last executing test programs: 6m27.033835708s ago: executing program 2 (id=2107): r0 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000001440), 0x0, 0x0) ioctl$IMADDTIMER(r0, 0x80044940, &(0x7f0000000240)=0x14) 6m26.84570554s ago: executing program 2 (id=2110): write$proc_mixer(0xffffffffffffffff, &(0x7f0000000340)=ANY=[@ANYBLOB='SYNTH \'Mic\' 00000000000000000000\nIGAIN \'Capture Volume\' 00000000000000000000\nVOLUME\nLINE\nMONIT'], 0x86) syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000094037b40fd080200fdca010203010902120001000000000904"], 0x0) 6m24.884757655s ago: executing program 2 (id=2154): r0 = syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x80078b, &(0x7f0000000680)={[{@nodioread_nolock}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nobh}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0xe4d}}]}, 0x0, 0x471, &(0x7f0000000bc0)="$eJzs289rHFUcAPDvTH60tT8Sa/3RWjVahKCYNGnVHrwoCh4qCnqox5hsS+i2kSaKLcWmIvUiSEHP4lHwL/AmgqgnwatePEmhaC+tniIzO9NuttnUmE0mZj8fmOx7M2933jdvfrx5bzeArjWU/UkidkTELxEx0MguLjDUeLlx7fzkX9fOTyaxsPD6H0le7vq185Nl0fJ924vMcBqRfpgUO1ls9uy5kxP1eu1MkR+dO/X26OzZc0+9e2riRO1E7fT4kSOHD409+8z40x2JM4vr+r73Z/bvffnNy69MHrv81g9fZfXdUWxvjqNThrLA/1zItW57vNM7q9jOpnTSW2FFWJGeiMiaqy8//weiJ2413kC89EGllQPWVHZv2tJ+8/wCsIklUXUNgGqUN/rs+bdc1qnrsSFcfb7xAJTFfaNYGlt6Iy3K9LU833bSUEQcm//782yJNRqHAABo9vHkZ0f7m/odt/ofadyXv/6W/02KOZTBiLg7InZHxD0RsSci7o3Iy94fEQ+ssj6393/SK6v8yGVl/b/nirmtxf2/svcXgz1Fbmcef19yfLpeOxgRuyJiOPq2ZPmxZfbxzYs/f9JuW3P/L1uy/Zd9waIeV3pbBuimJuYm8k5pB1y9GLGvd6n4k5szAVnb742IfSv76F1lYvqJL/e3K3Tn+JfRgXmmhS+y8Oaz+OejJf5S0jw/OX3b/OTo1qjXDo6WR8Xtfvzp0mvt9r+q+Dvgaq3x2tT+rUUGk+b52tmV7+PSrx+1fab5j8d/2p+8kc8z9xfr3puYmzszFtGfHM3zi9aP33pvmS/LZ8f/8IGlz//dxXuy+B+MiOwgfigiHo6IR4q6PxoRj0XEgWXi//6F9tvK+COtqP0vRkwtef27efy3tP/KEz0nv/u63f7/XfsfzlPDxZr8+ncHS1Unu1y0VnA1/zsAAAD4v0jz78An6cjNdJqOjDS+w78n7krrM7NzTx6feef0VOO78oPRl5YjXQPFeGh9ul4bS+aLT2yMj44XY8XleOmhYtz4055teX5kcqY+VXHs0O22tzn/M7/3VF07YI1tW3LteP+6VwSoQOs8ero4e+HVcDGAzcrvtaF73eH8T9erHsD6c/+H7rXU+X+hJW8uADYn93/oXs5/6FLpt1XXAKiQ+z90pdX8rn8NE1s3RjWqSWzURskTEWUi3RD1kVijRNVXJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74JwAA///SqekQ") ioctl$EXT4_IOC_ALLOC_DA_BLKS(r0, 0x660c) 6m23.727392513s ago: executing program 2 (id=2161): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000003c0)={[{@barrier}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xf}}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}, {@minixdf}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 6m22.710315853s ago: executing program 2 (id=2171): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=@newlink={0x54, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x320, 0x4000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @veth={{0x9}, {0x18, 0x2, 0x0, 0x1, @val=@VETH_INFO_PEER={0x14, 0x1, {{0x0, 0x0, 0x0, 0x0, 0x20010, 0x284a0}}}}}}, @IFLA_ADDRESS={0xa}]}, 0x54}, 0x1, 0xd, 0x0, 0x480c5}, 0x0) 6m20.463394515s ago: executing program 2 (id=2191): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@multiplanar_fd={0xffff1432, 0x0, 0x4, 0x100000, 0x1ff, {}, {0x3, 0x2, 0x1, 0x43, 0x8, 0x4, "77bfc368"}, 0x4, 0x4, {0x0}, 0xf1}) 6m20.332465423s ago: executing program 32 (id=2191): r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2) ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000240)=@multiplanar_fd={0xffff1432, 0x0, 0x4, 0x100000, 0x1ff, {}, {0x3, 0x2, 0x1, 0x43, 0x8, 0x4, "77bfc368"}, 0x4, 0x4, {0x0}, 0xf1}) 5m24.525059209s ago: executing program 4 (id=3175): r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x10, 0x25, 0x34, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) 5m24.355631369s ago: executing program 4 (id=3176): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000001340)={0x0, 0x0, &(0x7f0000001300)={&(0x7f0000000040)=@updsa={0x104, 0x1a, 0x1, 0x0, 0x0, {{@in=@private=0xa010101, @in=@loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x32}, {@in6=@local, 0x0, 0x3c}, @in6=@remote, {0x0, 0x0, 0xfffffffffffffffe}, {}, {}, 0x0, 0x3503, 0xa, 0x2, 0xfd, 0x2c}, [@coaddr={0x14, 0xe, @in=@broadcast}]}, 0x104}, 0x1, 0x0, 0x0, 0x50}, 0x0) 5m24.128891363s ago: executing program 4 (id=3178): mmap$xdp(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x2, 0x42032, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000, 0x0, &(0x7f00008b5000/0x1000)=nil) 5m23.910310656s ago: executing program 4 (id=3181): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000003c0)={[{@barrier}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xf}}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}, {@minixdf}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 5m23.272627333s ago: executing program 4 (id=3199): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x11, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000000c0)={@map=r0, 0xffffffffffffffff, 0x5}, 0x10) 5m21.302710828s ago: executing program 4 (id=3214): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)="1400000037000b0fd25a806c8c6f94f90524fc60", 0x14}, {&(0x7f0000000080)="1b0f4f67b69be8f6191c9dc07e6f8b69e0b7633d4549ee807751d505c6e0b9271bfd35af8c31ecd3c7c42130f21a7b3db2c94ad82a8b7d409dff58b3be1014e186fc04ce9f4e3cd37b43b92f355c351ab647d4643f7abd99fc71081c10bcb8622feaaad38fc470ad263837ef9a529db5e33c2018882e69e4afcb1ad497ad549e8cc4b7fef0568b1a16311364539e8468f5a9ef0069f585cdcdd040868dda66f1538456c5b770d552414301033cbe8feff1ddce4f51de241e37cf19d75515a25bb2a9728439b8a36b770970a1c4db7674c27f7caa4f3227ac1f", 0xd9}, {&(0x7f0000000180)="013141a083bd683e84ae42db0233e5772c98623e014c5f136be0ef0502a9ce1b75d819434c64f2e5f40ed3cf94478c087e5125b915bd042092fc60cf9081e2bb80e31f5716dae4338e51770e80ce20a1b1ca5a1173b2397f9bbe814c39d3fa49a9845122be3cf6d6fd00e511bf9e73e092b99e43d0ca92d93dc9013f3dc835c883d80c5597ee293bc2a7d237ac83722b1ff83b81a5797ec8a01e14c7aef79c6f3779d6136fc685aac60ae9889a88c32db49115fd8a8d54e4e3cc25c4a318a70ff5dacec0a5348c54db8e3b6f6c2b0d6bcdbe6155cd61b8cf508aeff18d573fd8ebeb493a83c97a1adb925aa83b8fc7e15902861549", 0xf5}, {&(0x7f00000002c0)}], 0x4, 0x0, 0x0, 0x20000000}, 0x200000c0) 5m21.024682355s ago: executing program 33 (id=3214): r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000040)="1400000037000b0fd25a806c8c6f94f90524fc60", 0x14}, {&(0x7f0000000080)="1b0f4f67b69be8f6191c9dc07e6f8b69e0b7633d4549ee807751d505c6e0b9271bfd35af8c31ecd3c7c42130f21a7b3db2c94ad82a8b7d409dff58b3be1014e186fc04ce9f4e3cd37b43b92f355c351ab647d4643f7abd99fc71081c10bcb8622feaaad38fc470ad263837ef9a529db5e33c2018882e69e4afcb1ad497ad549e8cc4b7fef0568b1a16311364539e8468f5a9ef0069f585cdcdd040868dda66f1538456c5b770d552414301033cbe8feff1ddce4f51de241e37cf19d75515a25bb2a9728439b8a36b770970a1c4db7674c27f7caa4f3227ac1f", 0xd9}, {&(0x7f0000000180)="013141a083bd683e84ae42db0233e5772c98623e014c5f136be0ef0502a9ce1b75d819434c64f2e5f40ed3cf94478c087e5125b915bd042092fc60cf9081e2bb80e31f5716dae4338e51770e80ce20a1b1ca5a1173b2397f9bbe814c39d3fa49a9845122be3cf6d6fd00e511bf9e73e092b99e43d0ca92d93dc9013f3dc835c883d80c5597ee293bc2a7d237ac83722b1ff83b81a5797ec8a01e14c7aef79c6f3779d6136fc685aac60ae9889a88c32db49115fd8a8d54e4e3cc25c4a318a70ff5dacec0a5348c54db8e3b6f6c2b0d6bcdbe6155cd61b8cf508aeff18d573fd8ebeb493a83c97a1adb925aa83b8fc7e15902861549", 0xf5}, {&(0x7f00000002c0)}], 0x4, 0x0, 0x0, 0x20000000}, 0x200000c0) 4m28.40623546s ago: executing program 3 (id=4047): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x401, 0x0, 0x3, {0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_PRIMARY_RESELECT={0x5, 0xc, 0x3}]}}}]}, 0x3c}}, 0x0) 4m28.103135768s ago: executing program 3 (id=4052): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="5c0000000206050000000000000000000700000014000780080008400000009808000640200000000500010006000000050005000200000005000400000000000900020073797a310000000010000300686173683a6970"], 0x5c}}, 0x20000000) 4m27.931482498s ago: executing program 3 (id=4057): r0 = socket(0x22, 0x2, 0x4) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000080)) 4m27.797309876s ago: executing program 3 (id=4061): syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f00000003c0)={[{@barrier}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xf}}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}, {@minixdf}]}, 0x1, 0x59c, &(0x7f0000001840)="$eJzs3U9oHGUbAPBnZrNN/+T70g++Dz6lh6JChdJN0j9aPbVXsVDoQfCiYbMNJZtsySbahIDpvYg9iEov9aYHj4oHD+LFo1cvimeh2KDQ9KArm51N03S3bmI2W7O/H0z2fWdm93nfmX3e7AwzTAB962j9TxrxVERcTCKGNywbiGzh0cZ6qytLxfsrS8UkarVLvySRRMS9laVic/0kez0UEcsR8f+I+CYfcTxd/8h9zUJ1YXFqvFwuzWb1kbnpqyPVhcUTV6bHJ0uTpZlTL7505uzpM2MnxzY2935tYy2/tb7e+PHmuze+e+X2zU8/O7JcfH88iXMxlC3b2I+d1Ngm+Ti3af7pbgTroaTXDWBbclme11PpfzEcuSzrW6ltHBwGd6V5QBfVBiNq6zYUgT6QSHroU83fAfXj3+a0m78/7pxvHIDU466uLBXfiWb8gca5idi/dmxy8NfkoSOT+vHm4d1sKHvS8vWIGB0YePT7n2Tfv+0b3YkG0lVfn2/sqEf3f7o+/kSL8Weoee70b2qOf6vZ+LfaIn6uzfh3scMYv7/+00dt418fjKdbxk/W4yct4qcR8WaH8W+99uXZdstqH0cci9bxm5LHnx8euXylXBpt/G0Z46tjR15u3/+Ig23iN87Z7l9ryMb+78valHbY/y++/fyZ5cfEf/7Zx+//Vtv/QES812H8/9z75NV2y+5cT+7WfwVsdf8nkY/bHcZ/4dzRH7Kis4YAAAAAAAAAALCD0rVr2ZK0sF5O00KhcQ/vf+NgWq5U545frszPTDSueTsc+bR5pdVwo57U62PZ9bjN+slN9VO5LGDuwFq9UKyUJ3rcdwAAAAAAAAAAAAAAAAAAAHhSHNp0//9vubX7/zc/rhrYq9o/8hvY6+Q/9K+H8z/pWTuA3ef/P/StmvyH/iX/oX/Jf+hf8h/6l/yH/iX/oX/JfwAAAAAAAAAAAAAAAAAAAAAAAAAA6IqLFy7Up9r9laVivT4xsDA/VXnrxESpOlWYni8WipXZq4XJSmWyXCoUK9N/9XlJpXJ1NGbmr43MlapzI9WFxTemK/MzzWeKlvJd7xEAAAAAAAAAAAAAAAAAAAD88wytTUlaiMg36mlaKET8KyIOJ5FcvlIujUbEvyPi+1x+sF4f63WjAQAAAAAAAAAAAAAAAAAAYI+pLixOjZfLpdnuFQayUF0M0XlhYCsrR8Tyzjaj/olbflc+24A93nR7o5B7Mr6HT36hh4MSAAAAAAAAAAAAAAAAAAD0qQc3/Xb6jj+62yAAAAAAAAAAAAAAAAAAAADoS+nPSUTUp2PDzw1tXrovWc2tvUbE27cufXBtfG5udqw+/+76/LkPs/kne9F+oFPNPE0jop7HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwAPVhcWp8XK5NLvNwmAH6/S6jwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADb8WcAAAD//y4WzlE=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 4m27.409848448s ago: executing program 3 (id=4070): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, &(0x7f0000000100)) 4m25.463451423s ago: executing program 3 (id=4096): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) 4m25.070301016s ago: executing program 34 (id=4096): r0 = getpid() sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) 1.984524353s ago: executing program 7 (id=8899): unshare(0x6000680) unshare(0x46000680) 1.714120899s ago: executing program 5 (id=8909): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x101402) ioctl$SNDRV_TIMER_IOCTL_NEXT_DEVICE(r0, 0xc0145401, &(0x7f0000000000)={0x3, 0x0, 0x3, 0x0, 0xffefffff}) 1.631472684s ago: executing program 5 (id=8910): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) ioctl$sock_SIOCOUTQ(r0, 0x5411, &(0x7f0000000140)) 1.618895665s ago: executing program 6 (id=8913): r0 = syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x1008002, &(0x7f0000000180)={[{@grpquota}, {@sysvgroups}, {@nomblk_io_submit}, {}, {@dioread_nolock}, {@jqfmt_vfsv0}, {@nomblk_io_submit}, {@errors_continue}]}, 0x0, 0x5e0, &(0x7f0000000bc0)="$eJzs3c1vVFUbAPDnTj9oKe/bQt68igtpYgwkSksLGGJcwNaQBj/ixo2VFkQKNLRGiyaUBDcmxo0xJq5ciP+FEtmy0pULN64MCVHD0sQxd3pv6bR3+kU7t3J/v2TouefM5Zzb6dNz5vScOwFU1mD6Ty1if0RMJxH9yfxiWWdkhYMLz3vw50dn00cS9fprvyeRZHn585Psa192ck9E/PhDEvs6VtY7M3ft4vjU1OTV7Hh49tL08MzctcMXLo2fnzw/eXn0hdETx48dPzFyZFPXdb0g7/TNd9/v/2TszW+++isZ+faXsSROxsvZE5dex1YZjMHG9yRZWdR3YqsrK0lH9nOy9CVOOoue2dW+RrFu+euXvjpPRH90xMMXrz8+fqXUxgHbqp5E1IGKSsQ/VFQ+Dsjf2y9/H1wrZVQCtMP9UwsTACvjv3NhbjB6GnMDux8ksXRaJ4mIzc3MNdsTEXfvjN08d2fsZmzTPBxQbP5GRDxZFP9JI/4HoicGGvFfa4r/dFxwJvua5r+6yfqXTxWLf2ifhfjvWTX+o0X8v7Uk/t/eZP2DD5Pv9DbFf+9mLwkAAAAAAAAq6/apiHi+6O//tcX1P1Gw/qcvIk5uQf2Dy45X/v2/dm8LqgEK3D8V8VLh+t9avvp3oCNL/aexHqArOXdhavJIRPw3Ig5F1670eGSVOg5/uu/LVmWD2fq//JHWfzdbC5i1417nruZzJsZnxx/1uoGI+zcinipc/5ss9v9JQf+f/j6YXmcd+569daZV2drxD2yX+tcRBwv7/4d3rUhWvz/HcGM8MJyPClZ6+sPPvmtV/2bjv/AWE8CGpP3/7tXjfyBZer+emY3XcXSus96qbLPj/+7k9cYtZ7qzvA/GZ2evjkR0J6c70tym/NGNtxkeR3k85PGSxv+hZ1af/ysa//dGxPyy/zv5o3lPce7/f/f92qo9xv9QnjT+JzbU/288MXpr4PtW9a+v/z/W6OsPZTnm/2DBF3mYdjfnF4RjZ1FRu9sLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI+DWkTsiaQ2tJiu1YaGIvoi4n+xuzZ1ZWb2uXNX3rs8kZY1Pv+/ln/Sb//CcZJ//v/AkuPRZcdHI2JvRHze0ds4Hjp7ZWqi7IsHAAAAAAAAAAAAAAAAAACAHaKvxf7/1G8dZbcO2HadZTcAKE1B/P9URjuA9tP/Q3WJf6gu8Q/VJf6husQ/VJf4h+oS/1Bd4h8AAAAAAB4rew/c/jmJiPkXexuPVHdW1lVqy4DtViu7AUBp3OIHqsvSH6gu7/GBZI3ynpYnrXXmaqbPPsLJAAAAAAAAAAAAAFA5B/fb/w9VZf8/VJf9/1Bd+f7/AyW3A2g/7/GBWGMnf+H+/zXPAgAAAAAAAAAAAAC20szctYvjU1OTVyXe2BnNaGeiXq9fT38Kdkp7/uWJfCn8TmnPskS+1299Z5X3OwkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGj2TwAAAP//+Ekkyg==") quotactl_fd$Q_SETINFO(r0, 0xffffffff80000601, 0x0, &(0x7f0000000000)={0x4, 0x6, 0x1, 0x4}) 1.618450905s ago: executing program 5 (id=8914): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r0, &(0x7f0000000140)={0x10, 0x30, 0x3, {0x0, 0x0, {0x2, 0x0, 0x0, @mcast1}}}, 0x38) 1.496329352s ago: executing program 5 (id=8916): syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000040)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, &(0x7f0000000500)=ANY=[], 0xc, 0xac, &(0x7f0000000100)="$eJzs0jFqwzAUBuBnY7cdu3foDXwHn6BnMB3tzZNLJ9+nlyh07RFygwxZsygYyUP2QAh8H0hPP/8ikP7PP2+xRryvESmlJu2aSPPyNQ7TvLTjMEVEG3+RVWU+Bw+uLs/ZR/4DWz72uatKfzh9f+4rNx+/eT7d7+IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcEPV63Wuo+vK8WXbLgEAAP//2Bwh+A==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) 1.170359661s ago: executing program 6 (id=8922): r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, 0xfffffffffffffffc, &(0x7f0000000080)=0x4c) 1.154490652s ago: executing program 5 (id=8924): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000040)=0x14) 891.500407ms ago: executing program 6 (id=8928): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000400)={0x28, 0x13, 0x1, 0x2, 0x25dfdbf6, "", [@typed={0x7, 0x0, 0x0, 0x0, @str='\x13\x00\x00'}, @typed={0x8, 0x3fff, 0x0, 0x0, @fd}, @nested={0x8, 0x1a, 0x0, 0x1, [@nested={0x4}]}]}, 0x28}], 0x1, 0x0, 0x0, 0x80c0}, 0x4080) 891.327637ms ago: executing program 7 (id=8929): r0 = syz_open_dev$sndctrl(&(0x7f0000000540), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_NEXT_DEVICE(r0, 0x40405515, &(0x7f0000000040)=0x4) 891.226678ms ago: executing program 5 (id=8930): r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf", @ANYRESOCT=0x0], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 885.394528ms ago: executing program 0 (id=8931): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000039000000080000000b"], 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f0000000600), 0x0}, 0x20) 759.258256ms ago: executing program 6 (id=8934): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/crypto\x00', 0x0, 0x0) lseek(r0, 0x1000000, 0x0) 758.088925ms ago: executing program 7 (id=8935): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x48, 0x30, 0x9e54f29ff072a93b, 0x0, 0x0, {}, [{0x34, 0x1, [@m_csum={0x30, 0x1, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x48}}, 0x0) 746.201586ms ago: executing program 0 (id=8936): r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') read$FUSE(r0, &(0x7f00000077c0)={0x2020}, 0x2020) 662.042021ms ago: executing program 7 (id=8937): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000040)={0x5c, 0x2, 0x6, 0x301, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:mac\x00'}]}, 0x5c}}, 0x0) 624.991033ms ago: executing program 1 (id=8938): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x101002) ioctl$FE_SET_PROPERTY(r0, 0x40106f52, &(0x7f0000000000)={0x2, &(0x7f0000000340)=[{0x1c, '\x00', @buffer={"21e109bbd40fa147332cff67a00000000000000004903e9583d9fa9372c5b05f", 0x20}, 0x4}, {0x18, '\x00', @buffer={"f5afd87efbed0c831dd3fe7de8e6d7623ef47a44b0c02d426b799f77205767bd", 0x20}, 0x2}]}) 624.841243ms ago: executing program 6 (id=8939): mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) migrate_pages(0x0, 0x8a4, &(0x7f0000000380)=0xd, 0x0) 624.385493ms ago: executing program 0 (id=8940): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCSIFVLAN_SET_VLAN_EGRESS_PRIORITY_CMD(r0, 0x8983, &(0x7f00000001c0)={0x3, 'vlan1\x00', {0x3}, 0x7}) 499.493341ms ago: executing program 0 (id=8941): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) preadv2(r0, &(0x7f0000000000)=[{&(0x7f0000001200)=""/4096, 0x1000}, {&(0x7f0000002200)=""/4096, 0x1000}], 0x2, 0x0, 0x0, 0x0) 492.955571ms ago: executing program 1 (id=8942): r0 = socket$inet_smc(0x2b, 0x1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x1c, 0x0, &(0x7f0000000000)) 492.474181ms ago: executing program 7 (id=8943): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x4c, 0x10, 0x1, 0x70bd25, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x48978, 0x13}, [@IFLA_VFINFO_LIST={0x18, 0x16, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, [@IFLA_VF_RATE={0x10, 0x6, {0x80000000, 0x6, 0x5}}]}]}, @IFLA_IFNAME={0x14, 0x3, 'team0\x00'}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40801}, 0x4000000) 486.743331ms ago: executing program 6 (id=8944): syz_usb_connect(0x0, 0x2d, &(0x7f0000000280)=ANY=[@ANYBLOB="1201000009968810524711004f320102030109021b0001000000000904000001ff01320009050d0353"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 415.403916ms ago: executing program 0 (id=8945): r0 = socket(0x11, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f00000003c0)={'wlan1\x00', {0x2, 0x0, @broadcast}}) 396.211207ms ago: executing program 1 (id=8946): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002106000d40931000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c000100636f756e7465720010000180090001006c617374"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0) 350.396299ms ago: executing program 0 (id=8947): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) write$UHID_INPUT(r0, &(0x7f0000001040)={0x9, {"a2e3ad21ed0d09f90e3d090987f70e06d038e7ff7fc6e5539b0d5b0e8b099b3f36006c090890e0878f0e1ac6e7f89b334d959b4a9a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074a0936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0a6193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000400000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617679314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec230911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918c91243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac5a4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4b333bd5bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3be3b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ce0700c7e658828163e2d25c4aa348561f927eff7f3aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f05004b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d486046b2c0e2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee6157eb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de225727aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d78749a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29c60acebdbe8ddbd75c2f998d8a57f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95ff80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8870b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513007000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae8489d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60299473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d946a2daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810300000000000000a12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf000000800000000007b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae0e797e8bd1f4108b7807fb36207685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ad50dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b9048017848416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1db44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b00f1000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de9c0587c2cb5fe36d7d3e5db21b013b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cf4b23329072e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06810002000000000000957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f3e90d5943dbc10360a1a49700d1dfbf66d69f6fbafe1e83cdde8bb0d872a02238926407a4eddd5d0fc5a752f900000000000000100", 0xffffffffffffff75}}, 0x1006) 337.02347ms ago: executing program 7 (id=8948): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100003020732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe4a, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r0, 0x18000000000002a0, 0x14, 0x0, &(0x7f0000000480)="b9e203076008008cb89e08f00800511d0833df54", 0x0, 0xfffffdff, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 303.286362ms ago: executing program 1 (id=8949): r0 = socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$inet_sctp(r0, &(0x7f0000000640)={0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[@authinfo={0x12, 0x84, 0x6, {0x7}}], 0x18, 0x50}, 0x14) 147.385391ms ago: executing program 1 (id=8950): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000007b00)={0x2, 0x4e23, @empty}, 0x10, &(0x7f0000000b00)=[{&(0x7f0000007b40)="fb9f", 0x2}], 0x1}}, {{&(0x7f0000000800)={0x2, 0x4e20, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000002300000700000089070400000000001200000000000000000000000200"], 0x30}}], 0x2, 0x40000) 0s ago: executing program 1 (id=8951): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0xffffffdd, 0x300, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x7, 0x0, 0x3989, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5}) kernel console output (not intermixed with test programs): ] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 508.143546][ T1111] usb 8-1: Product: syz [ 508.149014][ T1111] usb 8-1: Manufacturer: syz [ 508.162735][ T1111] usb 8-1: SerialNumber: syz [ 508.218375][ T1111] cdc_ncm 8-1:1.0: CDC Union missing and no IAD found [ 508.246157][ T1111] cdc_ncm 8-1:1.0: bind() failure [ 508.280169][ T1111] cdc_ncm 8-1:1.1: CDC Union missing and no IAD found [ 508.287461][ T4231] vhci_hcd: vhci_device speed not set [ 508.313528][ T1111] cdc_ncm 8-1:1.1: bind() failure [ 508.463494][ T1111] usb 8-1: USB disconnect, device number 17 [ 508.513014][ T4244] usb 2-1: USB disconnect, device number 33 [ 508.537055][ T4264] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 508.723194][T20552] netlink: 16 bytes leftover after parsing attributes in process `syz.0.7183'. [ 508.738155][T20554] loop6: detected capacity change from 0 to 512 [ 508.823142][T20554] FAT-fs (loop6): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 509.107615][ T4264] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 509.143203][ T4264] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 509.174784][ T4264] usb 6-1: Product: syz [ 509.188824][ T4264] usb 6-1: SerialNumber: syz [ 509.197696][T20574] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 509.228785][ T4264] usb 6-1: config 0 descriptor?? [ 509.279624][T20579] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 509.421199][T20577] loop6: detected capacity change from 0 to 4096 [ 509.462517][T20588] ipt_CLUSTERIP: bad num_local_nodes 18 [ 509.498909][T20577] ntfs3: loop6: Different NTFS' sector size (4096) and media sector size (512) [ 509.620082][T20577] ntfs3: loop6: Mark volume as dirty due to NTFS errors [ 509.755139][ T1111] usb 6-1: USB disconnect, device number 17 [ 509.835968][T20600] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 509.856989][ T4231] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 509.889794][T20602] netlink: 'syz.6.7206': attribute type 2 has an invalid length. [ 509.907178][T20602] netlink: 16 bytes leftover after parsing attributes in process `syz.6.7206'. [ 510.116660][T20612] loop7: detected capacity change from 0 to 256 [ 510.117814][ T4231] usb 2-1: Using ep0 maxpacket: 8 [ 510.170206][T20615] netlink: 212912 bytes leftover after parsing attributes in process `syz.0.7211'. [ 510.221415][T20615] openvswitch: netlink: IP tunnel dst address not specified [ 510.247437][T20612] FAT-fs (loop7): Directory bread(block 64) failed [ 510.264472][T20612] FAT-fs (loop7): Directory bread(block 65) failed [ 510.293772][T20612] FAT-fs (loop7): Directory bread(block 66) failed [ 510.307164][ T4231] usb 2-1: unable to get BOS descriptor or descriptor too short [ 510.342027][T20612] FAT-fs (loop7): Directory bread(block 67) failed [ 510.391267][ T4231] usb 2-1: config 4 interface 0 has no altsetting 0 [ 510.397948][T20612] FAT-fs (loop7): Directory bread(block 68) failed [ 510.397994][T20612] FAT-fs (loop7): Directory bread(block 69) failed [ 510.398428][T20612] FAT-fs (loop7): Directory bread(block 70) failed [ 510.439308][T20620] netlink: 'syz.5.7215': attribute type 10 has an invalid length. [ 510.473699][T20612] FAT-fs (loop7): Directory bread(block 71) failed [ 510.488095][T20612] FAT-fs (loop7): Directory bread(block 72) failed [ 510.495505][T20612] FAT-fs (loop7): Directory bread(block 73) failed [ 510.537602][T20620] team0: Port device macvlan0 added [ 510.687113][ T4231] usb 2-1: string descriptor 0 read error: -22 [ 510.693530][ T4231] usb 2-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 510.742270][ T4231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.809648][ T4231] usb 2-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 510.836253][ T4231] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 510.877499][ T4231] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 510.884882][ T4231] usb 2-1: media controller created [ 510.965061][ T4231] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 511.108645][ T4231] usb 2-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)... [ 511.138897][ T4231] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered. [ 511.293615][T20660] netlink: 'syz.0.7233': attribute type 1 has an invalid length. [ 511.341457][ T4231] DVB: Unable to find symbol qt1010_attach() [ 511.348291][T20660] netlink: 154788 bytes leftover after parsing attributes in process `syz.0.7233'. [ 511.534393][ T4231] usb 2-1: USB disconnect, device number 34 [ 511.588965][T20670] loop0: detected capacity change from 0 to 1024 [ 511.683812][T20670] EXT4-fs (loop0): Ignoring removed bh option [ 511.730626][T20670] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 511.749221][T20680] netlink: 'syz.5.7244': attribute type 2 has an invalid length. [ 511.759739][T20670] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 2: comm syz.0.7240: lblock 2 mapped to illegal pblock 2 (length 1) [ 511.766617][T20680] netlink: 'syz.5.7244': attribute type 1 has an invalid length. [ 511.784002][T20680] netlink: 152 bytes leftover after parsing attributes in process `syz.5.7244'. [ 511.801683][T20670] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 511.810548][T20670] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 48: comm syz.0.7240: lblock 0 mapped to illegal pblock 48 (length 1) [ 511.829406][T20670] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 511.840650][T20684] netlink: 256 bytes leftover after parsing attributes in process `syz.7.7245'. [ 511.848229][T20670] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.7240: Failed to acquire dquot type 0 [ 511.873014][T20670] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 511.885813][T20670] EXT4-fs error (device loop0): ext4_evict_inode:282: inode #11: comm syz.0.7240: mark_inode_dirty error [ 511.900355][T20670] EXT4-fs warning (device loop0): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 511.945407][T20670] EXT4-fs (loop0): 1 orphan inode deleted [ 511.957192][ T4294] EXT4-fs error (device loop0): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 511.966324][T20670] EXT4-fs (loop0): mounted filesystem without journal. Opts: usrquota,noblock_validity,bh,resuid=0x0000000000000000,debug,bsddf,,errors=continue. Quota mode: writeback. [ 512.017762][ T4294] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 512.026628][ T4294] EXT4-fs error (device loop0): ext4_release_dquot:6270: comm kworker/u4:6: Failed to release dquot type 0 [ 512.046237][T20690] loop6: detected capacity change from 0 to 256 [ 512.115453][T20670] EXT4-fs error (device loop0): __ext4_get_inode_loc:4327: comm syz.0.7240: Invalid inode table block 1 in block_group 0 [ 512.161655][T20670] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 512.174690][T20697] ieee802154 phy1 wpan1: encryption failed: -22 [ 512.182513][T20670] EXT4-fs error (device loop0): ext4_quota_off:6540: inode #3: comm syz.0.7240: mark_inode_dirty error [ 512.521409][ T25] audit: type=1326 audit(1770823975.546:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20714 comm="syz.6.7258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c41f68f79 code=0x7ffc0000 [ 512.595926][ T25] audit: type=1326 audit(1770823975.566:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20714 comm="syz.6.7258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c41f68f79 code=0x7ffc0000 [ 512.716998][ T25] audit: type=1326 audit(1770823975.566:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20714 comm="syz.6.7258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=136 compat=0 ip=0x7f0c41f68f79 code=0x7ffc0000 [ 512.817069][ T25] audit: type=1326 audit(1770823975.586:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20714 comm="syz.6.7258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c41f68f79 code=0x7ffc0000 [ 512.957119][ T25] audit: type=1326 audit(1770823975.586:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20714 comm="syz.6.7258" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c41f68f79 code=0x7ffc0000 [ 513.150626][T20757] loop1: detected capacity change from 0 to 8 [ 513.307792][T20757] SQUASHFS error: Unable to read inode 0xe3 [ 513.583514][T20783] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7293'. [ 513.744221][T20792] netlink: 'syz.6.7298': attribute type 4 has an invalid length. [ 513.767564][T20792] netlink: 152 bytes leftover after parsing attributes in process `syz.6.7298'. [ 513.828061][T20792] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 514.068269][T20803] loop0: detected capacity change from 0 to 4096 [ 514.122154][T20803] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 514.213030][T20803] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 514.259850][T20812] loop5: detected capacity change from 0 to 764 [ 514.344234][T20812] rock: directory entry would overflow storage [ 514.357265][T20812] rock: sig=0x4654, size=5, remaining=4 [ 514.389860][T20819] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 514.398535][T20816] loop7: detected capacity change from 0 to 4096 [ 514.448877][T20819] netlink: 'syz.1.7311': attribute type 2 has an invalid length. [ 514.467586][T20819] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 514.520207][T20816] NILFS (loop7): mounting unchecked fs [ 514.525850][T20816] NILFS (loop7): recovery required for readonly filesystem [ 514.559231][T20819] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 514.576944][T20816] NILFS (loop7): write access will be enabled during recovery [ 514.612704][T20816] NILFS (loop7): invalid segment: Checksum error in segment payload [ 514.637001][T20816] NILFS (loop7): trying rollback from an earlier position [ 514.658886][T20816] NILFS (loop7): norecovery option specified, skipping roll-forward recovery [ 514.685783][T20816] NILFS (loop7): couldn't remount because the filesystem is in an incomplete recovery state [ 514.789025][T20831] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7317'. [ 514.800280][T20830] netlink: 'syz.1.7316': attribute type 21 has an invalid length. [ 514.836130][T20830] netlink: 100 bytes leftover after parsing attributes in process `syz.1.7316'. [ 514.947131][ T1111] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 515.317310][ T1111] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 515.344051][ T1111] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 515.380745][ T1111] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 515.519729][ T4244] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 515.582805][ T1111] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 515.595569][ T1111] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.625292][ T1111] usb 1-1: Product: syz [ 515.639710][ T1111] usb 1-1: Manufacturer: syz [ 515.654746][ T1111] usb 1-1: SerialNumber: syz [ 515.736067][ T1111] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 515.753869][ T1111] cdc_ncm 1-1:1.0: bind() failure [ 515.786514][T20862] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7333'. [ 515.811137][T20862] netlink: 4 bytes leftover after parsing attributes in process `syz.6.7333'. [ 515.849864][T20862] netlink: 'syz.6.7333': attribute type 6 has an invalid length. [ 515.947496][ T4244] usb 6-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da [ 515.957665][ T4244] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 515.968879][ T1111] usb 1-1: USB disconnect, device number 30 [ 515.994101][ T4244] usb 6-1: config 0 descriptor?? [ 516.039834][ T4244] pwc: Philips SPC 900NC USB webcam detected. [ 516.098418][T20841] loop1: detected capacity change from 0 to 32768 [ 516.141185][T20841] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.7321 (20841) [ 516.235521][T20841] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 516.257449][T20841] BTRFS info (device loop1): force zlib compression, level 3 [ 516.260442][T20876] program syz.7.7339 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 516.265058][T20841] BTRFS info (device loop1): force clearing of disk cache [ 516.265136][T20841] BTRFS info (device loop1): setting nodatasum [ 516.338304][T20841] BTRFS info (device loop1): allowing degraded mounts [ 516.367165][T20841] BTRFS info (device loop1): enabling disk space caching [ 516.374286][T20841] BTRFS info (device loop1): disk space caching is enabled [ 516.411186][T20841] BTRFS info (device loop1): has skinny extents [ 516.477233][ T4244] pwc: send_video_command error -71 [ 516.483018][ T4244] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 516.540460][T20889] netlink: 755 bytes leftover after parsing attributes in process `syz.7.7344'. [ 516.573711][ T4244] Philips webcam: probe of 6-1:0.0 failed with error -71 [ 516.617215][ T4244] usb 6-1: USB disconnect, device number 18 [ 516.753829][T20841] BTRFS info (device loop1): clearing free space tree [ 516.776132][T20841] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 516.831761][T20841] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 516.950434][T20923] netlink: 48 bytes leftover after parsing attributes in process `syz.6.7351'. [ 517.122065][T20841] BTRFS info (device loop1): balance: start -sdrange=6..6,limit=1..0 [ 517.168542][T20841] BTRFS info (device loop1): balance: ended with status: 0 [ 517.187130][ T4244] usb 8-1: new full-speed USB device number 18 using dummy_hcd [ 517.254405][T20934] netlink: 12 bytes leftover after parsing attributes in process `syz.5.7357'. [ 517.316247][T20934] bridge1: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 517.352931][T20936] netlink: 'syz.6.7358': attribute type 4 has an invalid length. [ 517.514223][T20942] netlink: 'syz.6.7362': attribute type 10 has an invalid length. [ 517.522437][T20942] netlink: 40 bytes leftover after parsing attributes in process `syz.6.7362'. [ 517.536153][ C1] vkms_vblank_simulate: vblank timer overrun [ 517.587265][ T4244] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 517.627200][ T4244] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 517.759813][ T4244] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 517.776963][ T4244] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 517.785194][ T4244] usb 8-1: SerialNumber: syz [ 517.806034][T20942] team0: Port device geneve0 added [ 517.886449][ T4244] usb 8-1: 0:2 : does not exist [ 517.897153][ C1] vkms_vblank_simulate: vblank timer overrun [ 518.103688][T20956] tc_dump_action: action bad kind [ 518.113955][ C1] vkms_vblank_simulate: vblank timer overrun [ 518.366069][ T13] usb 8-1: USB disconnect, device number 18 [ 518.383252][T20969] loop1: detected capacity change from 0 to 1024 [ 518.477825][T20969] EXT4-fs (loop1): mounted filesystem without journal. Opts: noauto_da_alloc,inode_readahead_blks=0x0000000000000000,auto_da_alloc,errors=remount-ro,. Quota mode: none. [ 518.546943][ T4297] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 518.669182][T20962] loop5: detected capacity change from 0 to 32768 [ 518.713434][T20962] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz.5.7372 (20962) [ 518.759883][T20976] loop6: detected capacity change from 0 to 1764 [ 518.782295][T20962] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 518.796973][ T4297] usb 1-1: Using ep0 maxpacket: 32 [ 518.803760][T20962] BTRFS info (device loop5): force zlib compression, level 3 [ 518.820907][T20962] BTRFS info (device loop5): force clearing of disk cache [ 518.832085][T20962] BTRFS info (device loop5): setting nodatasum [ 518.869891][T20962] BTRFS info (device loop5): allowing degraded mounts [ 518.917291][ T4297] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 518.926032][ T4297] usb 1-1: config 0 has no interface number 0 [ 518.932761][T20962] BTRFS info (device loop5): enabling disk space caching [ 518.937416][T20976] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 518.964469][T20962] BTRFS info (device loop5): disk space caching is enabled [ 518.972553][ T4297] usb 1-1: config 0 interface 1 altsetting 9 has an invalid endpoint with address 0x0, skipping [ 518.997496][T20962] BTRFS info (device loop5): has skinny extents [ 519.014235][ T4297] usb 1-1: config 0 interface 1 has no altsetting 0 [ 519.071115][T20988] No source specified [ 519.169309][T20996] Unknown options in mask b7f2 [ 519.187170][ T4297] usb 1-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 519.227790][ T4297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.261491][ T4297] usb 1-1: Product: syz [ 519.265897][ T4297] usb 1-1: Manufacturer: syz [ 519.281165][ T4297] usb 1-1: SerialNumber: syz [ 519.296546][T20962] BTRFS info (device loop5): clearing free space tree [ 519.305459][ T4297] usb 1-1: config 0 descriptor?? [ 519.314294][T20962] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 519.327124][T20962] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 519.472277][T21015] syz.1.7385 (21015): /proc/21012/oom_adj is deprecated, please use /proc/21012/oom_score_adj instead. [ 519.573783][T21017] device wlan0 entered promiscuous mode [ 519.580750][T20962] BTRFS info (device loop5): balance: start -sdrange=6..6,limit=1..0 [ 519.606473][T21017] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 519.624741][ T4297] cx231xx 1-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 519.641669][T20962] BTRFS info (device loop5): balance: ended with status: 0 [ 519.667149][ T4297] cx231xx 1-1:0.1: Failed to read PCB config [ 519.684233][ T4297] cx231xx: probe of 1-1:0.1 failed with error -71 [ 519.729351][ T4297] usb 1-1: USB disconnect, device number 31 [ 519.827446][T21026] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 520.434279][T21055] Process accounting resumed [ 520.496950][ T9063] usb 7-1: new high-speed USB device number 19 using dummy_hcd [ 520.763251][ T9063] usb 7-1: Using ep0 maxpacket: 32 [ 520.857603][T21093] comedi comedi0: multiq3: I/O port conflict (0x3,16) [ 520.962466][T21098] netlink: 830 bytes leftover after parsing attributes in process `syz.7.7420'. [ 521.011582][T21102] dlm: no locking on control device [ 521.047124][ T9063] usb 7-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 521.077114][ T9063] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.128308][ T9063] usb 7-1: Product: syz [ 521.132597][ T9063] usb 7-1: Manufacturer: syz [ 521.187315][ T9063] usb 7-1: SerialNumber: syz [ 521.224250][T21115] dlm: no local IP address has been set [ 521.276737][T21115] dlm: cannot start dlm midcomms -107 [ 521.372362][T21122] netlink: 96 bytes leftover after parsing attributes in process `syz.1.7430'. [ 521.442415][T21127] loop0: detected capacity change from 0 to 8 [ 521.467235][ T9063] visor 7-1:1.0: Handspring Visor / Palm OS converter detected [ 521.487233][ T9063] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 521.505528][ T9063] usb 7-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 521.558157][T21127] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 521.595244][ T4633] udevd[4633]: incorrect cramfs checksum on /dev/loop0 [ 521.618438][T21127] cramfs: Error -5 while decompressing! [ 521.624168][T21127] cramfs: ffffffff964010a8(26)->ffff88805807e000(4096) [ 521.662019][T21127] cramfs: Error -3 while decompressing! [ 521.686311][ T9063] usb 7-1: USB disconnect, device number 19 [ 521.687818][T21127] cramfs: ffffffff964010c2(26)->ffff88805304b000(4096) [ 521.708232][ T9063] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 521.742708][ T9063] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 521.748426][T21127] cramfs: Error -3 while decompressing! [ 521.766688][ T9063] visor 7-1:1.0: device disconnected [ 521.781856][T21127] cramfs: ffffffff964010dc(16)->ffff88805827a000(4096) [ 521.801389][T21127] cramfs: Error -5 while decompressing! [ 521.801420][T21143] netlink: 'syz.7.7440': attribute type 1 has an invalid length. [ 521.818839][T21127] cramfs: ffffffff964010a8(26)->ffff88805807e000(4096) [ 522.047336][T21076] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 522.349189][T21167] netlink: 132 bytes leftover after parsing attributes in process `syz.5.7453'. [ 522.627169][T21076] usb 2-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=30.20 [ 522.642901][T21076] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.667103][T21076] usb 2-1: Product: syz [ 522.697448][T21076] usb 2-1: Manufacturer: syz [ 522.702219][T21076] usb 2-1: SerialNumber: syz [ 522.719212][T21076] usb 2-1: config 0 descriptor?? [ 522.862642][T21158] loop7: detected capacity change from 0 to 32768 [ 523.213635][ T9063] usb 2-1: USB disconnect, device number 35 [ 523.257659][ T9063] f81534a_ctrl 2-1:0.0: failed to set register 0x116: -19 [ 523.264878][ T9063] f81534a_ctrl 2-1:0.0: failed to enable ports: -19 [ 523.272547][T21197] xt_CT: You must specify a L4 protocol and not use inversions on it [ 523.425406][T21173] loop6: detected capacity change from 0 to 32768 [ 523.519790][T21211] loop5: detected capacity change from 0 to 64 [ 523.533444][T21173] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 scanned by syz.6.7456 (21173) [ 523.628319][T21173] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm [ 523.669304][T21173] BTRFS info (device loop6): force zlib compression, level 3 [ 523.686329][ T25] audit: type=1800 audit(1770823986.706:31): pid=21211 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.7475" name="file1" dev="loop5" ino=21 res=0 errno=0 [ 523.728265][T21173] BTRFS info (device loop6): force clearing of disk cache [ 523.766948][T21173] BTRFS info (device loop6): setting nodatasum [ 523.799319][T21173] BTRFS info (device loop6): allowing degraded mounts [ 523.854862][T21173] BTRFS info (device loop6): enabling disk space caching [ 523.892696][T21173] BTRFS info (device loop6): disk space caching is enabled [ 523.962475][T21173] BTRFS info (device loop6): has skinny extents [ 524.270666][T21255] loop7: detected capacity change from 0 to 256 [ 524.395941][T21173] BTRFS info (device loop6): clearing free space tree [ 524.427050][T21173] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 524.447153][T21173] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 524.545059][T21270] netlink: 'syz.1.7495': attribute type 11 has an invalid length. [ 524.711650][T21173] BTRFS info (device loop6): balance: start -sdrange=6..6,limit=1..0 [ 524.734830][T21276] netlink: 48 bytes leftover after parsing attributes in process `syz.0.7497'. [ 524.747355][T21173] BTRFS info (device loop6): balance: ended with status: 0 [ 524.859656][T21281] program syz.5.7500 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 525.086068][T21290] netlink: 10 bytes leftover after parsing attributes in process `syz.0.7506'. [ 525.290930][T21300] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7509'. [ 525.926950][ T9067] usb 6-1: new full-speed USB device number 19 using dummy_hcd [ 525.936958][ T1111] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 526.341920][ T1111] usb 1-1: config 0 has an invalid interface number: 69 but max is 0 [ 526.356271][ T1111] usb 1-1: config 0 has no interface number 0 [ 526.362964][ T9067] usb 6-1: unable to get BOS descriptor or descriptor too short [ 526.380943][ T1111] usb 1-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 526.401565][ T1111] usb 1-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 526.413441][ T9067] usb 6-1: not running at top speed; connect to a high speed hub [ 526.471887][T21083] usb 2-1: new full-speed USB device number 36 using dummy_hcd [ 526.497769][ T9067] usb 6-1: config 2 has an invalid interface number: 226 but max is 1 [ 526.506024][ T9067] usb 6-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 526.530137][ T9067] usb 6-1: config 2 has 1 interface, different from the descriptor's value: 2 [ 526.547212][ T9067] usb 6-1: config 2 has no interface number 0 [ 526.560383][ T9067] usb 6-1: config 2 interface 226 altsetting 0 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 526.590806][ T9067] usb 6-1: config 2 interface 226 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 526.602780][ T1111] usb 1-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 526.623529][ T1111] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.648671][ T9067] usb 6-1: config 2 interface 226 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 526.660655][ T1111] usb 1-1: Product: syz [ 526.669611][ T1111] usb 1-1: Manufacturer: syz [ 526.679895][ T1111] usb 1-1: SerialNumber: syz [ 526.698640][ T1111] usb 1-1: config 0 descriptor?? [ 526.727332][T21312] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 526.749953][ T1111] cyberjack 1-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 526.772509][ T1111] usb 1-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 526.796495][T21346] loop6: detected capacity change from 0 to 1024 [ 526.837375][ T9067] usb 6-1: New USB device found, idVendor=0738, idProduct=4540, bcdDevice=c6.ce [ 526.846626][ T9067] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 526.857494][T21083] usb 2-1: config 0 has an invalid interface number: 110 but max is 0 [ 526.862791][ T9067] usb 6-1: Product: syz [ 526.865761][T21083] usb 2-1: config 0 has no interface number 0 [ 526.890133][ T9067] usb 6-1: Manufacturer: syz [ 526.900940][ T9067] usb 6-1: SerialNumber: syz [ 526.912797][T21346] Quota error (device loop6): find_tree_dqentry: Getting block too big (64 >= 6) [ 526.918841][T21083] usb 2-1: config 0 interface 110 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 526.933527][T21346] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 526.953811][T21346] EXT4-fs error (device loop6): ext4_acquire_dquot:6234: comm syz.6.7531: Failed to acquire dquot type 0 [ 526.986659][T21346] EXT4-fs error (device loop6): mb_free_blocks:1876: group 0, inode 13: block 160:freeing already freed block (bit 10); block bitmap corrupt. [ 526.993837][T21083] usb 2-1: config 0 interface 110 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 527.018946][T21346] EXT4-fs (loop6): 1 truncate cleaned up [ 527.024772][T21346] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 527.054323][T21346] Quota error (device loop6): find_tree_dqentry: Getting block too big (64 >= 6) [ 527.066235][T21083] usb 2-1: config 0 interface 110 has no altsetting 0 [ 527.077914][T21346] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 527.094542][T21346] EXT4-fs error (device loop6): ext4_acquire_dquot:6234: comm syz.6.7531: Failed to acquire dquot type 0 [ 527.238362][T21076] usb 1-1: USB disconnect, device number 32 [ 527.250505][T21076] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 527.277294][T21083] usb 2-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=af.55 [ 527.295240][T21083] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 527.304363][T21076] cyberjack 1-1:0.69: device disconnected [ 527.321455][T21083] usb 2-1: Product: syz [ 527.327490][ T9067] usb 6-1: USB disconnect, device number 19 [ 527.331357][T21083] usb 2-1: Manufacturer: syz [ 527.347013][T21083] usb 2-1: SerialNumber: syz [ 527.361283][T21083] usb 2-1: config 0 descriptor?? [ 527.638215][T21083] cdc_subset: probe of 2-1:0.110 failed with error -22 [ 527.798209][T21381] device netdevsim0 entered promiscuous mode [ 527.859668][T21381] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 527.882090][T21083] usb 2-1: USB disconnect, device number 36 [ 528.098034][T21394] loop0: detected capacity change from 0 to 1764 [ 528.154117][T21394] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 528.577592][T21418] ieee802154 phy1 wpan1: encryption failed: -90 [ 528.660452][T21421] loop1: detected capacity change from 0 to 256 [ 528.820000][T21432] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7571'. [ 528.857907][T21434] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7572'. [ 529.264585][T21450] netlink: 324 bytes leftover after parsing attributes in process `syz.5.7580'. [ 529.742633][T21471] netlink: 209852 bytes leftover after parsing attributes in process `syz.7.7590'. [ 529.775089][T21471] openvswitch: netlink: Key type 541 is out of range max 29 [ 529.786376][T21464] loop1: detected capacity change from 0 to 4096 [ 530.095462][T21493] loop6: detected capacity change from 0 to 256 [ 530.212727][T21493] FAT-fs (loop6): Directory bread(block 64) failed [ 530.230990][T21493] FAT-fs (loop6): Directory bread(block 65) failed [ 530.266134][T21493] FAT-fs (loop6): Directory bread(block 66) failed [ 530.327404][T21493] FAT-fs (loop6): Directory bread(block 67) failed [ 530.334086][T21493] FAT-fs (loop6): Directory bread(block 68) failed [ 530.384181][T21493] FAT-fs (loop6): Directory bread(block 69) failed [ 530.404368][T21493] FAT-fs (loop6): Directory bread(block 70) failed [ 530.407821][ T25] audit: type=1326 audit(1770823993.426:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21502 comm="syz.1.7605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d7a9f79 code=0x7ffc0000 [ 530.447177][T21493] FAT-fs (loop6): Directory bread(block 71) failed [ 530.464469][T21493] FAT-fs (loop6): Directory bread(block 72) failed [ 530.480157][T21493] FAT-fs (loop6): Directory bread(block 73) failed [ 530.493299][T21505] netlink: 2 bytes leftover after parsing attributes in process `syz.5.7606'. [ 530.502561][ T25] audit: type=1326 audit(1770823993.466:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21502 comm="syz.1.7605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f1f1d7a9f79 code=0x7ffc0000 [ 530.610889][ T25] audit: type=1326 audit(1770823993.466:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21502 comm="syz.1.7605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f1f1d7a9f79 code=0x7ffc0000 [ 530.673802][T21491] infiniband syz2: set down [ 530.695023][ T25] audit: type=1326 audit(1770823993.426:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21502 comm="syz.1.7605" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1f1d7a9f79 code=0x7ffc0000 [ 530.737223][T21491] infiniband syz2: added bond_slave_1 [ 530.961579][T21491] RDS/IB: syz2: added [ 530.997746][T21491] smc: adding ib device syz2 with port count 1 [ 531.004419][T21491] smc: ib device syz2 port 1 has pnetid [ 531.172705][T21497] loop7: detected capacity change from 0 to 32768 [ 531.182097][T21518] loop5: detected capacity change from 0 to 4096 [ 531.213603][T21526] cgroup: Unknown subsys name 'noxattr' [ 531.264239][T21497] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop7 scanned by syz.7.7602 (21497) [ 531.345410][T21497] BTRFS info (device loop7): using xxhash64 (xxhash64-generic) checksum algorithm [ 531.383948][T21497] BTRFS info (device loop7): force zlib compression, level 3 [ 531.456912][T21497] BTRFS info (device loop7): force clearing of disk cache [ 531.464116][T21497] BTRFS info (device loop7): setting nodatasum [ 531.495581][T21497] BTRFS info (device loop7): allowing degraded mounts [ 531.523634][T21497] BTRFS info (device loop7): enabling disk space caching [ 531.545121][T21497] BTRFS info (device loop7): disk space caching is enabled [ 531.597168][T21497] BTRFS info (device loop7): has skinny extents [ 531.892584][T21563] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (2049) [ 532.017858][T21497] BTRFS info (device loop7): clearing free space tree [ 532.024768][T21497] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 532.093069][T21497] BTRFS info (device loop7): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 532.097234][ T21] usb 7-1: new high-speed USB device number 20 using dummy_hcd [ 532.205912][T21497] BTRFS info (device loop7): balance: start -sdrange=6..6,limit=1..0 [ 532.215981][T21497] BTRFS info (device loop7): balance: ended with status: 0 [ 532.466109][T21579] dlm: Unknown command passed to DLM device : 132 [ 532.466109][T21579] [ 532.507433][ T21] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 532.535781][ T21] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 532.586470][ T21] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 532.640579][ T21] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 532.663922][ T21] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.738485][ T21] usb 7-1: config 0 descriptor?? [ 532.786583][ T21] hub 7-1:0.0: USB hub found [ 532.941532][T21570] loop5: detected capacity change from 0 to 32768 [ 532.997236][ T21] hub 7-1:0.0: config failed, hub has too many ports! (err -19) [ 533.156267][T21570] XFS (loop5): Mounting V5 Filesystem [ 533.307259][T21596] loop7: detected capacity change from 0 to 1024 [ 533.368236][ T1111] usb 7-1: USB disconnect, device number 20 [ 533.407717][T21596] EXT4-fs (loop7): Mount option "nouser_xattr" will be removed by 3.5 [ 533.407717][T21596] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 533.407717][T21596] [ 533.436506][T21570] XFS (loop5): Ending clean mount [ 533.455719][T21570] XFS (loop5): Quotacheck needed: Please wait. [ 533.531030][T21596] EXT4-fs (loop7): mounted filesystem without journal. Opts: auto_da_alloc,nouser_xattr,,errors=continue. Quota mode: none. [ 533.549865][T21608] loop1: detected capacity change from 0 to 4096 [ 533.591358][T21608] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 533.658389][T21608] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 533.696304][T21570] XFS (loop5): Quotacheck: Done. [ 533.704742][T21608] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 533.747045][T21608] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 533.836942][T21608] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 533.917529][T21608] ntfs: volume version 3.1. [ 533.970690][T21608] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 534.021887][ T9113] XFS (loop5): Unmounting Filesystem [ 534.436952][T21612] loop0: detected capacity change from 0 to 32768 [ 534.486381][T21612] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.7644 (21612) [ 534.577156][ T13] usb 7-1: new high-speed USB device number 21 using dummy_hcd [ 534.595232][T21612] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 534.625705][T21612] BTRFS info (device loop0): force zlib compression, level 3 [ 534.638466][T21612] BTRFS info (device loop0): force clearing of disk cache [ 534.670185][T21612] BTRFS info (device loop0): setting nodatasum [ 534.676420][T21612] BTRFS info (device loop0): allowing degraded mounts [ 534.732657][T21612] BTRFS info (device loop0): enabling disk space caching [ 534.750274][T21612] BTRFS info (device loop0): disk space caching is enabled [ 534.792397][T21612] BTRFS info (device loop0): has skinny extents [ 534.822981][T21639] loop5: detected capacity change from 0 to 164 [ 534.837039][ T13] usb 7-1: Using ep0 maxpacket: 8 [ 534.963188][T21612] BTRFS info (device loop0): clearing free space tree [ 534.970498][T21612] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 534.981030][T21612] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 535.025107][T21639] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 535.037087][ T13] usb 7-1: unable to get BOS descriptor or descriptor too short [ 535.105722][T21612] BTRFS info (device loop0): balance: start -sdrange=6..6,limit=1..0 [ 535.114443][T21612] BTRFS info (device loop0): balance: ended with status: 0 [ 535.132054][ T13] usb 7-1: config 4 interface 0 has no altsetting 0 [ 535.236243][T21664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7660'. [ 535.253459][T21664] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7660'. [ 535.319556][T21668] loop7: detected capacity change from 0 to 256 [ 535.454147][ T13] usb 7-1: string descriptor 0 read error: -22 [ 535.460716][ T13] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 535.478632][ T13] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.514668][T21668] FAT-fs (loop7): Directory bread(block 64) failed [ 535.521886][T21668] FAT-fs (loop7): Directory bread(block 65) failed [ 535.548505][ T13] usb 7-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 535.556479][T21668] FAT-fs (loop7): Directory bread(block 66) failed [ 535.565374][ T13] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 535.576520][T21668] FAT-fs (loop7): Directory bread(block 67) failed [ 535.583688][T21668] FAT-fs (loop7): Directory bread(block 68) failed [ 535.590930][ T13] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 535.598491][T21668] FAT-fs (loop7): Directory bread(block 69) failed [ 535.605424][ T13] usb 7-1: media controller created [ 535.615674][T21668] FAT-fs (loop7): Directory bread(block 70) failed [ 535.630194][ T13] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 535.638954][T21668] FAT-fs (loop7): Directory bread(block 71) failed [ 535.645594][T21668] FAT-fs (loop7): Directory bread(block 72) failed [ 535.658279][T21668] FAT-fs (loop7): Directory bread(block 73) failed [ 535.679197][T21670] loop1: detected capacity change from 0 to 4096 [ 535.707805][T21670] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 535.773858][ T13] usb 7-1: DVB: registering adapter 1 frontend 0 (Zarlink ZL10353 DVB-T)... [ 535.793149][ T13] dvbdev: dvb_create_media_entity: media entity 'Zarlink ZL10353 DVB-T' registered. [ 535.811635][T21668] attempt to access beyond end of device [ 535.811635][T21668] loop7: rw=524288, want=1164, limit=256 [ 535.844953][T21668] attempt to access beyond end of device [ 535.844953][T21668] loop7: rw=0, want=1164, limit=256 [ 535.872584][ T25] kauditd_printk_skb: 10 callbacks suppressed [ 535.872608][ T25] audit: type=1800 audit(1770823998.896:36): pid=21668 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.7662" name="file0" dev="loop7" ino=1048693 res=0 errno=0 [ 535.920581][ T13] DVB: Unable to find symbol qt1010_attach() [ 536.020650][ T1111] usb 7-1: USB disconnect, device number 21 [ 536.336979][T21072] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 536.385124][T21683] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7669'. [ 536.576909][T21078] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 536.767193][T21072] usb 6-1: config 0 has an invalid interface number: 241 but max is 0 [ 536.779168][T21072] usb 6-1: config 0 has no interface number 0 [ 536.793663][T21072] usb 6-1: config 0 interface 241 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 536.807202][T21072] usb 6-1: config 0 interface 241 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 536.824509][T21078] usb 2-1: Using ep0 maxpacket: 32 [ 536.967242][T21078] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 536.983690][T21078] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 537.027096][T21072] usb 6-1: New USB device found, idVendor=0675, idProduct=1688, bcdDevice=d1.c7 [ 537.041801][T21072] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.055907][T21072] usb 6-1: Product: syz [ 537.065706][T21072] usb 6-1: Manufacturer: syz [ 537.074711][T21072] usb 6-1: SerialNumber: syz [ 537.091922][T21072] usb 6-1: config 0 descriptor?? [ 537.177402][T21078] usb 2-1: New USB device found, idVendor=413c, idProduct=819b, bcdDevice=a7.c0 [ 537.191146][T21078] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 537.200266][T21078] usb 2-1: Product: syz [ 537.204750][T21078] usb 2-1: Manufacturer: syz [ 537.211245][T21078] usb 2-1: SerialNumber: syz [ 537.227917][T21078] usb 2-1: config 0 descriptor?? [ 537.279342][T21078] qmi_wwan 2-1:0.0: bogus CDC Union: master=101, slave=0 [ 537.287225][T21078] qmi_wwan: probe of 2-1:0.0 failed with error -22 [ 537.372821][T21072] HFC-S_USB: probe of 6-1:0.241 failed with error -5 [ 537.388325][T21072] usb 6-1: USB disconnect, device number 20 [ 537.496250][T21672] usb 2-1: USB disconnect, device number 37 [ 537.530055][T21698] netlink: 'syz.0.7676': attribute type 1 has an invalid length. [ 537.719911][T21706] netlink: 20 bytes leftover after parsing attributes in process `syz.6.7679'. [ 537.760832][T21708] netlink: 'syz.0.7681': attribute type 1 has an invalid length. [ 537.861854][T21712] comedi comedi3: dt2801: I/O port conflict (0xa,2) [ 538.203670][T21727] netlink: 12 bytes leftover after parsing attributes in process `syz.6.7690'. [ 538.250291][T21727] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 538.708318][T21753] netlink: 100 bytes leftover after parsing attributes in process `syz.5.7703'. [ 538.878184][T21696] syz.7.7675 (21696): drop_caches: 3 [ 538.998941][T21769] loop6: detected capacity change from 0 to 2048 [ 539.029207][T21773] loop0: detected capacity change from 0 to 1764 [ 539.077358][T21769] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024) [ 539.116083][T21769] NILFS (loop6): mounting unchecked fs [ 539.154411][T21769] NILFS (loop6): recovery complete [ 539.179660][T21783] netlink: 44 bytes leftover after parsing attributes in process `syz.7.7718'. [ 539.189174][ T21] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 539.204052][T21784] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 539.361689][T21792] sock: sock_timestamping_bind_phc: sock not bind to device [ 539.446972][ T21] usb 6-1: Using ep0 maxpacket: 8 [ 539.566072][T21804] netlink: 7 bytes leftover after parsing attributes in process `syz.1.7728'. [ 539.586616][T21804] netlink: 7 bytes leftover after parsing attributes in process `syz.1.7728'. [ 539.675745][T21808] loop6: detected capacity change from 0 to 1024 [ 539.732068][T21810] netlink: 'syz.7.7731': attribute type 2 has an invalid length. [ 539.747339][ T21] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0069, bcdDevice=6e.55 [ 539.762949][T21810] netlink: 1 bytes leftover after parsing attributes in process `syz.7.7731'. [ 539.783300][ T21] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.813707][ T21] usb 6-1: Product: syz [ 539.841728][ T21] usb 6-1: Manufacturer: syz [ 539.850875][ T21] usb 6-1: SerialNumber: syz [ 539.913894][ T21] usb 6-1: config 0 descriptor?? [ 540.109686][T21822] loop7: detected capacity change from 0 to 1024 [ 540.228136][ T21] usb 6-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 540.249716][ T21] dvb_usb_af9015: probe of 6-1:0.0 failed with error -22 [ 540.310511][ T21] usb 6-1: USB disconnect, device number 21 [ 540.341302][ T140] hfsplus: b-tree write err: -5, ino 4 [ 541.074988][T21820] loop6: detected capacity change from 0 to 32768 [ 541.167121][ T21] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 541.228271][T21846] loop0: detected capacity change from 0 to 32768 [ 541.237566][T21820] XFS (loop6): Mounting V5 Filesystem [ 541.385815][T21846] JBD2: Ignoring recovery information on journal [ 541.458584][T21820] XFS (loop6): Ending clean mount [ 541.481628][T21888] loop1: detected capacity change from 0 to 16 [ 541.528219][T21888] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 541.621563][T21846] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 541.643335][T11587] XFS (loop6): Unmounting Filesystem [ 541.697208][ T21] usb 6-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=26.50 [ 541.727208][ T21] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.735298][ T21] usb 6-1: Product: syz [ 541.754263][ T21] usb 6-1: Manufacturer: syz [ 541.766550][ T21] usb 6-1: SerialNumber: syz [ 541.776109][ T21] usb 6-1: config 0 descriptor?? [ 541.856273][ T21] usb 6-1: Waiting for MOTU Microbook II to boot up... [ 541.893932][ T21] usb 6-1: failed setting the sample rate for Motu MicroBook II: -22 [ 541.927066][ T21] snd-usb-audio: probe of 6-1:0.0 failed with error -22 [ 541.992070][T21846] OCFS2: ERROR (device loop0): int ocfs2_xattr_find_entry(struct inode *, int, const char *, struct ocfs2_xattr_search *): corrupted xattr entries [ 541.992195][T21846] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 542.069962][T21902] cgroup: subsys name conflicts with all [ 542.083804][ T21] usb 6-1: USB disconnect, device number 22 [ 542.138661][T21846] OCFS2: File system is now read-only. [ 542.145083][T21846] (syz.0.7749,21846,0):ocfs2_calc_xattr_init:642 ERROR: status = -117 [ 542.194416][T21846] (syz.0.7749,21846,0):ocfs2_mknod:334 ERROR: status = -117 [ 542.232072][T21906] loop1: detected capacity change from 0 to 128 [ 542.242907][T21907] loop7: detected capacity change from 0 to 1024 [ 542.249106][T21846] (syz.0.7749,21846,0):ocfs2_mknod:502 ERROR: status = -117 [ 542.249478][T21846] (syz.0.7749,21846,0):ocfs2_mkdir:659 ERROR: status = -117 [ 542.342232][T21906] VFS: Found a Xenix FS (block size = 1024) on device loop1 [ 542.366037][ T4199] ocfs2: Unmounting device (7,0) on (node local) [ 542.394642][T21907] hfsplus: inconsistency in B*Tree (9,1,255,1,0) [ 542.520017][ T140] hfsplus: b-tree write err: -5, ino 4 [ 542.526429][ T4188] sysv_free_block: flc_count > flc_size [ 542.532557][ T4188] sysv_free_block: flc_count > flc_size [ 542.569696][ T4188] sysv_free_block: flc_count > flc_size [ 542.582897][ T4188] sysv_free_block: flc_count > flc_size [ 542.609792][ T4188] sysv_free_block: flc_count > flc_size [ 542.655391][ T4188] sysv_free_block: flc_count > flc_size [ 542.706470][ T4188] sysv_free_block: flc_count > flc_size [ 542.724096][ T4188] sysv_free_block: flc_count > flc_size [ 542.730660][ T4188] sysv_free_block: flc_count > flc_size [ 542.736392][ T4188] sysv_free_block: flc_count > flc_size [ 542.742964][ T4188] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 542.779544][T21915] netlink: 'syz.7.7781': attribute type 21 has an invalid length. [ 542.792694][T21917] overlayfs: unrecognized mount option "\" or missing value [ 543.110320][T21937] netlink: 'syz.0.7789': attribute type 11 has an invalid length. [ 543.141653][T21937] __nla_validate_parse: 3 callbacks suppressed [ 543.141670][T21937] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7789'. [ 543.400079][T21951] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7798'. [ 543.912564][T21989] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7815'. [ 543.952508][T21991] QAT: Stopping all acceleration devices. [ 544.157059][ T9067] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 544.167192][ T21] usb 7-1: new full-speed USB device number 22 using dummy_hcd [ 544.281646][T22004] loop7: detected capacity change from 0 to 1024 [ 544.307870][T22004] hfsplus: Filesystem is marked locked, mounting read-only. [ 544.356655][T22004] hfsplus: filesystem is marked locked, leaving read-only. [ 544.399128][ T9067] usb 6-1: Using ep0 maxpacket: 8 [ 544.507490][ T21] usb 7-1: not running at top speed; connect to a high speed hub [ 544.567445][ T9067] usb 6-1: unable to get BOS descriptor or descriptor too short [ 544.587409][ T21] usb 7-1: config index 0 descriptor too short (expected 2322, got 18) [ 544.595749][ T21] usb 7-1: config 95 has an invalid interface number: 1 but max is 0 [ 544.622367][ T21] usb 7-1: config 95 has no interface number 0 [ 544.639099][ T21] usb 7-1: config 95 interface 1 has no altsetting 0 [ 544.649497][ T9067] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 544.675050][ T9067] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 544.704753][ T9067] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 544.787798][ T9067] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 544.847993][ T9067] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 544.874986][T22033] netlink: 8 bytes leftover after parsing attributes in process `syz.7.7836'. [ 544.895814][ T9067] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 544.917164][ T21] usb 7-1: string descriptor 0 read error: -22 [ 544.923489][ T21] usb 7-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 544.951508][ T9067] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 544.987194][ T21] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.057917][T22022] xt_CT: No such helper "snmp_trap" [ 545.177178][ T9067] usb 6-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 545.216923][ T9067] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.234033][ T9067] usb 6-1: Product: syz [ 545.247186][ T9067] usb 6-1: Manufacturer: syz [ 545.251946][ T9067] usb 6-1: SerialNumber: syz [ 545.278034][ T9067] usb 6-1: config 0 descriptor?? [ 545.329444][T21985] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 545.447395][ T9067] snd-usb-audio: probe of 6-1:0.0 failed with error -12 [ 545.516632][ T5137] udevd[5137]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 545.552511][ T9067] usb 7-1: USB disconnect, device number 22 [ 545.655540][ T21] usb 6-1: USB disconnect, device number 23 [ 545.707464][T22037] loop0: detected capacity change from 0 to 32768 [ 545.851302][T22053] rdma_rxe: rxe_register_device failed with error -23 [ 545.869037][T22053] rdma_rxe: failed to add bond_slave_1 [ 545.899755][T22043] loop7: detected capacity change from 0 to 32768 [ 545.986959][T22043] JBD2: Ignoring recovery information on journal [ 546.063662][T22043] (syz.7.7841,22043,1):ocfs2_clear_journal_error:1085 ERROR: File system error 33023 recorded in journal 0. [ 546.099464][T22043] (syz.7.7841,22043,1):ocfs2_clear_journal_error:1087 ERROR: File system on device loop7 needs checking. [ 546.118125][T22043] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 546.173373][T22063] netlink: 'syz.1.7850': attribute type 21 has an invalid length. [ 546.223562][T22063] netlink: 164 bytes leftover after parsing attributes in process `syz.1.7850'. [ 546.240044][ T3068] (kworker/u4:4,3068,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #4104: rec_len is smaller than minimal - offset=0, inode=4104, rec_len=8, name_len=0 [ 546.267501][T22043] (syz.7.7841,22043,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #4097: rec_len is smaller than minimal - offset=0, inode=397313, rec_len=0, name_len=1 [ 546.353857][T22043] (syz.7.7841,22043,0):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 546.395129][T22043] (syz.7.7841,22043,0):ocfs2_symlink:1864 ERROR: status = -2 [ 546.463264][T22043] (syz.7.7841,22043,0):ocfs2_symlink:2065 ERROR: status = -2 [ 546.590413][T13728] ocfs2: Unmounting device (7,7) on (node local) [ 546.908239][T22086] netlink: 'syz.6.7861': attribute type 1 has an invalid length. [ 546.916046][T22086] netlink: 228 bytes leftover after parsing attributes in process `syz.6.7861'. [ 547.022386][T22092] loop7: detected capacity change from 0 to 64 [ 547.341242][T22069] loop1: detected capacity change from 0 to 32768 [ 547.479924][T22069] jfs_create: dtInsert returned -EIO [ 547.533307][T22069] ERROR: (device loop1): jfs_create: [ 547.533307][T22069] [ 548.097090][ T9050] usb 8-1: new high-speed USB device number 19 using dummy_hcd [ 548.137371][T22139] loop0: detected capacity change from 0 to 1764 [ 548.190939][T22139] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 548.205210][T22142] netlink: 'syz.1.7889': attribute type 75 has an invalid length. [ 548.305017][T22108] loop5: detected capacity change from 0 to 32768 [ 548.323617][ T21] usb 7-1: new full-speed USB device number 23 using dummy_hcd [ 548.331827][T22108] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop5 scanned by syz.5.7872 (22108) [ 548.427131][T22108] BTRFS info (device loop5): using xxhash64 (xxhash64-generic) checksum algorithm [ 548.442789][T22108] BTRFS info (device loop5): force zlib compression, level 3 [ 548.474632][T22108] BTRFS info (device loop5): force clearing of disk cache [ 548.485006][T22108] BTRFS info (device loop5): setting nodatasum [ 548.497909][T22108] BTRFS info (device loop5): use zlib compression, level 3 [ 548.505616][T22108] BTRFS info (device loop5): allowing degraded mounts [ 548.515696][T22108] BTRFS info (device loop5): enabling disk space caching [ 548.523888][T22108] BTRFS info (device loop5): disk space caching is enabled [ 548.533542][T22108] BTRFS info (device loop5): has skinny extents [ 548.573570][T22108] BTRFS info (device loop5): enabling ssd optimizations [ 548.582353][T22108] BTRFS info (device loop5): clearing free space tree [ 548.589794][T22108] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 548.607124][T22108] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 548.607798][ T21] usb 7-1: too many configurations: 227, using maximum allowed: 8 [ 548.637404][ T9050] usb 8-1: New USB device found, idVendor=08fd, idProduct=0002, bcdDevice=ca.fd [ 548.646671][ T9050] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.655113][ T9050] usb 8-1: Product: syz [ 548.659956][ T9050] usb 8-1: Manufacturer: syz [ 548.664596][ T9050] usb 8-1: SerialNumber: syz [ 548.671824][ T9050] usb 8-1: config 0 descriptor?? [ 548.726121][ T146] Bluetooth: hci5: urb ffff888144ba8500 submission failed (2) [ 549.106425][ T9064] usb 8-1: USB disconnect, device number 19 [ 549.211662][T22179] loop0: detected capacity change from 0 to 4096 [ 549.229310][T22181] loop1: detected capacity change from 0 to 4096 [ 549.295434][ T21] usb 7-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 549.317163][ T21] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 549.373526][T22184] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 549.386006][ T21] usb 7-1: config 0 descriptor?? [ 549.403303][T22185] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 549.459449][ T21] pwc: Samsung MPC-C10 USB webcam detected. [ 549.509342][ T21] pwc: Warning: more than 1 configuration available. [ 549.687602][ T21] pwc: send_video_command error -71 [ 549.692895][ T21] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 549.723552][ T21] Philips webcam: probe of 7-1:0.0 failed with error -71 [ 549.752987][ T21] usb 7-1: USB disconnect, device number 23 [ 550.500164][T22244] loop0: detected capacity change from 0 to 16 [ 550.564000][T22244] erofs: (device loop0): mounted with root inode @ nid 36. [ 550.579211][T22248] netlink: 16 bytes leftover after parsing attributes in process `syz.7.7929'. [ 550.609907][ T146] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -41 in[4096, 0] out[9000] [ 550.640179][ T9064] Bluetooth: hci3: command 0x0406 tx timeout [ 550.661324][T22244] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -41 in[4096, 0] out[8192] [ 550.716918][ T21] usb 7-1: new high-speed USB device number 24 using dummy_hcd [ 550.728086][ T25] audit: type=1800 audit(1770824013.756:37): pid=22244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.7927" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 550.762619][T22248] IPv6: sit2: Disabled Multicast RS [ 550.808207][T22250] netlink: 'syz.1.7931': attribute type 1 has an invalid length. [ 550.837001][T22250] netlink: 'syz.1.7931': attribute type 2 has an invalid length. [ 550.893602][T22250] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7931'. [ 550.966973][ T21] usb 7-1: Using ep0 maxpacket: 16 [ 551.089896][ T21] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 551.104688][ T21] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 551.151807][ T21] usb 7-1: config 0 has no interface number 0 [ 551.253831][T22262] netlink: 8 bytes leftover after parsing attributes in process `syz.5.7936'. [ 551.331389][ T21] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 551.351187][ T21] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=21 [ 551.395506][ T21] usb 7-1: Product: syz [ 551.408901][ T21] usb 7-1: Manufacturer: syz [ 551.423615][ T21] usb 7-1: SerialNumber: syz [ 551.450827][ T21] usb 7-1: config 0 descriptor?? [ 551.492991][ T21] usb 7-1: Found UVC 0.00 device syz (046d:08f3) [ 551.509721][ T21] usb 7-1: No valid video chain found. [ 551.720725][T21672] usb 7-1: USB disconnect, device number 24 [ 551.846602][T22293] loop1: detected capacity change from 0 to 256 [ 551.848054][T22289] loop5: detected capacity change from 0 to 24 [ 551.928002][T22289] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 551.960740][T22289] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 551.986205][T22289] VFS: Lookup of 'file0' in romfs loop5 would have caused loop [ 552.613937][T22327] netlink: 'syz.6.7968': attribute type 8 has an invalid length. [ 552.696953][T22327] netlink: 199836 bytes leftover after parsing attributes in process `syz.6.7968'. [ 552.764870][T22333] netlink: 'syz.1.7972': attribute type 24 has an invalid length. [ 552.877022][ T4231] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 552.894872][T22338] loop6: detected capacity change from 0 to 1024 [ 552.952531][T22340] loop0: detected capacity change from 0 to 128 [ 552.953287][T22342] loop1: detected capacity change from 0 to 764 [ 553.049977][T22345] loop7: detected capacity change from 0 to 128 [ 553.068033][T22340] ADFS-fs (loop0): error: can't find an ADFS filesystem on dev loop0. [ 553.117009][ T4231] usb 6-1: Using ep0 maxpacket: 32 [ 553.254507][ T4231] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 553.274930][ T4231] usb 6-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 553.409094][ T4231] usb 6-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 553.431305][ T4231] usb 6-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 553.467928][ T4231] usb 6-1: Product: syz [ 553.472170][ T4231] usb 6-1: Manufacturer: syz [ 553.528881][ T4231] hub 6-1:4.0: USB hub found [ 553.568881][T22358] loop0: detected capacity change from 0 to 64 [ 553.747262][ T4231] hub 6-1:4.0: 2 ports detected [ 553.785805][T22368] loop1: detected capacity change from 0 to 64 [ 553.967059][ T4231] hub 6-1:4.0: hub_hub_status failed (err = -71) [ 553.977088][ T4231] hub 6-1:4.0: config failed, can't get hub status (err -71) [ 554.075334][ T4231] usb 6-1: USB disconnect, device number 24 [ 554.186140][T22387] loop1: detected capacity change from 0 to 16 [ 554.253021][T22387] erofs: (device loop1): mounted with root inode @ nid 36. [ 554.340648][ T146] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -41 in[4096, 0] out[9000] [ 554.410829][T22387] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -41 in[4096, 0] out[8192] [ 554.458608][T22394] syz.0.7999: vmalloc error: size 9007199254740992, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 554.543954][ T25] audit: type=1800 audit(1770824017.566:38): pid=22387 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.7996" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 554.630438][T22394] CPU: 0 PID: 22394 Comm: syz.0.7999 Not tainted syzkaller #0 [ 554.637977][T22394] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 554.648087][T22394] Call Trace: [ 554.651406][T22394] [ 554.654370][T22394] dump_stack_lvl+0x188/0x250 [ 554.659094][T22394] ? rcu_lock_release+0x5/0x20 [ 554.663905][T22394] ? show_regs_print_info+0x20/0x20 [ 554.669157][T22394] ? load_image+0x400/0x400 [ 554.673718][T22394] ? __rcu_read_unlock+0x78/0xd0 [ 554.678801][T22394] warn_alloc+0x243/0x320 [ 554.683185][T22394] ? rcu_lock_release+0x20/0x20 [ 554.688094][T22394] ? zone_watermark_ok_safe+0x240/0x240 [ 554.693707][T22394] ? dvb_demux_do_ioctl+0x313/0x530 [ 554.698950][T22394] ? kfree+0xef/0x2a0 [ 554.702984][T22394] __vmalloc_node_range+0x2b1/0x8b0 [ 554.708236][T22394] ? mutex_lock_io_nested+0x60/0x60 [ 554.713527][T22394] ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 554.719511][T22394] vmalloc+0x75/0x80 [ 554.723453][T22394] ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 554.729340][T22394] dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 554.735037][T22394] dvb_demux_do_ioctl+0x450/0x530 [ 554.740224][T22394] dvb_usercopy+0x191/0x2b0 [ 554.744779][T22394] ? dvb_dmxdev_buffer_read+0x4c0/0x4c0 [ 554.750371][T22394] ? dvb_generic_ioctl+0xb0/0xb0 [ 554.755372][T22394] ? dvb_demux_poll+0x210/0x210 [ 554.760262][T22394] dvb_demux_ioctl+0x25/0x30 [ 554.764903][T22394] __se_sys_ioctl+0xfa/0x170 [ 554.769542][T22394] do_syscall_64+0x4c/0xa0 [ 554.774006][T22394] ? clear_bhb_loop+0x30/0x80 [ 554.778727][T22394] ? clear_bhb_loop+0x30/0x80 [ 554.783454][T22394] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 554.789389][T22394] RIP: 0033:0x7f99cb9eaf79 [ 554.793844][T22394] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.813713][T22394] RSP: 002b:00007f99c9c45028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 554.822174][T22394] RAX: ffffffffffffffda RBX: 00007f99cbc64fa0 RCX: 00007f99cb9eaf79 [ 554.830294][T22394] RDX: 0020000000000000 RSI: 0000000000006f2d RDI: 0000000000000003 [ 554.838311][T22394] RBP: 00007f99cba817e0 R08: 0000000000000000 R09: 0000000000000000 [ 554.846328][T22394] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.854343][T22394] R13: 00007f99cbc65038 R14: 00007f99cbc64fa0 R15: 00007fff44fc6e78 [ 554.862593][T22394] [ 554.865722][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.063526][T22407] loop1: detected capacity change from 0 to 1024 [ 555.220636][T22407] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 555.234607][T22407] ext4 filesystem being mounted at /1593/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 555.276486][T22394] Mem-Info: [ 555.281562][T22394] active_anon:19 inactive_anon:18376 isolated_anon:0 [ 555.281562][T22394] active_file:4207 inactive_file:9475 isolated_file:0 [ 555.281562][T22394] unevictable:768 dirty:332 writeback:0 [ 555.281562][T22394] slab_reclaimable:21400 slab_unreclaimable:101534 [ 555.281562][T22394] mapped:38611 shmem:11112 pagetables:943 bounce:0 [ 555.281562][T22394] kernel_misc_reclaimable:0 [ 555.281562][T22394] free:1396989 free_pcp:1997 free_cma:0 [ 555.323526][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.331874][T22394] Node 0 active_anon:76kB inactive_anon:73764kB active_file:16828kB inactive_file:37764kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:154544kB dirty:1324kB writeback:0kB shmem:43172kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:13312kB pagetables:3772kB all_unreclaimable? no [ 555.363024][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.369774][T22394] Node 1 active_anon:0kB inactive_anon:540kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no [ 555.398947][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.428964][T22394] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 555.496955][T22394] lowmem_reserve[]: 0 2539 2540 2540 2540 [ 555.523345][T22394] Node 0 DMA32 free:1639656kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:76kB inactive_anon:80364kB active_file:16828kB inactive_file:39064kB unevictable:1536kB writepending:1372kB present:3129332kB managed:2606556kB mlocked:0kB bounce:0kB free_pcp:8244kB local_pcp:1928kB free_cma:0kB [ 555.665762][T22394] lowmem_reserve[]: 0 0 0 0 0 [ 555.709223][T22394] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 555.742562][T22404] ntfs3: Couldn't remount rw because journal is not replayed. Please umount/remount instead [ 555.742562][T22404] [ 555.776739][T22394] lowmem_reserve[]: 0 0 0 0 0 [ 555.816931][T22394] Node 1 Normal free:3923992kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:0kB inactive_anon:540kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:4kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 555.845222][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.866249][T22394] lowmem_reserve[]: 0 0 0 0 0 [ 555.871978][T22394] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 555.914519][T22394] Node 0 DMA32: 0*4kB 108*8kB (UME) 8*16kB (E) 41*32kB (UE) 126*64kB (UME) 105*128kB (UME) 63*256kB (ME) 38*512kB (ME) 18*1024kB (M) 18*2048kB (UME) 370*4096kB (M) = 1630208kB [ 556.007133][T22394] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 556.046346][T22394] Node 1 Normal: 272*4kB (UME) 45*8kB (UME) 25*16kB (UME) 195*32kB (UME) 80*64kB (UME) 17*128kB (UE) 14*256kB (UM) 7*512kB (UE) 2*1024kB (UE) 2*2048kB (ME) 951*4096kB (M) = 3923992kB [ 556.144627][T22394] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 556.251218][T22394] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 556.294189][T22394] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 556.336499][T22408] XFS (loop6): Mounting V5 Filesystem [ 556.352943][T22394] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 556.385461][T22394] 31607 total pagecache pages [ 556.433056][T22394] 0 pages in swap cache [ 556.461254][T22394] Swap cache stats: add 297, delete 297, find 46/91 [ 556.496891][T22394] Free swap = 124472kB [ 556.530034][T22394] Total swap = 124996kB [ 556.587832][T22394] 2097051 pages RAM [ 556.597795][T22408] XFS (loop6): Ending clean mount [ 556.630134][T22394] 0 pages HighMem/MovableOnly [ 556.645208][T22394] 411489 pages reserved [ 556.655380][T22394] 0 pages cma reserved [ 556.790778][T11587] XFS (loop6): Unmounting Filesystem [ 557.479795][T22480] (unnamed net_device) (uninitialized): option xmit_hash_policy: invalid value (8) [ 557.792233][T22492] set_capacity_and_notify: 2 callbacks suppressed [ 557.792250][T22492] loop0: detected capacity change from 0 to 256 [ 557.952511][T22492] FAT-fs (loop0): Directory bread(block 64) failed [ 557.976947][T22492] FAT-fs (loop0): Directory bread(block 65) failed [ 557.998831][T22492] FAT-fs (loop0): Directory bread(block 66) failed [ 558.037052][T22492] FAT-fs (loop0): Directory bread(block 67) failed [ 558.043948][T22492] FAT-fs (loop0): Directory bread(block 68) failed [ 558.110652][T22489] loop6: detected capacity change from 0 to 8192 [ 558.130935][T22492] FAT-fs (loop0): Directory bread(block 69) failed [ 558.167107][T22492] FAT-fs (loop0): Directory bread(block 70) failed [ 558.173719][T22492] FAT-fs (loop0): Directory bread(block 71) failed [ 558.210056][T22492] FAT-fs (loop0): Directory bread(block 72) failed [ 558.220995][T22492] FAT-fs (loop0): Directory bread(block 73) failed [ 558.243342][T22489] REISERFS (device loop6): found reiserfs format "3.5" with non-standard journal [ 558.307120][T22489] REISERFS (device loop6): using ordered data mode [ 558.322660][T22489] reiserfs: using flush barriers [ 558.332306][T22504] loop5: detected capacity change from 0 to 8 [ 558.436382][T22447] loop7: detected capacity change from 0 to 32768 [ 558.455473][T22489] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 558.518490][T22489] REISERFS (device loop6): checking transaction log (loop6) [ 558.569820][T22447] (syz.7.8020,22447,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 558.587639][T22489] REISERFS (device loop6): Using tea hash to sort names [ 558.595930][T22489] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage. [ 558.713502][T22447] (syz.7.8020,22447,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 558.897285][T22514] xt_connbytes: Forcing CT accounting to be enabled [ 558.945844][T22447] JBD2: Ignoring recovery information on journal [ 558.986687][T22439] loop1: detected capacity change from 0 to 65536 [ 559.163176][T22439] XFS (loop1): Mounting V5 Filesystem [ 559.376719][T22439] XFS (loop1): Ending clean mount [ 559.415605][T22447] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode. [ 559.431199][ T4188] XFS (loop1): Unmounting Filesystem [ 559.885204][T13728] ocfs2: Unmounting device (7,7) on (node local) [ 560.175469][T22570] netlink: 'syz.6.8062': attribute type 21 has an invalid length. [ 560.204018][T22570] netlink: 100 bytes leftover after parsing attributes in process `syz.6.8062'. [ 560.485479][T22579] netlink: 24 bytes leftover after parsing attributes in process `syz.6.8067'. [ 560.894931][T22594] loop0: detected capacity change from 0 to 1024 [ 561.088424][T22594] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 561.129813][T22594] EXT4-fs error (device loop0): ext4_empty_dir:3166: inode #11: block 623: comm syz.0.8071: Attempting to read directory block (623) that is past i_size (638464) [ 561.157772][T22611] device wlan0 entered promiscuous mode [ 561.206906][T22612] libceph: resolve '0.0' (ret=-3): failed [ 561.222466][T22611] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 561.316360][T22618] bond0: option ad_actor_sys_prio: mode dependency failed, not supported in mode balance-rr(0) [ 561.521911][T22626] loop1: detected capacity change from 0 to 1024 [ 561.537019][T22625] netlink: 'syz.7.8083': attribute type 1 has an invalid length. [ 561.863744][T22634] netlink: 16 bytes leftover after parsing attributes in process `syz.7.8090'. [ 561.877469][T22636] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8091'. [ 561.972128][T22640] loop1: detected capacity change from 0 to 256 [ 562.107509][T22640] FAT-fs (loop1): Directory bread(block 64) failed [ 562.114293][T22640] FAT-fs (loop1): Directory bread(block 65) failed [ 562.159816][T22640] FAT-fs (loop1): Directory bread(block 66) failed [ 562.166721][T22640] FAT-fs (loop1): Directory bread(block 67) failed [ 562.227075][T22640] FAT-fs (loop1): Directory bread(block 68) failed [ 562.253476][T22616] loop5: detected capacity change from 0 to 32768 [ 562.260269][T22640] FAT-fs (loop1): Directory bread(block 69) failed [ 562.273744][T22640] FAT-fs (loop1): Directory bread(block 70) failed [ 562.287397][T22640] FAT-fs (loop1): Directory bread(block 71) failed [ 562.314482][T22640] FAT-fs (loop1): Directory bread(block 72) failed [ 562.332140][T22653] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8100'. [ 562.342164][T22640] FAT-fs (loop1): Directory bread(block 73) failed [ 562.368549][T22616] ocfs2: Slot 0 on device (7,5) was already allocated to this node! [ 562.498078][T22616] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 562.510105][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 562.581521][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 562.674836][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 562.727572][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 562.735268][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 562.753198][T22667] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma? [ 562.764738][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 562.776637][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 562.796406][T22660] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 562.828870][T22660] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 562.934249][ T9113] ocfs2: Unmounting device (7,5) on (node local) [ 563.209395][T22690] comedi comedi2: dt2814: a I/O base address must be specified [ 563.419571][T22699] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 563.495782][T22703] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 564.047984][T22735] loop0: detected capacity change from 0 to 256 [ 564.157467][T22735] FAT-fs (loop0): Directory bread(block 64) failed [ 564.169578][T22735] FAT-fs (loop0): Directory bread(block 65) failed [ 564.192996][T22735] FAT-fs (loop0): Directory bread(block 66) failed [ 564.213432][T22735] FAT-fs (loop0): Directory bread(block 67) failed [ 564.235635][T22735] FAT-fs (loop0): Directory bread(block 68) failed [ 564.259419][T22735] FAT-fs (loop0): Directory bread(block 69) failed [ 564.283289][T22735] FAT-fs (loop0): Directory bread(block 70) failed [ 564.319843][T22735] FAT-fs (loop0): Directory bread(block 71) failed [ 564.343957][T22735] FAT-fs (loop0): Directory bread(block 72) failed [ 564.364359][T22735] FAT-fs (loop0): Directory bread(block 73) failed [ 564.434408][T22715] loop1: detected capacity change from 0 to 32768 [ 564.560401][T22715] blkno = 8ed2c, nblocks = 1 [ 564.586113][T22715] ERROR: (device loop1): dbFree: block to be freed is outside the map [ 564.586113][T22715] [ 564.633244][T22715] ERROR: (device loop1): remounting filesystem as read-only [ 564.696210][T22715] ialloc: diAlloc returned -17! [ 564.755607][T22761] loop6: detected capacity change from 0 to 1024 [ 564.832414][T22761] EXT4-fs (loop6): #clusters per group too big: 24576 [ 565.287057][ T9064] usb 8-1: new high-speed USB device number 20 using dummy_hcd [ 565.311757][T22785] delete_channel: no stack [ 565.346982][T21672] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 565.383434][T22791] loop0: detected capacity change from 0 to 256 [ 565.499763][T22791] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x2f03464b, utbl_chksum : 0xe619d30d) [ 565.537061][ T9064] usb 8-1: Using ep0 maxpacket: 32 [ 565.657137][ T9064] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 565.667364][T21672] usb 7-1: Using ep0 maxpacket: 16 [ 565.696267][ T9064] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 565.743451][ T9064] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 565.817134][T21672] usb 7-1: config 0 has an invalid interface number: 132 but max is 0 [ 565.825752][T21672] usb 7-1: config 0 has no interface number 0 [ 565.947193][ T9064] usb 8-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 565.956301][ T9064] usb 8-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 565.975354][ T9064] usb 8-1: Product: syz [ 565.979676][ T9064] usb 8-1: Manufacturer: syz [ 565.984310][ T9064] usb 8-1: SerialNumber: syz [ 565.991661][T22817] loop1: detected capacity change from 0 to 256 [ 566.027315][T21672] usb 7-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 566.056260][T21672] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 566.065353][ T9064] input: appletouch as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:1.0/input/input30 [ 566.087009][T21672] usb 7-1: Product: syz [ 566.099066][T21672] usb 7-1: Manufacturer: syz [ 566.103778][T21672] usb 7-1: SerialNumber: syz [ 566.109503][T22817] FAT-fs (loop1): Directory bread(block 64) failed [ 566.138642][T21672] usb 7-1: config 0 descriptor?? [ 566.159978][T22817] FAT-fs (loop1): Directory bread(block 65) failed [ 566.166667][T22817] FAT-fs (loop1): Directory bread(block 66) failed [ 566.191796][T22817] FAT-fs (loop1): Directory bread(block 67) failed [ 566.204175][T22817] FAT-fs (loop1): Directory bread(block 68) failed [ 566.217635][T22817] FAT-fs (loop1): Directory bread(block 69) failed [ 566.224324][T22817] FAT-fs (loop1): Directory bread(block 70) failed [ 566.232567][T22817] FAT-fs (loop1): Directory bread(block 71) failed [ 566.247783][T21672] hub 7-1:0.132: bad descriptor, ignoring hub [ 566.254049][T21672] hub: probe of 7-1:0.132 failed with error -5 [ 566.271049][T22817] FAT-fs (loop1): Directory bread(block 72) failed [ 566.283795][T21672] input: bcm5974 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.132/input/input31 [ 566.307634][T22817] FAT-fs (loop1): Directory bread(block 73) failed [ 566.342640][ T9064] usb 8-1: USB disconnect, device number 20 [ 566.378340][T22827] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8184'. [ 566.411055][ T9064] appletouch 8-1:1.0: input: appletouch disconnected [ 566.449526][T22827] netlink: 28 bytes leftover after parsing attributes in process `syz.5.8184'. [ 566.618139][T22834] loop5: detected capacity change from 0 to 512 [ 566.709019][T22834] EXT4-fs (loop5): orphan cleanup on readonly fs [ 566.736289][T22834] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.8188: bg 0: block 248: padding at end of block bitmap is not set [ 566.804972][T22834] Quota error (device loop5): write_blk: dquota write failed [ 566.807422][ T21] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 566.812598][T22834] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota [ 566.830928][T22834] EXT4-fs error (device loop5): ext4_acquire_dquot:6234: comm syz.5.8188: Failed to acquire dquot type 1 [ 566.844565][T22834] EXT4-fs (loop5): 1 truncate cleaned up [ 566.875614][T22834] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 567.154187][T22856] device sit0 entered promiscuous mode [ 567.166433][T22856] netlink: 'syz.7.8197': attribute type 1 has an invalid length. [ 567.176684][T22856] netlink: 'syz.7.8197': attribute type 3 has an invalid length. [ 567.211409][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 567.387479][ T21] usb 1-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice=48.99 [ 567.396688][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.417178][ T21] usb 1-1: Product: syz [ 567.431821][ T21] usb 1-1: Manufacturer: syz [ 567.441217][ T21] usb 1-1: SerialNumber: syz [ 567.446884][T21672] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 567.458259][ T21] usb 1-1: config 0 descriptor?? [ 567.697121][T21672] usb 2-1: Using ep0 maxpacket: 32 [ 567.744841][ T21] snd-usb-audio: probe of 1-1:0.0 failed with error -2 [ 567.817128][T21672] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 567.854790][ T4314] udevd[4314]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 567.871544][T21672] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 567.904218][T21672] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 567.952159][T22890] loop5: detected capacity change from 0 to 8 [ 567.960876][T21083] usb 1-1: USB disconnect, device number 33 [ 567.985396][T22892] netlink: 32 bytes leftover after parsing attributes in process `syz.6.8215'. [ 568.018082][T22890] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 568.133701][T21672] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 568.159498][T21672] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 568.183427][T21672] usb 2-1: Product: syz [ 568.226897][T21672] usb 2-1: Manufacturer: syz [ 568.231563][T21672] usb 2-1: SerialNumber: syz [ 568.340010][T21672] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input32 [ 568.379624][T22880] loop7: detected capacity change from 0 to 32768 [ 568.474245][T22904] netlink: 12 bytes leftover after parsing attributes in process `syz.5.8219'. [ 568.514610][T22880] XFS (loop7): Mounting V5 Filesystem [ 568.650555][T21083] usb 2-1: USB disconnect, device number 38 [ 568.671968][T21083] appletouch 2-1:1.0: input: appletouch disconnected [ 568.710048][T22894] loop6: detected capacity change from 0 to 32768 [ 568.759496][T22880] XFS (loop7): Ending clean mount [ 568.884076][T13728] XFS (loop7): Unmounting Filesystem [ 568.899266][T22924] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 568.960573][T22894] XFS (loop6): Mounting V5 Filesystem [ 568.971803][T22927] loop5: detected capacity change from 0 to 8 [ 569.016402][ T1422] ieee802154 phy1 wpan1: encryption failed: -22 [ 569.087707][T22927] MTD: Attempt to mount non-MTD device "/dev/loop5" [ 569.126442][ T4625] udevd[4625]: incorrect cramfs checksum on /dev/loop5 [ 569.175435][T22894] XFS (loop6): Ending clean mount [ 569.209118][T22894] XFS (loop6): Quotacheck needed: Please wait. [ 569.232514][ T4321] udevd[4321]: incorrect cramfs checksum on /dev/loop5 [ 569.510712][T22894] XFS (loop6): Quotacheck: Done. [ 569.571505][T22944] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 569.706173][T11587] XFS (loop6): Unmounting Filesystem [ 569.725757][T22953] xt_l2tp: wrong L2TP version: 0 [ 569.762880][T22957] loop1: detected capacity change from 0 to 8 [ 569.980913][T22957] SQUASHFS error: Corrupted symlink [ 570.588937][T23003] loop1: detected capacity change from 0 to 512 [ 570.605599][T23007] netlink: 72 bytes leftover after parsing attributes in process `syz.6.8264'. [ 570.664190][T23006] loop7: detected capacity change from 0 to 1024 [ 570.703174][T23003] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,auto_da_alloc=0x0000000000000007,noauto_da_alloc,. Quota mode: writeback. [ 570.736587][T23003] ext4 filesystem being mounted at /1632/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 570.879200][T23003] Quota error (device loop1): find_block_dqentry: Quota for id 0 referenced but not present [ 570.940773][T21069] usb 7-1: USB disconnect, device number 25 [ 570.989484][T23003] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 571.064265][T23003] EXT4-fs error (device loop1): ext4_acquire_dquot:6234: comm syz.1.8261: Failed to acquire dquot type 0 [ 571.106558][ T21] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 571.182480][T23003] EXT4-fs (loop1): Remounting filesystem read-only [ 571.367113][ T21] usb 6-1: Using ep0 maxpacket: 16 [ 571.507192][ T21] usb 6-1: config 0 has an invalid interface number: 105 but max is 0 [ 571.524727][ T21] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 571.561735][T23042] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8277'. [ 571.574425][ T21] usb 6-1: config 0 has no interface number 0 [ 571.767199][ T21] usb 6-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 571.797153][ T21] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.805208][ T21] usb 6-1: Product: syz [ 571.833744][ T21] usb 6-1: Manufacturer: syz [ 571.842651][ T21] usb 6-1: SerialNumber: syz [ 571.878975][ T21] usb 6-1: config 0 descriptor?? [ 571.928992][ T21] usb 6-1: Found UVC 0.00 device syz (046c:14e8) [ 571.935413][ T21] usb 6-1: No valid video chain found. [ 572.149127][T21672] usb 6-1: USB disconnect, device number 25 [ 572.343057][T23036] loop0: detected capacity change from 0 to 32768 [ 572.544944][T23036] XFS (loop0): Mounting V5 Filesystem [ 572.732629][T23036] XFS (loop0): Ending clean mount [ 572.874988][ T4199] XFS (loop0): Unmounting Filesystem [ 572.997050][ T9051] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 573.228634][T23127] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 573.247115][ T9051] usb 2-1: Using ep0 maxpacket: 32 [ 573.367163][ T9051] usb 2-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 573.376278][ T9051] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 573.456034][ T9051] usb 2-1: config 0 descriptor?? [ 573.539424][ T9051] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 573.588207][T23149] xt_ecn: cannot match TCP bits for non-tcp packets [ 573.922837][T23166] netlink: 12 bytes leftover after parsing attributes in process `syz.6.8333'. [ 573.964027][T23171] SET target dimension over the limit! [ 573.977087][ T9051] gspca_sunplus: reg_w_riv err -71 [ 573.982331][ T9051] sunplus: probe of 2-1:0.0 failed with error -71 [ 574.011086][ T9051] usb 2-1: USB disconnect, device number 39 [ 574.212978][T23183] loop7: detected capacity change from 0 to 1024 [ 574.227440][T23182] tc_dump_action: action bad kind [ 574.609071][T23204] netlink: 72 bytes leftover after parsing attributes in process `syz.6.8351'. [ 574.682520][T23208] netlink: 40 bytes leftover after parsing attributes in process `syz.5.8352'. [ 575.148532][T23230] loop1: detected capacity change from 0 to 2048 [ 575.248637][T23238] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.8367'. [ 575.266223][T23238] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 575.286227][T23230] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 575.370979][T23242] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 575.532688][T23248] 9p: Unknown access argument Ø [ 575.856403][T23264] loop6: detected capacity change from 0 to 2048 [ 575.989130][ T4314] Alternate GPT is invalid, using primary GPT. [ 575.996569][ T4314] loop6: p2 p3 p7 [ 576.062256][T23264] Alternate GPT is invalid, using primary GPT. [ 576.087464][T23264] loop6: p2 p3 p7 [ 576.187475][T23288] loop0: detected capacity change from 0 to 256 [ 576.248267][T23292] netlink: 'syz.1.8392': attribute type 1 has an invalid length. [ 576.297600][T23288] FAT-fs (loop0): Directory bread(block 64) failed [ 576.297752][T23292] netlink: 168864 bytes leftover after parsing attributes in process `syz.1.8392'. [ 576.323511][T23288] FAT-fs (loop0): Directory bread(block 65) failed [ 576.342754][T23288] FAT-fs (loop0): Directory bread(block 66) failed [ 576.369932][T23288] FAT-fs (loop0): Directory bread(block 67) failed [ 576.374272][ T4314] udevd[4314]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 576.391388][ T4633] udevd[4633]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 576.417176][T23288] FAT-fs (loop0): Directory bread(block 68) failed [ 576.446952][T23288] FAT-fs (loop0): Directory bread(block 69) failed [ 576.453781][T23288] FAT-fs (loop0): Directory bread(block 70) failed [ 576.482491][T23288] FAT-fs (loop0): Directory bread(block 71) failed [ 576.486412][ T4314] udevd[4314]: inotify_add_watch(7, /dev/loop6p7, 10) failed: No such file or directory [ 576.517379][T23288] FAT-fs (loop0): Directory bread(block 72) failed [ 576.524624][T23288] FAT-fs (loop0): Directory bread(block 73) failed [ 576.645898][T23304] mip6: mip6_rthdr_init_state: state's mode is not 2: 0 [ 576.780321][T23320] netlink: 'syz.1.8406': attribute type 3 has an invalid length. [ 576.999589][ T4314] udevd[4314]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory [ 577.086524][ T4314] udevd[4314]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory [ 577.126363][T23347] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8419'. [ 577.144244][T23348] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8417'. [ 577.153828][T23348] device bridge_slave_1 left promiscuous mode [ 577.174127][T23348] bridge0: port 2(bridge_slave_1) entered disabled state [ 577.189071][T23348] device bridge_slave_0 left promiscuous mode [ 577.225950][T23348] bridge0: port 1(bridge_slave_0) entered disabled state [ 577.265148][T23354] loop0: detected capacity change from 0 to 512 [ 577.285130][ T4314] udevd[4314]: inotify_add_watch(7, /dev/loop6p7, 10) failed: No such file or directory [ 577.287835][ T9051] usb 8-1: new high-speed USB device number 21 using dummy_hcd [ 577.335741][T23354] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 577.353175][T23354] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 1, start 00000001) [ 577.379490][T23354] FAT-fs (loop0): Filesystem has been set read-only [ 577.387388][T23348] bond0: (slave bridge0): Releasing backup interface [ 577.497584][T23365] openvswitch: netlink: Actions may not be safe on all matching packets [ 577.557047][ T9051] usb 8-1: Using ep0 maxpacket: 32 [ 577.726746][ T9051] usb 8-1: unable to get BOS descriptor or descriptor too short [ 577.749714][T23379] netlink: 'syz.6.8433': attribute type 32 has an invalid length. [ 577.807371][ T9051] usb 8-1: config 3 has an invalid interface number: 224 but max is 0 [ 577.832333][ T9051] usb 8-1: config 3 has no interface number 0 [ 577.846242][ T9051] usb 8-1: config 3 interface 224 altsetting 9 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 577.883021][ T9051] usb 8-1: config 3 interface 224 has no altsetting 0 [ 578.067165][ T9051] usb 8-1: New USB device found, idVendor=1199, idProduct=9055, bcdDevice=35.1f [ 578.106641][ T9051] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.116982][T21078] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 578.167411][ T9051] usb 8-1: Product: syz [ 578.171672][ T9051] usb 8-1: Manufacturer: syz [ 578.176543][ T9051] usb 8-1: SerialNumber: syz [ 578.407078][T21078] usb 2-1: Using ep0 maxpacket: 16 [ 578.526193][T23410] loop0: detected capacity change from 0 to 1024 [ 578.567636][ T9051] rndis_host 8-1:3.224: invalid descriptor buffer length [ 578.574839][ T9051] usb 8-1: bad CDC descriptors [ 578.605110][ T9051] usb 8-1: USB disconnect, device number 21 [ 578.656156][T23410] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 578.674944][T23410] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled [ 578.695247][T23419] netlink: 220 bytes leftover after parsing attributes in process `syz.6.8454'. [ 578.767338][T21078] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 578.797888][T21078] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.805963][T21078] usb 2-1: Product: syz [ 578.806461][T23410] EXT4-fs error (device loop0): ext4_ext_check_inode:501: inode #11: comm syz.0.8449: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 578.837562][T21078] usb 2-1: Manufacturer: syz [ 578.858770][T23410] EXT4-fs error (device loop0): ext4_orphan_get:1405: comm syz.0.8449: couldn't read orphan inode 11 (err -117) [ 578.887287][T21078] usb 2-1: SerialNumber: syz [ 578.894008][T23410] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,noload,mblk_io_submit,jqfmt=vfsv0,discard,usrjquota=,grpquota,quota,,errors=continue. Quota mode: writeback. [ 578.923294][T21078] r8152-cfgselector 2-1: config 0 descriptor?? [ 578.967037][T23423] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 10: padding at end of block bitmap is not set [ 579.067617][T23410] Quota error (device loop0): write_blk: dquota write failed [ 579.116988][T23410] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 579.157153][T23410] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.8449: Failed to acquire dquot type 0 [ 579.436939][T21078] r8152-cfgselector 2-1: Unknown version 0x0000 [ 579.443555][T21078] r8152-cfgselector 2-1: bad CDC descriptors [ 579.511496][T21078] r8152-cfgselector 2-1: Unknown version 0x0000 [ 579.532069][T21078] r8152-cfgselector 2-1: USB disconnect, device number 40 [ 579.694537][T23463] device netdevsim0 entered promiscuous mode [ 580.240052][T23498] loop7: detected capacity change from 0 to 764 [ 580.387103][T21672] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 580.465916][T23515] netlink: 220 bytes leftover after parsing attributes in process `syz.7.8497'. [ 580.588956][T23520] loop5: detected capacity change from 0 to 128 [ 580.668856][T21672] usb 7-1: Using ep0 maxpacket: 16 [ 580.697083][T23520] ufs: ufs_fill_super(): fragment size 3263967611 is not a power of 2 [ 580.797390][T21672] usb 7-1: config 254 has an invalid interface number: 235 but max is 0 [ 580.813043][T21672] usb 7-1: config 254 has no interface number 0 [ 580.822037][T21672] usb 7-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 580.832750][T21672] usb 7-1: config 254 interface 235 has no altsetting 0 [ 581.007495][T21672] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 581.032472][T21672] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.069346][T21672] usb 7-1: Product: syz [ 581.097078][T21672] usb 7-1: Manufacturer: syz [ 581.101899][T21672] usb 7-1: SerialNumber: syz [ 581.178608][T23491] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 581.432705][T23491] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 581.479211][T21672] usbtest 7-1:254.235: Linux gadget zero [ 581.493402][T21672] usbtest 7-1:254.235: high-speed {control in/out bulk-in bulk-out} tests (+alt) [ 581.704574][T21069] usb 7-1: USB disconnect, device number 26 [ 581.836440][T23572] netlink: 16 bytes leftover after parsing attributes in process `syz.5.8526'. [ 581.852957][T23561] loop7: detected capacity change from 0 to 8192 [ 582.154339][T23588] netlink: 16 bytes leftover after parsing attributes in process `syz.7.8534'. [ 582.201573][T23588] netlink: 60 bytes leftover after parsing attributes in process `syz.7.8534'. [ 582.336455][ T9051] Bluetooth: hci3: command 0x0405 tx timeout [ 582.527316][ T4231] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 582.586004][T23605] loop0: detected capacity change from 0 to 4096 [ 582.607431][T23608] loop5: detected capacity change from 0 to 2048 [ 582.628662][T23605] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 582.659950][T23605] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 582.664546][T23608] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024) [ 582.677190][T21672] usb 8-1: new high-speed USB device number 22 using dummy_hcd [ 582.724983][T23605] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 582.734899][T23608] NILFS (loop5): segment count 8142508126285856831 exceeds upper limit (1152921504606846975 segments) [ 582.772802][T23605] ntfs: volume version 3.1. [ 582.897458][ T4231] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 582.926699][ T4231] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 582.999024][ T4199] ntfs: (device loop0): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 583.037477][ T4231] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 583.046686][ T4231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 583.059045][ T4231] usb 2-1: SerialNumber: syz [ 583.095024][ T9051] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 583.127210][T21672] usb 8-1: config 0 has an invalid interface number: 69 but max is 0 [ 583.142285][T21672] usb 8-1: config 0 has no interface number 0 [ 583.177004][T21672] usb 8-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 583.196920][T21672] usb 8-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 583.220184][T23626] kAFS: unable to lookup cell '(/' [ 583.283456][T23628] loop5: detected capacity change from 0 to 512 [ 583.320924][T23630] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8555'. [ 583.340021][ T4231] usb 2-1: skipping empty audio interface (v1) [ 583.360710][ T4231] snd-usb-audio: probe of 2-1:1.0 failed with error -22 [ 583.370332][ T4231] usb 2-1: USB disconnect, device number 41 [ 583.386315][T23628] EXT4-fs (loop5): revision level too high, forcing read-only mode [ 583.397171][T21672] usb 8-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 583.407146][T21672] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.415195][T21672] usb 8-1: Product: syz [ 583.419840][T21672] usb 8-1: Manufacturer: syz [ 583.424579][T21672] usb 8-1: SerialNumber: syz [ 583.434400][T21672] usb 8-1: config 0 descriptor?? [ 583.443180][T23628] EXT4-fs (loop5): orphan cleanup on readonly fs [ 583.452051][T23628] Quota error (device loop5): v2_read_file_info: Free block number too big (0 >= 0). [ 583.465517][T23600] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 583.467623][ T9051] usb 7-1: config 220 has an invalid interface number: 76 but max is 2 [ 583.482079][T23628] EXT4-fs warning (device loop5): ext4_enable_quotas:6486: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 583.498274][T21672] cyberjack 8-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 583.508648][T23628] EXT4-fs (loop5): Cannot turn on quotas: error -117 [ 583.517707][T21672] usb 8-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 583.527306][T23628] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.8554: bg 0: block 40: padding at end of block bitmap is not set [ 583.541885][ T9051] usb 7-1: config 220 has an invalid descriptor of length 166, skipping remainder of the config [ 583.541916][ T9051] usb 7-1: config 220 has no interface number 2 [ 583.541968][ T9051] usb 7-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 583.542000][ T9051] usb 7-1: config 220 interface 0 has no altsetting 0 [ 583.542021][ T9051] usb 7-1: config 220 interface 76 has no altsetting 0 [ 583.542042][ T9051] usb 7-1: config 220 interface 1 has no altsetting 0 [ 583.607914][T23628] EXT4-fs (loop5): Remounting filesystem read-only [ 583.619248][T23628] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6194: Corrupt filesystem [ 583.638493][T23628] EXT4-fs (loop5): Remounting filesystem read-only [ 583.645315][T23628] EXT4-fs (loop5): 1 truncate cleaned up [ 583.662624][T23628] EXT4-fs (loop5): mounted filesystem without journal. Opts: bsddf,errors=remount-ro,errors=remount-ro,noinit_itable,. Quota mode: writeback. [ 583.697184][ T9051] usb 7-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 583.717713][ T4321] udevd[4321]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 583.749386][ T9051] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.778255][ T9051] usb 7-1: Product: syz [ 583.782506][ T9051] usb 7-1: Manufacturer: syz [ 583.796369][ T9051] usb 7-1: SerialNumber: syz [ 583.962433][ T21] usb 8-1: USB disconnect, device number 22 [ 583.983328][ T21] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 584.005520][ T21] cyberjack 8-1:0.69: device disconnected [ 584.062704][T23646] damon: kdamond (23646) starts [ 584.167336][ T9051] usb 7-1: selecting invalid altsetting 0 [ 584.178051][ T9051] usb 7-1: Found UVC 7.01 device syz (8086:0b07) [ 584.217043][ T9051] usb 7-1: No valid video chain found. [ 584.308258][ T9051] usb 7-1: selecting invalid altsetting 0 [ 584.314120][ T9051] usbtest: probe of 7-1:220.1 failed with error -22 [ 584.331512][ T9051] usb 7-1: USB disconnect, device number 27 [ 584.444656][T21083] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 584.715900][T23658] loop0: detected capacity change from 0 to 32768 [ 584.733121][T21083] usb 6-1: Using ep0 maxpacket: 32 [ 584.784086][T23658] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.8567 (23658) [ 584.857174][T21083] usb 6-1: config 0 has too many interfaces: 195, using maximum allowed: 32 [ 584.871035][T21083] usb 6-1: config 0 has an invalid interface number: 196 but max is 194 [ 584.929777][T21083] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 195 [ 584.959557][T21083] usb 6-1: config 0 has no interface number 0 [ 584.966307][T21083] usb 6-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 528 [ 585.016866][T21083] usb 6-1: config 0 interface 196 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 585.037290][T21083] usb 6-1: config 0 interface 196 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 585.086975][T21083] usb 6-1: config 0 interface 196 has no altsetting 0 [ 585.125775][T23654] loop1: detected capacity change from 0 to 32768 [ 585.152755][T23658] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 585.188934][T23658] BTRFS info (device loop0): using free space tree [ 585.224271][T23658] BTRFS info (device loop0): has skinny extents [ 585.287074][T21083] usb 6-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 585.297884][T21083] usb 6-1: New USB device strings: Mfr=72, Product=223, SerialNumber=3 [ 585.306457][T21083] usb 6-1: Product: syz [ 585.311522][T21083] usb 6-1: Manufacturer: syz [ 585.316182][T21083] usb 6-1: SerialNumber: syz [ 585.335333][T21083] usb 6-1: config 0 descriptor?? [ 585.367162][T23652] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 585.380974][T23654] XFS (loop1): Mounting V5 Filesystem [ 585.504200][T23654] XFS (loop1): Ending clean mount [ 585.658341][T23658] BTRFS info (device loop0): enabling ssd optimizations [ 585.704395][ T4188] XFS (loop1): Unmounting Filesystem [ 585.716987][T21083] ipheth 6-1:0.196: ipheth_get_macaddr: usb_control_msg: -71 [ 585.725057][T21083] ipheth: probe of 6-1:0.196 failed with error -71 [ 585.775693][T21083] usb 6-1: USB disconnect, device number 26 [ 586.608062][T23715] syz.7.8582 (23715): drop_caches: 2 [ 586.637058][T21083] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 586.753977][T23741] IPv6: Can't replace route, no match found [ 586.921611][T21083] usb 6-1: Using ep0 maxpacket: 16 [ 586.944226][T23738] xt_CT: No such helper "syz0" [ 587.023240][T23746] loop6: detected capacity change from 0 to 64 [ 587.062323][T21083] usb 6-1: config 0 has an invalid interface number: 49 but max is 0 [ 587.071521][T21083] usb 6-1: config 0 has no interface number 0 [ 587.078913][T21083] usb 6-1: config 0 interface 49 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 16 [ 587.102833][T21083] usb 6-1: config 0 interface 49 altsetting 0 endpoint 0x81 has invalid maxpacket 47349, setting to 1024 [ 587.119802][T21083] usb 6-1: config 0 interface 49 altsetting 0 bulk endpoint 0x81 has invalid maxpacket 1024 [ 587.156846][ C0] vkms_vblank_simulate: vblank timer overrun [ 587.367104][T21083] usb 6-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 587.383739][T21083] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.402229][T21083] usb 6-1: Product: syz [ 587.412088][T21083] usb 6-1: Manufacturer: syz [ 587.422836][T21083] usb 6-1: SerialNumber: syz [ 587.445025][T21083] usb 6-1: config 0 descriptor?? [ 587.477264][T23728] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 587.484371][T23728] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 587.768174][T21083] usb 6-1: USB disconnect, device number 27 [ 588.172375][T23754] SET target dimension over the limit! [ 588.495024][T23773] RDS: rds_bind could not find a transport for ae0c:91e3:ccfb:11d2:0:5efe:150.125.240.108, load rds_tcp or rds_rdma? [ 588.871735][T23801] loop0: detected capacity change from 0 to 64 [ 589.064018][T23801] hfs: unable to load iocharset "Sp—" [ 589.077508][T23801] hfs: unable to parse mount options [ 589.116899][T23810] device bridge3 entered promiscuous mode [ 589.374229][T23831] program syz.6.8637 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 589.439553][T23834] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (3) [ 589.470454][T23837] bond0: option arp_validate: invalid value (18446744073491447809) [ 589.474351][ T140] bond0: (slave bond_slave_0): interface is now down [ 589.499347][ T140] bond0: (slave bond_slave_1): interface is now down [ 589.548275][ T140] bond0: now running without any active interface! [ 589.787251][T21078] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 589.834535][T23858] netlink: 'syz.5.8653': attribute type 3 has an invalid length. [ 589.960670][T23866] loop7: detected capacity change from 0 to 256 [ 590.037049][T21078] usb 1-1: Using ep0 maxpacket: 16 [ 590.084662][T23866] FAT-fs (loop7): Directory bread(block 64) failed [ 590.107151][T23866] FAT-fs (loop7): Directory bread(block 65) failed [ 590.134488][T23866] FAT-fs (loop7): Directory bread(block 66) failed [ 590.141969][T23875] tmpfs: Bad value for 'mpol' [ 590.152748][T23866] FAT-fs (loop7): Directory bread(block 67) failed [ 590.176407][T23866] FAT-fs (loop7): Directory bread(block 68) failed [ 590.178304][T21078] usb 1-1: config 0 has no interfaces? [ 590.200866][T23866] FAT-fs (loop7): Directory bread(block 69) failed [ 590.227103][T23866] FAT-fs (loop7): Directory bread(block 70) failed [ 590.249592][T23866] FAT-fs (loop7): Directory bread(block 71) failed [ 590.274746][T23866] FAT-fs (loop7): Directory bread(block 72) failed [ 590.301294][T23866] FAT-fs (loop7): Directory bread(block 73) failed [ 590.317388][T21078] usb 1-1: config 0 has no interfaces? [ 590.417328][T21078] usb 1-1: config 0 has no interfaces? [ 590.477429][T21078] usb 1-1: string descriptor 0 read error: -71 [ 590.485054][T21078] usb 1-1: New USB device found, idVendor=0403, idProduct=e80c, bcdDevice=fb.ba [ 590.542787][T21078] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.591983][T21078] usb 1-1: rejected 3 configurations due to insufficient available bus power [ 590.639405][T21078] usb 1-1: no configuration chosen from 3 choices [ 590.677245][T21078] usb 1-1: USB disconnect, device number 34 [ 590.858323][T23892] loop1: detected capacity change from 0 to 4096 [ 591.094847][T23901] loop0: detected capacity change from 0 to 736 [ 591.450918][T23884] syz.6.8663 (23884): drop_caches: 2 [ 591.663232][T23921] netlink: zone id is out of range [ 591.677531][T23921] netlink: set zone limit has 8 unknown bytes [ 591.706897][ T9063] usb 8-1: new high-speed USB device number 23 using dummy_hcd [ 591.729341][T23923] comedi comedi2: ni_at_a2150: I/O port conflict (0x9,28) [ 591.774956][T23927] xt_NFQUEUE: number of total queues is 0 [ 591.976925][ T9063] usb 8-1: Using ep0 maxpacket: 8 [ 591.986707][T23938] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8690'. [ 592.029769][T23941] netlink: set zone limit has 8 unknown bytes [ 592.080374][T23943] device ip6tnl2 entered promiscuous mode [ 592.115303][ T9063] usb 8-1: config 1 has an invalid interface number: 128 but max is 1 [ 592.137394][ T9063] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 592.168402][T23948] dlm: non-version read from control device 36 [ 592.174789][ T9063] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 592.196995][ T9063] usb 8-1: config 1 has no interface number 0 [ 592.215303][ T9063] usb 8-1: config 1 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 592.294517][T23953] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 592.313453][T23956] loop5: detected capacity change from 0 to 256 [ 592.327414][T23957] netlink: 'syz.0.8700': attribute type 21 has an invalid length. [ 592.345828][T23957] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8700'. [ 592.364103][T23957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8700'. [ 592.417153][ T9063] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 592.436628][ T9063] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.446318][T23959] openvswitch: netlink: Actions may not be safe on all matching packets [ 592.464738][ T9063] usb 8-1: Product: syz [ 592.480553][ T9063] usb 8-1: Manufacturer: syz [ 592.485228][ T9063] usb 8-1: SerialNumber: syz [ 592.499013][T23963] netlink: 'syz.1.8702': attribute type 16 has an invalid length. [ 592.557040][T23963] netlink: 'syz.1.8702': attribute type 17 has an invalid length. [ 592.571187][ T9063] cdc_wdm 8-1:1.128: skipping garbage [ 592.590208][ T9063] cdc_wdm: probe of 8-1:1.128 failed with error -22 [ 592.608237][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 592.669800][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 592.711691][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 592.732700][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 592.743507][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 592.800403][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 592.831903][ T9063] usb 8-1: USB disconnect, device number 23 [ 592.854955][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 592.888867][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 592.923685][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 592.934135][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 592.943432][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 592.951496][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 592.959654][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 592.968165][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 592.991267][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 593.005644][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 593.062211][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 593.072063][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 593.104218][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): geneve3: link becomes ready [ 593.149144][T23963] IPv6: ADDRCONF(NETDEV_CHANGE): geneve3: link becomes ready [ 593.286178][T23991] netlink: 'syz.6.8717': attribute type 1 has an invalid length. [ 593.780909][T24024] xt_TCPMSS: Only works on TCP SYN packets [ 593.830375][T24031] netlink: 'syz.0.8737': attribute type 1 has an invalid length. [ 593.839083][T24028] loop7: detected capacity change from 0 to 1024 [ 593.871351][T24031] netlink: 224 bytes leftover after parsing attributes in process `syz.0.8737'. [ 593.917363][T24031] NCSI netlink: No device for ifindex 0 [ 593.952619][T24028] EXT4-fs (loop7): mounted filesystem without journal. Opts: usrquota,data_err=ignore,,errors=continue. Quota mode: writeback. [ 594.047170][ T9063] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 594.297050][ T9063] usb 2-1: Using ep0 maxpacket: 8 [ 594.417210][ T9063] usb 2-1: config 1 interface 0 altsetting 111 endpoint 0x81 has an invalid bInterval 247, changing to 11 [ 594.435612][ T9063] usb 2-1: config 1 interface 0 has no altsetting 0 [ 594.498005][T24072] loop7: detected capacity change from 0 to 64 [ 594.564621][T24072] hfs: filesystem was not cleanly unmounted, running fsck.hfs is recommended. mounting read-only. [ 594.617145][ T9063] usb 2-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40 [ 594.626363][T24072] hfs: filesystem is marked locked, mounting read-only. [ 594.636494][ T9063] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 594.656764][ T9063] usb 2-1: Product: syz [ 594.676933][ T9063] usb 2-1: Manufacturer: syz [ 594.687151][ T9063] usb 2-1: SerialNumber: syz [ 595.019938][ T9063] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input34 [ 595.066956][ T3546] bcm5974 2-1:1.0: could not read from device [ 595.146538][ T9063] usb 2-1: USB disconnect, device number 42 [ 595.168408][T21069] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 595.379065][T24098] netlink: 8 bytes leftover after parsing attributes in process `syz.0.8769'. [ 595.427044][T21069] usb 6-1: Using ep0 maxpacket: 16 [ 595.557440][T21069] usb 6-1: config 0 has an invalid interface number: 129 but max is 0 [ 595.571113][T21069] usb 6-1: config 0 has no interface number 0 [ 595.757140][T21069] usb 6-1: New USB device found, idVendor=0a5c, idProduct=2033, bcdDevice=11.ab [ 595.776737][T21069] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 595.785023][T21069] usb 6-1: Product: syz [ 595.843771][T21069] usb 6-1: Manufacturer: syz [ 595.863959][T21069] usb 6-1: SerialNumber: syz [ 595.889169][T21069] usb 6-1: config 0 descriptor?? [ 596.155124][T24132] netlink: 'syz.1.8786': attribute type 10 has an invalid length. [ 596.177217][T21069] usb 6-1: USB disconnect, device number 28 [ 596.240653][T24132] team0: Port device wlan1 added [ 596.374395][T24143] netlink: 209844 bytes leftover after parsing attributes in process `syz.7.8790'. [ 596.467036][ T9063] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 596.658632][T24157] loop6: detected capacity change from 0 to 256 [ 596.707052][ T9063] usb 1-1: Using ep0 maxpacket: 32 [ 596.781480][T24162] netlink: 16 bytes leftover after parsing attributes in process `syz.1.8801'. [ 596.828302][ T9063] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 596.848645][T24166] netlink: 20 bytes leftover after parsing attributes in process `syz.7.8803'. [ 596.866983][ T9063] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 596.896933][ T9063] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 596.911464][ T9063] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 596.989238][ T9063] usb 1-1: config 0 descriptor?? [ 597.028252][ T9063] hub 1-1:0.0: USB hub found [ 597.111447][T24176] loop1: detected capacity change from 0 to 256 [ 597.212276][T24176] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 597.247216][ T9063] hub 1-1:0.0: 1 port detected [ 597.281794][T24176] befs: Unrecognized mount option "umask=00000000000000000000005" or missing value [ 597.299410][T24176] befs: (nullb0): cannot parse mount options [ 597.488152][ T9063] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 597.494977][ T9063] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 597.606993][T24204] netlink: 8 bytes leftover after parsing attributes in process `syz.5.8822'. [ 597.637102][ T9063] usbhid 1-1:0.0: can't add hid device: -71 [ 597.643284][ T9063] usbhid: probe of 1-1:0.0 failed with error -71 [ 597.708022][ T9063] usb 1-1: USB disconnect, device number 35 [ 597.970317][T24218] loop1: detected capacity change from 0 to 256 [ 598.003515][T24212] loop7: detected capacity change from 0 to 4096 [ 598.129747][T24218] FAT-fs (loop1): Directory bread(block 64) failed [ 598.155336][T24218] FAT-fs (loop1): Directory bread(block 65) failed [ 598.184676][T24224] netlink: 'syz.5.8832': attribute type 16 has an invalid length. [ 598.199090][T24218] FAT-fs (loop1): Directory bread(block 66) failed [ 598.229297][T24218] FAT-fs (loop1): Directory bread(block 67) failed [ 598.257410][T24218] FAT-fs (loop1): Directory bread(block 68) failed [ 598.282651][T24224] netlink: 'syz.5.8832': attribute type 17 has an invalid length. [ 598.310606][T24218] FAT-fs (loop1): Directory bread(block 69) failed [ 598.345855][T24218] FAT-fs (loop1): Directory bread(block 70) failed [ 598.365469][T24218] FAT-fs (loop1): Directory bread(block 71) failed [ 598.403914][T24224] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 598.427604][T24218] FAT-fs (loop1): Directory bread(block 72) failed [ 598.438807][T24224] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 598.452533][T24218] FAT-fs (loop1): Directory bread(block 73) failed [ 598.510012][T24224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 598.559582][T24224] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 598.785258][T24239] netlink: 'syz.0.8839': attribute type 1 has an invalid length. [ 598.841904][T24239] netlink: 'syz.0.8839': attribute type 2 has an invalid length. [ 598.877894][T24239] netlink: 132 bytes leftover after parsing attributes in process `syz.0.8839'. [ 599.035698][T24256] netlink: 'syz.0.8846': attribute type 10 has an invalid length. [ 599.043896][T24252] autofs4:pid:24252:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.8192), cmd(0xc018937e) [ 599.133798][T24256] team0: Device veth1_vlan failed to register rx_handler [ 599.150683][T24252] autofs4:pid:24252:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 599.417092][T24273] netlink: 'syz.6.8855': attribute type 16 has an invalid length. [ 599.424991][T24273] netlink: 'syz.6.8855': attribute type 17 has an invalid length. [ 599.443867][T24276] loop5: detected capacity change from 0 to 512 [ 599.472845][T24273] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 599.481800][T24273] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 599.501861][T24273] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 599.528574][T24273] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 599.555606][T24276] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 599.572639][T24273] IPv6: ADDRCONF(NETDEV_CHANGE): wireguard0: link becomes ready [ 599.586389][T24273] IPv6: ADDRCONF(NETDEV_CHANGE): wireguard0: link becomes ready [ 599.595856][T24276] ext4 filesystem being mounted at /1385/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 599.616971][ T9063] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 599.641847][T24278] loop0: detected capacity change from 0 to 2048 [ 599.815238][T24278] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 599.896958][T24278] fscrypt (loop0, inode 12): Error -61 getting encryption context [ 599.996084][ T9063] usb 2-1: config 0 has an invalid interface number: 152 but max is 0 [ 600.035296][ T9063] usb 2-1: config 0 has no interface number 0 [ 600.056990][ T9063] usb 2-1: config 0 interface 152 altsetting 7 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 600.125769][ T9063] usb 2-1: config 0 interface 152 has no altsetting 0 [ 600.267971][T24313] loop0: detected capacity change from 0 to 512 [ 600.340516][ T9063] usb 2-1: New USB device found, idVendor=0e7e, idProduct=1001, bcdDevice=a3.17 [ 600.385999][ T9063] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 600.394755][T24313] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 600.445637][ T9063] usb 2-1: Product: syz [ 600.445807][T24313] ext4 filesystem being mounted at /1775/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 600.474290][ T9063] usb 2-1: Manufacturer: syz [ 600.497666][ T9063] usb 2-1: SerialNumber: syz [ 600.543355][ T9063] usb 2-1: config 0 descriptor?? [ 600.597212][T24270] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 600.712814][T24338] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8877'. [ 600.754697][T24338] IPv6: sit1: Disabled Multicast RS [ 600.857221][ T9063] cdc_subset: probe of 2-1:0.152 failed with error -71 [ 600.893254][ T9063] usb 2-1: USB disconnect, device number 43 [ 600.944715][T24351] CIFS mount error: No usable UNC path provided in device string! [ 600.944715][T24351] [ 600.999394][T24351] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 601.042279][T24358] xt_l2tp: v2 doesn't support IP mode [ 601.152860][T24362] netlink: 16 bytes leftover after parsing attributes in process `syz.7.8893'. [ 601.367693][ T264] block nbd6: Attempted send on invalid socket [ 601.373934][ T264] blk_update_request: I/O error, dev nbd6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 601.395298][T24378] hpfs: hpfs_map_sector(): read error [ 601.667070][T24401] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8911'. [ 601.691901][T24404] loop6: detected capacity change from 0 to 1024 [ 601.752215][T24404] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 601.788755][T24404] EXT4-fs (loop6): Quota format mount options ignored when QUOTA feature is enabled [ 601.807707][T24409] loop5: detected capacity change from 0 to 65 [ 601.826893][T24404] EXT4-fs (loop6): Ignoring removed nomblk_io_submit option [ 601.834261][T24404] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 601.851604][T24409] BFS-fs: bfs_fill_super(): NOTE: filesystem loop5 was created with 512 inodes, the real maximum is 511, mounting anyway [ 601.932635][T24404] EXT4-fs (loop6): mounted filesystem without journal. Opts: grpquota,sysvgroups,nomblk_io_submit,bsddf,dioread_nolock,jqfmt=vfsv0,nomblk_io_submit,errors=continue,,errors=continue. Quota mode: writeback. [ 602.494646][T24447] ptrace attach of "./syz-executor exec"[4188] was attempted by ""[24447] [ 602.637090][ T9063] usb 6-1: new full-speed USB device number 29 using dummy_hcd [ 602.997132][ T9063] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 602.997165][ T9063] usb 6-1: config 0 has no interface number 0 [ 602.997198][ T9063] usb 6-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 12336, setting to 64 [ 603.047103][ T9064] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 603.117176][ T9063] usb 6-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 603.117212][ T9063] usb 6-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 603.117236][ T9063] usb 6-1: Product: syz [ 603.117261][ T9063] usb 6-1: SerialNumber: syz [ 603.125476][ T9063] usb 6-1: config 0 descriptor?? [ 603.167905][ T9063] cm109 6-1:0.8: invalid payload size 64, expected 4 [ 603.171975][ T9063] input: CM109 USB driver as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.8/input/input35 [ 603.286990][ T9064] usb 7-1: Using ep0 maxpacket: 16 [ 603.417296][ T9064] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 603.577151][ T9064] usb 7-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 603.577198][ T9064] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 603.577221][ T9064] usb 7-1: Product: syz [ 603.577238][ T9064] usb 7-1: Manufacturer: syz [ 603.577256][ T9064] usb 7-1: SerialNumber: syz [ 603.593322][ T9064] usb 7-1: config 0 descriptor?? [ 603.667230][ C1] cm109 6-1:0.8: cm109_urb_irq_callback: urb status -71 [ 603.674256][ C1] ------------[ cut here ]------------ [ 603.680842][ C1] URB ffff888025182300 submitted while active [ 603.687950][ C1] WARNING: CPU: 1 PID: 24475 at drivers/usb/core/urb.c:378 usb_submit_urb+0xff2/0x1910 [ 603.697655][ C1] Modules linked in: [ 603.701606][ C1] CPU: 1 PID: 24475 Comm: syz.7.8948 Not tainted syzkaller #0 [ 603.709189][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 603.719317][ C1] RIP: 0010:usb_submit_urb+0xff2/0x1910 [ 603.724928][ C1] Code: 18 c5 8a 89 ea e8 7e 0a d7 03 e9 fb fb ff ff e8 74 1b 9b fb c6 05 9d 2e 98 07 01 48 c7 c7 60 16 c5 8a 48 89 de e8 7e 22 d3 03 <0f> 0b e9 84 f0 ff ff e8 52 1b 9b fb eb 21 e8 4b 1b 9b fb 44 8b 6c [ 603.744615][ C1] RSP: 0018:ffffc90000dd0780 EFLAGS: 00010046 [ 603.750743][ C1] RAX: fa92d53965c75900 RBX: ffff888025182300 RCX: 0000000000040000 [ 603.758777][ C1] RDX: ffffc900022b9000 RSI: 000000000000637d RDI: 000000000000637e [ 603.766907][ C1] RBP: 000000000000000f R08: ffff8880b912795b R09: 1ffff11017224f2b [ 603.774943][ C1] R10: dffffc0000000000 R11: ffffed1017224f2c R12: dffffc0000000000 [ 603.782977][ C1] R13: 0000000000000a20 R14: ffff888025182308 R15: ffff8880254ca848 [ 603.790987][ C1] FS: 00007f7cd14e26c0(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 603.799944][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 603.806547][ C1] CR2: 0000001b2e117ff8 CR3: 000000001f2f8000 CR4: 00000000003506e0 [ 603.814554][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 603.822530][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 603.830524][ C1] Call Trace: [ 603.833831][ C1] [ 603.836689][ C1] ? _raw_spin_lock+0x40/0x40 [ 603.841404][ C1] ? dummy_timer+0x896/0x31e0 [ 603.846100][ C1] cm109_urb_irq_callback+0x701/0xc70 [ 603.851514][ C1] __usb_hcd_giveback_urb+0x35f/0x520 [ 603.856915][ C1] dummy_timer+0x8a8/0x31e0 [ 603.861483][ C1] ? dummy_free_streams+0x530/0x530 [ 603.866706][ C1] ? dummy_free_streams+0x530/0x530 [ 603.871919][ C1] call_timer_fn+0x17b/0x540 [ 603.876535][ C1] ? dummy_free_streams+0x530/0x530 [ 603.881753][ C1] ? __run_timers+0x800/0x800 [ 603.886452][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 603.891787][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 603.897025][ C1] ? dummy_free_streams+0x530/0x530 [ 603.902252][ C1] __run_timers+0x53e/0x800 [ 603.906785][ C1] ? detach_timer+0x2b0/0x2b0 [ 603.911474][ C1] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 603.917469][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 603.922354][ C1] ? ktime_get_real_ts64+0x440/0x440 [ 603.927645][ C1] run_timer_softirq+0x63/0xf0 [ 603.932447][ C1] handle_softirqs+0x339/0x830 [ 603.937217][ C1] ? __irq_exit_rcu+0x13b/0x230 [ 603.942157][ C1] ? do_softirq+0x210/0x210 [ 603.946677][ C1] __irq_exit_rcu+0x13b/0x230 [ 603.951357][ C1] ? irq_exit_rcu+0x20/0x20 [ 603.955870][ C1] irq_exit_rcu+0x5/0x20 [ 603.960220][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 603.965859][ C1] [ 603.968793][ C1] [ 603.971727][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 603.977709][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 603.983788][ C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 53 48 89 fb e8 17 00 00 00 48 8b 3d 20 bb 10 0c 48 89 de 5b e9 37 42 44 00 00 00 cc cc 00 00 cc <48> 8b 04 24 65 48 8b 0d 74 4d 89 7e 65 8b 15 75 4d 89 7e 81 e2 00 [ 604.003401][ C1] RSP: 0018:ffffc900035afaf8 EFLAGS: 00000202 [ 604.009583][ C1] RAX: ffffffff881e2001 RBX: ffffc900035afd44 RCX: 0000000000080000 [ 604.017557][ C1] RDX: ffffc9000f62d000 RSI: 000000000007ffff RDI: 0000000000080000 [ 604.025546][ C1] RBP: ffffc900035afc90 R08: ffff888078330007 R09: 1ffff1100f066000 [ 604.033524][ C1] R10: dffffc0000000000 R11: ffffed100f066001 R12: ffffc900035afd40 [ 604.041497][ C1] R13: 00000000ffffffde R14: dffffc0000000000 R15: 0000000000000000 [ 604.049473][ C1] ? bpf_test_timer_continue+0xb1/0x380 [ 604.055034][ C1] bpf_test_run+0x3b4/0x800 [ 604.059572][ C1] ? convert___skb_to_skb+0x4c0/0x4c0 [ 604.064949][ C1] ? eth_get_headlen+0x200/0x200 [ 604.069894][ C1] ? __build_skb+0x1e2/0x2e0 [ 604.074539][ C1] ? convert___skb_to_skb+0x3d/0x4c0 [ 604.079832][ C1] bpf_prog_test_run_skb+0x9cc/0x1180 [ 604.085240][ C1] ? cpu_online+0x60/0x60 [ 604.089572][ C1] bpf_prog_test_run+0x31e/0x390 [ 604.094515][ C1] __sys_bpf+0x5a5/0x6f0 [ 604.098766][ C1] ? bpf_link_show_fdinfo+0x380/0x380 [ 604.104163][ C1] ? vtime_user_exit+0x2c8/0x3e0 [ 604.109108][ C1] __x64_sys_bpf+0x78/0x90 [ 604.113527][ C1] do_syscall_64+0x4c/0xa0 [ 604.117948][ C1] ? clear_bhb_loop+0x30/0x80 [ 604.122627][ C1] ? clear_bhb_loop+0x30/0x80 [ 604.127307][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 604.133205][ C1] RIP: 0033:0x7f7cd3287f79 [ 604.137643][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 604.157468][ C1] RSP: 002b:00007f7cd14e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 604.165901][ C1] RAX: ffffffffffffffda RBX: 00007f7cd3501fa0 RCX: 00007f7cd3287f79 [ 604.173882][ C1] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a [ 604.181852][ C1] RBP: 00007f7cd331e7e0 R08: 0000000000000000 R09: 0000000000000000 [ 604.189829][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.197827][ C1] R13: 00007f7cd3502038 R14: 00007f7cd3501fa0 R15: 00007ffc920db408 [ 604.205824][ C1] [ 604.208854][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 604.216243][ C1] CPU: 1 PID: 24475 Comm: syz.7.8948 Not tainted syzkaller #0 [ 604.223703][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 604.233761][ C1] Call Trace: [ 604.237044][ C1] [ 604.240061][ C1] dump_stack_lvl+0x188/0x250 [ 604.244749][ C1] ? show_regs_print_info+0x20/0x20 [ 604.250026][ C1] ? load_image+0x400/0x400 [ 604.254561][ C1] panic+0x2e5/0x810 [ 604.258474][ C1] ? bpf_jit_dump+0xd0/0xd0 [ 604.262996][ C1] ? usb_submit_urb+0xff2/0x1910 [ 604.267946][ C1] __warn+0x248/0x2b0 [ 604.271937][ C1] ? usb_submit_urb+0xff2/0x1910 [ 604.276879][ C1] report_bug+0x1b7/0x2e0 [ 604.281219][ C1] handle_bug+0x3a/0x70 [ 604.285381][ C1] exc_invalid_op+0x16/0x40 [ 604.289890][ C1] asm_exc_invalid_op+0x16/0x20 [ 604.294749][ C1] RIP: 0010:usb_submit_urb+0xff2/0x1910 [ 604.300319][ C1] Code: 18 c5 8a 89 ea e8 7e 0a d7 03 e9 fb fb ff ff e8 74 1b 9b fb c6 05 9d 2e 98 07 01 48 c7 c7 60 16 c5 8a 48 89 de e8 7e 22 d3 03 <0f> 0b e9 84 f0 ff ff e8 52 1b 9b fb eb 21 e8 4b 1b 9b fb 44 8b 6c [ 604.319937][ C1] RSP: 0018:ffffc90000dd0780 EFLAGS: 00010046 [ 604.326021][ C1] RAX: fa92d53965c75900 RBX: ffff888025182300 RCX: 0000000000040000 [ 604.333999][ C1] RDX: ffffc900022b9000 RSI: 000000000000637d RDI: 000000000000637e [ 604.341977][ C1] RBP: 000000000000000f R08: ffff8880b912795b R09: 1ffff11017224f2b [ 604.349955][ C1] R10: dffffc0000000000 R11: ffffed1017224f2c R12: dffffc0000000000 [ 604.357932][ C1] R13: 0000000000000a20 R14: ffff888025182308 R15: ffff8880254ca848 [ 604.365921][ C1] ? _raw_spin_lock+0x40/0x40 [ 604.370607][ C1] ? dummy_timer+0x896/0x31e0 [ 604.375312][ C1] cm109_urb_irq_callback+0x701/0xc70 [ 604.380706][ C1] __usb_hcd_giveback_urb+0x35f/0x520 [ 604.386088][ C1] dummy_timer+0x8a8/0x31e0 [ 604.390643][ C1] ? dummy_free_streams+0x530/0x530 [ 604.395851][ C1] ? dummy_free_streams+0x530/0x530 [ 604.401220][ C1] call_timer_fn+0x17b/0x540 [ 604.405828][ C1] ? dummy_free_streams+0x530/0x530 [ 604.411037][ C1] ? __run_timers+0x800/0x800 [ 604.415859][ C1] ? _raw_spin_unlock_irq+0x1f/0x40 [ 604.421097][ C1] ? lockdep_hardirqs_on+0x94/0x140 [ 604.426306][ C1] ? dummy_free_streams+0x530/0x530 [ 604.431507][ C1] __run_timers+0x53e/0x800 [ 604.436064][ C1] ? detach_timer+0x2b0/0x2b0 [ 604.440752][ C1] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 604.446741][ C1] ? sched_clock_cpu+0x15/0x3c0 [ 604.451616][ C1] ? ktime_get_real_ts64+0x440/0x440 [ 604.457001][ C1] run_timer_softirq+0x63/0xf0 [ 604.461776][ C1] handle_softirqs+0x339/0x830 [ 604.466547][ C1] ? __irq_exit_rcu+0x13b/0x230 [ 604.471410][ C1] ? do_softirq+0x210/0x210 [ 604.475955][ C1] __irq_exit_rcu+0x13b/0x230 [ 604.480700][ C1] ? irq_exit_rcu+0x20/0x20 [ 604.485211][ C1] irq_exit_rcu+0x5/0x20 [ 604.489501][ C1] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 604.495147][ C1] [ 604.498093][ C1] [ 604.501113][ C1] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 604.507096][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x0/0x60 [ 604.513166][ C1] Code: 66 2e 0f 1f 84 00 00 00 00 00 53 48 89 fb e8 17 00 00 00 48 8b 3d 20 bb 10 0c 48 89 de 5b e9 37 42 44 00 00 00 cc cc 00 00 cc <48> 8b 04 24 65 48 8b 0d 74 4d 89 7e 65 8b 15 75 4d 89 7e 81 e2 00 [ 604.532779][ C1] RSP: 0018:ffffc900035afaf8 EFLAGS: 00000202 [ 604.538850][ C1] RAX: ffffffff881e2001 RBX: ffffc900035afd44 RCX: 0000000000080000 [ 604.546830][ C1] RDX: ffffc9000f62d000 RSI: 000000000007ffff RDI: 0000000000080000 [ 604.554803][ C1] RBP: ffffc900035afc90 R08: ffff888078330007 R09: 1ffff1100f066000 [ 604.562780][ C1] R10: dffffc0000000000 R11: ffffed100f066001 R12: ffffc900035afd40 [ 604.570755][ C1] R13: 00000000ffffffde R14: dffffc0000000000 R15: 0000000000000000 [ 604.578757][ C1] ? bpf_test_timer_continue+0xb1/0x380 [ 604.584318][ C1] bpf_test_run+0x3b4/0x800 [ 604.588840][ C1] ? convert___skb_to_skb+0x4c0/0x4c0 [ 604.594216][ C1] ? eth_get_headlen+0x200/0x200 [ 604.599156][ C1] ? __build_skb+0x1e2/0x2e0 [ 604.603758][ C1] ? convert___skb_to_skb+0x3d/0x4c0 [ 604.609175][ C1] bpf_prog_test_run_skb+0x9cc/0x1180 [ 604.614609][ C1] ? cpu_online+0x60/0x60 [ 604.618958][ C1] bpf_prog_test_run+0x31e/0x390 [ 604.623908][ C1] __sys_bpf+0x5a5/0x6f0 [ 604.628157][ C1] ? bpf_link_show_fdinfo+0x380/0x380 [ 604.633539][ C1] ? vtime_user_exit+0x2c8/0x3e0 [ 604.638489][ C1] __x64_sys_bpf+0x78/0x90 [ 604.642912][ C1] do_syscall_64+0x4c/0xa0 [ 604.647350][ C1] ? clear_bhb_loop+0x30/0x80 [ 604.652029][ C1] ? clear_bhb_loop+0x30/0x80 [ 604.656719][ C1] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 604.662613][ C1] RIP: 0033:0x7f7cd3287f79 [ 604.667078][ C1] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 604.686689][ C1] RSP: 002b:00007f7cd14e2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 604.695107][ C1] RAX: ffffffffffffffda RBX: 00007f7cd3501fa0 RCX: 00007f7cd3287f79 [ 604.703079][ C1] RDX: 0000000000000050 RSI: 0000200000000180 RDI: 000000000000000a [ 604.711050][ C1] RBP: 00007f7cd331e7e0 R08: 0000000000000000 R09: 0000000000000000 [ 604.719020][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 604.727013][ C1] R13: 00007f7cd3502038 R14: 00007f7cd3501fa0 R15: 00007ffc920db408 [ 604.735031][ C1] [ 605.840838][ C1] Shutting down cpus with NMI [ 605.845845][ C1] Kernel Offset: disabled [ 605.850639][ C1] Rebooting in 86400 seconds..