [ 210.823971][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.824020][ T7993] ? __filemap_get_folio_mpol+0x3ba/0xe70 [ 210.824086][ T7993] f2fs_find_data_folio+0x2e4/0x7c0 [ 210.824124][ T7993] ? __f2fs_find_entry+0x642/0xe00 [ 210.824173][ T7993] __f2fs_find_entry+0x642/0xe00 [ 210.824239][ T7993] ? __pfx___f2fs_find_entry+0x10/0x10 [ 210.824313][ T7993] f2fs_lookup+0x3a2/0xad0 [ 210.824352][ T7993] ? __pfx_f2fs_lookup+0x10/0x10 [ 210.824394][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.824442][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.824489][ T7993] ? find_held_lock+0x2b/0x80 [ 210.824557][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.824605][ T7993] ? do_raw_spin_unlock+0x145/0x1e0 [ 210.824662][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.824708][ T7993] ? _raw_spin_unlock+0x28/0x50 [ 210.824749][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.824804][ T7993] lookup_one_qstr_excl+0x1cd/0x250 [ 210.824853][ T7993] ? mnt_want_write+0x161/0x450 [ 210.824919][ T7993] filename_create+0x1cf/0x400 [ 210.824978][ T7993] ? __pfx_filename_create+0x10/0x10 [ 210.825040][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.825093][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.825141][ T7993] ? find_held_lock+0x2b/0x80 [ 210.825208][ T7993] filename_mkdirat+0xb9/0x5e0 [ 210.825256][ T7993] ? __pfx_filename_mkdirat+0x10/0x10 [ 210.825296][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.825344][ T7993] ? strncpy_from_user+0x19d/0x2d0 [ 210.825421][ T7993] ? srso_alias_return_thunk+0x5/0xfbef5 [ 210.825469][ T7993] ? do_getname+0x191/0x390 [ 210.825521][ T7993] __x64_sys_mkdirat+0x89/0xc0 [ 210.825564][ T7993] do_syscall_64+0x10b/0xf80 [ 210.825611][ T7993] ? irqentry_exit+0x117/0x790 [ 210.825664][ T7993] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.825705][ T7993] RIP: 0033:0x7f3cf939bc47 [ 210.825737][ T7993] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 210.825776][ T7993] RSP: 002b:00007f3cfa2e1e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 210.825812][ T7993] RAX: ffffffffffffffda RBX: 00007f3cfa2e1ee0 RCX: 00007f3cf939bc47 [ 210.825838][ T7993] RDX: 00000000000001ff RSI: 0000200000000280 RDI: 00000000ffffff9c [ 210.825863][ T7993] RBP: 0000200000000300 R08: 00002000000000c0 R09: 0000000000000000 [ 210.825888][ T7993] R10: 0000200000000300 R11: 0000000000000246 R12: 0000200000000280 [ 210.825913][ T7993] R13: 00007f3cfa2e1ea0 R14: 0000000000000000 R15: 0000000000000000 [ 210.825964][ T7993] [ 211.357408][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.746416][ T8039] loop5: detected capacity change from 0 to 128 [ 212.784769][ T8039] UDF-fs: error (device loop5): udf_read_tagged: read failed, block=256, location=256 [ 212.856450][ T8039] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 213.055861][ T8045] loop3: detected capacity change from 0 to 16 [ 213.100853][ T8045] erofs (device loop3): mounted with root inode @ nid 36. [ 213.294643][ T8050] netlink: 20 bytes leftover after parsing attributes in process `syz.0.802'. [ 213.501628][ T8054] vxcan0: tx address claim with dlc 0 [ 213.992218][ T8067] loop5: detected capacity change from 0 to 128 [ 215.147133][ T8076] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.439617][ T8088] loop5: detected capacity change from 0 to 1024 [ 215.519836][ T8088] EXT4-fs (loop5): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 215.612714][ T8088] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 215.784392][ T30] audit: type=1326 audit(1777328421.827:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8087 comm="syz.3.818" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcf5299cdd9 code=0x0 [ 215.929778][ T1124] EXT4-fs error (device loop5): ext4_map_blocks:833: inode #15: comm kworker/u8:9: lblock 0 mapped to illegal pblock 0 (length 1) [ 215.975484][ T1124] EXT4-fs (loop5): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 216.022225][ T1124] EXT4-fs (loop5): This should not happen!! Data will be lost [ 216.022225][ T1124] [ 216.051335][ T5623] EXT4-fs warning (device loop5): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 216.139509][ T5623] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 216.478274][ T8118] loop9: detected capacity change from 0 to 524287999 [ 216.839286][ T8074] Bluetooth: hci5: command 0x0406 tx timeout [ 216.846626][ T8074] Bluetooth: hci0: command 0x0406 tx timeout [ 216.852756][ T8074] Bluetooth: hci1: command 0x0406 tx timeout [ 216.859260][ T8074] Bluetooth: hci2: command 0x0406 tx timeout [ 216.865325][ T8074] Bluetooth: hci4: command 0x0406 tx timeout [ 216.871515][ T8074] Bluetooth: hci3: command 0x2016 tx timeout [ 216.993583][ T8127] netlink: 8 bytes leftover after parsing attributes in process `syz.4.833'. [ 217.587160][ T8142] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 217.634301][ T8142] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.748622][ T5879] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 217.863456][ T5782] IPVS: starting estimator thread 0... [ 217.935059][ T5879] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 217.973433][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.981858][ T8150] IPVS: using max 23 ests per chain, 55200 per kthread [ 218.023898][ T5879] usb 5-1: Product: syz [ 218.029554][ T5879] usb 5-1: Manufacturer: syz [ 218.034259][ T5879] usb 5-1: SerialNumber: syz [ 218.050544][ T5879] usb 5-1: config 0 descriptor?? [ 218.505147][ T5879] usb 5-1: Firmware: major: 0, minor: 16, hardware type: ATUSB (0) [ 218.709494][ T5879] usb 5-1: failed to fetch extended address, random address set [ 218.887821][ T5879] usb 5-1: USB disconnect, device number 7 [ 219.123569][ T8184] netlink: 32 bytes leftover after parsing attributes in process `syz.1.857'. [ 219.185407][ T8189] loop5: detected capacity change from 0 to 1024 [ 219.234566][ T8189] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 219.751456][ T30] audit: type=1326 audit(1777328425.797:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8203 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf5299cdd9 code=0x7ffc0000 [ 219.777126][ T5879] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 219.848606][ T30] audit: type=1326 audit(1777328425.797:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8203 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fcf5299cdd9 code=0x7ffc0000 [ 219.906451][ T30] audit: type=1326 audit(1777328425.797:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8203 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf5299cdd9 code=0x7ffc0000 [ 219.943425][ T30] audit: type=1326 audit(1777328425.797:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8203 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=208 compat=0 ip=0x7fcf5299cdd9 code=0x7ffc0000 [ 219.968688][ T5879] usb 2-1: Using ep0 maxpacket: 16 [ 219.996109][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 220.001423][ T30] audit: type=1326 audit(1777328425.797:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8203 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf5299cdd9 code=0x7ffc0000 [ 220.047723][ T5879] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 220.100533][ T30] audit: type=1326 audit(1777328425.797:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8203 comm="syz.3.867" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf5299cdd9 code=0x7ffc0000 [ 220.115932][ T5879] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 220.182670][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.216486][ T5879] usb 2-1: config 0 descriptor?? [ 220.397084][ T5625] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 220.507885][ T8223] netlink: 'syz.2.875': attribute type 12 has an invalid length. [ 220.515936][ T8223] netlink: 'syz.2.875': attribute type 29 has an invalid length. [ 220.544984][ T8223] netlink: 148 bytes leftover after parsing attributes in process `syz.2.875'. [ 220.547571][ T5625] usb 4-1: Using ep0 maxpacket: 16 [ 220.575609][ T5625] usb 4-1: unable to get BOS descriptor or descriptor too short [ 220.590157][ T5625] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 220.620160][ T5625] usb 4-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 220.640959][ T5625] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.663464][ T5625] usb 4-1: Product: syz [ 220.672708][ T5625] usb 4-1: Manufacturer: syz [ 220.684726][ T5625] usb 4-1: SerialNumber: syz [ 220.708887][ T5879] corsair 0003:1B1C:1B02.0008: hidraw0: USB HID v0.00 Device [HID 1b1c:1b02] on usb-dummy_hcd.1-1/input0 [ 220.976683][ T5625] usb 4-1: Audio class v2/v3 interfaces need an interface association [ 221.020932][ T5625] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 221.133013][ T5879] usb 2-1: USB disconnect, device number 4 [ 221.289339][ T8237] syz.5.882 uses obsolete (PF_INET,SOCK_PACKET) [ 221.579960][ T5625] usb 4-1: USB disconnect, device number 12 [ 221.790497][ T5889] udevd[5889]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 221.807065][ T5749] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 221.992506][ T5749] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33837, setting to 1024 [ 222.026881][ T5749] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 222.056645][ T5749] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.100691][ T5749] usb 6-1: config 0 descriptor?? [ 222.130788][ T8243] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 222.383473][ T5749] usbhid 6-1:0.0: can't add hid device: -71 [ 222.411245][ T5749] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 222.462897][ T5749] usb 6-1: USB disconnect, device number 12 [ 222.662120][ T8264] tipc: Enabling of bearer rejected, already enabled [ 222.685285][ T8264] netlink: 12 bytes leftover after parsing attributes in process `syz.1.895'. [ 222.701874][ T8264] tipc: Disabling bearer [ 222.959599][ T5749] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 223.140024][ T5749] usb 6-1: Using ep0 maxpacket: 8 [ 223.183048][ T5749] usb 6-1: unable to get BOS descriptor or descriptor too short [ 223.205506][ T5749] usb 6-1: config 2 has an invalid interface number: 99 but max is 0 [ 223.229101][ T30] audit: type=1800 audit(1777328429.267:27): pid=8239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.883" name="file1" dev="tmpfs" ino=813 res=0 errno=0 [ 223.255192][ T5749] usb 6-1: config 2 has no interface number 0 [ 223.271488][ T8276] loop3: detected capacity change from 0 to 4096 [ 223.279658][ T5749] usb 6-1: config 2 interface 99 altsetting 7 has an endpoint descriptor with address 0xFE, changing to 0x8E [ 223.301885][ T5749] usb 6-1: config 2 interface 99 altsetting 7 endpoint 0x2 has invalid maxpacket 33837, setting to 1024 [ 223.314102][ T5749] usb 6-1: config 2 interface 99 has no altsetting 0 [ 223.325506][ T5749] usb 6-1: New USB device found, idVendor=0000, idProduct=a300, bcdDevice= a.f3 [ 223.368171][ T5749] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.389473][ T5749] usb 6-1: Product: syz [ 223.407149][ T8276] ntfs3(loop3): ino=19, mi_enum_attr [ 223.414955][ T5749] usb 6-1: Manufacturer: syz [ 223.428862][ T5749] usb 6-1: SerialNumber: syz [ 223.433946][ T8276] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 223.468877][ T8243] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 223.569092][ T30] audit: type=1800 audit(1777328429.617:28): pid=8276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.900" name="file1" dev="loop3" ino=30 res=0 errno=0 [ 223.720376][ T5749] input: Generic X-Box pad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:2.99/input/input16 [ 223.883038][ C1] xpad 6-1:2.99: xpad_irq_in - usb_submit_urb failed with result -1 [ 223.901265][ T5749] usb 6-1: USB disconnect, device number 13 [ 224.062452][ T8292] netlink: 8 bytes leftover after parsing attributes in process `syz.4.908'. [ 224.111882][ T8292] netlink: 12 bytes leftover after parsing attributes in process `syz.4.908'. [ 224.144351][ T8292] netlink: 'syz.4.908': attribute type 20 has an invalid length. [ 224.388570][ T8296] loop2: detected capacity change from 0 to 1024 [ 224.563109][ T8296] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 224.685329][ T8296] ext4 filesystem being mounted at /152/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.793615][ T8310] overlayfs: failed to clone lowerpath [ 224.911728][ T8278] loop1: detected capacity change from 0 to 40427 [ 224.915122][ T8308] loop5: detected capacity change from 0 to 4096 [ 224.975063][ T8278] F2FS-fs (loop1): invalid crc value [ 225.030822][ T8313] loop3: detected capacity change from 0 to 256 [ 225.102264][ T8308] ntfs3(loop5): ino=1a, mi_enum_attr [ 225.111899][ T1171] EXT4-fs error (device loop2): ext4_map_blocks:833: inode #15: comm kworker/u8:10: lblock 0 mapped to illegal pblock 0 (length 1) [ 225.134972][ T8308] ntfs3(loop5): Mark volume as dirty due to NTFS errors [ 225.203396][ T1171] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117 [ 225.268997][ T1171] EXT4-fs (loop2): This should not happen!! Data will be lost [ 225.268997][ T1171] [ 225.336831][ T5619] EXT4-fs warning (device loop2): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 225.430341][ T8278] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 225.449670][ T5619] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 225.629473][ T8278] F2FS-fs (loop1): Start checkpoint disabled! [ 225.749570][ T8278] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 225.788788][ T8278] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 226.243340][ T8335] loop9: detected capacity change from 0 to 2640 [ 226.274652][ T1171] kworker/u8:10: attempt to access beyond end of device [ 226.274652][ T1171] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 226.301773][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 226.370659][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 226.382247][ T1171] CPU: 1 UID: 0 PID: 1171 Comm: kworker/u8:10 Tainted: G L syzkaller #0 PREEMPT(full) [ 226.382306][ T1171] Tainted: [L]=SOFTLOCKUP [ 226.382320][ T1171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 226.382346][ T1171] Workqueue: writeback wb_workfn (flush-7:1) [ 226.382419][ T1171] Call Trace: [ 226.382430][ T1171] [ 226.382443][ T1171] dump_stack_lvl+0x100/0x190 [ 226.382488][ T1171] f2fs_stop_checkpoint+0x600/0x9b0 [ 226.382548][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.382596][ T1171] ? errseq_set+0xe3/0x150 [ 226.382658][ T1171] ? errseq_set+0xe3/0x150 [ 226.382721][ T1171] f2fs_write_end_io+0xf59/0x1340 [ 226.382789][ T1171] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 226.382859][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.382938][ T1171] ? __pfx_f2fs_write_end_io+0x10/0x10 [ 226.383001][ T1171] bio_endio+0x78f/0x8f0 [ 226.383055][ T1171] submit_bio_noacct+0x64c/0x2000 [ 226.383111][ T1171] f2fs_submit_write_bio+0x135/0x340 [ 226.383173][ T1171] __submit_merged_bio+0x331/0x780 [ 226.383245][ T1171] __submit_merged_write_cond+0x3fe/0x510 [ 226.383323][ T1171] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 226.383399][ T1171] ? __pfx___might_resched+0x10/0x10 [ 226.383453][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.383510][ T1171] f2fs_write_cache_pages+0x20e9/0x2630 [ 226.383579][ T1171] ? __pfx_f2fs_write_cache_pages+0x10/0x10 [ 226.383633][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.383679][ T1171] ? lock_acquire+0x1b1/0x370 [ 226.383731][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.383778][ T1171] ? lock_acquire+0x1b1/0x370 [ 226.383840][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.383887][ T1171] ? unwind_next_frame+0x3c8/0x2090 [ 226.384004][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.384051][ T1171] ? __lock_acquire+0x4a5/0x2630 [ 226.384102][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.384149][ T1171] ? rcu_is_watching+0x12/0xc0 [ 226.384212][ T1171] f2fs_write_data_pages+0x799/0x16d0 [ 226.384271][ T1171] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 226.384325][ T1171] ? __lock_acquire+0x4a5/0x2630 [ 226.384372][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.384420][ T1171] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 226.384470][ T1171] do_writepages+0x278/0x600 [ 226.384537][ T1171] ? __pfx_do_writepages+0x10/0x10 [ 226.384601][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.384654][ T1171] __writeback_single_inode+0x164/0x1350 [ 226.384714][ T1171] ? find_held_lock+0x2b/0x80 [ 226.384777][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.384827][ T1171] ? __pfx___writeback_single_inode+0x10/0x10 [ 226.384886][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.384933][ T1171] ? do_raw_spin_unlock+0x145/0x1e0 [ 226.384990][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.385043][ T1171] writeback_sb_inodes+0x766/0x1c60 [ 226.385131][ T1171] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 226.385191][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.385238][ T1171] ? __lock_acquire+0x4a5/0x2630 [ 226.385341][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.385386][ T1171] ? rcu_is_watching+0x12/0xc0 [ 226.385441][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.385487][ T1171] ? queue_io+0x287/0x540 [ 226.385541][ T1171] wb_writeback+0x1bf/0xb90 [ 226.385612][ T1171] ? __pfx_wb_writeback+0x10/0x10 [ 226.385683][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.385730][ T1171] ? mark_held_locks+0x40/0x70 [ 226.385774][ T1171] ? _raw_spin_unlock_irq+0x23/0x50 [ 226.385823][ T1171] wb_workfn+0x14f/0xc00 [ 226.385887][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.385933][ T1171] ? try_to_wake_up+0x15f/0x1900 [ 226.385995][ T1171] ? __pfx_wb_workfn+0x10/0x10 [ 226.386058][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386117][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386166][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386213][ T1171] ? rcu_is_watching+0x12/0xc0 [ 226.386268][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386323][ T1171] process_one_work+0xa0e/0x1980 [ 226.386392][ T1171] ? __pfx_process_one_work+0x10/0x10 [ 226.386438][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386501][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386556][ T1171] worker_thread+0x5ef/0xe50 [ 226.386615][ T1171] ? __pfx_worker_thread+0x10/0x10 [ 226.386665][ T1171] ? kthread+0x13a/0x450 [ 226.386705][ T1171] ? __pfx_worker_thread+0x10/0x10 [ 226.386750][ T1171] kthread+0x370/0x450 [ 226.386791][ T1171] ? __pfx_kthread+0x10/0x10 [ 226.386836][ T1171] ret_from_fork+0x72b/0xd50 [ 226.386885][ T1171] ? __pfx_ret_from_fork+0x10/0x10 [ 226.386933][ T1171] ? srso_alias_return_thunk+0x5/0xfbef5 [ 226.386979][ T1171] ? __switch_to+0x800/0x1100 [ 226.387034][ T1171] ? __switch_to_asm+0x39/0x70 [ 226.387086][ T1171] ? __pfx_kthread+0x10/0x10 [ 226.387139][ T1171] ret_from_fork_asm+0x1a/0x30 [ 226.387216][ T1171] [ 227.116786][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.260919][ T8330] loop2: detected capacity change from 0 to 131072 [ 227.280465][ T8330] F2FS-fs (loop2): Invalid log sectorsize (67108873) [ 227.288182][ T8330] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 227.301683][ T8330] F2FS-fs (loop2): invalid crc value [ 227.446756][ T8330] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 227.447815][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.466795][ T8330] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 227.475196][ T8330] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 227.495254][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.503624][ T1171] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 227.535785][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.566633][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.601670][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.622105][ T8335] ldm_validate_partition_table(): Disk read failed. [ 227.631471][ T8347] loop4: detected capacity change from 0 to 128 [ 227.663787][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.710939][ T8335] Buffer I/O error on dev loop9, logical block 0, async page read [ 227.737671][ T8335] Dev loop9: unable to read RDB block 0 [ 227.777477][ T8335] loop9: unable to read partition table [ 227.794016][ T8335] loop_reread_partitions: partition scan of loop9 (3Ÿ ¾‚³˜) failed (rc=-5) [ 227.939208][ T5632] Bluetooth: hci0: Malformed LE Event: 0x0d [ 228.627115][ T5782] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 228.805225][ T5782] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 228.848620][ T5782] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 228.875309][ T5782] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 228.906739][ T5782] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 228.949761][ T5782] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 228.960124][ T5782] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.982117][ T5782] usb 5-1: Product: syz [ 228.992236][ T5782] usb 5-1: Manufacturer: syz [ 229.009616][ T5782] usb 5-1: SerialNumber: syz [ 229.057415][ T5782] usb 5-1: config 0 descriptor?? [ 229.339149][ T5782] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 229.464271][ T8378] loop1: detected capacity change from 0 to 1024 [ 229.518002][ T8380] nbd: socks must be embedded in a SOCK_ITEM attr [ 229.555975][ T8380] block nbd3: shutting down sockets [ 229.603564][ T8356] usb 5-1: Couldn't submit interrupt_out_urb -90 [ 229.652608][ T5749] usb 5-1: USB disconnect, device number 8 [ 229.950325][ T8383] 8021q: adding VLAN 0 to HW filter on device bond1 [ 229.960908][ T8383] bond0: (slave bond1): Enslaving as an active interface with an up link [ 229.972422][ T8385] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 230.027975][ T8388] netlink: 8 bytes leftover after parsing attributes in process `syz.1.948'. [ 230.036489][ T8385] bridge0: port 2(bridge_slave_1) entered disabled state [ 230.044759][ T8385] bridge0: port 1(bridge_slave_0) entered disabled state [ 230.583397][ T8397] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 230.590327][ T8397] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 230.642499][ T8401] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(6) [ 230.649078][ T8401] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 230.715234][ T8397] vhci_hcd vhci_hcd.0: Device attached [ 230.731059][ T8401] vhci_hcd vhci_hcd.0: Device attached [ 230.767440][ T8406] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(9) [ 230.774069][ T8406] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 230.813636][ T8406] vhci_hcd vhci_hcd.0: Device attached [ 230.823374][ T8413] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(5) [ 230.829944][ T8413] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 230.850014][ T8413] vhci_hcd vhci_hcd.0: Device attached [ 230.931150][ T8414] vhci_hcd: connection closed [ 230.932568][ T8410] vhci_hcd: connection closed [ 230.937789][ T8399] vhci_hcd: connection closed [ 230.948796][ T8404] vhci_hcd: connection closed [ 230.960200][ T1111] vhci_hcd vhci_hcd.4: stop threads [ 230.985969][ T8419] sg_write: process 378 (syz.3.958) changed security contexts after opening file descriptor, this is not allowed. [ 230.987738][ T8420] loop5: detected capacity change from 0 to 256 [ 231.014126][ T1111] vhci_hcd vhci_hcd.4: release socket [ 231.028507][ T5879] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 231.048362][ T1111] vhci_hcd vhci_hcd.4: disconnect device [ 231.067888][ T1111] vhci_hcd vhci_hcd.4: stop threads [ 231.071910][ T8402] vhci_hcd: sendmsg failed!, ret=-32 for 48 [ 231.094368][ T1111] vhci_hcd vhci_hcd.4: release socket [ 231.124252][ T1111] vhci_hcd vhci_hcd.4: disconnect device [ 231.144953][ T8420] FAT-fs (loop5): Directory bread(block 64) failed [ 231.153788][ T1111] vhci_hcd vhci_hcd.4: stop threads [ 231.162386][ T8420] FAT-fs (loop5): Directory bread(block 65) failed [ 231.184620][ T1111] vhci_hcd vhci_hcd.4: release socket [ 231.209352][ T8420] FAT-fs (loop5): Directory bread(block 66) failed [ 231.210414][ T1111] vhci_hcd vhci_hcd.4: disconnect device [ 231.251880][ T8420] FAT-fs (loop5): Directory bread(block 67) failed [ 231.259143][ T1111] vhci_hcd vhci_hcd.4: stop threads [ 231.288378][ T1111] vhci_hcd vhci_hcd.4: release socket [ 231.297410][ T8420] FAT-fs (loop5): Directory bread(block 68) failed [ 231.305628][ T1111] vhci_hcd vhci_hcd.4: disconnect device [ 231.324741][ T8420] FAT-fs (loop5): Directory bread(block 69) failed [ 231.342100][ T8420] FAT-fs (loop5): Directory bread(block 70) failed [ 231.358667][ T8420] FAT-fs (loop5): Directory bread(block 71) failed [ 231.378984][ T8420] FAT-fs (loop5): Directory bread(block 72) failed [ 231.407777][ T8420] FAT-fs (loop5): Directory bread(block 73) failed [ 231.481869][ T8428] 8021q: adding VLAN 0 to HW filter on device bond1 [ 231.492252][ T8428] bond0: (slave bond1): Enslaving as an active interface with an up link [ 231.601764][ T8432] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 231.653045][ T8432] bridge0: port 2(bridge_slave_1) entered disabled state [ 231.660866][ T8432] bridge0: port 1(bridge_slave_0) entered disabled state [ 231.853787][ T8440] loop4: detected capacity change from 0 to 1024 [ 231.893868][ T8442] Set syz1 is full, maxelem 0 reached [ 231.910576][ T8440] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 231.987858][ T5625] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 232.195431][ T5625] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 232.234706][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 232.249883][ T5625] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 232.299534][ T5625] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 232.340539][ T5625] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 232.419282][ T5625] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 232.459044][ T5625] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.485026][ T5625] usb 2-1: Product: syz [ 232.500575][ T5625] usb 2-1: Manufacturer: syz [ 232.530742][ T5625] usb 2-1: SerialNumber: syz [ 232.566630][ T5625] usb 2-1: config 0 descriptor?? [ 232.573510][ T30] audit: type=1326 audit(1777328438.617:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8454 comm="syz.4.971" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0393d9cdd9 code=0x0 [ 232.874009][ T5625] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 233.112383][ T8435] usb 2-1: Couldn't submit interrupt_out_urb -90 [ 233.129536][ T957] usb 2-1: USB disconnect, device number 5 [ 233.370691][ T8482] loop5: detected capacity change from 0 to 256 [ 233.375890][ T8481] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 233.421884][ T8481] bridge0: port 2(bridge_slave_1) entered disabled state [ 233.429709][ T8481] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.740863][ T5776] kernel read not supported for file /dsp1 (pid: 5776 comm: kworker/1:6) [ 234.719706][ T8519] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 234.728686][ T8519] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 234.747998][ T8521] bridge0: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 234.795930][ T8521] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.804302][ T8521] bridge0: port 1(bridge_slave_0) entered disabled state [ 234.853394][ T8523] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1000'. [ 234.906671][ T8523] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1000'. [ 234.957130][ T5782] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 235.127354][ T5782] usb 1-1: Using ep0 maxpacket: 8 [ 235.135593][ T5782] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 235.169952][ T5782] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.259813][ T5782] pvrusb2: Hardware description: Terratec Grabster AV400 [ 235.301702][ T5782] pvrusb2: ********** [ 235.316291][ T5782] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 235.345200][ T5782] pvrusb2: Important functionality might not be entirely working. [ 235.363496][ T5782] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 235.391075][ T5782] pvrusb2: ********** [ 235.468180][ T2360] pvrusb2: Invalid write control endpoint [ 235.761526][ T5782] usb 1-1: USB disconnect, device number 9 [ 235.818254][ T8550] loop4: detected capacity change from 0 to 512 [ 235.835590][ T2360] pvrusb2: Invalid write control endpoint [ 235.883685][ T8550] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 235.904593][ T2360] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 235.952606][ T8550] EXT4-fs (loop4): 1 truncate cleaned up [ 235.985881][ T2360] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 236.000897][ T8550] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 236.014666][ T2360] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 236.046938][ T2360] pvrusb2: Device being rendered inoperable [ 236.074966][ T2360] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 236.098432][ T2360] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 236.127539][ T30] audit: type=1800 audit(1777328442.167:30): pid=8550 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.1015" name="file1" dev="loop4" ino=13 res=0 errno=0 [ 236.164872][ T2360] pvrusb2: Attached sub-driver cx25840 [ 236.187203][ T5879] vhci_hcd vhci_hcd.4: vhci_device speed not set [ 236.190826][ T2360] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 236.241033][ T2360] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 236.243350][ T5620] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 236.817625][ T8560] nbd3: detected capacity change from 0 to 127 [ 236.831792][ T5632] block nbd3: Receive control failed (result -32) [ 236.859149][ T5889] block nbd3: Dead connection, failed to find a fallback [ 236.889224][ T5889] block nbd3: shutting down sockets [ 236.896271][ T5889] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 236.910029][ T5889] buffer_io_error: 11 callbacks suppressed [ 236.910053][ T5889] Buffer I/O error on dev nbd3, logical block 0, async page read [ 236.929223][ T5889] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 236.951712][ T5889] Buffer I/O error on dev nbd3, logical block 1, async page read [ 236.965518][ T5889] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 236.984892][ T5889] Buffer I/O error on dev nbd3, logical block 2, async page read [ 237.005082][ T5889] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.032633][ T5889] Buffer I/O error on dev nbd3, logical block 3, async page read [ 237.060253][ T5889] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.099687][ T5889] Buffer I/O error on dev nbd3, logical block 0, async page read [ 237.142259][ T5889] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.190467][ T5889] Buffer I/O error on dev nbd3, logical block 1, async page read [ 237.230349][ T5889] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.244115][ T8574] loop2: detected capacity change from 0 to 1024 [ 237.270586][ T5889] Buffer I/O error on dev nbd3, logical block 2, async page read [ 237.275692][ T8574] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 237.314734][ T5889] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.362422][ T5889] Buffer I/O error on dev nbd3, logical block 3, async page read [ 237.410754][ T5889] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.434024][ T8574] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 237.462311][ T5889] Buffer I/O error on dev nbd3, logical block 0, async page read [ 237.521935][ T5889] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 237.565121][ T5889] Buffer I/O error on dev nbd3, logical block 1, async page read [ 237.614822][ T5889] ldm_validate_partition_table(): Disk read failed. [ 237.669587][ T5889] Dev nbd3: unable to read RDB block 0 [ 237.705211][ T5889] nbd3: unable to read partition table [ 237.808577][ T5889] ldm_validate_partition_table(): Disk read failed. [ 237.853054][ T5889] Dev nbd3: unable to read RDB block 0 [ 237.889908][ T5889] nbd3: unable to read partition table [ 238.242343][ T8604] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1038'. [ 239.557315][ T957] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 239.644697][ T8639] loop5: detected capacity change from 0 to 256 [ 239.721823][ T8639] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 239.744404][ T957] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 239.777631][ T957] usb 1-1: config 0 has no interface number 0 [ 239.805892][ T957] usb 1-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 239.843626][ T957] usb 1-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.895231][ T957] usb 1-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 239.953512][ T957] usb 1-1: config 0 interface 1 has no altsetting 0 [ 239.971731][ T957] usb 1-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 240.002339][ T957] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.044456][ T957] usb 1-1: config 0 descriptor?? [ 240.246082][ T8654] [ 240.248467][ T8654] ====================================================== [ 240.255479][ T8654] WARNING: possible circular locking dependency detected [ 240.262497][ T8654] syzkaller #0 Tainted: G L [ 240.268473][ T8654] ------------------------------------------------------ [ 240.275492][ T8654] syz.5.1060/8654 is trying to acquire lock: [ 240.281470][ T8654] ffffffff8e9b0980 (fs_reclaim){+.+.}-{0:0}, at: prepare_alloc_pages+0x166/0x5f0 [ 240.290761][ T8654] [ 240.290761][ T8654] but task is already holding lock: [ 240.298126][ T8654] ffff88802a9a0f78 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x35/0x6f0 [ 240.307661][ T8654] [ 240.307661][ T8654] which lock already depends on the new lock. [ 240.307661][ T8654] [ 240.318068][ T8654] [ 240.318068][ T8654] the existing dependency chain (in reverse order) is: [ 240.327085][ T8654] [ 240.327085][ T8654] -> #7 (&mm->mmap_lock){++++}-{4:4}: [ 240.334680][ T8654] __might_fault+0xde/0x140 [ 240.339725][ T8654] _copy_from_iter+0x118/0x1690 [ 240.345133][ T8654] tcp_sendmsg_locked+0xcab/0x4500 [ 240.350799][ T8654] tcp_sendmsg+0x2e/0x50 [ 240.355589][ T8654] inet_sendmsg+0xb9/0x140 [ 240.360552][ T8654] sock_write_iter+0x4ea/0x5a0 [ 240.365858][ T8654] vfs_write+0x6ac/0x1070 [ 240.370736][ T8654] ksys_write+0x1f8/0x250 [ 240.375618][ T8654] do_syscall_64+0x10b/0xf80 [ 240.380751][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.387180][ T8654] [ 240.387180][ T8654] -> #6 (sk_lock-AF_INET){+.+.}-{0:0}: [ 240.394854][ T8654] lock_sock_nested+0x41/0xf0 [ 240.400083][ T8654] inet_shutdown+0x67/0x410 [ 240.405134][ T8654] nbd_mark_nsock_dead+0xae/0x5c0 [ 240.410715][ T8654] sock_shutdown+0x16b/0x200 [ 240.415946][ T8654] nbd_ioctl+0x25e/0xd30 [ 240.420722][ T8654] blkdev_ioctl+0x5ad/0x6f0 [ 240.425763][ T8654] __x64_sys_ioctl+0x18e/0x210 [ 240.431078][ T8654] do_syscall_64+0x10b/0xf80 [ 240.436218][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.442647][ T8654] [ 240.442647][ T8654] -> #5 (&nsock->tx_lock){+.+.}-{4:4}: [ 240.450319][ T8654] __mutex_lock+0x1a4/0x1b10 [ 240.455450][ T8654] nbd_queue_rq+0x428/0x1080 [ 240.460586][ T8654] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 240.466700][ T8654] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 240.473590][ T8654] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 240.480140][ T8654] blk_mq_run_hw_queue+0x23c/0x670 [ 240.485919][ T8654] blk_mq_dispatch_list+0x51d/0x1360 [ 240.491738][ T8654] blk_mq_flush_plug_list+0x130/0x600 [ 240.497651][ T8654] __blk_flush_plug+0x2c4/0x4b0 [ 240.503033][ T8654] __submit_bio+0x584/0x6c0 [ 240.508063][ T8654] submit_bio_noacct_nocheck+0x543/0xbf0 [ 240.514228][ T8654] submit_bio_noacct+0xd18/0x2000 [ 240.519782][ T8654] submit_bh_wbc+0x681/0x890 [ 240.525025][ T8654] block_read_full_folio+0x264/0x8e0 [ 240.530859][ T8654] filemap_read_folio+0xfc/0x3b0 [ 240.536340][ T8654] do_read_cache_folio+0x2d7/0x6b0 [ 240.542000][ T8654] read_part_sector+0xd1/0x370 [ 240.547318][ T8654] adfspart_check_ICS+0x91/0x7d0 [ 240.552820][ T8654] bdev_disk_changed+0x7a3/0x1250 [ 240.558394][ T8654] blkdev_get_whole+0x187/0x290 [ 240.563795][ T8654] bdev_open+0x2c7/0xe40 [ 240.568560][ T8654] blkdev_open+0x34e/0x4f0 [ 240.573505][ T8654] do_dentry_open+0x6d8/0x1660 [ 240.578816][ T8654] vfs_open+0x82/0x3f0 [ 240.583415][ T8654] path_openat+0x208c/0x31a0 [ 240.588534][ T8654] do_file_open+0x20e/0x430 [ 240.593564][ T8654] do_sys_openat2+0x10d/0x1e0 [ 240.598778][ T8654] __x64_sys_openat+0x12d/0x210 [ 240.604165][ T8654] do_syscall_64+0x10b/0xf80 [ 240.609336][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.615766][ T8654] [ 240.615766][ T8654] -> #4 (&cmd->lock){+.+.}-{4:4}: [ 240.623098][ T8654] __mutex_lock+0x1a4/0x1b10 [ 240.628252][ T8654] nbd_queue_rq+0xba/0x1080 [ 240.633300][ T8654] blk_mq_dispatch_rq_list+0x422/0x1e70 [ 240.639387][ T8654] __blk_mq_sched_dispatch_requests+0xcea/0x1620 [ 240.646271][ T8654] blk_mq_sched_dispatch_requests+0xd7/0x1c0 [ 240.652807][ T8654] blk_mq_run_hw_queue+0x23c/0x670 [ 240.658469][ T8654] blk_mq_dispatch_list+0x51d/0x1360 [ 240.664288][ T8654] blk_mq_flush_plug_list+0x130/0x600 [ 240.670195][ T8654] __blk_flush_plug+0x2c4/0x4b0 [ 240.675573][ T8654] __submit_bio+0x584/0x6c0 [ 240.680632][ T8654] submit_bio_noacct_nocheck+0x543/0xbf0 [ 240.686791][ T8654] submit_bio_noacct+0xd18/0x2000 [ 240.692343][ T8654] submit_bh_wbc+0x681/0x890 [ 240.697477][ T8654] block_read_full_folio+0x264/0x8e0 [ 240.703336][ T8654] filemap_read_folio+0xfc/0x3b0 [ 240.708814][ T8654] do_read_cache_folio+0x2d7/0x6b0 [ 240.714463][ T8654] read_part_sector+0xd1/0x370 [ 240.719869][ T8654] adfspart_check_ICS+0x91/0x7d0 [ 240.725358][ T8654] bdev_disk_changed+0x7a3/0x1250 [ 240.730935][ T8654] blkdev_get_whole+0x187/0x290 [ 240.736355][ T8654] bdev_open+0x2c7/0xe40 [ 240.741143][ T8654] blkdev_open+0x34e/0x4f0 [ 240.746096][ T8654] do_dentry_open+0x6d8/0x1660 [ 240.751414][ T8654] vfs_open+0x82/0x3f0 [ 240.756106][ T8654] path_openat+0x208c/0x31a0 [ 240.761226][ T8654] do_file_open+0x20e/0x430 [ 240.766257][ T8654] do_sys_openat2+0x10d/0x1e0 [ 240.771474][ T8654] __x64_sys_openat+0x12d/0x210 [ 240.776861][ T8654] do_syscall_64+0x10b/0xf80 [ 240.781992][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.788422][ T8654] [ 240.788422][ T8654] -> #3 (set->srcu){.+.+}-{0:0}: [ 240.795577][ T8654] __synchronize_srcu+0xa2/0x300 [ 240.801061][ T8654] blk_mq_quiesce_queue+0x149/0x1c0 [ 240.806812][ T8654] elevator_switch+0x17b/0x7e0 [ 240.812126][ T8654] elevator_change+0x352/0x530 [ 240.817445][ T8654] elevator_set_default+0x29e/0x360 [ 240.823198][ T8654] blk_register_queue+0x48e/0x630 [ 240.828776][ T8654] __add_disk+0x73f/0xe40 [ 240.833686][ T8654] add_disk_fwnode+0x118/0x5c0 [ 240.838991][ T8654] nbd_dev_add+0x77a/0xb10 [ 240.843936][ T8654] nbd_init+0x291/0x2b0 [ 240.848644][ T8654] do_one_initcall+0x121/0x750 [ 240.853955][ T8654] kernel_init_freeable+0x6ea/0x7b0 [ 240.859685][ T8654] kernel_init+0x1f/0x1e0 [ 240.864564][ T8654] ret_from_fork+0x72b/0xd50 [ 240.869695][ T8654] ret_from_fork_asm+0x1a/0x30 [ 240.875001][ T8654] [ 240.875001][ T8654] -> #2 (&q->elevator_lock){+.+.}-{4:4}: [ 240.882844][ T8654] __mutex_lock+0x1a4/0x1b10 [ 240.888043][ T8654] elevator_change+0x1bc/0x530 [ 240.893363][ T8654] elevator_set_none+0x92/0xf0 [ 240.898674][ T8654] blk_mq_update_nr_hw_queues+0x4c1/0x15f0 [ 240.905021][ T8654] nbd_start_device+0x1a6/0xbd0 [ 240.910402][ T8654] nbd_genl_connect+0xff2/0x1a40 [ 240.915874][ T8654] genl_family_rcv_msg_doit+0x214/0x300 [ 240.921971][ T8654] genl_rcv_msg+0x560/0x800 [ 240.927021][ T8654] netlink_rcv_skb+0x159/0x420 [ 240.932324][ T8654] genl_rcv+0x28/0x40 [ 240.936850][ T8654] netlink_unicast+0x585/0x850 [ 240.942155][ T8654] netlink_sendmsg+0x8b0/0xda0 [ 240.947458][ T8654] ____sys_sendmsg+0x9e1/0xb70 [ 240.952761][ T8654] ___sys_sendmsg+0x190/0x1e0 [ 240.957975][ T8654] __sys_sendmsg+0x170/0x220 [ 240.963134][ T8654] do_syscall_64+0x10b/0xf80 [ 240.968268][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 240.974697][ T8654] [ 240.974697][ T8654] -> #1 (&q->q_usage_counter(io)#49){++++}-{0:0}: [ 240.983336][ T8654] blk_alloc_queue+0x610/0x790 [ 240.988659][ T8654] blk_mq_alloc_queue+0x174/0x290 [ 240.994253][ T8654] __blk_mq_alloc_disk+0x29/0x120 [ 240.999818][ T8654] nbd_dev_add+0x492/0xb10 [ 241.004768][ T8654] nbd_init+0x291/0x2b0 [ 241.009472][ T8654] do_one_initcall+0x121/0x750 [ 241.014782][ T8654] kernel_init_freeable+0x6ea/0x7b0 [ 241.020511][ T8654] kernel_init+0x1f/0x1e0 [ 241.025389][ T8654] ret_from_fork+0x72b/0xd50 [ 241.030687][ T8654] ret_from_fork_asm+0x1a/0x30 [ 241.036003][ T8654] [ 241.036003][ T8654] -> #0 (fs_reclaim){+.+.}-{0:0}: [ 241.043241][ T8654] __lock_acquire+0x14b8/0x2630 [ 241.048634][ T8654] lock_acquire+0x1b1/0x370 [ 241.053682][ T8654] fs_reclaim_acquire+0xc4/0x100 [ 241.059175][ T8654] prepare_alloc_pages+0x166/0x5f0 [ 241.064840][ T8654] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 241.071275][ T8654] alloc_pages_mpol+0x1fb/0x540 [ 241.076681][ T8654] folio_alloc_mpol_noprof+0x36/0x260 [ 241.082607][ T8654] vma_alloc_folio_noprof+0xed/0x1d0 [ 241.088535][ T8654] do_wp_page+0xd75/0x4350 [ 241.093500][ T8654] __handle_mm_fault+0x1ab6/0x2a00 [ 241.099148][ T8654] handle_mm_fault+0x36d/0xa20 [ 241.104450][ T8654] do_user_addr_fault+0x74c/0x12f0 [ 241.110106][ T8654] exc_page_fault+0x6f/0xd0 [ 241.115153][ T8654] asm_exc_page_fault+0x26/0x30 [ 241.120537][ T8654] _copy_to_iter+0x4c0/0x1720 [ 241.125762][ T8654] simple_copy_to_iter+0x46/0x90 [ 241.131242][ T8654] __skb_datagram_iter+0x129/0x900 [ 241.136897][ T8654] skb_copy_datagram_iter+0xa5/0x270 [ 241.142726][ T8654] tipc_recvstream+0x3f4/0x970 [ 241.148017][ T8654] sock_recvmsg+0x1a4/0x1f0 [ 241.153100][ T8654] ____sys_recvmsg+0x218/0x640 [ 241.158405][ T8654] ___sys_recvmsg+0x16a/0x1a0 [ 241.163626][ T8654] __sys_recvmsg+0x16d/0x220 [ 241.168740][ T8654] do_syscall_64+0x10b/0xf80 [ 241.173884][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.180313][ T8654] [ 241.180313][ T8654] other info that might help us debug this: [ 241.180313][ T8654] [ 241.190541][ T8654] Chain exists of: [ 241.190541][ T8654] fs_reclaim --> sk_lock-AF_INET --> &mm->mmap_lock [ 241.190541][ T8654] [ 241.203090][ T8654] Possible unsafe locking scenario: [ 241.203090][ T8654] [ 241.210530][ T8654] CPU0 CPU1 [ 241.215886][ T8654] ---- ---- [ 241.221252][ T8654] rlock(&mm->mmap_lock); [ 241.225673][ T8654] lock(sk_lock-AF_INET); [ 241.232626][ T8654] lock(&mm->mmap_lock); [ 241.239483][ T8654] lock(fs_reclaim); [ 241.243474][ T8654] [ 241.243474][ T8654] *** DEADLOCK *** [ 241.243474][ T8654] [ 241.251612][ T8654] 2 locks held by syz.5.1060/8654: [ 241.256721][ T8654] #0: ffff88803365f660 (sk_lock-AF_TIPC){+.+.}-{0:0}, at: tipc_wait_for_rcvmsg.isra.0+0x2ca/0x5a0 [ 241.267493][ T8654] #1: ffff88802a9a0f78 (&mm->mmap_lock){++++}-{4:4}, at: lock_mm_and_find_vma+0x35/0x6f0 [ 241.277494][ T8654] [ 241.277494][ T8654] stack backtrace: [ 241.283388][ T8654] CPU: 1 UID: 0 PID: 8654 Comm: syz.5.1060 Tainted: G L syzkaller #0 PREEMPT(full) [ 241.283437][ T8654] Tainted: [L]=SOFTLOCKUP [ 241.283450][ T8654] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 241.283473][ T8654] Call Trace: [ 241.283486][ T8654] [ 241.283500][ T8654] dump_stack_lvl+0x100/0x190 [ 241.283539][ T8654] print_circular_bug.cold+0x178/0x1c7 [ 241.283599][ T8654] check_noncircular+0x146/0x160 [ 241.283647][ T8654] __lock_acquire+0x14b8/0x2630 [ 241.283698][ T8654] lock_acquire+0x1b1/0x370 [ 241.283737][ T8654] ? prepare_alloc_pages+0x166/0x5f0 [ 241.283804][ T8654] fs_reclaim_acquire+0xc4/0x100 [ 241.283856][ T8654] ? prepare_alloc_pages+0x166/0x5f0 [ 241.283914][ T8654] prepare_alloc_pages+0x166/0x5f0 [ 241.283974][ T8654] __alloc_frozen_pages_noprof+0x19a/0x2bc0 [ 241.284019][ T8654] ? __lock_acquire+0x4a5/0x2630 [ 241.284066][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284109][ T8654] ? __lock_acquire+0x4a5/0x2630 [ 241.284151][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284199][ T8654] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 241.284249][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284291][ T8654] ? find_held_lock+0x2b/0x80 [ 241.284357][ T8654] ? __lock_acquire+0x4a5/0x2630 [ 241.284398][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284441][ T8654] ? is_bpf_text_address+0x94/0x1a0 [ 241.284478][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284520][ T8654] ? kernel_text_address+0x8d/0x100 [ 241.284564][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284608][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284651][ T8654] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 241.284689][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284734][ T8654] ? policy_nodemask+0xed/0x4f0 [ 241.284788][ T8654] alloc_pages_mpol+0x1fb/0x540 [ 241.284840][ T8654] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 241.284893][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.284936][ T8654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 241.284977][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285021][ T8654] ? lockdep_hardirqs_on+0x78/0x100 [ 241.285064][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285106][ T8654] ? _raw_spin_unlock_irqrestore+0x3b/0x80 [ 241.285150][ T8654] folio_alloc_mpol_noprof+0x36/0x260 [ 241.285211][ T8654] vma_alloc_folio_noprof+0xed/0x1d0 [ 241.285271][ T8654] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 241.285332][ T8654] ? rcu_read_unlock+0x2d/0xb0 [ 241.285378][ T8654] ? rcu_read_unlock+0x2d/0xb0 [ 241.285417][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285461][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285509][ T8654] do_wp_page+0xd75/0x4350 [ 241.285573][ T8654] ? __pfx_do_wp_page+0x10/0x10 [ 241.285626][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285673][ T8654] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 241.285724][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285767][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285816][ T8654] __handle_mm_fault+0x1ab6/0x2a00 [ 241.285860][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.285904][ T8654] ? mt_find+0x45e/0x8e0 [ 241.285950][ T8654] ? __pfx___handle_mm_fault+0x10/0x10 [ 241.285989][ T8654] ? __pfx_mt_find+0x10/0x10 [ 241.286048][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.286091][ T8654] ? find_vma+0xbf/0x140 [ 241.286141][ T8654] ? __pfx_find_vma+0x10/0x10 [ 241.286193][ T8654] handle_mm_fault+0x36d/0xa20 [ 241.286235][ T8654] do_user_addr_fault+0x74c/0x12f0 [ 241.286288][ T8654] ? trace_page_fault_kernel+0x7a/0x200 [ 241.286335][ T8654] exc_page_fault+0x6f/0xd0 [ 241.286384][ T8654] asm_exc_page_fault+0x26/0x30 [ 241.286421][ T8654] RIP: 0010:_copy_to_iter+0x4c0/0x1720 [ 241.286477][ T8654] Code: 00 e8 a4 e6 12 fd 48 8b 74 24 18 48 8b 44 24 08 4c 8d 24 06 89 de 4c 89 e7 e8 bc b1 7f fd 0f 01 cb 48 89 d9 4c 89 f7 4c 89 e6 a4 0f 1f 00 49 89 cc 0f 01 ca 48 89 d8 48 29 c8 48 01 44 24 08 [ 241.286512][ T8654] RSP: 0018:ffffc9000b7b77a8 EFLAGS: 00050246 [ 241.286539][ T8654] RAX: 0000000000000001 RBX: 00000000000101d0 RCX: 000000000000f5d0 [ 241.286563][ T8654] RDX: 0000000000000001 RSI: ffff8880490c0ce8 RDI: 0000200000001000 [ 241.286586][ T8654] RBP: ffff88807c8d8000 R08: 0000000000000000 R09: ffffed100921a056 [ 241.286609][ T8654] R10: ffff8880490d02b7 R11: 0000000000000000 R12: ffff8880490c00e8 [ 241.286632][ T8654] R13: 0000000000000000 R14: 0000200000000400 R15: 00000000000101d0 [ 241.286667][ T8654] ? _copy_to_iter+0x4b4/0x1720 [ 241.286727][ T8654] ? __pfx__copy_to_iter+0x10/0x10 [ 241.286779][ T8654] ? _raw_spin_lock_irqsave+0x52/0x60 [ 241.286815][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.286860][ T8654] ? find_held_lock+0x2b/0x80 [ 241.286916][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.286959][ T8654] ? mark_held_locks+0x40/0x70 [ 241.287002][ T8654] ? _raw_spin_unlock_irqrestore+0x52/0x80 [ 241.287040][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.287087][ T8654] simple_copy_to_iter+0x46/0x90 [ 241.287138][ T8654] __skb_datagram_iter+0x129/0x900 [ 241.287184][ T8654] ? __sanitizer_cov_trace_switch+0x54/0x90 [ 241.287219][ T8654] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 241.287269][ T8654] ? tipc_sk_anc_data_recv+0xad/0x6b0 [ 241.287325][ T8654] skb_copy_datagram_iter+0xa5/0x270 [ 241.287382][ T8654] tipc_recvstream+0x3f4/0x970 [ 241.287425][ T8654] ? __pfx_tipc_recvstream+0x10/0x10 [ 241.287457][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.287500][ T8654] ? aa_sock_msg_perm.isra.0+0x100/0x1b0 [ 241.287554][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.287597][ T8654] ? __pfx_tipc_recvstream+0x10/0x10 [ 241.287631][ T8654] sock_recvmsg+0x1a4/0x1f0 [ 241.287676][ T8654] ____sys_recvmsg+0x218/0x640 [ 241.287724][ T8654] ? __pfx_____sys_recvmsg+0x10/0x10 [ 241.287776][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.287820][ T8654] ? __lock_acquire+0x4a5/0x2630 [ 241.287860][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.287907][ T8654] ___sys_recvmsg+0x16a/0x1a0 [ 241.287954][ T8654] ? __pfx____sys_recvmsg+0x10/0x10 [ 241.288001][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.288046][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.288107][ T8654] __sys_recvmsg+0x16d/0x220 [ 241.288141][ T8654] ? __pfx___sys_recvmsg+0x10/0x10 [ 241.288174][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.288216][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.288271][ T8654] ? srso_alias_return_thunk+0x5/0xfbef5 [ 241.288314][ T8654] ? rcu_is_watching+0x12/0xc0 [ 241.288375][ T8654] do_syscall_64+0x10b/0xf80 [ 241.288419][ T8654] ? irqentry_exit+0x117/0x790 [ 241.288463][ T8654] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.288498][ T8654] RIP: 0033:0x7f101db9cdd9 [ 241.288527][ T8654] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 241.288561][ T8654] RSP: 002b:00007f101bdee028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 241.288592][ T8654] RAX: ffffffffffffffda RBX: 00007f101de15fa0 RCX: 00007f101db9cdd9 [ 241.288616][ T8654] RDX: 0000000000000000 RSI: 0000200000000500 RDI: 0000000000000003 [ 241.288638][ T8654] RBP: 00007f101dc32d69 R08: 0000000000000000 R09: 0000000000000000 [ 241.288662][ T8654] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 241.288683][ T8654] R13: 00007f101de16038 R14: 00007f101de15fa0 R15: 00007ffdc6f7c918 [ 241.288719][ T8654] [ 242.020780][ T8645] overlayfs: statfs failed on './file0' [ 242.047150][ T5782] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 242.099665][ T5632] block nbd4: Receive control failed (result -32) [ 242.206100][ T5782] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 242.219238][ T5782] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.265244][ T5782] usb 5-1: config 0 interface 0 has no altsetting 0 [ 242.294255][ T5782] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 242.320811][ T5782] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.343566][ T5782] usb 5-1: config 0 descriptor?? [ 242.435152][ T957] uclogic 0003:145F:0212.0009: pen parameters not found [ 242.450588][ T957] uclogic 0003:145F:0212.0009: interface is invalid, ignoring [ 242.657596][ T957] usb 1-1: USB disconnect, device number 10 [ 242.976084][ T957] usb 5-1: USB disconnect, device number 9