last executing test programs: 4m17.634401645s ago: executing program 1 (id=9381): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x13, &(0x7f0000000000)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000200008500000006000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b7030000ff030000850000007200000095000000000000008a0b3c35bb2f06ebf839caeef845b939017c91a519b5bec711ffa347e228b0c46ff815"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x5, '\x00', 0x0, @fallback=0x2a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 4m17.491430868s ago: executing program 1 (id=9385): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000540)={0xc8, 0x0, 0x2, 0x401, 0x0, 0x0, {0xa, 0x0, 0x108}, [@CTA_EXPECT_MASTER={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @private=0xa010102}}}}]}, @CTA_EXPECT_MASK={0x3c, 0x3, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private0}, {0x14, 0x4, @remote}}}]}, @CTA_EXPECT_TUPLE={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @local}}}]}]}, 0xc8}}, 0x0) 4m17.39743134s ago: executing program 1 (id=9387): r0 = add_key$fscrypt_v1(&(0x7f00000020c0), &(0x7f0000002100)={'fscrypt:', @desc1}, &(0x7f0000002140)={0x0, "9a075c94554e9fbfb8c4b9f49d397a58e25f893447611eb9d551bac19c36c26138ee8a3cf6c921a6ce3ed1ee548201c1e635bd9c472c13aff9187ff8ddd52823", 0x2d}, 0x48, 0xffffffffffffffff) keyctl$clear(0x7, r0) 4m17.220323833s ago: executing program 1 (id=9389): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x800002, &(0x7f0000000000)={[{@noblock_validity}, {@dioread_nolock}, {@errors_remount}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x22}, 0x84, 0x464, &(0x7f0000000ac0)="$eJzs3EtvG0UcAPD/bpq+S0Ipjz6AQEFEPJImLdADFxBIvSAhwaEcQ5pWpWmDmiDRKqIpQuWI+gmAIxKfgBNcEHACcYU7QqpQLgQOaNHau6lx7GAncZ3g30/aeGZ31jt/7449O2MngJ41lP9JIvZGxM8RMRARffUFhqoPS4vzk38uzk8mkWWv/57ku8Ufi/OTZdGkeNxTZIbTiPTDJA43OO7slasXJqanpy4X+dG5i++Mzl65+sz5ixPnps5NXRo/efLE8bHnnxt/dkPi3JfX9dD7M0cOnnrz5quTp2++9d0XeX33Fttr46gaXPcxh2Jo+TWp9/i6n31z2VeTTrZ1sSK0JW/r+enqr7T/geiL2ydvIF75oKuVAzoqy7Jsx4q1yz2AhQz4H0ui2zUAuqP8oM/vf8vlDnY/uu7Wi9UboDzupWKpbtkWaVGmv+7+diMNRcTphb8+yZdoOA4BALCxvsr7P0836v+lcV9NubuKuaHBiLg7IvZHxD0RcSAi7o2olL0/Ih5o8/hDdfmV/Z8fd60psBbl/b8Xirmtf/f/yt5fDPYVuX2V+PuTs+enp44Vr8lw9O/I82OrHOPrl3/6uNm22v5fviz1x2TZFyzq8du2ugG6MxNzE+uJudat65UxwGsr40+WZwKSiDgYEYfW8Pw7I+L8k58fabZ9RfyL83Xxr2ID5pmyzyKeqJ7/haiLv5SsPj85ujOmp46NllfFSt//cOO1ZsdfV/wbID//uxte/8vxDya187Wz7R/jxi8fNb2n+e/4G1//25M3Kuntxbr3JubmLo9FbE8WVq4fv71vmS/L5/EPH23c/vdH/P1psd/hiMgv4gcj4qGIeLio+yMR8WhEHF0l/m9feuzttcffWXn8Z9o6/+0n+i5882Wz47d2/k9UUsPFmlbe/1qt4HpeOwAAANgq0sp34JN0ZDmdpiMj1e/wH4jd6fTM7NxTZ2fevXSm+l35wehPy5GugZrx0LFibLjMj9flj1fGjbMsy3ZV8iOTM9OdmlMHWrOnSfvP/drX7doBHdfWPFqzX7QBW5Lfa0Lv0v6hd2n/0Lu0f+hdjdr/tYilVXe63rHqAHeQz3/oXdo/9C7tH3qX9g89aT2/618tsf9Ua4XLf0DYoWpsgUTf5qhG24lIN0U11pZIN0c1qokdEdFq4Wt3rKV0+Y0JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/wTAAD//7YA6Ok=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) 4m16.703726253s ago: executing program 1 (id=9392): syz_mount_image$squashfs(&(0x7f0000000200), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000280), 0x1, 0x1f2, &(0x7f00000002c0)="$eJzsks1rE0EYxn+zu02jWBokKoogarH10Gaz1fhxUPBiUE9SoRYEQ5LWYOpHN6AJPUQQqngRFLFFPAgSEQ/iP2AOnnpTEG+10HMPPXiR1pXZnV0m/0EP8xz22ffreed9Z2759/1+YGtjvgwZJByyfBcCBzgkQhcVO+K04iuKUyp+0Yq4q/iv4q1TrckpELUjKwWru69yWGTYlf2zvEqZwRuceXv504+rtZc/d6+//yrzL11rfkEMVwbfvfn8/MLiQCgvrk/pOnb34FJaCgEvNidXVp39ZDWtPel/e5cfdz4Wnv7m9ZNX0wh3KQ2MfRtdPOcOPLOUpt9s3S7V69U5//wji/Ww1a+N+bL8uQkEQRCEswNFQM+R43/Qcg44MAHYBEmO3J80hoFcY/Zezm+2RmuzpZnqTPWO540X3BOue9LLTdfqVTf6Cq2F2iCSjwPymnZo8T5gU+XspBdCO5qKC702pV3dyNHeWkurjVnQTWr7VZ5cwQTHkKt90BaadyhUcQhHKiKwlZF3tPNFvdJhYKx8t15ZQCDisg5OopFfoy8xPN0YP92Oj72geEhxUXFH8Zri+EXHL9UJFSz1nkfakOJhqdGYy8slRX+Jz0t8XqatL0x2zdi9w521MTAwMDAwMDAwMDAw2Db4HwAA//9AYJ+e") openat(0xffffffffffffff9c, &(0x7f0000000a80)='./file0/file0\x00', 0x0, 0x100) 4m16.047886516s ago: executing program 1 (id=9398): r0 = socket$can_raw(0x1d, 0x3, 0x1) recvmsg$can_raw(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x40010162) 4m15.373537439s ago: executing program 32 (id=9398): r0 = socket$can_raw(0x1d, 0x3, 0x1) recvmsg$can_raw(r0, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x40010162) 1.58036358s ago: executing program 2 (id=12819): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f00000018c0)={0x14, 0x25, 0x1, 0x70bd2b, 0x25dfdbfd, "", [@generic='&']}, 0x14}], 0x1, 0x0, 0x0, 0x4050}, 0x40) 1.436414002s ago: executing program 2 (id=12820): syz_mount_image$vfat(&(0x7f00000005c0), &(0x7f0000000240)='./bus\x00', 0x1800840, &(0x7f0000000440)={[{@numtail}, {@shortname_winnt}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'iso8859-6'}}, {@fat=@nocase}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'iso8859-4'}}, {@shortname_win95}, {@fat=@discard}, {@fat=@discard}, {@utf8no}, {@utf8no}, {@shortname_mixed}, {@iocharset={'iocharset', 0x3d, 'cp950'}}]}, 0x1, 0x360, &(0x7f0000001280)="$eJzs3U9oHFUYAPBvO/lbaJODUBSE0ZugoX/woKeUkkJxLypL1YO42FQlGwtZXEwP3caLeBQ86smLeNCDh55FUMSbB69WkKp40N4KFp/s7mx2NrtJU2Fbg7/fYfnyvffNe28zyU4m2ZdXlmPtwnRcvHnzRszNVWJq+cxy3KrEYmTRdzVGzYzJAQAHw62U4s/Us8+SyoSnBABMWPf1/7Ujpcw7X+/VP3n1B4ADr/j5f36vPnO7NVyayJQAgAkbuf//6FDzzPCv+qdKfxUAABxUz7/40jOnqxHP5flcxPq7rVqrFk8P2k9fjDeiEatxPBbidkTvQqHzUOk+nj1XXTme53k7flmMWqeiVYtYb7dqvSuF01m3fjZOxEIsFvXF1UZKKTv7RXXlRN4VEVfb3fFjvdKqTcfhYvwfD8dqnIw8HhipjzhXXTmZFweorffr2xFbg/sWnfkvxUJ8/2pcikZcmD8fKfUva6orV07k+ZlUHapv1WbjwvazsOsdEAAAAAAAAAAAAAAAAAAAAAAA+FeW8m2L2/vfpMH+PUtLY9q7++P06ov9gbZ6+wOl2RQp/fH2E7X3shjaH2jn/jyt2lQcur9LBwAAAAAAAAAAAAAAAAAAgP+M5uZM1BuN1Y3m5uW1ctDeaG4eiohO5s1vP/tqPkb73CGYKsYoNeVF6vJaPWX9zikb6lMEWWfwfubTa9szLveZ3V7F2GnM7t7UaBx55OcPB5mHs/6R/x70yWL8ArMd0ygH60d7U7qbJ+ryqSI4eYfO11NKux3nysujVVGJmLr7T9zeQeoE39x4/cFTzWNPdjNfpp7HHl84f/2Dj39bqzc6I3c0PpnZaN5Oa/Xi4/En2+5BVjp/KtELKuUzYWqv8q3hTD374fcXHnr/u/2NnsqZt8b0yXrL+XyjuVkpvlK6TTO9oJPbUTXfOJdF7DjO9JiTfwLBsY+W69eu/PTrfqtK3yRs1AEAAAAAAAAAAAAAAAAAAPdE6b3iheLNvtN7VT317ORnBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD3zuD//5eCrZHMfoK/2jHaNLu60Yw4er+XCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9w/AQAA///ftWu9") mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) 1.194066557s ago: executing program 0 (id=12821): r0 = openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r0, 0x800c5012, &(0x7f0000000080)) 1.185184908s ago: executing program 4 (id=12822): syz_mount_image$fuse(0x0, &(0x7f0000002800)='./file0\x00', 0x200000, 0x0, 0x1, 0x0, 0x0) mount$9p_tcp(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000100)={'trans=tcp,', {'port', 0x3d, 0x4e22}}) 1.129537969s ago: executing program 3 (id=12823): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000940)={0x0, 0x3e1, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000180081064e81f782db44b904021d080400007c09e8fe55a10a0015c00500142603600e1208000f0000000401a8001600a400014003000000036010fab94dcf5c0461c1d6900094007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x0) 932.404003ms ago: executing program 0 (id=12824): r0 = openat$apparmor_thread_exec(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$apparmor_exec(r0, &(0x7f00000001c0)=ANY=[@ANYBLOB='exec :=~'], 0xb0) 888.065424ms ago: executing program 4 (id=12825): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0x49, &(0x7f0000000000)=0xfffffffd, 0x4) 867.325764ms ago: executing program 3 (id=12826): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) pread64(r0, &(0x7f0000000180)=""/78, 0x4e, 0x5) 724.092957ms ago: executing program 2 (id=12827): iopl(0x3) semget$private(0x0, 0x4000, 0x555) 699.184717ms ago: executing program 0 (id=12828): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) wait4(0x0, 0x0, 0x4, 0x0) 698.566567ms ago: executing program 4 (id=12829): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newsa={0x138, 0x10, 0x1, 0x70bd26, 0x100, {{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x1, 0x71c, 0x4e23, 0x5, 0x0, 0x0, 0x0, 0x3a}, {@in=@local, 0x4d4, 0x6c}, @in=@dev={0xac, 0x14, 0x14, 0x25}, {0x0, 0x192, 0x9ba3, 0xffff, 0x8251c, 0x5, 0xfffffffffffffffc}, {0xfffffffffffffffc, 0x0, 0x1f, 0xfffffffffffffffe}, {0xfffffffa, 0xfffffffc}, 0x80, 0x3500, 0x2, 0x4, 0x0, 0x20}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 667.185058ms ago: executing program 3 (id=12830): r0 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x4, 0x0) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f0000000200)={0x0, 0x0, {0x1, 0xffffffff, 0x1012, 0x4, 0x0, 0x0, 0x5, 0x4}}) 462.775762ms ago: executing program 2 (id=12831): r0 = add_key$keyring(&(0x7f00000003c0), &(0x7f0000000400)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffb) add_key(&(0x7f0000000300)='rxrpc\x00', 0x0, &(0x7f0000000380)='J', 0x1, r0) 462.085132ms ago: executing program 0 (id=12832): r0 = socket$phonet_pipe(0x23, 0x5, 0x2) bind$phonet(r0, &(0x7f0000000040)={0x23, 0x4, 0x3}, 0x10) 442.353042ms ago: executing program 4 (id=12833): r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x42, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305839, &(0x7f0000000200)={0x0, 0x0, 0x4, 0x8}) 429.251832ms ago: executing program 3 (id=12834): syz_mount_image$fuse(0x0, &(0x7f0000002800)='./file0\x00', 0x200000, 0x0, 0x1, 0x0, 0x0) mount$9p_tcp(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000100)={'trans=tcp,', {'port', 0x3d, 0x4e22}}) 234.809956ms ago: executing program 0 (id=12835): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000040)="d8000000180081064e81f782db4cb904021d080006007c09e8fe55a10a0015000700142603600e1208000f0000000401a80016002000014006000000035c0461c1d60008000000000000fb8000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f0f49e119c849ea6e5a0fc55e4cde205a214d6102d6dcbf33fb5ce3bb9ad809d5e1cace81ed0bffece0b42a1a83d5f59ecb", 0xd8}], 0x5}, 0x0) 230.731346ms ago: executing program 4 (id=12836): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="340000003b0007010000000000000000047c0000ec0000000c0001800600060065580000100002800c0003"], 0x34}, 0x1, 0x0, 0x0, 0x8040}, 0xc000) 226.194406ms ago: executing program 2 (id=12837): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001e80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000003c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000021181500001e0a05010000000000000000070000000900020073797a31000000000900010073797a3000000000ec140380300000802c000180250001007bb0c03ce8ed22d039cce454fd98ae614b08a9f3d4ddf1f742d55995afac076948000000b81400800c00054000000000000000000c00054000000000000000000c00044000000000000000000c00044000000000000000000600064019d20000240201802400028008000340000000000800034000000000080003400000000008000180000000003c00028008000340000000000800018000000000080003400000000008000340000000000900020073797a30000000000900020073797a310000000044000280080003400000000008000340000000010900020073797a32000000000800034000000000080003400000000108000340000000020900020073797a30000000003400028008000180000000000900020073797a310000000008000340000000000900020073797a320000000008000340000000000c0002800800034000000000400002800900020073797a310000000008000340000000000900020073797a32000000000900020073797a3200000000080001800000000008000180fffffffcfc000100789be1642f8430c460e8692a8f8c45aaf3118316539052ba181a60f03707ec8179fd143ed6c4db73977b77f68686d2ec94b25435ecec60f6ac23db96833cbf99779e33db32e62fe3a078933d3c1122022952988b9550db169ecb6e39fd8720a05d3eeb5d40a7ab91f9b5565dc2b48c9ac61eefd9d0aab86e58ea1940d2240a851dbeabcf0b6cefba164663ad87cbcdb6aa1468529d1206b1fa3aa39118b45ab882df7fb2c6e9c25a706f99002cc42ee9b894b4bbfe66ce8fa1038566ae3407d5c80e28dc3911476785933d1ef923697a44a9cd4271d539e2ecc14d37a5e2074116425f0766b49a6febf9f1b8405ee9de1363b262f1be2839a40101804c0002800900020073797a300000000008000340000000000900020073797a300000000008000180000000000900020073797a30000000000900020073797a3200000000080003400000000104000280380002800900020073797a300000000008000180000000000900020073797a320000000008000340000000000900020073797a32000000002400028008000180000000000900020073797a32000000000900020073797a3000000000f3000100a6117a78b9e48d6dd9ad86fc2c54547cbee98c24f4b972c82722771febf3e388f9b3907852ee4adbd95ca25deb487ac3d49d3716931979f6bbf2b8cdcc0bc37f27a54709a59c31c01c5544b11cb9c6ca800d7f23c3cc5237458188f26a04c78ad8dfd3b13e958558dc3b7f0f4cfc16c4fd23e11b25bd23b195b64166e0c3a8ab3ebbd2ead4abf745bcf4d4b0610521d7ec52023ed38c7f9fb1cbab6a9d87c96fd783ff63f9483766557291fcc41f17c423550c1e965a66e30631b271db96cccb68bf8c91656e894ef46a296974170da742b0d13d665f0f2e80d3590b3dc637851b6e7b0adc59ab874ce337a258bc43000800034000000003"], 0x159c}}, 0x0) 133.899828ms ago: executing program 3 (id=12838): r0 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi2\x00', 0xa400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000140)={'pcmda12\x00', [0x8, 0x5, 0xfffffffe, 0x2, 0x88d8, 0x8f, 0x1007, 0x10, 0x1002, 0xffffffff, 0x200, 0x7, 0x10000009, 0x5, 0x5, 0x0, 0x8, 0x8, 0x200009, 0x8e, 0x108, 0x3ff, 0xa, 0xa, 0x5, 0x1, 0xb0c4, 0xc, 0x8, 0x400002, 0x2]}) 4.743561ms ago: executing program 0 (id=12839): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000000c0)=ANY=[@ANYBLOB="3c0000001800150000000000000000000a00ed"], 0x3c}], 0x1}, 0x0) 2.270531ms ago: executing program 4 (id=12840): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000700)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002106000d40931000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c000100636f756e7465720010000180090001006c6173740000000014000000101801"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0) 684.401µs ago: executing program 2 (id=12841): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r0, 0x89f8, &(0x7f0000000100)={'sit0\x00', 0x0}) 0s ago: executing program 3 (id=12842): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000b00)=@delsa={0x34, 0x11, 0x1, 0x70bd2a, 0x25dfdbfe, {@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x14d6, 0x2, 0x32}, [@mark={0xc, 0x15, {0x35075d, 0x2}}]}, 0x34}, 0x1, 0x0, 0x0, 0x4800}, 0x4) kernel console output (not intermixed with test programs): ing device (7,2) on (node local, slot 0) with ordered data mode. [ 1289.150075][T29468] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10209'. [ 1289.317260][T29472] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 1289.352540][ T5798] ocfs2: Unmounting device (7,2) on (node local) [ 1289.491318][T29474] loop3: detected capacity change from 0 to 256 [ 1289.892442][T29480] loop0: detected capacity change from 0 to 4096 [ 1291.082506][T29495] loop0: detected capacity change from 0 to 32768 [ 1291.131250][T29495] (syz.0.10220,29495,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1291.175276][T29495] (syz.0.10220,29495,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1291.263767][T29495] JBD2: Ignoring recovery information on journal [ 1291.387803][T29495] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1291.625432][T29531] loop2: detected capacity change from 0 to 128 [ 1291.658460][T29531] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 1291.708816][T29531] hpfs: filesystem error: improperly stopped [ 1291.714906][T29531] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 1291.731197][T29531] hpfs: You really don't want any checks? You are crazy... [ 1291.771822][T29531] hpfs: hpfs_map_sector(): read error [ 1291.792194][T29531] hpfs: code page support is disabled [ 1291.797807][T29531] hpfs: hpfs_map_4sectors(): unaligned read [ 1291.813907][T29531] hpfs: hpfs_map_4sectors(): unaligned read [ 1291.820083][T29531] hpfs: filesystem error: unable to find root dir [ 1291.852136][ T5791] ocfs2: Unmounting device (7,0) on (node local) [ 1292.324159][T29544] loop2: detected capacity change from 0 to 256 [ 1293.170672][T29561] xt_TCPMSS: Only works on TCP SYN packets [ 1293.207072][T29563] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10255'. [ 1293.208093][T29550] loop0: detected capacity change from 0 to 32768 [ 1293.233916][T29563] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10255'. [ 1293.360609][T29550] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1293.373622][T29568] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1293.525108][T29550] (syz.0.10249,29550,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=0, inode=0, rec_len=49, name_len=1 [ 1293.563971][T29573] loop3: detected capacity change from 0 to 1024 [ 1293.603889][T29550] (syz.0.10249,29550,0):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 1293.654775][T29550] (syz.0.10249,29550,0):ocfs2_symlink:1867 ERROR: status = -2 [ 1293.693552][T29550] (syz.0.10249,29550,0):ocfs2_symlink:2068 ERROR: status = -2 [ 1293.878805][ T5791] ocfs2: Unmounting device (7,0) on (node local) [ 1294.046673][T29585] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10266'. [ 1294.057162][T29586] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10263'. [ 1294.077550][T29585] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10266'. [ 1294.309072][T29593] batadv1: entered promiscuous mode [ 1294.493601][T29599] netlink: 'syz.2.10272': attribute type 1 has an invalid length. [ 1294.530146][T29599] netlink: 224 bytes leftover after parsing attributes in process `syz.2.10272'. [ 1294.551293][T29601] loop0: detected capacity change from 0 to 65 [ 1294.615076][T29601] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway [ 1295.241863][T29619] sp0: Synchronizing with TNC [ 1295.243033][T29621] netlink: 'syz.3.10284': attribute type 8 has an invalid length. [ 1295.256173][T29618] [U] [ 1295.298273][T29623] batadv1: entered promiscuous mode [ 1295.627068][T29635] netlink: 'syz.2.10289': attribute type 32 has an invalid length. [ 1296.470842][T29630] loop0: detected capacity change from 0 to 32768 [ 1296.930942][T29669] loop2: detected capacity change from 0 to 1024 [ 1296.986666][T29669] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1297.029642][T29669] EXT4-fs (loop2): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 1297.106805][T29669] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1297.266244][T29669] EXT4-fs error (device loop2): ext4_xattr_inode_iget:440: inode #11: comm syz.2.10307: missing EA_INODE flag [ 1297.296319][T29669] EXT4-fs (loop2): Remounting filesystem read-only [ 1297.437164][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1298.029078][T29673] loop3: detected capacity change from 0 to 32768 [ 1298.055072][T29673] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz.3.10308 (29673) [ 1298.122217][T29673] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 1298.163170][T29673] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 1298.189424][T29673] BTRFS info (device loop3): enabling disk space caching [ 1298.217626][T29673] BTRFS info (device loop3): force clearing of disk cache [ 1298.217659][T29673] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 1298.218408][T29673] BTRFS info (device loop3): use zstd compression, level 3 [ 1298.218435][T29673] BTRFS info (device loop3): disk space caching is enabled [ 1298.341583][T29673] BTRFS info (device loop3): enabling ssd optimizations [ 1298.380613][T29673] BTRFS info (device loop3): auto enabling async discard [ 1298.413217][T29673] BTRFS info (device loop3): rebuilding free space tree [ 1298.530786][T29673] BTRFS info (device loop3): disabling free space tree [ 1298.568553][T29673] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1298.605265][T29673] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1298.935627][ T5796] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 1299.780473][T29755] netlink: 'syz.3.10339': attribute type 1 has an invalid length. [ 1300.053527][T29770] netlink: 'syz.3.10345': attribute type 1 has an invalid length. [ 1300.608924][T29790] xt_TCPMSS: Only works on TCP SYN packets [ 1302.735249][T29863] loop0: detected capacity change from 0 to 16 [ 1302.751089][T29863] erofs: DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 1303.003737][T29871] netlink: 2 bytes leftover after parsing attributes in process `syz.3.10395'. [ 1303.036151][T29871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.089248][T29871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.119288][T29871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.134628][T29863] erofs: DAX unsupported by block device. Turning off DAX. [ 1303.142281][T29863] erofs: (device loop0): mounted with root inode @ nid 36. [ 1303.165584][T29871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.208492][T29871] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1303.229828][T29871] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1303.240868][T29871] batadv_slave_1: entered promiscuous mode [ 1303.588670][T29882] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1303.609996][T29860] loop2: detected capacity change from 0 to 32768 [ 1304.641334][T29907] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10412'. [ 1304.676094][T29907] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10412'. [ 1304.691303][T29909] netlink: 'syz.3.10413': attribute type 3 has an invalid length. [ 1304.705181][T29909] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10413'. [ 1305.414368][T29932] Unsupported ieee802154 address type: 0 [ 1305.451597][T27383] Bluetooth: hci3: unexpected event for opcode 0x1002 [ 1305.739125][T29944] netlink: 16 bytes leftover after parsing attributes in process `syz.4.10429'. [ 1305.747410][T29946] loop0: detected capacity change from 0 to 256 [ 1305.759395][T29944] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10429'. [ 1305.848138][T29943] loop2: detected capacity change from 0 to 4096 [ 1306.425660][T29962] bond2: entered promiscuous mode [ 1306.431195][T29962] bond2: entered allmulticast mode [ 1306.554643][T29968] netlink: 72 bytes leftover after parsing attributes in process `syz.2.10441'. [ 1306.720775][T29972] [U] ^R [ 1306.866961][T20583] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1307.106268][T20583] usb 1-1: config 0 has an invalid interface number: 156 but max is 0 [ 1307.114778][T20583] usb 1-1: config 0 has no interface number 0 [ 1307.131761][T20583] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 1307.169360][T20583] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1307.201100][T20583] usb 1-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1307.222063][T20583] usb 1-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 1307.252399][T20583] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1307.270081][T20583] usb 1-1: config 0 descriptor?? [ 1307.310607][T20583] gspca_main: spca561-2.14.0 probing abcd:cdee [ 1307.369808][T29989] netlink: 'syz.4.10452': attribute type 1 has an invalid length. [ 1307.543068][T29995] SET target dimension over the limit! [ 1307.558514][T20583] spca561: probe of 1-1:0.156 failed with error -22 [ 1307.583633][T20583] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 1307.613130][T20583] usb 1-1: MIDIStreaming interface descriptor not found [ 1307.715365][T20583] usb 1-1: USB disconnect, device number 35 [ 1307.784041][T30004] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10458'. [ 1307.822048][T30004] netlink: 'syz.3.10458': attribute type 1 has an invalid length. [ 1307.866610][T30004] netlink: 'syz.3.10458': attribute type 2 has an invalid length. [ 1307.891100][T30004] netlink: 120 bytes leftover after parsing attributes in process `syz.3.10458'. [ 1307.898572][T30006] bond1: entered promiscuous mode [ 1307.910373][T30006] bond1: entered allmulticast mode [ 1308.283269][T30019] loop2: detected capacity change from 0 to 512 [ 1308.382534][T13937] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1308.536816][T30027] ieee802154 phy0 wpan0: encryption failed: -22 [ 1308.680336][T30032] bridge5: the hash_elasticity option has been deprecated and is always 16 [ 1308.705170][T30032] bridge5: entered promiscuous mode [ 1308.710469][T30032] bridge5: entered allmulticast mode [ 1309.073356][ T27] audit: type=1326 audit(1757990305.283:3353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30048 comm="syz.4.10481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1309.160223][ T27] audit: type=1326 audit(1757990305.283:3354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30048 comm="syz.4.10481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1309.260060][ T27] audit: type=1326 audit(1757990305.311:3355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30048 comm="syz.4.10481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=31 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1309.355164][ T27] audit: type=1326 audit(1757990305.311:3356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30048 comm="syz.4.10481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1309.435570][ T27] audit: type=1326 audit(1757990305.311:3357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30048 comm="syz.4.10481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1309.651055][T30070] netlink: 'syz.2.10491': attribute type 63 has an invalid length. [ 1309.674190][T30070] netlink: 5 bytes leftover after parsing attributes in process `syz.2.10491'. [ 1309.840716][T30076] qrtr: Invalid version 195 [ 1309.941154][T30080] netlink: 'syz.2.10496': attribute type 2 has an invalid length. [ 1310.680316][T30104] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10508'. [ 1310.845421][T30078] loop3: detected capacity change from 0 to 32768 [ 1310.862205][T30078] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.10495 (30078) [ 1310.936679][T30078] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1310.966438][T30078] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 1310.979361][T30078] BTRFS info (device loop3): force zlib compression, level 3 [ 1310.998545][T30078] BTRFS info (device loop3): force clearing of disk cache [ 1311.033581][T30078] BTRFS info (device loop3): turning off barriers [ 1311.049425][T30078] BTRFS info (device loop3): doing ref verification [ 1311.066727][T30078] BTRFS info (device loop3): enabling disk space caching [ 1311.107693][T30078] BTRFS info (device loop3): disk space caching is enabled [ 1311.343312][T30078] BTRFS info (device loop3): enabling ssd optimizations [ 1311.364883][T30078] BTRFS info (device loop3): auto enabling async discard [ 1311.398324][T30078] BTRFS info (device loop3): rebuilding free space tree [ 1311.487775][T30078] BTRFS info (device loop3): disabling free space tree [ 1311.501976][T30078] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1311.529527][T30078] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1311.813099][ T5796] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1312.221450][T30162] netdevsim netdevsim4 netdevsim0: entered allmulticast mode [ 1312.988045][T30186] netlink: set zone limit has 4 unknown bytes [ 1313.001762][T30188] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 1313.265964][T30196] ieee802154 phy0 wpan0: encryption failed: -22 [ 1313.272513][T20583] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 1313.488541][T30202] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10548'. [ 1313.514963][T20583] usb 3-1: Using ep0 maxpacket: 32 [ 1313.532279][T20583] usb 3-1: config 1 interface 0 altsetting 7 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1313.566119][T20583] usb 3-1: config 1 interface 0 altsetting 7 bulk endpoint 0x82 has invalid maxpacket 8 [ 1313.611150][T20583] usb 3-1: config 1 interface 0 altsetting 7 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1313.652930][T20583] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1313.676007][T20583] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1313.697762][T20583] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1313.705845][T20583] usb 3-1: Product: syz [ 1313.713101][T20583] usb 3-1: Manufacturer: syz [ 1313.718199][T20583] usb 3-1: SerialNumber: syz [ 1313.727161][T30182] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1313.738761][T30182] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1313.821333][T30216] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10555'. [ 1314.012580][T20583] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 1314.037052][T20583] usb 3-1: USB disconnect, device number 14 [ 1314.371969][T30232] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1314.383777][T30234] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 1314.401273][ T27] audit: type=1326 audit(1757990310.269:3358): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30230 comm="syz.0.10562" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc37518eba9 code=0x0 [ 1316.323394][T30308] ptrace attach of "./syz-executor exec"[5798] was attempted by "./syz-executor exec"[30308] [ 1316.362818][T30313] loop0: detected capacity change from 0 to 8 [ 1316.739629][T30322] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10607'. [ 1317.294617][T30345] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10619'. [ 1317.319300][T30345] netlink: 60 bytes leftover after parsing attributes in process `syz.3.10619'. [ 1317.364158][T30350] usb usb8: usbfs: process 30350 (syz.2.10620) did not claim interface 0 before use [ 1317.666614][T30358] xt_ecn: cannot match TCP bits for non-tcp packets [ 1317.688417][T30360] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1318.216445][T30378] xt_TCPMSS: Only works on TCP SYN packets [ 1318.718550][T30396] loop2: detected capacity change from 0 to 4096 [ 1318.772764][T30396] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1318.845778][T30406] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10646'. [ 1318.856051][T30406] netlink: 30 bytes leftover after parsing attributes in process `syz.0.10646'. [ 1319.042972][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1319.250595][T30417] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10651'. [ 1319.290331][T30417] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10651'. [ 1319.290362][T30417] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10651'. [ 1319.290806][T30421] netlink: 16 bytes leftover after parsing attributes in process `syz.3.10653'. [ 1319.290835][T30421] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10653'. [ 1319.296332][T30421] ip6gretap2: entered allmulticast mode [ 1320.388109][T12078] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1320.601983][T12078] usb 1-1: Using ep0 maxpacket: 32 [ 1320.613887][T12078] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1320.641895][T12078] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1320.665902][T12078] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1320.689417][T12078] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1320.732740][T12078] usb 1-1: config 0 descriptor?? [ 1320.752422][T12078] hub 1-1:0.0: USB hub found [ 1320.942049][T30471] veth1_vlan: left allmulticast mode [ 1320.963161][T12078] hub 1-1:0.0: 1 port detected [ 1321.080242][T30475] netlink: 'syz.3.10680': attribute type 6 has an invalid length. [ 1321.178476][T12078] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 1321.190082][T12078] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 1321.214501][T12078] usbhid 1-1:0.0: can't add hid device: -71 [ 1321.243888][T12078] usbhid: probe of 1-1:0.0 failed with error -71 [ 1321.298199][T12078] usb 1-1: USB disconnect, device number 36 [ 1321.453795][T30485] loop3: detected capacity change from 0 to 1024 [ 1321.501968][T30485] fuse: Bad value for 'fd' [ 1321.591916][ T42] hfsplus: b-tree write err: -5, ino 4 [ 1322.486253][T30524] __nla_validate_parse: 1 callbacks suppressed [ 1322.486272][T30524] netlink: 24 bytes leftover after parsing attributes in process `syz.4.10704'. [ 1322.588578][T30528] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10705'. [ 1322.616566][T30518] loop0: detected capacity change from 0 to 8192 [ 1322.668518][T30518] loop0: p1 p2[DM] p4 [ 1322.672963][T30518] loop0: p1 size 196608 extends beyond EOD, truncated [ 1322.688258][T30518] loop0: p2 start 4292936063 is beyond EOD, truncated [ 1322.698064][T30518] loop0: p4 size 50331648 extends beyond EOD, truncated [ 1323.120364][T20534] udevd[20534]: inotify_add_watch(7, /dev/loop0p4, 10) failed: No such file or directory [ 1323.120538][T13937] udevd[13937]: inotify_add_watch(7, /dev/loop0p1, 10) failed: No such file or directory [ 1323.453086][T30553] netlink: 12 bytes leftover after parsing attributes in process `syz.4.10718'. [ 1323.975925][T30572] netlink: 'syz.4.10727': attribute type 6 has an invalid length. [ 1324.064476][T30572] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.10727'. [ 1324.100574][T30580] loop3: detected capacity change from 0 to 16 [ 1324.133844][T30580] erofs: (device loop3): mounted with root inode @ nid 36. [ 1324.193877][T30582] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10733'. [ 1324.223315][T30580] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 1324.296227][T30580] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -35 in[64, 4032] out[1851] [ 1324.350745][T30580] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 1324.429695][T30589] netlink: 260 bytes leftover after parsing attributes in process `syz.4.10738'. [ 1324.442989][T30590] loop0: detected capacity change from 0 to 65 [ 1324.484308][T30590] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway [ 1324.510664][T30592] loop2: detected capacity change from 0 to 256 [ 1324.733794][T30592] FAT-fs (loop2): Directory bread(block 64) failed [ 1324.743709][T30592] FAT-fs (loop2): Directory bread(block 65) failed [ 1324.770540][T30592] FAT-fs (loop2): Directory bread(block 66) failed [ 1324.781800][T30592] FAT-fs (loop2): Directory bread(block 67) failed [ 1324.809816][T30592] FAT-fs (loop2): Directory bread(block 68) failed [ 1324.821511][T30592] FAT-fs (loop2): Directory bread(block 69) failed [ 1324.843070][T30592] FAT-fs (loop2): Directory bread(block 70) failed [ 1324.888660][T30592] FAT-fs (loop2): Directory bread(block 71) failed [ 1324.895391][T30592] FAT-fs (loop2): Directory bread(block 72) failed [ 1324.914269][T30592] FAT-fs (loop2): Directory bread(block 73) failed [ 1325.587540][T30626] comedi comedi0: Minor 3 specified more than once! [ 1325.888861][T30636] netlink: 'syz.3.10760': attribute type 15 has an invalid length. [ 1325.929715][T30636] netlink: 666 bytes leftover after parsing attributes in process `syz.3.10760'. [ 1326.573671][T30623] loop0: detected capacity change from 0 to 32768 [ 1326.619352][T30623] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1326.822303][T30669] loop3: detected capacity change from 0 to 64 [ 1326.893063][T30623] XFS (loop0): Ending clean mount [ 1326.895897][T30669] syz.3.10773: attempt to access beyond end of device [ 1326.895897][T30669] loop3: rw=0, sector=8192, nr_sectors = 2 limit=64 [ 1326.924913][T30623] XFS (loop0): Quotacheck needed: Please wait. [ 1327.037118][T30623] XFS (loop0): Quotacheck: Done. [ 1327.176594][ T7917] Bluetooth: hci0: command tx timeout [ 1327.222176][ T5791] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1327.698851][T30679] netlink: 'syz.0.10776': attribute type 12 has an invalid length. [ 1327.721675][T30679] netlink: 132 bytes leftover after parsing attributes in process `syz.0.10776'. [ 1327.877989][T30671] loop2: detected capacity change from 0 to 32768 [ 1327.975326][T30671] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1327.986714][T30677] loop3: detected capacity change from 0 to 32768 [ 1328.012806][T30677] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.10777 (30677) [ 1328.080809][T30677] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1328.136196][T30671] XFS (loop2): Ending clean mount [ 1328.142893][T30677] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 1328.152662][T30677] BTRFS info (device loop3): max_inline at 0 [ 1328.159222][T30677] BTRFS info (device loop3): enabling disk space caching [ 1328.168227][T30677] BTRFS info (device loop3): disabling tree log [ 1328.175119][T30677] BTRFS info (device loop3): turning off barriers [ 1328.183175][T30677] BTRFS info (device loop3): turning on flush-on-commit [ 1328.190235][T30677] BTRFS info (device loop3): doing ref verification [ 1328.197587][T30677] BTRFS info (device loop3): force clearing of disk cache [ 1328.205295][T30677] BTRFS warning (device loop3): excessive commit interval 2147483647 [ 1328.232781][T30671] XFS (loop2): Quotacheck needed: Please wait. [ 1328.239439][T30677] BTRFS info (device loop3): enabling ssd optimizations [ 1328.256219][T30677] BTRFS info (device loop3): max_inline at 0 [ 1328.270443][T30677] BTRFS info (device loop3): disk space caching is enabled [ 1328.321833][T30696] netlink: zone id is out of range [ 1328.334674][T30671] XFS (loop2): Quotacheck: Done. [ 1328.338290][T30696] netlink: zone id is out of range [ 1328.391951][T30696] netlink: zone id is out of range [ 1328.420527][T30696] netlink: zone id is out of range [ 1328.438969][T30696] netlink: zone id is out of range [ 1328.444292][T30696] netlink: zone id is out of range [ 1328.449707][T30696] netlink: zone id is out of range [ 1328.454887][T30696] netlink: zone id is out of range [ 1328.460704][T30696] netlink: zone id is out of range [ 1328.465951][T30696] netlink: zone id is out of range [ 1328.528338][ T74] BTRFS warning (device loop3): checksum verify failed on logical 5328896 mirror 1 wanted 0x51ec978b found 0x8e8941a0 level 0 [ 1328.591271][ T5798] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1328.616994][T30677] BTRFS warning (device loop3): failed to read root (objectid=4): -5 [ 1328.840321][T30677] BTRFS error (device loop3): open_ctree failed: -5 [ 1328.886027][T13937] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (13937) [ 1329.022715][T30722] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 1330.264670][T30748] loop2: detected capacity change from 0 to 4096 [ 1330.290681][T30748] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1330.470383][T30748] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 1330.476987][T30748] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 1330.566204][T30728] loop0: detected capacity change from 0 to 40427 [ 1330.608169][T30728] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 1330.615897][T30728] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1330.663913][T30728] F2FS-fs (loop0): build fault injection attr: rate: 18446, type: 0x7ffff [ 1330.673621][T30748] ntfs3: loop2: ino=5, "/" directory corrupted [ 1330.693849][T30728] F2FS-fs (loop0): invalid crc value [ 1330.702384][T30760] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10806'. [ 1330.743572][T30728] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1330.750602][T28106] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 1330.776807][ T5798] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 1330.795230][ T5798] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1330.811245][ T5798] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 1330.817958][T28106] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 1330.912142][T30728] F2FS-fs (loop0): Start checkpoint disabled! [ 1330.968304][T30728] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1330.996897][T30728] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 1331.377519][T28106] kworker/u4:1: attempt to access beyond end of device [ 1331.377519][T28106] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 1331.413464][T28106] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 1331.431499][T28106] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 1331.639830][T30786] netlink: 28 bytes leftover after parsing attributes in process `syz.4.10819'. [ 1332.039021][T30801] overlay: Unknown parameter '\{\' [ 1332.823067][T30829] loop2: detected capacity change from 0 to 8 [ 1333.698500][T30862] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 1334.555605][T30891] netlink: 8 bytes leftover after parsing attributes in process `syz.4.10868'. [ 1334.771736][T30867] loop2: detected capacity change from 0 to 32768 [ 1334.859111][T30867] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 1334.910588][T30901] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10872'. [ 1334.948130][T30867] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 1335.016308][T30867] ocfs2: Unmounting device (7,2) on (node local) [ 1335.237944][T30913] loop0: detected capacity change from 0 to 256 [ 1335.313732][T30913] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1335.357405][T30913] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 1335.429927][T30917] netlink: 9 bytes leftover after parsing attributes in process `syz.2.10880'. [ 1335.447514][T30913] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 1335.482234][T30917] gretap0: entered promiscuous mode [ 1336.312464][T30944] loop2: detected capacity change from 0 to 4096 [ 1336.402583][T30944] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1336.672776][T30961] netlink: 'syz.3.10900': attribute type 1 has an invalid length. [ 1336.861748][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1336.991793][ T27] audit: type=1326 audit(1757990331.399:3359): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30970 comm="syz.4.10906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1337.066044][ T27] audit: type=1326 audit(1757990331.399:3360): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30970 comm="syz.4.10906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1337.140598][ T27] audit: type=1326 audit(1757990331.409:3361): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30970 comm="syz.4.10906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1337.204501][ T27] audit: type=1326 audit(1757990331.409:3362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30970 comm="syz.4.10906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1337.223648][ T9] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 1337.227753][ T27] audit: type=1326 audit(1757990331.409:3363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30970 comm="syz.4.10906" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1337.257362][ C1] vkms_vblank_simulate: vblank timer overrun [ 1337.330124][T30981] loop2: detected capacity change from 0 to 512 [ 1337.369934][T30981] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1337.404876][T30983] netlink: 'syz.0.10911': attribute type 29 has an invalid length. [ 1337.414039][T30983] netlink: 'syz.0.10911': attribute type 29 has an invalid length. [ 1337.450891][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1337.475576][ T9] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1337.490537][ T9] usb 4-1: config 0 has no interface number 0 [ 1337.499782][T30981] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1337.540566][ T9] usb 4-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1337.544837][T30981] ext4 filesystem being mounted at /2810/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1337.616541][ T9] usb 4-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1337.649125][ T9] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1337.682759][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1337.684148][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1337.706658][ T9] usb 4-1: Product: syz [ 1337.716225][ T9] usb 4-1: Manufacturer: syz [ 1337.724370][ T9] usb 4-1: SerialNumber: syz [ 1337.741505][ T9] usb 4-1: config 0 descriptor?? [ 1337.763514][ T9] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1337.993986][ T9] usb 4-1: qt2_setup_urbs - submit read urb failed -90 [ 1338.009322][ T9] quatech2: probe of 4-1:0.51 failed with error -90 [ 1338.018627][T31000] netlink: 'syz.0.10918': attribute type 6 has an invalid length. [ 1338.259530][T21780] usb 4-1: USB disconnect, device number 123 [ 1338.798791][T31029] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10932'. [ 1339.309745][T31049] netlink: 'syz.0.10942': attribute type 2 has an invalid length. [ 1339.684604][T31063] netlink: 5 bytes leftover after parsing attributes in process `syz.0.10949'. [ 1339.725607][T31063] 0XD: renamed from macvtap0 (while UP) [ 1339.747074][T31063] 0XD: entered allmulticast mode [ 1339.753852][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 1339.760417][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 1339.770268][T31063] veth0_macvtap: entered allmulticast mode [ 1339.777279][T31063] net_ratelimit: 334 callbacks suppressed [ 1339.777294][T31063] A link change request failed with some changes committed already. Interface 30XD may have been left with an inconsistent configuration, please check. [ 1340.247006][T31083] netlink: zone id is out of range [ 1340.261783][T21780] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1340.266206][T31083] netlink: get zone limit has 8 unknown bytes [ 1340.454123][T21780] usb 5-1: Using ep0 maxpacket: 16 [ 1340.478003][T21780] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1340.497078][T21780] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1340.524481][T21780] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1340.533849][T21780] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1340.552397][T31087] loop3: detected capacity change from 0 to 4096 [ 1340.557714][T21780] usb 5-1: Product: syz [ 1340.571712][T21780] usb 5-1: Manufacturer: syz [ 1340.576380][T21780] usb 5-1: SerialNumber: syz [ 1340.621947][T31087] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1340.897938][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1341.095939][T21780] usb 5-1: cannot find UAC_HEADER [ 1341.141852][T21780] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 1341.165249][T21780] usb 5-1: USB disconnect, device number 3 [ 1341.203520][T31102] netlink: 10 bytes leftover after parsing attributes in process `syz.3.10963'. [ 1341.229397][T13937] udevd[13937]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1341.363877][ T27] audit: type=1326 audit(1757990335.497:3364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31108 comm="syz.3.10971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1341.421107][ T27] audit: type=1326 audit(1757990335.497:3365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31108 comm="syz.3.10971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1341.487620][ T27] audit: type=1326 audit(1757990335.497:3366): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31108 comm="syz.3.10971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1341.528129][ T27] audit: type=1326 audit(1757990335.497:3367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31108 comm="syz.3.10971" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1342.139365][T31129] loop0: detected capacity change from 0 to 512 [ 1342.189767][T31129] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1342.225567][T31129] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1342.286213][T31114] loop2: detected capacity change from 0 to 32768 [ 1342.294905][T31129] ext4 filesystem being mounted at /2628/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1342.377331][T31114] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 1342.394355][ T5791] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1342.404049][T31114] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 1342.433003][T31114] BTRFS info (device loop2): max_inline at 0 [ 1342.439082][T31114] BTRFS info (device loop2): enabling disk space caching [ 1342.457371][T31114] BTRFS info (device loop2): disabling tree log [ 1342.463772][T31114] BTRFS info (device loop2): turning off barriers [ 1342.471710][T31114] BTRFS info (device loop2): turning on flush-on-commit [ 1342.479492][T31114] BTRFS info (device loop2): doing ref verification [ 1342.486938][T31114] BTRFS info (device loop2): force clearing of disk cache [ 1342.494118][T31114] BTRFS warning (device loop2): excessive commit interval 2147483647 [ 1342.510900][T31114] BTRFS info (device loop2): enabling ssd optimizations [ 1342.518598][T31114] BTRFS info (device loop2): max_inline at 0 [ 1342.524650][T31114] BTRFS info (device loop2): disk space caching is enabled [ 1342.715652][ T1124] BTRFS warning (device loop2): checksum verify failed on logical 5328896 mirror 1 wanted 0x51ec978b found 0x8e8941a0 level 0 [ 1342.741196][T31114] BTRFS warning (device loop2): failed to read root (objectid=4): -5 [ 1342.794854][T31157] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10986'. [ 1342.819701][T31114] BTRFS error (device loop2): open_ctree failed: -5 [ 1342.832758][T31157] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1342.947738][ T7917] Bluetooth: hci2: unexpected event for opcode 0x202f [ 1343.166352][T31170] xt_CONNSECMARK: invalid mode: 0 [ 1343.232812][T31172] netlink: 'syz.0.10990': attribute type 1 has an invalid length. [ 1344.216792][T31198] gtp0: entered promiscuous mode [ 1344.236390][T31198] gtp0: entered allmulticast mode [ 1345.129613][T31191] loop3: detected capacity change from 0 to 32768 [ 1345.234450][ T27] audit: type=1800 audit(1757990339.117:3368): pid=31191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.10999" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 1345.290436][T31234] netlink: 12 bytes leftover after parsing attributes in process `syz.4.11015'. [ 1345.307747][ T27] audit: type=1326 audit(1757990339.135:3369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31231 comm="syz.2.11014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1345.346808][T31234] netlink: 28 bytes leftover after parsing attributes in process `syz.4.11015'. [ 1345.398320][ T27] audit: type=1326 audit(1757990339.135:3370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31231 comm="syz.2.11014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1345.532238][ T27] audit: type=1326 audit(1757990339.135:3371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31231 comm="syz.2.11014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1345.543721][T31240] IPv6: NLM_F_CREATE should be specified when creating new route [ 1345.617016][ T27] audit: type=1326 audit(1757990339.135:3372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31231 comm="syz.2.11014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1345.703309][ T27] audit: type=1326 audit(1757990339.135:3373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31231 comm="syz.2.11014" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1346.090404][T31258] netlink: 132 bytes leftover after parsing attributes in process `syz.4.11024'. [ 1346.619650][T31281] netlink: 'syz.3.11033': attribute type 16 has an invalid length. [ 1346.631646][T31280] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11032'. [ 1346.668003][T31281] netlink: 'syz.3.11033': attribute type 17 has an invalid length. [ 1346.685568][T31283] netlink: 20 bytes leftover after parsing attributes in process `syz.4.11035'. [ 1348.805804][T31356] loop2: detected capacity change from 0 to 4096 [ 1348.835882][T31356] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 1348.887854][T31364] delete_channel: no stack [ 1349.203806][T31372] loop3: detected capacity change from 0 to 1764 [ 1349.683246][T31392] ax25_connect(): syz.2.11083 uses autobind, please contact jreuter@yaina.de [ 1349.784248][T31394] netlink: 'syz.0.11084': attribute type 1 has an invalid length. [ 1349.797242][T31394] netlink: 'syz.0.11084': attribute type 1 has an invalid length. [ 1349.819345][ T5879] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 1350.038135][T31404] netlink: 200 bytes leftover after parsing attributes in process `syz.2.11089'. [ 1350.049971][ T5879] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1350.077437][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1350.085519][ T5879] usb 4-1: Product: syz [ 1350.097613][ T5879] usb 4-1: Manufacturer: syz [ 1350.102290][ T5879] usb 4-1: SerialNumber: syz [ 1350.112893][ T5879] usb 4-1: config 0 descriptor?? [ 1350.390012][ T5879] hso 4-1:0.0: Failed to find BULK IN ep [ 1350.432939][ T5879] usb-storage 4-1:0.0: USB Mass Storage device detected [ 1350.470208][T31421] CIFS mount error: No usable UNC path provided in device string! [ 1350.470208][T31421] [ 1350.482662][T31421] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 1350.694965][ T5850] usb 4-1: USB disconnect, device number 124 [ 1350.825777][T31431] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11101'. [ 1352.650415][T31487] netlink: 'syz.0.11129': attribute type 32 has an invalid length. [ 1352.684497][T31487] netlink: 60 bytes leftover after parsing attributes in process `syz.0.11129'. [ 1352.847731][T31495] loop0: detected capacity change from 0 to 256 [ 1352.940071][T31495] FAT-fs (loop0): Directory bread(block 64) failed [ 1352.957107][T31495] FAT-fs (loop0): Directory bread(block 65) failed [ 1352.974020][T31495] FAT-fs (loop0): Directory bread(block 66) failed [ 1352.980629][T31495] FAT-fs (loop0): Directory bread(block 67) failed [ 1353.031591][T31495] FAT-fs (loop0): Directory bread(block 68) failed [ 1353.074858][T31495] FAT-fs (loop0): Directory bread(block 69) failed [ 1353.091478][T31495] FAT-fs (loop0): Directory bread(block 70) failed [ 1353.098083][T31495] FAT-fs (loop0): Directory bread(block 71) failed [ 1353.139814][T31495] FAT-fs (loop0): Directory bread(block 72) failed [ 1353.151861][T31495] FAT-fs (loop0): Directory bread(block 73) failed [ 1354.509821][T31549] netlink: 'syz.4.11160': attribute type 16 has an invalid length. [ 1354.536435][T31549] netlink: 'syz.4.11160': attribute type 17 has an invalid length. [ 1354.629316][T31555] loop2: detected capacity change from 0 to 512 [ 1354.707324][T31555] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.11163: iget: bad extended attribute block 1 [ 1354.721942][T31555] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.11163: couldn't read orphan inode 15 (err -117) [ 1354.798899][T31555] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1355.010004][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1355.158586][T31569] __vm_enough_memory: pid: 31569, comm: syz.3.11170, not enough memory for the allocation [ 1355.548307][T31583] sock: sock_timestamping_bind_phc: sock not bind to device [ 1356.014922][T31565] loop0: detected capacity change from 0 to 32768 [ 1356.096968][T31565] ERROR: (device loop0): dbAlloc: the hint is outside the map [ 1356.096968][T31565] [ 1356.126716][T31565] ialloc: diAlloc returned -5! [ 1356.260225][T31601] loop3: detected capacity change from 0 to 4096 [ 1356.279454][T31601] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1356.322725][T31601] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1356.473911][T31601] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1356.543632][T31601] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 1356.688385][T31612] loop2: detected capacity change from 0 to 256 [ 1356.740296][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1356.889944][T31612] FAT-fs (loop2): Directory bread(block 64) failed [ 1356.923845][T31612] FAT-fs (loop2): Directory bread(block 65) failed [ 1356.958966][T31612] FAT-fs (loop2): Directory bread(block 66) failed [ 1356.992637][T31612] FAT-fs (loop2): Directory bread(block 67) failed [ 1356.999464][T31612] FAT-fs (loop2): Directory bread(block 68) failed [ 1357.028990][T31612] FAT-fs (loop2): Directory bread(block 69) failed [ 1357.066471][T31612] FAT-fs (loop2): Directory bread(block 70) failed [ 1357.086598][T31612] FAT-fs (loop2): Directory bread(block 71) failed [ 1357.131844][T31612] FAT-fs (loop2): Directory bread(block 72) failed [ 1357.138478][T31612] FAT-fs (loop2): Directory bread(block 73) failed [ 1357.203360][T31625] loop0: detected capacity change from 0 to 1024 [ 1357.227783][ T55] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1357.473847][ T55] usb 5-1: Using ep0 maxpacket: 32 [ 1357.486147][ T55] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1357.500485][ T55] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1357.535822][ T55] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1357.552525][ T55] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1357.570228][ T55] usb 5-1: Product: syz [ 1357.580869][ T55] usb 5-1: Manufacturer: syz [ 1357.591620][ T55] usb 5-1: SerialNumber: syz [ 1357.702636][T31637] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode 802.3ad(4) [ 1357.880281][ T55] usb 5-1: Invalid number of CPorts: 0 [ 1357.885929][ T55] es2_ap_driver: probe of 5-1:7.0 failed with error -22 [ 1358.131302][ T55] usb 5-1: USB disconnect, device number 4 [ 1358.766263][T31674] xt_TCPMSS: Only works on TCP SYN packets [ 1358.885459][T31676] autofs4:pid:31676:autofs_fill_super: called with bogus options [ 1359.129007][T31680] loop0: detected capacity change from 0 to 4096 [ 1359.166725][T31680] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 1359.937636][T31714] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11241'. [ 1361.513828][T31779] (syz.2.11267,31779,1):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 1361.546848][T31779] (syz.2.11267,31779,1):ocfs2_fill_super:1178 ERROR: status = -22 [ 1361.880960][T31790] netlink: 'syz.4.11271': attribute type 3 has an invalid length. [ 1361.911616][T31790] netlink: 201372 bytes leftover after parsing attributes in process `syz.4.11271'. [ 1361.948863][T31792] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11273'. [ 1362.024768][T31760] loop3: detected capacity change from 0 to 32768 [ 1362.057060][T31760] XFS (loop3): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 1362.481259][T31760] XFS (loop3): Starting recovery (logdev: internal) [ 1362.653691][T31820] netlink: 'syz.0.11283': attribute type 1 has an invalid length. [ 1362.680044][T31760] XFS (loop3): Ending recovery (logdev: internal) [ 1362.704042][T31820] netlink: 212408 bytes leftover after parsing attributes in process `syz.0.11283'. [ 1362.998219][ T5796] XFS (loop3): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 1363.500107][T31844] netlink: 96 bytes leftover after parsing attributes in process `syz.0.11296'. [ 1363.907226][T31859] loop0: detected capacity change from 0 to 512 [ 1363.940925][T31859] EXT4-fs: Ignoring removed mblk_io_submit option [ 1364.020911][T31859] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1364.057092][T31859] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 1364.099124][T31859] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.11301: attempt to clear invalid blocks 2 len 1 [ 1364.168798][T31859] EXT4-fs (loop0): Remounting filesystem read-only [ 1364.209663][T31859] EXT4-fs (loop0): 1 truncate cleaned up [ 1364.219984][T31859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1364.392538][ T5791] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1365.816804][T31930] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (4) [ 1365.939821][T31935] netlink: 8 bytes leftover after parsing attributes in process `syz.4.11338'. [ 1366.016565][T31937] netlink: 'syz.0.11339': attribute type 3 has an invalid length. [ 1366.024472][T31937] netlink: 132 bytes leftover after parsing attributes in process `syz.0.11339'. [ 1366.377609][T31952] x_tables: unsorted entry at hook 3 [ 1367.533055][T31989] usb usb1: usbfs: process 31989 (syz.0.11365) did not claim interface 2 before use [ 1367.987000][ T27] audit: type=1326 audit(1757990360.397:3374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32007 comm="syz.4.11376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.042852][ T27] audit: type=1326 audit(1757990360.397:3375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32007 comm="syz.4.11376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.077184][T32011] bond0: option fail_over_mac: unable to set because the bond device has slaves [ 1368.101417][ T27] audit: type=1326 audit(1757990360.397:3376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32007 comm="syz.4.11376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.153519][ T27] audit: type=1326 audit(1757990360.472:3377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32007 comm="syz.4.11376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.238522][ T27] audit: type=1326 audit(1757990360.472:3378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32007 comm="syz.4.11376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.453286][T32024] misc userio: Invalid payload size [ 1368.663339][ T27] audit: type=1326 audit(1757990361.024:3379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32033 comm="syz.4.11387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.747670][ T27] audit: type=1326 audit(1757990361.024:3380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32033 comm="syz.4.11387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.799345][ T27] audit: type=1326 audit(1757990361.061:3381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32033 comm="syz.4.11387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=154 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1368.878905][ T27] audit: type=1326 audit(1757990361.061:3382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32033 comm="syz.4.11387" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1369.016539][ T27] audit: type=1326 audit(1757990361.351:3383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32045 comm="syz.2.11393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1369.275824][T32055] netlink: 'syz.2.11397': attribute type 30 has an invalid length. [ 1369.318071][T32056] netlink: 12 bytes leftover after parsing attributes in process `syz.3.11398'. [ 1369.370061][T32060] netlink: 28 bytes leftover after parsing attributes in process `syz.4.11400'. [ 1369.426931][T32060] netlink: 28 bytes leftover after parsing attributes in process `syz.4.11400'. [ 1369.985479][T32083] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11412'. [ 1370.589825][T32106] loop2: detected capacity change from 0 to 1024 [ 1370.647446][T32106] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1370.721940][T32106] EXT4-fs warning (device loop2): ext4_empty_dir:3156: inode #11: comm syz.2.11422: directory missing '..' [ 1370.783506][ T55] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 1370.842108][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1370.864520][T32114] loop0: detected capacity change from 0 to 16 [ 1370.877490][T32114] erofs: (device loop0): mounted with root inode @ nid 36. [ 1371.019136][ T55] usb 4-1: Using ep0 maxpacket: 16 [ 1371.033247][ T55] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1371.052139][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1371.079748][ T55] usb 4-1: Product: syz [ 1371.084888][ T55] usb 4-1: Manufacturer: syz [ 1371.089774][ T55] usb 4-1: SerialNumber: syz [ 1371.122015][ T55] r8152-cfgselector 4-1: config 0 descriptor?? [ 1371.267856][T32126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11430'. [ 1371.793713][ T55] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1371.802192][ T55] r8152-cfgselector 4-1: USB disconnect, device number 125 [ 1372.454754][T32162] binder: 32161:32162 ioctl c0306201 200000000240 returned -14 [ 1372.834332][T32179] netlink: 'syz.0.11456': attribute type 21 has an invalid length. [ 1372.842849][T32179] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11456'. [ 1373.101262][T32189] netlink: 'syz.0.11461': attribute type 32 has an invalid length. [ 1373.327862][ T55] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 1373.551955][ T55] usb 3-1: config 1 has an invalid interface number: 28 but max is 0 [ 1373.579733][ T55] usb 3-1: config 1 has no interface number 0 [ 1373.595043][ T55] usb 3-1: config 1 interface 28 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1373.604850][ T55] usb 3-1: config 1 interface 28 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 0 [ 1373.637551][ T55] usb 3-1: config 1 interface 28 altsetting 2 bulk endpoint 0x81 has invalid maxpacket 64 [ 1373.651543][T32207] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11469'. [ 1373.661106][ T55] usb 3-1: config 1 interface 28 has no altsetting 0 [ 1373.674100][ T55] usb 3-1: New USB device found, idVendor=045e, idProduct=0473, bcdDevice=e4.34 [ 1373.706862][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1373.721887][T32211] program syz.4.11471 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1373.723296][ T55] usb 3-1: Product: syz [ 1373.760860][ T55] usb 3-1: Manufacturer: syz [ 1373.765682][ T55] usb 3-1: SerialNumber: syz [ 1373.808433][T32187] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1373.854686][ T55] ipaq 3-1:1.28: PocketPC PDA converter detected [ 1374.097534][ T55] usb 3-1: PocketPC PDA converter now attached to ttyUSB0 [ 1374.374125][ T55] usb 3-1: USB disconnect, device number 15 [ 1374.392040][ T55] ipaq ttyUSB0: PocketPC PDA converter now disconnected from ttyUSB0 [ 1374.420224][ T55] ipaq 3-1:1.28: device disconnected [ 1375.209342][T32261] (null): rxe_set_mtu: Set mtu to 256 [ 1375.218430][T32261] vxcan1 speed is unknown, defaulting to 1000 [ 1375.267265][T32261] vxcan1 speed is unknown, defaulting to 1000 [ 1375.298824][T32261] vxcan1 speed is unknown, defaulting to 1000 [ 1375.791894][T32281] xt_ecn: cannot match TCP bits for non-tcp packets [ 1375.957250][ T9] vxcan1 speed is unknown, defaulting to 1000 [ 1375.968400][T32261] infiniband syz2: set active [ 1375.973854][T32261] infiniband syz2: added vxcan1 [ 1376.301511][T32261] RDS/IB: syz2: added [ 1376.307354][T32261] smc: adding ib device syz2 with port count 1 [ 1376.412887][T32261] smc: ib device syz2 port 1 has pnetid [ 1376.445945][ T9] vxcan1 speed is unknown, defaulting to 1000 [ 1376.477005][T32304] netlink: 'syz.4.11517': attribute type 10 has an invalid length. [ 1376.505886][T32304] veth0_macvtap: left promiscuous mode [ 1376.549612][T32304] batman_adv: batadv0: Adding interface: macvtap0 [ 1376.549633][T32304] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1376.549660][T32304] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 1376.553334][T32261] vxcan1 speed is unknown, defaulting to 1000 [ 1376.921829][T32316] sctp: [Deprecated]: syz.0.11523 (pid 32316) Use of int in maxseg socket option. [ 1376.921829][T32316] Use struct sctp_assoc_value instead [ 1377.146075][T32261] vxcan1 speed is unknown, defaulting to 1000 [ 1377.156036][T32324] netlink: 'syz.4.11525': attribute type 9 has an invalid length. [ 1377.163944][T32324] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.11525'. [ 1377.802162][T32261] vxcan1 speed is unknown, defaulting to 1000 [ 1378.054783][T32327] loop2: detected capacity change from 0 to 32768 [ 1378.096334][T32327] (syz.2.11528,32327,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1378.130075][T32327] (syz.2.11528,32327,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1378.199034][T32261] vxcan1 speed is unknown, defaulting to 1000 [ 1378.245949][T32327] JBD2: Ignoring recovery information on journal [ 1378.322431][T32327] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 1378.520615][ T5798] ocfs2: Unmounting device (7,2) on (node local) [ 1378.659308][T32351] loop0: detected capacity change from 0 to 512 [ 1378.698334][T32351] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1378.844470][T32351] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1378.920097][T32351] ext4 filesystem being mounted at /2795/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1379.205089][ T5791] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1379.614764][T32374] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11549'. [ 1379.671567][T32378] netlink: 152 bytes leftover after parsing attributes in process `syz.2.11550'. [ 1379.935759][T32388] netlink: 'syz.3.11555': attribute type 4 has an invalid length. [ 1380.662912][T32414] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1380.679101][T32414] overlayfs: missing 'lowerdir' [ 1380.796408][ T27] kauditd_printk_skb: 13 callbacks suppressed [ 1380.796424][ T27] audit: type=1400 audit(1757990372.379:3397): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=32418 comm="syz.4.11572" [ 1380.854008][ T55] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 1380.933676][T32425] netlink: 'syz.4.11574': attribute type 1 has an invalid length. [ 1381.006176][T32428] netlink: 56 bytes leftover after parsing attributes in process `syz.0.11575'. [ 1381.057990][ T55] usb 4-1: Using ep0 maxpacket: 16 [ 1381.117406][ T55] usb 4-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 1381.148743][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1381.174061][ T55] usb 4-1: Product: syz [ 1381.181172][ T55] usb 4-1: Manufacturer: syz [ 1381.189208][ T55] usb 4-1: SerialNumber: syz [ 1381.198560][ T55] usb 4-1: config 0 descriptor?? [ 1381.219344][T32434] caif0: entered allmulticast mode [ 1381.427505][ T55] speedtch 4-1:0.0: speedtch_bind: data interface not found! [ 1381.440537][ T55] speedtch 4-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1381.644877][ T55] usb 4-1: USB disconnect, device number 126 [ 1381.780874][T32454] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11588'. [ 1381.806446][T32454] netlink: 24 bytes leftover after parsing attributes in process `syz.4.11588'. [ 1381.976024][T32460] netlink: 'syz.0.11591': attribute type 9 has an invalid length. [ 1382.016513][T32460] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.11591'. [ 1382.982823][T32494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11608'. [ 1383.300752][T32475] loop3: detected capacity change from 0 to 32768 [ 1383.433829][T32475] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1383.546803][T32475] OCFS2: ERROR (device loop3): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature  [ 1383.580172][T32475] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1383.622245][T32475] OCFS2: File system is now read-only. [ 1383.644301][T32475] (syz.3.11599,32475,1):ocfs2_find_entry_dx:1029 ERROR: status = -30 [ 1383.765412][T32516] ALSA: mixer_oss: invalid OSS volume ';ʸgԊ8\>Pxi9 h~)V' [ 1383.783855][T32516] ALSA: mixer_oss: invalid OSS volume '*bbX-]OF{T0pc' [ 1383.792262][T32516] ALSA: mixer_oss: invalid OSS volume 'gI"4-Z' [ 1383.826087][T32516] ALSA: mixer_oss: invalid OSS volume 'eQCȡ*qpAڜe T|K' [ 1383.834517][T32516] ALSA: mixer_oss: invalid OSS volume ':az]qeXfb]݆B.' [ 1383.866361][ T5796] ocfs2: Unmounting device (7,3) on (node local) [ 1383.876766][T32516] ALSA: mixer_oss: invalid OSS volume 'j|q⩃˚[w3^.ג' [ 1383.918408][T32516] ALSA: mixer_oss: invalid OSS volume '"P޸ۜo[8>7|YMepq' [ 1383.944368][T32516] ALSA: mixer_oss: invalid OSS volume 'wI׷#t\W,bP=&e' [ 1383.970125][T32516] ALSA: mixer_oss: invalid OSS volume ']za-!)ϻvCYps' [ 1383.994175][T32516] ALSA: mixer_oss: invalid OSS volume 'LE]Dxt݂OY3fk$T "' [ 1384.013743][T32516] ALSA: mixer_oss: invalid OSS volume '[' [ 1384.024532][T32516] ALSA: mixer_oss: invalid OSS volume '3A14IN+|\' [ 1384.050697][T32516] ALSA: mixer_oss: invalid OSS volume '$ current cno (= 3) [ 1404.597181][ T663] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 1404.632567][ T663] Remounting filesystem read-only [ 1404.751615][ T673] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11909'. [ 1404.762059][ T5791] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 1404.781624][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=12 [ 1404.799413][ T5791] NILFS (loop0): discard dirty block: blocknr=17, size=1024 [ 1404.813833][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1404.824511][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1404.837773][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1404.847121][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 1404.854958][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1404.867967][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1404.902514][ T5791] NILFS (loop0): discard dirty block: blocknr=37, size=1024 [ 1404.917193][ T5791] NILFS (loop0): discard dirty block: blocknr=38, size=1024 [ 1404.922290][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 1404.930998][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 1404.935657][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=5 [ 1404.971666][ T5791] NILFS (loop0): discard dirty block: blocknr=41, size=1024 [ 1404.997043][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.031888][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.062394][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.071676][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=4 [ 1405.114582][ T5791] NILFS (loop0): discard dirty block: blocknr=40, size=1024 [ 1405.121959][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.179199][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.188140][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.223092][ T5791] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 1405.240677][ T5791] NILFS (loop0): discard dirty block: blocknr=42, size=1024 [ 1405.254501][ T5791] NILFS (loop0): discard dirty block: blocknr=43, size=1024 [ 1405.272758][ T5791] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 1405.294296][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.327133][ T5791] NILFS (loop0): discard dirty page: offset=131072, ino=3 [ 1405.354234][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.377208][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1405.417775][ T5791] NILFS (loop0): discard dirty block: blocknr=46, size=1024 [ 1405.434886][ T5791] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1406.059052][ T681] loop3: detected capacity change from 0 to 40427 [ 1406.080761][ T681] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 1406.098888][ T681] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1406.121263][ T681] F2FS-fs (loop3): build fault injection attr: rate: 18446, type: 0x7ffff [ 1406.134638][ T681] F2FS-fs (loop3): invalid crc value [ 1406.146376][ T681] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1406.242716][ T681] F2FS-fs (loop3): Start checkpoint disabled! [ 1406.259360][ T681] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1406.267919][ T681] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 1406.340649][ T5879] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 1406.466319][ T717] loop2: detected capacity change from 0 to 512 [ 1406.516871][ T717] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1406.538324][ T717] ext4 filesystem being mounted at /3079/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1406.568970][ T5879] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1406.578424][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1406.587483][ T5879] usb 1-1: Product: syz [ 1406.591819][ T5879] usb 1-1: Manufacturer: syz [ 1406.596454][ T5879] usb 1-1: SerialNumber: syz [ 1406.614876][ T5879] usb 1-1: config 0 descriptor?? [ 1406.874781][ T5879] hso 1-1:0.0: Failed to find BULK IN ep [ 1406.902746][ T5798] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1406.917555][ T5879] usb-storage 1-1:0.0: USB Mass Storage device detected [ 1407.150527][ T5850] usb 1-1: USB disconnect, device number 38 [ 1407.457479][ T743] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1407.457888][ T741] netlink: 240 bytes leftover after parsing attributes in process `syz.2.11941'. [ 1407.782129][ T754] IPv6: Can't replace route, no match found [ 1408.869991][ T788] loop2: detected capacity change from 0 to 4096 [ 1408.882924][ T762] loop0: detected capacity change from 0 to 32768 [ 1408.902240][ T788] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1409.011118][ T762] find_entry called with index = 0 [ 1409.017306][ T762] find_entry called with index = 0 [ 1409.086532][ T796] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1410.641567][ T847] loop3: detected capacity change from 0 to 512 [ 1410.699668][ T847] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1410.741506][ T849] loop2: detected capacity change from 0 to 128 [ 1410.791150][ T847] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1410.819729][ T849] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: none. [ 1410.825252][ T847] ext4 filesystem being mounted at /2970/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1410.981620][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1411.077201][ T5798] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1412.240280][ T898] xt_connbytes: Forcing CT accounting to be enabled [ 1412.279374][ T898] xt_bpf: check failed: parse error [ 1412.944062][ T937] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609) [ 1412.977393][ T937] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 1413.196825][ T949] loop0: detected capacity change from 0 to 256 [ 1413.587954][ T964] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12040'. [ 1414.012034][ T978] loop3: detected capacity change from 0 to 1024 [ 1414.121923][ T982] loop0: detected capacity change from 0 to 1024 [ 1414.670479][ T1002] loop0: detected capacity change from 0 to 64 [ 1415.103192][T18350] kernel write not supported for file /6257/net/ip6_tables_matches (pid: 18350 comm: kworker/0:2) [ 1415.240765][ T1024] loop0: detected capacity change from 0 to 64 [ 1415.249258][ T1025] netlink: 'syz.3.12067': attribute type 10 has an invalid length. [ 1415.257223][ T1025] netlink: 40 bytes leftover after parsing attributes in process `syz.3.12067'. [ 1415.287966][ T1025] bridge0: port 4(batadv0) entered blocking state [ 1415.306165][ T1025] bridge0: port 4(batadv0) entered disabled state [ 1415.325688][ T1025] batadv0: entered allmulticast mode [ 1415.361121][ T1025] batadv0: entered promiscuous mode [ 1415.379177][ T1025] bridge0: port 4(batadv0) entered blocking state [ 1415.385849][ T1025] bridge0: port 4(batadv0) entered listening state [ 1415.494143][ T1035] ip6t_srh: unknown srh invflags 4449 [ 1415.508126][ T11] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 1415.518681][ T11] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 1415.789886][ T1041] loop3: detected capacity change from 0 to 4096 [ 1415.810956][ T1041] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 1416.007506][ T1041] ntfs3: loop3: ino=1e, "file1" failed to parse mft record [ 1416.058933][ T1041] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1416.142061][ T5879] kernel write not supported for file /5855/net/ip6_tables_matches (pid: 5879 comm: kworker/0:6) [ 1416.146666][ T1041] ntfs3: loop3: ino=1e, "file1" attr_set_size [ 1416.887778][ T1070] loop2: detected capacity change from 0 to 256 [ 1416.895864][ T1070] exfat: Deprecated parameter 'namecase' [ 1416.901775][ T1070] exfat: Deprecated parameter 'utf8' [ 1417.037472][ T1070] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x7b823c56, utbl_chksum : 0xe619d30d) [ 1417.513820][ T1082] loop2: detected capacity change from 0 to 2048 [ 1417.590120][ T1086] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1417.987083][ T1094] loop0: detected capacity change from 0 to 1024 [ 1418.249037][ T1072] loop3: detected capacity change from 0 to 32768 [ 1418.791303][ T1117] tmpfs: Group quota block hardlimit too large. [ 1418.957476][ T1126] netlink: 'syz.3.12102': attribute type 1 has an invalid length. [ 1418.987628][ T1126] netlink: 232 bytes leftover after parsing attributes in process `syz.3.12102'. [ 1420.831241][ T1142] loop0: detected capacity change from 0 to 40427 [ 1420.867964][ T1142] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1420.887572][ T1142] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1420.922914][ T1142] F2FS-fs (loop0): invalid crc value [ 1421.003207][ T1142] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1421.186708][ T1142] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1421.224536][ T1142] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1421.564411][ T1183] loop3: detected capacity change from 0 to 32768 [ 1421.626805][ T1183] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1421.719861][ T1185] loop2: detected capacity change from 0 to 32768 [ 1421.728897][ T1183] XFS (loop3): Ending clean mount [ 1421.764417][ T1183] XFS (loop3): Quotacheck needed: Please wait. [ 1421.839246][ T1185] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1421.991706][ T1183] XFS (loop3): Quotacheck: Done. [ 1422.143434][ T5796] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1422.237722][ T1185] XFS (loop2): Ending clean mount [ 1422.297427][ T1185] XFS (loop2): Quotacheck needed: Please wait. [ 1422.418935][ T1185] XFS (loop2): Quotacheck: Done. [ 1422.704498][ T1238] xt_cluster: you have exceeded the maximum number of cluster nodes (514 > 32) [ 1422.804659][ T5798] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1423.037474][ T1245] overlay: Bad value for 'verity' [ 1423.579408][ T1262] netlink: 'syz.4.12154': attribute type 3 has an invalid length. [ 1423.926677][ T1277] xt_l2tp: unknown flags: 17 [ 1424.453354][T18350] usb 4-1: new low-speed USB device number 3 using dummy_hcd [ 1424.526201][ T1302] tmpfs: Bad value for 'mpol' [ 1424.658491][T18350] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1424.677354][T18350] usb 4-1: config 0 has no interface number 0 [ 1424.691923][T18350] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1424.736691][T18350] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 1424.777473][T18350] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1424.810646][T18350] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1424.843288][T18350] usb 4-1: config 0 descriptor?? [ 1424.854169][ T1291] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1424.898111][T18350] iowarrior 4-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1425.229013][ C1] iowarrior 4-1:0.1: iowarrior_callback - usb_submit_urb failed with result -1 [ 1425.256462][T12078] usb 4-1: USB disconnect, device number 3 [ 1425.582986][ T1339] netlink: 28 bytes leftover after parsing attributes in process `syz.0.12186'. [ 1426.202250][ T1360] netlink: 'syz.3.12197': attribute type 1 has an invalid length. [ 1426.780518][ T1379] netlink: 'syz.3.12206': attribute type 1 has an invalid length. [ 1427.452086][ T1403] netlink: 372 bytes leftover after parsing attributes in process `syz.3.12219'. [ 1427.674898][ T1411] SET target dimension over the limit! [ 1427.687858][ T1413] netlink: 'syz.2.12223': attribute type 9 has an invalid length. [ 1427.747902][T12078] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 1427.959898][T12078] usb 5-1: Using ep0 maxpacket: 32 [ 1427.967563][T12078] usb 5-1: config 1 interface 0 altsetting 14 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1427.980504][T12078] usb 5-1: config 1 interface 0 altsetting 14 bulk endpoint 0x82 has invalid maxpacket 0 [ 1427.991897][T12078] usb 5-1: config 1 interface 0 altsetting 14 endpoint 0x3 has invalid maxpacket 1600, setting to 1024 [ 1427.996575][ T1423] loop2: detected capacity change from 0 to 256 [ 1428.003637][T12078] usb 5-1: config 1 interface 0 altsetting 14 bulk endpoint 0x3 has invalid maxpacket 1024 [ 1428.023636][ T1423] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1428.034828][T12078] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1428.042050][ T1423] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 1428.056493][T12078] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1428.076743][T12078] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1428.097673][T12078] usb 5-1: Product: syz [ 1428.102941][ T1423] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x881c1f2f, utbl_chksum : 0xe619d30d) [ 1428.116421][T12078] usb 5-1: Manufacturer: syz [ 1428.122270][T12078] usb 5-1: SerialNumber: syz [ 1428.141759][ T55] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1428.154454][ T1404] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1428.187074][ T1423] exFAT-fs (loop2): error, found bogus dentry(12) beyond unused empty group(11) (start_clu : 5, cur_clu : 5) [ 1428.199901][ T1423] exFAT-fs (loop2): Filesystem has been set read-only [ 1428.387303][ T55] usb 1-1: Using ep0 maxpacket: 16 [ 1428.445848][ T55] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1428.477639][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1428.486955][T12078] cdc_ether: probe of 5-1:1.0 failed with error -22 [ 1428.513647][ T55] usb 1-1: Product: syz [ 1428.524742][ T55] usb 1-1: Manufacturer: syz [ 1428.534657][T12078] usb 5-1: USB disconnect, device number 6 [ 1428.558706][ T55] usb 1-1: SerialNumber: syz [ 1428.577927][ T55] r8152-cfgselector 1-1: config 0 descriptor?? [ 1428.838254][ T1439] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1428.851101][ T1439] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 1428.868683][ T1439] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1429.061487][ T55] r8152-cfgselector 1-1: Unknown version 0x0000 [ 1429.090574][ T55] r8152-cfgselector 1-1: USB disconnect, device number 39 [ 1430.096879][ T27] audit: type=1326 audit(1757990418.983:3398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1479 comm="syz.3.12257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1430.144398][ T27] audit: type=1326 audit(1757990418.983:3399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1479 comm="syz.3.12257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1430.204689][ T27] audit: type=1326 audit(1757990418.992:3400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1479 comm="syz.3.12257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=191 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1430.267644][ T27] audit: type=1326 audit(1757990418.992:3401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1479 comm="syz.3.12257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1430.300832][ T1484] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12258'. [ 1430.332230][ T1486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12259'. [ 1430.347214][ T27] audit: type=1326 audit(1757990418.992:3402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1479 comm="syz.3.12257" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1430.900337][T12078] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 1431.060129][ T55] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1431.131547][T12078] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 1431.145475][T12078] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1431.172275][T12078] usb 1-1: config 220 has no interface number 2 [ 1431.188235][T12078] usb 1-1: config 220 interface 1 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1431.203719][T12078] usb 1-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 1431.238893][T12078] usb 1-1: config 220 interface 0 has no altsetting 0 [ 1431.249561][T12078] usb 1-1: config 220 interface 76 has no altsetting 0 [ 1431.262930][ T55] usb 3-1: Using ep0 maxpacket: 32 [ 1431.271147][T12078] usb 1-1: config 220 interface 1 has no altsetting 0 [ 1431.284369][ T55] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1431.302181][ T55] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1431.323252][T12078] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1431.332681][ T55] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1431.356723][T12078] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1431.365299][T12078] usb 1-1: Product: syz [ 1431.376010][T12078] usb 1-1: Manufacturer: syz [ 1431.383652][ T55] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 1431.398210][ T1502] loop3: detected capacity change from 0 to 32768 [ 1431.404950][T12078] usb 1-1: SerialNumber: syz [ 1431.410888][ T55] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 1431.423420][ T55] usb 3-1: Product: syz [ 1431.434304][ T1502] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.12267 (1502) [ 1431.455299][ T55] usb 3-1: Manufacturer: syz [ 1431.460167][ T55] usb 3-1: SerialNumber: syz [ 1431.497866][ T55] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input84 [ 1431.518581][ T1502] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1431.536641][ T1502] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1431.586701][ C1] bridge0: port 4(batadv0) entered learning state [ 1431.597185][ T1502] BTRFS info (device loop3): enabling auto defrag [ 1431.603719][ T1502] BTRFS info (device loop3): doing ref verification [ 1431.643424][ T1502] BTRFS info (device loop3): use no compression [ 1431.667903][ T1502] BTRFS info (device loop3): force clearing of disk cache [ 1431.680892][T12078] usb 1-1: selecting invalid altsetting 0 [ 1431.687341][T12078] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 1431.704300][ T1502] BTRFS info (device loop3): turning on async discard [ 1431.732842][T12078] usb 1-1: No valid video chain found. [ 1431.739368][ T1502] BTRFS info (device loop3): max_inline at 4096 [ 1431.751398][ T1502] BTRFS info (device loop3): disabling free space tree [ 1431.783507][T12078] usb 1-1: selecting invalid altsetting 0 [ 1431.808456][T12078] usbtest: probe of 1-1:220.1 failed with error -22 [ 1431.855945][ T5850] usb 3-1: USB disconnect, device number 17 [ 1431.881485][T12078] usb 1-1: USB disconnect, device number 40 [ 1431.940940][ T5850] appletouch 3-1:1.0: input: appletouch disconnected [ 1431.997798][ T1502] BTRFS info (device loop3): enabling ssd optimizations [ 1432.030444][ T1502] BTRFS info (device loop3): rebuilding free space tree [ 1432.067911][ T1502] BTRFS info (device loop3): disabling free space tree [ 1432.074930][ T1502] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1432.098481][ T1502] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1432.345751][ T5796] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1433.147059][ T1556] SET target dimension over the limit! [ 1433.901061][ T1544] loop0: detected capacity change from 0 to 32768 [ 1433.925135][ T1544] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.12278 (1544) [ 1433.988347][ T1544] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1434.025266][ T1544] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 1434.042559][ T1544] BTRFS info (device loop0): using free space tree [ 1434.071884][ T1574] netlink: 'syz.4.12294': attribute type 1 has an invalid length. [ 1434.083700][ T1574] netlink: 16 bytes leftover after parsing attributes in process `syz.4.12294'. [ 1434.102528][ T1552] loop2: detected capacity change from 0 to 32768 [ 1434.176998][ T1552] ERROR: (device loop2): dbAllocAG: Corrupt dmapctl page [ 1434.176998][ T1552] [ 1434.204765][ T1552] ERROR: (device loop2): remounting filesystem as read-only [ 1434.245967][ T1544] BTRFS info (device loop0): enabling ssd optimizations [ 1434.266211][ T1544] BTRFS info (device loop0): auto enabling async discard [ 1434.634991][ T5791] BTRFS info (device loop0): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1435.069685][T20534] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 10 /dev/loop0 scanned by udevd (20534) [ 1436.357091][ T1652] loop3: detected capacity change from 0 to 256 [ 1436.431755][ T1656] netlink: 'syz.4.12325': attribute type 1 has an invalid length. [ 1436.603508][ T1660] usb usb8: usbfs: process 1660 (syz.0.12327) did not claim interface 0 before use [ 1436.809807][ T1668] dlm: no locking on control device [ 1437.053755][ T1678] netlink: 'syz.4.12336': attribute type 1 has an invalid length. [ 1437.599363][ T1700] loop2: detected capacity change from 0 to 128 [ 1437.653317][ T1700] VFS: Found a Xenix FS (block size = 1024) on device loop2 [ 1437.785535][ T5798] sysv_free_block: flc_count > flc_size [ 1437.791194][ T5798] sysv_free_block: flc_count > flc_size [ 1437.816240][ T5798] sysv_free_block: flc_count > flc_size [ 1437.822108][ T5798] sysv_free_block: flc_count > flc_size [ 1437.828044][ T5798] sysv_free_block: flc_count > flc_size [ 1437.833741][ T5798] sysv_free_block: flc_count > flc_size [ 1437.839440][ T5798] sysv_free_block: flc_count > flc_size [ 1437.845222][ T5798] sysv_free_block: flc_count > flc_size [ 1437.850985][ T5798] sysv_free_block: flc_count > flc_size [ 1437.856692][ T5798] sysv_free_block: flc_count > flc_size [ 1437.863544][ T5798] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1438.135119][ T1719] loop3: detected capacity change from 0 to 64 [ 1438.192724][ T1719] Trying to free block not in datazone [ 1438.198283][ T1719] Trying to free block not in datazone [ 1438.222712][ T1719] Trying to free block not in datazone [ 1438.234927][ T1719] Trying to free block not in datazone [ 1438.264721][ T1719] minix_free_block (loop3:6): bit already cleared [ 1438.287002][ T1719] Trying to free block not in datazone [ 1438.302503][ T1719] Trying to free block not in datazone [ 1438.488293][ T1728] bridge6: entered promiscuous mode [ 1438.846262][ T1744] netlink: 'syz.3.12368': attribute type 3 has an invalid length. [ 1438.906695][ T1744] netlink: 156 bytes leftover after parsing attributes in process `syz.3.12368'. [ 1439.098084][ T1748] loop2: detected capacity change from 0 to 4096 [ 1439.149145][ T1748] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1439.230854][ T1748] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1439.336071][ T1748] ntfs3: loop2: failed to convert "c46c" to cp860 [ 1439.456181][ T1764] x_tables: unsorted underflow at hook 3 [ 1439.815445][T18350] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1439.827341][ T1778] (syz.3.12384,1778,0):ocfs2_parse_options:1460 ERROR: Invalid heartbeat mount options [ 1439.838704][ T1778] (syz.3.12384,1778,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 1439.963819][ T1783] loop3: detected capacity change from 0 to 1024 [ 1440.029196][T18350] usb 3-1: Using ep0 maxpacket: 32 [ 1440.036946][T18350] usb 3-1: config 1 interface 0 altsetting 14 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1440.068754][T18350] usb 3-1: config 1 interface 0 altsetting 14 bulk endpoint 0x82 has invalid maxpacket 0 [ 1440.098999][T18350] usb 3-1: config 1 interface 0 altsetting 14 endpoint 0x3 has invalid maxpacket 1600, setting to 1024 [ 1440.119242][T18350] usb 3-1: config 1 interface 0 altsetting 14 bulk endpoint 0x3 has invalid maxpacket 1024 [ 1440.140445][T18350] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1440.165122][T18350] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1440.200264][T18350] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1440.208339][T18350] usb 3-1: Product: syz [ 1440.211322][ T1787] loop0: detected capacity change from 0 to 1024 [ 1440.238612][T18350] usb 3-1: Manufacturer: syz [ 1440.253838][T18350] usb 3-1: SerialNumber: syz [ 1440.269196][ T1768] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1440.300718][ T1787] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 1440.350300][ T1787] ext4 filesystem being mounted at /2980/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1440.472426][ T5791] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 1440.558886][T18350] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 1440.626439][T18350] usb 3-1: USB disconnect, device number 18 [ 1440.978665][ T1811] loop3: detected capacity change from 0 to 256 [ 1441.003698][ T1811] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1441.312297][ T1820] netlink: 'syz.0.12403': attribute type 1 has an invalid length. [ 1441.320203][ T1820] netlink: 12 bytes leftover after parsing attributes in process `syz.0.12403'. [ 1441.454195][ T1827] loop0: detected capacity change from 0 to 64 [ 1441.953895][ T1841] netlink: 'syz.0.12413': attribute type 1 has an invalid length. [ 1442.094945][ T1847] ieee802154 phy0 wpan0: encryption failed: -22 [ 1442.628776][ T1869] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1442.765767][ T1873] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12429'. [ 1442.776678][T18350] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1443.013060][T18350] usb 1-1: Using ep0 maxpacket: 16 [ 1443.020476][T18350] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 1443.032482][T18350] usb 1-1: config 0 has no interface number 0 [ 1443.045698][T18350] usb 1-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 1443.061323][T18350] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1443.097211][T18350] usb 1-1: Product: syz [ 1443.108323][T18350] usb 1-1: Manufacturer: syz [ 1443.112986][T18350] usb 1-1: SerialNumber: syz [ 1443.153617][T18350] usb 1-1: config 0 descriptor?? [ 1443.221630][ T1890] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 1443.268543][ T1890] overlayfs: conflicting options: metacopy=off,verity=require [ 1443.386175][T18350] usb 1-1: selecting invalid altsetting 1 [ 1443.392008][T18350] speedtch 1-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 1443.422629][T18350] speedtch 1-1:0.1: usbatm_usb_probe: bind failed: -22! [ 1443.433143][T18350] speedtch: probe of 1-1:0.1 failed with error -22 [ 1443.445711][T18350] usb 1-1: USB disconnect, device number 41 [ 1444.648311][ T1912] loop3: detected capacity change from 0 to 32768 [ 1444.678334][ T1912] (syz.3.12447,1912,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1444.699309][ T1912] (syz.3.12447,1912,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1444.754114][ T1912] JBD2: Ignoring recovery information on journal [ 1444.844443][ T1912] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1444.849624][ T1940] netlink: 'syz.2.12461': attribute type 41 has an invalid length. [ 1445.133803][ T5796] ocfs2: Unmounting device (7,3) on (node local) [ 1445.556225][ T5879] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1445.759629][ T5879] usb 3-1: Using ep0 maxpacket: 8 [ 1445.767297][ T5879] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1445.777380][ T5879] usb 3-1: config 179 has no interface number 0 [ 1445.810147][ T5879] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1445.845189][ T5879] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1445.881339][ T5879] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 1445.903938][ T5879] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 1445.950155][ T5879] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1445.976032][ T5879] usb 3-1: config 179 interface 65 has no altsetting 0 [ 1445.983070][ T5879] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1446.005306][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1446.079421][ T5879] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input86 [ 1446.197901][ T5143] input input86: unable to receive magic message: -110 [ 1446.211539][ T5143] input input86: unable to receive magic message: -32 [ 1446.229119][ T5143] input input86: unable to receive magic message: -32 [ 1446.256174][ T5143] input input86: unable to receive magic message: -32 [ 1446.341796][ T5783] input input86: unable to receive magic message: -32 [ 1446.410310][ T5143] input input86: unable to receive magic message: -32 [ 1446.477371][ T5143] input input86: unable to receive magic message: -32 [ 1446.623116][ T9] usb 3-1: USB disconnect, device number 19 [ 1446.623203][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1446.664768][ T9] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1447.626472][ T2021] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1447.667312][ T2017] tc_dump_action: action bad kind [ 1448.004538][ C1] bridge0: port 4(batadv0) entered forwarding state [ 1448.011272][ C1] bridge0: topology change detected, propagating [ 1448.289147][ T2038] loop0: detected capacity change from 0 to 4096 [ 1448.432342][ T2038] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1448.452935][ T2046] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1448.613825][ T2038] ntfs3: loop0: ino=9, ntfs_sync_fs failed, -22. [ 1448.718024][ T5791] ntfs3: loop0: ino=9, ntfs_sync_fs failed, -22. [ 1449.128743][ T2067] netlink: 'syz.0.12522': attribute type 9 has an invalid length. [ 1449.155433][ T2067] netlink: 'syz.0.12522': attribute type 7 has an invalid length. [ 1449.165628][ T2067] netlink: 'syz.0.12522': attribute type 8 has an invalid length. [ 1449.532757][ T27] audit: type=1326 audit(1757990437.158:3403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2082 comm="syz.3.12530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1449.597928][ T27] audit: type=1326 audit(1757990437.158:3404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2082 comm="syz.3.12530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1449.686627][ T27] audit: type=1326 audit(1757990437.167:3405): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2082 comm="syz.3.12530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=84 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1449.774280][ T27] audit: type=1326 audit(1757990437.167:3406): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2082 comm="syz.3.12530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1449.818995][ T27] audit: type=1326 audit(1757990437.167:3407): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2082 comm="syz.3.12530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6929d8eba9 code=0x7ffc0000 [ 1450.058665][ T2095] loop2: detected capacity change from 0 to 4096 [ 1450.115637][ T2095] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1450.160911][ T2095] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1450.233417][ T2095] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1450.258326][ T2095] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1450.324455][ T2095] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1450.372830][ T2095] ntfs: volume version 3.1. [ 1450.439428][ T2110] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12543'. [ 1450.468822][ T2110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12543'. [ 1450.611646][ T2111] bond2: entered allmulticast mode [ 1450.644482][ T2111] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1451.201244][ T2136] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12556'. [ 1451.201300][ T2135] tmpfs: Group quota inode hardlimit too large. [ 1451.212053][ T2136] netlink: 312 bytes leftover after parsing attributes in process `syz.2.12556'. [ 1451.226523][ T2136] netlink: 'syz.2.12556': attribute type 1 has an invalid length. [ 1451.431886][ T2145] netlink: 'syz.2.12560': attribute type 64 has an invalid length. [ 1451.441069][ T2145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12560'. [ 1451.450851][ T2145] netlink: 'syz.2.12560': attribute type 64 has an invalid length. [ 1451.459627][ T2145] netlink: 20 bytes leftover after parsing attributes in process `syz.2.12560'. [ 1451.550907][ T2143] loop3: detected capacity change from 0 to 4096 [ 1451.738432][ T2143] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1451.947758][ T2143] ntfs3: loop3: ino=9, ntfs_sync_fs failed, -22. [ 1452.100052][ T5796] ntfs3: loop3: ino=9, ntfs_sync_fs failed, -22. [ 1452.300916][ T2169] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12571'. [ 1452.329076][ T2169] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 1452.416934][ T2172] bridge3: entered promiscuous mode [ 1452.434576][ T2172] bridge3: entered allmulticast mode [ 1452.516529][ T2174] xt_hashlimit: overflow, try lower: 18446744073709551614/15680 [ 1452.857933][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1452.912430][ T5879] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 1453.067691][ T9] usb 4-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1453.082624][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1453.101756][ T9] usb 4-1: Product: syz [ 1453.106331][ T9] usb 4-1: Manufacturer: syz [ 1453.110993][ T9] usb 4-1: SerialNumber: syz [ 1453.115888][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 1453.125635][ T5879] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1453.154204][ T5879] usb 5-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 1453.178038][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1453.198671][ T5879] usb 5-1: config 0 descriptor?? [ 1453.213535][ T5879] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1453.809904][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -71 [ 1453.841599][ T5879] gspca_vc032x: reg_w err -71 [ 1453.846428][ T5879] vc032x: probe of 5-1:0.0 failed with error -71 [ 1453.863067][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to write register index 0x00000098. ret = -71 [ 1453.895054][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -71 [ 1453.909168][ T5879] usb 5-1: USB disconnect, device number 7 [ 1453.918922][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1453.932071][ T9] lan78xx 4-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1453.959828][ T9] lan78xx: probe of 4-1:1.0 failed with error -71 [ 1453.979997][ T9] usb 4-1: USB disconnect, device number 4 [ 1454.300711][ T2204] loop2: detected capacity change from 0 to 4096 [ 1454.373704][ T2204] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1454.477620][ T2209] cgroup2: Unknown parameter 'memory_hugetlb_accounting' [ 1454.565578][ T2204] ntfs3: loop2: ino=9, ntfs_sync_fs failed, -22. [ 1454.700230][ T5798] ntfs3: loop2: ino=9, ntfs_sync_fs failed, -22. [ 1455.078465][ T2228] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 1455.603441][ T2245] loop0: detected capacity change from 0 to 4096 [ 1455.684182][ T2253] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1455.695468][ T2254] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1455.720506][ T2253] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1456.784329][ T5879] usb 1-1: new full-speed USB device number 42 using dummy_hcd [ 1456.997625][ T5879] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1457.017023][ T5879] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1457.038953][ T5879] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 1457.059097][ T5879] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1457.067343][ T5879] usb 1-1: SerialNumber: syz [ 1457.082537][ T2295] loop2: detected capacity change from 0 to 4096 [ 1457.096132][ T5879] usb 1-1: 0:2 : does not exist [ 1457.102190][ T9] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 1457.112045][ T2295] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1457.156574][ T2295] ntfs3: loop2: Failed to load $Extend (-22). [ 1457.162853][ T2295] ntfs3: loop2: Failed to initialize $Extend. [ 1457.305298][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 1457.329519][ T9] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 1457.358617][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1457.379201][ T9] usb 4-1: Product: syz [ 1457.403157][ T9] usb 4-1: Manufacturer: syz [ 1457.407838][ T9] usb 4-1: SerialNumber: syz [ 1457.443151][ T9] usb 4-1: config 0 descriptor?? [ 1457.460724][ T9] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1457.488206][ T9] usb 4-1: Detected FT232H [ 1457.575674][ T2297] loop2: detected capacity change from 0 to 256 [ 1457.615821][ T5850] usb 1-1: USB disconnect, device number 42 [ 1457.695396][ T9] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 1457.713446][ T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 1457.732507][ T9] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 1457.740578][ T2297] FAT-fs (loop2): Directory bread(block 64) failed [ 1457.758560][ T9] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1457.758750][ T2297] FAT-fs (loop2): Directory bread(block 65) failed [ 1457.797671][ T2297] FAT-fs (loop2): Directory bread(block 66) failed [ 1457.799154][ T9] usb 4-1: USB disconnect, device number 5 [ 1457.804302][ T2297] FAT-fs (loop2): Directory bread(block 67) failed [ 1457.851112][ T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1457.857791][ T2297] FAT-fs (loop2): Directory bread(block 68) failed [ 1457.877816][ T2297] FAT-fs (loop2): Directory bread(block 69) failed [ 1457.883877][ T9] ftdi_sio 4-1:0.0: device disconnected [ 1457.887127][ T2297] FAT-fs (loop2): Directory bread(block 70) failed [ 1457.913681][ T2297] FAT-fs (loop2): Directory bread(block 71) failed [ 1457.928164][ T2297] FAT-fs (loop2): Directory bread(block 72) failed [ 1457.934903][ T2297] FAT-fs (loop2): Directory bread(block 73) failed [ 1458.724691][ T2322] netlink: 4 bytes leftover after parsing attributes in process `syz.3.12644'. [ 1459.066699][ T2334] loop3: detected capacity change from 0 to 512 [ 1459.075357][ T2334] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1459.087479][ T2334] EXT4-fs: Ignoring removed i_version option [ 1459.154022][ T2334] EXT4-fs (loop3): 1 orphan inode deleted [ 1459.192594][ T2334] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1459.427419][ T27] kauditd_printk_skb: 11 callbacks suppressed [ 1459.427438][ T27] audit: type=1326 audit(1757990446.427:3408): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.494599][ T27] audit: type=1326 audit(1757990446.427:3409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.533632][ T27] audit: type=1326 audit(1757990446.427:3410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.585393][ T2349] ieee802154 phy0 wpan0: encryption failed: -22 [ 1459.585458][ T27] audit: type=1326 audit(1757990446.427:3411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=93 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.621231][ T27] audit: type=1326 audit(1757990446.427:3412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.647859][ T9] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 1459.701057][ T27] audit: type=1326 audit(1757990446.427:3413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.747204][ T27] audit: type=1326 audit(1757990446.427:3414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.777489][ T27] audit: type=1326 audit(1757990446.427:3415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.819011][ T27] audit: type=1326 audit(1757990446.427:3416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2345 comm="syz.2.12655" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f604898eba9 code=0x7ffc0000 [ 1459.885341][ T9] usb 4-1: config 0 has an invalid interface number: 120 but max is 0 [ 1459.898408][ T9] usb 4-1: config 0 has no interface number 0 [ 1459.929419][ T9] usb 4-1: config 0 interface 120 altsetting 0 endpoint 0x8A has invalid maxpacket 12349, setting to 64 [ 1459.949429][ T9] usb 4-1: New USB device found, idVendor=16e3, idProduct=f9e9, bcdDevice= 0.58 [ 1459.978042][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1459.998356][ T9] usb 4-1: config 0 descriptor?? [ 1460.013329][ T2334] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1460.060979][ T9] input: USB Touchscreen 16e3:f9e9 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.120/input/input87 [ 1460.130152][ C1] usbtouchscreen 4-1:0.120: usbtouch_irq - usb_submit_urb failed with result: -1 [ 1460.500520][T18350] usb 4-1: USB disconnect, device number 6 [ 1460.672313][ T2379] ieee802154 phy0 wpan0: encryption failed: -22 [ 1460.718246][ T2381] netlink: 'syz.2.12671': attribute type 1 has an invalid length. [ 1460.737072][ T2381] netlink: 44 bytes leftover after parsing attributes in process `syz.2.12671'. [ 1460.746339][ T2381] netlink: 'syz.2.12671': attribute type 1 has an invalid length. [ 1460.841932][ T2388] comedi comedi4: bad chanlist[0]=0x000040e3 chan=16611 range length=2 [ 1461.173895][ T5796] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1461.184880][ T2396] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (2878) [ 1461.207128][ T2396] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 1461.624693][ T2405] loop0: detected capacity change from 0 to 4096 [ 1461.645659][ T2405] ntfs3: loop0: Different NTFS sector size (2048) and media sector size (512). [ 1462.078995][ T2424] vxcan1 speed is unknown, defaulting to 1000 [ 1462.148268][ T2426] x_tables: duplicate underflow at hook 4 [ 1464.056081][ T27] audit: type=1326 audit(1757990450.749:3417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2517 comm="syz.0.12726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37518eba9 code=0x7ffc0000 [ 1464.179809][ T2521] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1464.187414][ T2521] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1464.559034][ T2538] netlink: 'syz.4.12734': attribute type 15 has an invalid length. [ 1464.599374][ T2538] netlink: 24 bytes leftover after parsing attributes in process `syz.4.12734'. [ 1464.764361][ T2548] netlink: 44 bytes leftover after parsing attributes in process `syz.3.12738'. [ 1465.553322][ T2586] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 1467.643863][ T2684] Timeout policy `syz0' can only be used by L3 protocol number 28 [ 1467.886046][ T2695] overlayfs: missing 'lowerdir' [ 1468.147593][ T2702] loop0: detected capacity change from 0 to 256 [ 1468.658848][T21780] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 1468.873764][T21780] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1468.882907][T21780] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1468.915765][T21780] usb 4-1: Product: syz [ 1468.920099][T21780] usb 4-1: Manufacturer: syz [ 1468.935607][T21780] usb 4-1: SerialNumber: syz [ 1468.962921][T21780] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1468.986655][ T5850] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1469.289640][ T2712] loop2: detected capacity change from 0 to 32768 [ 1469.356160][ T2712] jfs_strtoUCS: char2uni returned -22. [ 1469.375403][ T2712] charset = iso8859-3, char = 0xbe [ 1469.583869][T21780] usb 4-1: USB disconnect, device number 7 [ 1469.654797][ T2742] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1469.662273][ T2742] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1470.002665][ T2751] loop2: detected capacity change from 0 to 256 [ 1470.081328][ T2751] FAT-fs (loop2): Directory bread(block 64) failed [ 1470.087988][ T2751] FAT-fs (loop2): Directory bread(block 65) failed [ 1470.112702][ T2751] FAT-fs (loop2): Directory bread(block 66) failed [ 1470.123408][ T2751] FAT-fs (loop2): Directory bread(block 67) failed [ 1470.130118][ T2751] FAT-fs (loop2): Directory bread(block 68) failed [ 1470.158573][ T5850] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1470.165689][ T5850] ath9k_htc: Failed to initialize the device [ 1470.172426][ T2751] FAT-fs (loop2): Directory bread(block 69) failed [ 1470.189342][ T2751] FAT-fs (loop2): Directory bread(block 70) failed [ 1470.218659][T21780] usb 4-1: ath9k_htc: USB layer deinitialized [ 1470.228178][ T2751] FAT-fs (loop2): Directory bread(block 71) failed [ 1470.303007][ T2751] FAT-fs (loop2): Directory bread(block 72) failed [ 1470.317197][ T2751] FAT-fs (loop2): Directory bread(block 73) failed [ 1470.401613][ T2755] netlink: 'syz.3.12823': attribute type 21 has an invalid length. [ 1470.441919][ T2756] 9pnet_fd: p9_fd_create_tcp (2756): problem connecting socket to 127.0.0.1 [ 1470.537437][ T2751] syz.2.12820: attempt to access beyond end of device [ 1470.537437][ T2751] loop2: rw=2051, sector=1224, nr_sectors = 32 limit=256 [ 1470.590403][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 1470.604282][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 1470.611332][ T27] kauditd_printk_skb: 1 callbacks suppressed [ 1470.611348][ T27] audit: type=1400 audit(1757990456.885:3419): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=":=~" pid=2758 comm="syz.0.12824" [ 1470.636639][ C0] vkms_vblank_simulate: vblank timer overrun [ 1470.834659][ T27] audit: type=1326 audit(1757990457.091:3420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2764 comm="syz.0.12828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37518eba9 code=0x7ffc0000 [ 1470.936417][ T27] audit: type=1326 audit(1757990457.119:3421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2764 comm="syz.0.12828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37518eba9 code=0x7ffc0000 [ 1471.021376][ T27] audit: type=1326 audit(1757990457.128:3422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2764 comm="syz.0.12828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fc37518eba9 code=0x7ffc0000 [ 1471.102949][ T27] audit: type=1326 audit(1757990457.128:3423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2764 comm="syz.0.12828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37518eba9 code=0x7ffc0000 [ 1471.165942][ T2783] 9pnet_fd: p9_fd_create_tcp (2783): problem connecting socket to 127.0.0.1 [ 1471.181852][ T27] audit: type=1326 audit(1757990457.128:3424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2764 comm="syz.0.12828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc37518eba9 code=0x7ffc0000 [ 1471.316420][ T2789] netlink: 'syz.0.12835': attribute type 21 has an invalid length. [ 1471.324911][ T2791] openvswitch: netlink: Actions may not be safe on all matching packets [ 1471.337820][ T2792] netlink: 4268 bytes leftover after parsing attributes in process `syz.2.12837'. [ 1471.398687][ T2794] comedi comedi2: pcmda12: I/O port conflict (0x8,16) [ 1471.533650][ T2799] netlink: 32 bytes leftover after parsing attributes in process `syz.0.12839'. [ 1471.543197][ T2801] ================================================================== [ 1471.551314][ T2801] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6b2/0x8d0 [ 1471.559426][ T2801] Read of size 2 at addr ffff88802d6a9d22 by task syz.3.12842/2801 [ 1471.567355][ T2801] [ 1471.569708][ T2801] CPU: 0 PID: 2801 Comm: syz.3.12842 Not tainted syzkaller #0 [ 1471.577194][ T2801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 1471.587293][ T2801] Call Trace: [ 1471.590697][ T2801] [ 1471.593664][ T2801] dump_stack_lvl+0x16c/0x230 [ 1471.598378][ T2801] ? __lock_acquire+0x7c80/0x7c80 [ 1471.603436][ T2801] ? show_regs_print_info+0x20/0x20 [ 1471.608675][ T2801] ? load_image+0x3b0/0x3b0 [ 1471.613212][ T2801] ? __virt_addr_valid+0x469/0x540 [ 1471.618361][ T2801] print_report+0xac/0x220 [ 1471.622807][ T2801] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1471.628128][ T2801] kasan_report+0x117/0x150 [ 1471.632681][ T2801] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1471.638016][ T2801] __xfrm_state_lookup+0x6b2/0x8d0 [ 1471.643184][ T2801] ? xfrm_state_lookup+0x1a0/0x1a0 [ 1471.648332][ T2801] xfrm_state_lookup+0xef/0x1a0 [ 1471.653218][ T2801] ? xfrm_state_lookup+0x36/0x1a0 [ 1471.658284][ T2801] xfrm_user_state_lookup+0x232/0x360 [ 1471.663698][ T2801] ? xfrm_update_ae_params+0x630/0x630 [ 1471.669220][ T2801] ? aa_get_newest_label+0xf8/0x5c0 [ 1471.674461][ T2801] xfrm_del_sa+0xf2/0x3e0 [ 1471.678821][ T2801] ? xfrm_add_sa+0x30a0/0x30a0 [ 1471.683612][ T2801] ? __nla_parse+0x40/0x50 [ 1471.688064][ T2801] xfrm_user_rcv_msg+0x596/0x870 [ 1471.693034][ T2801] ? lockdep_hardirqs_on+0x98/0x150 [ 1471.698276][ T2801] ? xfrm_netlink_rcv+0x90/0x90 [ 1471.703171][ T2801] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1471.708590][ T2801] ? __dev_queue_xmit+0x245/0x35a0 [ 1471.713746][ T2801] ? __mutex_trylock_common+0x153/0x250 [ 1471.719425][ T2801] netlink_rcv_skb+0x216/0x480 [ 1471.724229][ T2801] ? xfrm_netlink_rcv+0x90/0x90 [ 1471.729108][ T2801] ? netlink_ack+0x1110/0x1110 [ 1471.734001][ T2801] ? netlink_deliver_tap+0x2e/0x1b0 [ 1471.739230][ T2801] ? __lock_acquire+0x7c80/0x7c80 [ 1471.744289][ T2801] xfrm_netlink_rcv+0x79/0x90 [ 1471.748998][ T2801] netlink_unicast+0x751/0x8d0 [ 1471.753809][ T2801] netlink_sendmsg+0x8c1/0xbe0 [ 1471.758610][ T2801] ? netlink_getsockopt+0x580/0x580 [ 1471.763847][ T2801] ? aa_sock_msg_perm+0x94/0x150 [ 1471.768821][ T2801] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1471.774157][ T2801] ? security_socket_sendmsg+0x80/0xa0 [ 1471.779654][ T2801] ? netlink_getsockopt+0x580/0x580 [ 1471.784884][ T2801] ____sys_sendmsg+0x5bf/0x950 [ 1471.789687][ T2801] ? __asan_memset+0x22/0x40 [ 1471.794615][ T2801] ? __sys_sendmsg_sock+0x30/0x30 [ 1471.799762][ T2801] ? __import_iovec+0x5f2/0x860 [ 1471.804658][ T2801] ? import_iovec+0x73/0xa0 [ 1471.809202][ T2801] ___sys_sendmsg+0x220/0x290 [ 1471.813915][ T2801] ? __sys_sendmsg+0x270/0x270 [ 1471.818825][ T2801] __se_sys_sendmsg+0x1a5/0x270 [ 1471.823714][ T2801] ? __x64_sys_sendmsg+0x80/0x80 [ 1471.828687][ T2801] ? lockdep_hardirqs_on+0x98/0x150 [ 1471.833920][ T2801] do_syscall_64+0x55/0xb0 [ 1471.838467][ T2801] ? clear_bhb_loop+0x40/0x90 [ 1471.843192][ T2801] ? clear_bhb_loop+0x40/0x90 [ 1471.847987][ T2801] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1471.853926][ T2801] RIP: 0033:0x7f6929d8eba9 [ 1471.856955][ T27] audit: type=1326 audit(1757990458.054:3425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2809 comm="syz.4.12844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1471.858356][ T2801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1471.900528][ T2801] RSP: 002b:00007f692ab77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1471.908989][ T2801] RAX: ffffffffffffffda RBX: 00007f6929fd5fa0 RCX: 00007f6929d8eba9 [ 1471.917352][ T2801] RDX: 0000000000000004 RSI: 0000200000000300 RDI: 0000000000000003 [ 1471.925415][ T2801] RBP: 00007f6929e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1471.933689][ T2801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1471.941702][ T2801] R13: 00007f6929fd6038 R14: 00007f6929fd5fa0 R15: 00007ffc7cb94718 [ 1471.948791][ T27] audit: type=1326 audit(1757990458.054:3426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2809 comm="syz.4.12844" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3fd0d8eba9 code=0x7ffc0000 [ 1471.949698][ T2801] [ 1471.975161][ T2801] [ 1471.977508][ T2801] Allocated by task 1403: [ 1471.981853][ T2801] kasan_set_track+0x4e/0x70 [ 1471.986475][ T2801] __kasan_slab_alloc+0x6c/0x80 [ 1471.991367][ T2801] slab_post_alloc_hook+0x6e/0x4d0 [ 1471.996522][ T2801] kmem_cache_alloc+0x11e/0x2e0 [ 1472.001416][ T2801] xfrm_state_alloc+0x22/0x2a0 [ 1472.006210][ T2801] __find_acq_core+0x7d8/0x19d0 [ 1472.011092][ T2801] xfrm_find_acq+0x6a/0x90 [ 1472.015544][ T2801] xfrm_alloc_userspi+0x57a/0xa90 [ 1472.020598][ T2801] xfrm_user_rcv_msg+0x596/0x870 [ 1472.025566][ T2801] netlink_rcv_skb+0x216/0x480 [ 1472.030366][ T2801] xfrm_netlink_rcv+0x79/0x90 [ 1472.035074][ T2801] netlink_unicast+0x751/0x8d0 [ 1472.039869][ T2801] netlink_sendmsg+0x8c1/0xbe0 [ 1472.044666][ T2801] ____sys_sendmsg+0x5bf/0x950 [ 1472.049468][ T2801] ___sys_sendmsg+0x220/0x290 [ 1472.054180][ T2801] __se_sys_sendmsg+0x1a5/0x270 [ 1472.059079][ T2801] do_syscall_64+0x55/0xb0 [ 1472.063540][ T2801] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1472.070531][ T2801] [ 1472.072884][ T2801] The buggy address belongs to the object at ffff88802d6a9c00 [ 1472.072884][ T2801] which belongs to the cache xfrm_state of size 848 [ 1472.086898][ T2801] The buggy address is located 290 bytes inside of [ 1472.086898][ T2801] freed 848-byte region [ffff88802d6a9c00, ffff88802d6a9f50) [ 1472.100732][ T2801] [ 1472.103084][ T2801] The buggy address belongs to the physical page: [ 1472.109521][ T2801] page:ffffea0000b5aa00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88802d6a9000 pfn:0x2d6a8 [ 1472.121029][ T2801] head:ffffea0000b5aa00 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1472.130017][ T2801] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1472.138036][ T2801] page_type: 0xffffffff() [ 1472.142400][ T2801] raw: 00fff00000000840 ffff88801bac8500 dead000000000122 0000000000000000 [ 1472.151108][ T2801] raw: ffff88802d6a9000 000000008010000a 00000001ffffffff 0000000000000000 [ 1472.159740][ T2801] page dumped because: kasan: bad access detected [ 1472.169192][ T2801] page_owner tracks the page as allocated [ 1472.175200][ T2801] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 22988, tgid 22987 (syz.0.7391), ts 1065738606115, free_ts 1065472179017 [ 1472.196256][ T2801] post_alloc_hook+0x1cd/0x210 [ 1472.201073][ T2801] get_page_from_freelist+0x195c/0x19f0 [ 1472.206673][ T2801] __alloc_pages+0x1e3/0x460 [ 1472.211302][ T2801] alloc_slab_page+0x5d/0x170 [ 1472.216069][ T2801] new_slab+0x87/0x2e0 [ 1472.220186][ T2801] ___slab_alloc+0xc6d/0x1300 [ 1472.224896][ T2801] kmem_cache_alloc+0x1b7/0x2e0 [ 1472.229777][ T2801] xfrm_state_alloc+0x22/0x2a0 [ 1472.234567][ T2801] xfrm_add_sa+0xfe5/0x30a0 [ 1472.239098][ T2801] xfrm_user_rcv_msg+0x596/0x870 [ 1472.244074][ T2801] netlink_rcv_skb+0x216/0x480 [ 1472.248877][ T2801] xfrm_netlink_rcv+0x79/0x90 [ 1472.253586][ T2801] netlink_unicast+0x751/0x8d0 [ 1472.253768][ T2808] loop0: detected capacity change from 0 to 32768 [ 1472.258357][ T2801] netlink_sendmsg+0x8c1/0xbe0 [ 1472.258381][ T2801] ____sys_sendmsg+0x5bf/0x950 [ 1472.258401][ T2801] ___sys_sendmsg+0x220/0x290 [ 1472.258425][ T2801] page last free stack trace: [ 1472.258431][ T2801] free_unref_page_prepare+0x7ce/0x8e0 [ 1472.289437][ T2801] free_unref_page+0x32/0x2e0 [ 1472.294170][ T2801] __slab_free+0x35e/0x410 [ 1472.298639][ T2801] qlist_free_all+0x75/0xe0 [ 1472.302772][ T2808] [ 1472.302772][ T2808] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1472.302772][ T2808] [ 1472.303163][ T2801] kasan_quarantine_reduce+0x143/0x160 [ 1472.303195][ T2801] __kasan_slab_alloc+0x22/0x80 [ 1472.323962][ T2801] slab_post_alloc_hook+0x6e/0x4d0 [ 1472.329111][ T27] audit: type=1800 audit(1757990458.485:3427): pid=2808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.12843" name="file1" dev="loop0" ino=4 res=0 errno=0 [ 1472.329137][ T2801] kmem_cache_alloc+0x11e/0x2e0 [ 1472.354541][ T2801] getname_flags+0xbb/0x500 [ 1472.359174][ T2801] do_sys_openat2+0xcb/0x1c0 [ 1472.363805][ T2801] __x64_sys_openat+0x139/0x160 [ 1472.368704][ T2801] do_syscall_64+0x55/0xb0 [ 1472.373174][ T2801] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1472.379113][ T2801] [ 1472.381490][ T2801] Memory state around the buggy address: [ 1472.387167][ T2801] ffff88802d6a9c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1472.395265][ T2801] ffff88802d6a9c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1472.403350][ T2801] >ffff88802d6a9d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1472.411459][ T2801] ^ [ 1472.416608][ T2801] ffff88802d6a9d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1472.424714][ T2801] ffff88802d6a9e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1472.432814][ T2801] ================================================================== [ 1472.440920][ C0] vkms_vblank_simulate: vblank timer overrun [ 1472.484088][ T2801] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1472.491367][ T2801] CPU: 0 PID: 2801 Comm: syz.3.12842 Not tainted syzkaller #0 [ 1472.498873][ T2801] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/14/2025 [ 1472.509148][ T2801] Call Trace: [ 1472.512472][ T2801] [ 1472.515430][ T2801] dump_stack_lvl+0x16c/0x230 [ 1472.520177][ T2801] ? show_regs_print_info+0x20/0x20 [ 1472.525422][ T2801] ? load_image+0x3b0/0x3b0 [ 1472.529971][ T2801] panic+0x2c0/0x710 [ 1472.533918][ T2801] ? bpf_jit_dump+0xd0/0xd0 [ 1472.538480][ T2801] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 1472.544510][ T2801] ? _raw_spin_unlock+0x40/0x40 [ 1472.549484][ T2801] ? print_memory_metadata+0x314/0x400 [ 1472.555169][ T2801] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1472.560513][ T2801] check_panic_on_warn+0x84/0xa0 [ 1472.565500][ T2801] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1472.570832][ T2801] end_report+0x6f/0x140 [ 1472.575123][ T2801] kasan_report+0x128/0x150 [ 1472.579676][ T2801] ? __xfrm_state_lookup+0x6b2/0x8d0 [ 1472.585013][ T2801] __xfrm_state_lookup+0x6b2/0x8d0 [ 1472.590181][ T2801] ? xfrm_state_lookup+0x1a0/0x1a0 [ 1472.595337][ T2801] xfrm_state_lookup+0xef/0x1a0 [ 1472.600300][ T2801] ? xfrm_state_lookup+0x36/0x1a0 [ 1472.605341][ T2801] xfrm_user_state_lookup+0x232/0x360 [ 1472.610724][ T2801] ? xfrm_update_ae_params+0x630/0x630 [ 1472.616193][ T2801] ? aa_get_newest_label+0xf8/0x5c0 [ 1472.621404][ T2801] xfrm_del_sa+0xf2/0x3e0 [ 1472.625835][ T2801] ? xfrm_add_sa+0x30a0/0x30a0 [ 1472.630609][ T2801] ? __nla_parse+0x40/0x50 [ 1472.635049][ T2801] xfrm_user_rcv_msg+0x596/0x870 [ 1472.640015][ T2801] ? lockdep_hardirqs_on+0x98/0x150 [ 1472.645250][ T2801] ? xfrm_netlink_rcv+0x90/0x90 [ 1472.650131][ T2801] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1472.655546][ T2801] ? __dev_queue_xmit+0x245/0x35a0 [ 1472.660681][ T2801] ? __mutex_trylock_common+0x153/0x250 [ 1472.666245][ T2801] netlink_rcv_skb+0x216/0x480 [ 1472.671035][ T2801] ? xfrm_netlink_rcv+0x90/0x90 [ 1472.675894][ T2801] ? netlink_ack+0x1110/0x1110 [ 1472.680684][ T2801] ? netlink_deliver_tap+0x2e/0x1b0 [ 1472.685910][ T2801] ? __lock_acquire+0x7c80/0x7c80 [ 1472.690963][ T2801] xfrm_netlink_rcv+0x79/0x90 [ 1472.695654][ T2801] netlink_unicast+0x751/0x8d0 [ 1472.700437][ T2801] netlink_sendmsg+0x8c1/0xbe0 [ 1472.705217][ T2801] ? netlink_getsockopt+0x580/0x580 [ 1472.710601][ T2801] ? aa_sock_msg_perm+0x94/0x150 [ 1472.715630][ T2801] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1472.720928][ T2801] ? security_socket_sendmsg+0x80/0xa0 [ 1472.726403][ T2801] ? netlink_getsockopt+0x580/0x580 [ 1472.731626][ T2801] ____sys_sendmsg+0x5bf/0x950 [ 1472.736407][ T2801] ? __asan_memset+0x22/0x40 [ 1472.741003][ T2801] ? __sys_sendmsg_sock+0x30/0x30 [ 1472.746049][ T2801] ? __import_iovec+0x5f2/0x860 [ 1472.750950][ T2801] ? import_iovec+0x73/0xa0 [ 1472.755514][ T2801] ___sys_sendmsg+0x220/0x290 [ 1472.760306][ T2801] ? __sys_sendmsg+0x270/0x270 [ 1472.765106][ T2801] __se_sys_sendmsg+0x1a5/0x270 [ 1472.769966][ T2801] ? __x64_sys_sendmsg+0x80/0x80 [ 1472.774922][ T2801] ? lockdep_hardirqs_on+0x98/0x150 [ 1472.780228][ T2801] do_syscall_64+0x55/0xb0 [ 1472.784672][ T2801] ? clear_bhb_loop+0x40/0x90 [ 1472.789373][ T2801] ? clear_bhb_loop+0x40/0x90 [ 1472.794086][ T2801] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1472.800001][ T2801] RIP: 0033:0x7f6929d8eba9 [ 1472.804426][ T2801] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1472.824058][ T2801] RSP: 002b:00007f692ab77038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1472.832498][ T2801] RAX: ffffffffffffffda RBX: 00007f6929fd5fa0 RCX: 00007f6929d8eba9 [ 1472.840478][ T2801] RDX: 0000000000000004 RSI: 0000200000000300 RDI: 0000000000000003 [ 1472.848714][ T2801] RBP: 00007f6929e11e19 R08: 0000000000000000 R09: 0000000000000000 [ 1472.856688][ T2801] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1472.864664][ T2801] R13: 00007f6929fd6038 R14: 00007f6929fd5fa0 R15: 00007ffc7cb94718 [ 1472.872649][ T2801] [ 1472.875963][ T2801] Kernel Offset: disabled [ 1472.880288][ T2801] Rebooting in 86400 seconds..