last executing test programs: 11.729938429s ago: executing program 3 (id=1586): r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0) write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x200000000000026f, 0x1}}, 0x40) 11.479071398s ago: executing program 3 (id=1588): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f0000000000)={0x24, @long={0x3, 0x0, {0xaaaaaaaaaaaa0102}}}, 0x14) connect$802154_dgram(r0, &(0x7f0000000080)={0x24, @none={0x0, 0x1}}, 0x14) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000180)="07f4ee0455d0d4a41ca2bef74e0855155cb89c4b58e15dec8af3dc2bfa5e702d8dc94b7861f158c2150c1a341a435b8d986e99a409449222668171eb1b63aee6a9d4c734191ac3ed1a3de72b3ab8398253633b74087320d109d3b192e819c612037549758c13d3aba47568a8efb88ac191", 0x71}], 0x1) 11.348096672s ago: executing program 3 (id=1589): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000040)={0x0, 0x7, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) r1 = syz_open_pts(r0, 0x0) ioctl$TCSBRK(r1, 0x5409, 0x1) 11.12320522s ago: executing program 3 (id=1591): syz_mount_image$minix(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800000, &(0x7f0000000040)=ANY=[], 0xa, 0x238, &(0x7f0000000100)="$eJzs2z1rFEEcx/Hfzj1tTpOIUQtRCIjRxpwPlYWIXaq8gVQhOTW4YjQKJgjmGrUQUtnZWAmChaVI7MTKF2Ah2CnBFAdWFlnZdR9yt3e5B+5u5fL9FGF2fjM7s0v27h8uJwD7lqVJWbKU9w5O2Ic2Jqy0twRgQFzvh5F2sm7MhCGA4XZzNO0dAEjH9jXp5WnpV/XRgjL5sCzwKoBvW5I2p55qXUFuCpJef5GyUf2wXZGOZ4PcsjVSX1+8ks6E861ibfjQlipSMcoP7ApHpIrrn//sqXD9gxrVmMZzXn5YE8H6i9H8Yy3rnWxXVRIAAMPF0nSrfM8BRteXnPL5pnnOzy80zfN+frFFfik6LkStuRezDz64V3a8fHrhjrO41zYBNGC6eP6/nozbmRbPf75Jf/3fCQAGb2V17da847iPJb9Rvhf0BI3w+Y17MokxPWmEnzm0MTj8hDIReefY1ZNJTt+YSl57767CxBsbl+RFpl9r/Y8NNYi+z/y7AVGP6e/d8E7/88+T5efv3rcz622HS5jot25us1ytGyMj9fH2TiaegnnHbm+6tV5wO1y04ctF/M8Bdi9fhQCkoXT/9nJpZXXt3FJG0o1yLnzDn/mx5Vf2pZr6PpfeTgH0Wvym3yitJHrc2sPZT59/Vy+/edbFylclfSx2MREAAAAAAAAAAAAAANQ5oqNpbwEAAADAgCS//XN3rIOvJVnZNganfY0AAAAAAAAAAAAAAAAAAAybvwEAAP//BkMBsw==") r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, &(0x7f0000001fc0)=""/184, 0x20002078) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 10.651332367s ago: executing program 3 (id=1594): openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e00000000000000000018000280080002002000000004000100080004"], 0x44}}, 0x0) 9.864626424s ago: executing program 3 (id=1597): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f00000002c0)='./cgroup\x00', &(0x7f0000000340), 0x8401, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 9.376518821s ago: executing program 32 (id=1597): r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff}, 0x800) mount$9p_fd(0x0, &(0x7f00000002c0)='./cgroup\x00', &(0x7f0000000340), 0x8401, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 5.917048883s ago: executing program 1 (id=1622): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x101042, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000100)) ioctl$PPPIOCSACTIVE(r0, 0x40107446, &(0x7f0000000480)={0x1, &(0x7f0000000140)=[{0x6, 0x1}]}) close(0x3) 5.459861959s ago: executing program 1 (id=1626): mkdir(&(0x7f0000001a80)='./file0\x00', 0x18b) mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0) mount$bpf(0x0, &(0x7f0000000180)='./file0/../file0\x00', 0x0, 0x24000, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) 5.229450636s ago: executing program 1 (id=1627): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000cf8bed20d90f25004029000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000340)=ANY=[@ANYBLOB="00c39c"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2603) ioctl$I2C_RDWR(r1, 0x707, &(0x7f00000000c0)={&(0x7f0000000080)=[{0xd0, 0x0, 0x0, 0x0}], 0x1}) 3.566744725s ago: executing program 0 (id=1640): mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000002480)=[{0x0}], 0x1, &(0x7f0000000040)}, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01') 3.389145851s ago: executing program 0 (id=1642): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000240)='./file1\x00', 0x80c406, &(0x7f0000000040)=ANY=[@ANYRESDEC=0x0, @ANYRESHEX=r0, @ANYRESHEX, @ANYRESHEX=r0], 0x2, 0x2a7, &(0x7f0000000bc0)="$eJzs3M1OE1EUwPHTljItysfKRDee6EY3E6xLdVENJMYmmkKNujAZwqBNa0tmGm2NCV274jmIS3cmxhfgCdy6IyaGFSuvaTuUKZQmQEux/f8SmDv3zIUzcxlybtPpzovNd4U1315zKhJNqERF6rInMidxEYlEJGSy0dP8HniQkrrcnn+/+3np5asn6UxmIau6mF6+m1LVmevfP3z6cuNH5dLzrzOWJdtzr3f+pH5tX9m+uvN3+W3e17yvpXJFHV0plyvOStHV1bxfsFWfFV3HdzVf8l2vI75WLK+v19QprU5PrXuu76tTqmlUalopayLIqqS2bev0VKOdkDEyeeIRua1s1kkPJBlcGJ6XdmIikjxyN+S2hpMRAAAYpuPr/2j7mIhcDrU7q8ze9f9GcNTMt77X/zFp1/8Ft1n/V7yaOm+cfLj+R0+nq/+jg0kGZxGph3YedoQ8L51sbONHBlH/AwAAAAAAAAAAAAAAAAAAAADwP9gzZtYYM9vYRkXEBPuWiMRC+12GjtWz9aMqPP8m9GUFE9xj/jECQg/uJUR+16u5ai7S3Lbii48zC/PaFHrwb7dazcXa8TutuHbG4zIVxFNd45Ny62Yr3og9epoJxzeruaSs9sy83q9LAAAAAADAyLO1ba7dmZD2+t621ZLD8eb6vdWqH7w+cGh9PyHXJs7vPAAAAAAAwPH82seCUyy6Xp8b+28WOBRKBt2D+aV9aoicbvg9Y/UljZiIdA0ZI9LqyS6d9Br+PI8rb8nFmMERbtwP95iNM/xAE9m/PePd/jaG8M8IAAAAwEAdrAeGnQkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOPrPD66bNjnCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwU/wIAAP//a0601Q==") r1 = syz_open_procfs(0x0, &(0x7f00000003c0)='oom_score_adj\x00') writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)='2', 0x1}, {&(0x7f0000000080)='-6', 0x3f}], 0x2) 3.000001295s ago: executing program 1 (id=1645): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201410117512920570509201ec70102030109022400010200100009045807028ab53800090506020001000006090582020002"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 2.883709719s ago: executing program 0 (id=1646): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) ioctl$KVM_CAP_MAX_VCPU_ID(r1, 0x4068aea3, &(0x7f00000000c0)={0x80, 0x0, 0x4}) 2.55503977s ago: executing program 0 (id=1647): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="1502000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32=r2], 0x3c}, 0x1, 0xba01, 0x0, 0x20000000}, 0x0) 2.166844644s ago: executing program 0 (id=1649): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r0, 0x2) syz_emit_ethernet(0x4e, &(0x7f0000000040)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "00fcff", 0x18, 0x6, 0x1, @local, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0xc2, 0x0, 0x0, 0x4, {[@fastopen={0x1e, 0x4, "ac14"}]}}}}}}}}, 0x0) 1.937250252s ago: executing program 0 (id=1650): syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000a80)="082de466a8a6a5c9289e245ed6f46ec2955ee5e7836c4c71b7ab4d87dc3b3247111f017ec256a735a9af9204f8bbf002a1c7393849818a18daff134ec52f31e35b0c11a162cd8a2b7b98c7340533ada9901cd17062a4f10ab4b26fb5e9d7b2cfdda6cb214ec681b8a337bebe241b204a600be0374790f47fbb8b554c65d44d3af05ddeeae50231e9edf0635b053ae19cba507d49d6567d021e0b36d8b096fa1b4de8af4e5a0dca948d7d61be1e53c7490ed70e2aab9f3e36662bdd327764fcd7d2f14e236152348ecb0f352742b3036f03d415ea6e994ed96b09eaabff0b270c28f6cfc3b81d0e5ad17bfa518dcd277ad850aa36245393417312501cb03cd8d51732964a1b4ceed9f5b7debe6d541511e274c465441493330c7968bf5485d1bb03464a48463c9a66498ebb4d14cee8aa5572688a9340cc950f64b1acfcf09263576fc669ff814ba7be1e39569dd34dee2ab806f7d5a1d3774bd37f8d39bc3680f013e470ef0490381bfba05111f8d7ac7e3e77a5ec17e8be26a4d0afb9ea941a53ca320c1fed830369a99f6ded2d76cdcb51b5c0af2ff31f1c444e837e8bcc95a62f88f2ca6a6840428719217d0576b14a8b12611c5cb204c6037c4fcb19ec2bccbce05cf4c678b03d657901c752262c5754ab5055ebc1bed2d6fc8f00f2ecce83508faa6df00606709fe6fcf500b1ac2b25a90defbdb32235fd53bfcb7b24cb25877138321e11e9ce9efa4bbac4bd7a158424c2c95484ce1dc315b7d4b976bd01ba95846849ef959e28fa1810e6f6c405d9a1202c6a80ee67db7259ad82c3b7d6e9360c0d4a24d711b7587d771ea103e1ee96d327737df84bced4d4fec78d551b0f1faf9d7b6afb1670325582a77eccded5fb68dc3b7648e369827c8d4440e8cb80bd39fb944c926db8a8c96aaaec35e18d027b8ea9055d027cf8659c1e11d1d9ddf2178e3a5b6fb7e47853b72b345cb277a0eb96bb751cf2b13d03f92fd4545716ac61289d15563b85c2a16aeb644d36acf428ece845333c93b2dfd5158c168a363e905386d5aeae363102cae18ea71f009a6500ebf32512a6789792ef1bfe94da74041bba5141a096bb711292c432a333b21cd871547715acd071b0b79b906c64a78514fde250dd52ea576bd728799216a5031eb6225b9f89d3fa2337f21fbad59d5a3d3ac5526a622dff26d4fc9c0781205a5fa08c98e961d408b94ff4b9357838b220154d72af298d412813d86fcae07563c331ae77757e2f86db53638112281e41a476a2bfd69fb6964b75ee955a340a507ac82a5bf71f64a5b9fc0d44a5a8f702fdda51c37b3bd29638e90c3c8ae0d4c8b962b1a7433771b10fedab257096e88ff026f3911792034efcd0db5293cfbb9978115b3bfa0c347b8cff05b71769b9141570ebaedddc009f0d4be258683ff6eec047a6f1f2fdb9b08d967735d7a8f364d0692b35ac2bc8f69c09a1668aa73b9060cdbe18441de5868bffbe90ef838fa6e2502192dd8fad98c3d6e3f3e418b5fc71d6bcb527dae2ea4a58a6acca21c013f424bd93fb8685c9fad4e41e4464e28c17f15dfa4fbd21f97a4aa0212478b9527871895a37e4ad8ecd76ca0a3d5a3a0206a4e36b35c5e162fa9fd1d92a5f65ddadb3c74d9f7096406dd218685bb4484aab24650a9a49f864180e2cc57e9040189b9ea03b134f9cdbc35b00ef323c7b1e757ad29c915010d15dc53f284ca98f7244245dc817758cf3598db98afb6bfec4cb666ed7fa990f90923cb8a7d35009b72dc5a3c9f3a3d59f267835e74519e447bd1bcdee2bd5419cbe1f1dbc355b5785281cb65dd56b5070dbc1f32aac7794891f46851de6e92fc225715ef97c3608632e7623fa9e07be5072ef4cf53de4ac7c8f27845d258f6e83ae4fed6d2923a9098346856bec58dcacccd9ffc6ac6487c1fee74acf3a731e17b916d378f9b868fe476932fd910b2f338c3f7d4355d69592c3cce99e0708555d466906366fe5df4f00e9f5c1be1f1c4c39231863f0cf628394d00e66d6736aba785ff1d33ef80e86847176cf6cc8491f3815ab34469feba0b827378a9de758562bb71536676aee9b33c3ed82c51f9238e436350a08c10d53a3f29bd34747fb6847bc0fccb219aca33b6d254576b1305a0681d113dcdea1837f57219ae957488f9c34bdda8f3c1ce2210ede492afe6b7986cb5ca79d092310e7dac3f994471c5f5e87e763c1950784b013d79db0e9382b9201c4f1c838cf81748ab11e06d3824a4f78a7635ef6f8c2ec7bd66139262f7ccf91a756ad20116a5029387768a5086a43440ed66e9fc9572b291cf7fb0269bb215b7c5d1f3549c9cb0581771a7792ba324acf6cc7e57c77e2e55fc62db4a11934295ceb4f24e15025bc9f1c9ca00a66a4e0cfe384b1e357a8516309ed5c3c658f5c7e363720842677e16cc68d8dc1c36ad837cfad00f1631142826e6e4a7625cdf5c25390a26df540172e2247a7818dd7b51060696d9fba066a403b43dd87693a5f256a81fb6358c8a177c08f6f154969324750a41cf63c221f9334ea86330cea9c23ef170b5a925df4ab709a3acfc83fc6f3a8502c7c673445a2da6e213a76ec1812e2cebf5ad3ea1fead236bf79cb674ba99741d1effd461854a4c1dc72a9c3845fec7d433eb6ddba6901367bc3ed9bec4dddb104a63a8607870ee2b816e42c366ebb4e0229e89db04602e02ac58f2c7f54f9942899783fef00207ed9c704aa7e400d5073610c9e674384569c384f682297860ef82e6597ab288b75794cd63fa3a67c480b73e13ef2209d7d0c73f67b62d477efa01fcb8faadffdd1bcc14d03e71c8ca54292b530fae18977c3a8bc8ed42c313870f26dde36d9ec4163f3bbb0f0190030ccf1338a15d117aeae98ffc82c3363628f82e8c93f70e488d88e4e5e14678def8fbdae6459a9301c43dc5ec4ffd28b5a06a78e554a7670902c73b4ff75d1fb695e7f1f5ad018e9216a8a8233fce4c4fb7b6395410f65608467197f4d395f8675e2556f5467b33dfc096b0edd805fef29992560c4bc049400a2f54ab8f793ebe7d5158d1549011c55ff18756c139a2f505586dafc754df7eb19565791f0701d3164a90e03f00d07f40123167d51e29e0348364e8775c97dab851908e0107844a720627f8ecf2290317ee3901b4e7a141c11639e0a5ae91ca0e6c79551f8c0f4ac3969ead11121fa756377f498d354e37122b9759a8fc10f3e18dddde6ebbf7c561ac118297e52758d4cca979b80d49db113239984ee1fbe73eb14275b46626a84e7b5f9ca3505fd714a9cf92795e4158ee1f3cef1e6c8187b9368aa548652622dc7fbe7a6846cbd1811b94b6a0fd63a69091886899a0b5cc7a9d3c4e2586665c05fd32b36b9d0f4cf9ab083b2948a03a26c1f778ee89c9ec4301556ab006f76fb842b8354702d9eced06b3511aca0e417633c49d3b823703e9075058d7ef569efaa2971f9e64884b665e4bea33a88b2ee2061f0265795cfe366aae79bdd3e5fe242fe1309f17700f86f73b5f42eed29494d5be88616de054948630fc68909c81745fa014f515dca476575f414a5f1551d45b1a9dad1319fd33d682173d8e0a457d32e58dcde1417ac776745ff7e71ce74847f58c3510ac8efda230a3b42fc1da925f4618ca58c9ccbe7e18f8a30be520ba3b344a3aa33d7b933989fe043228a57209723c9d3703fdc244ff77e81b78ad31f34da1e7f70ae200bcd6a3c831006075a3ca39b5bb2b90b60a89cf015bcc8f542489d6ba79d58cc5ee80f981a217a935f1b83d03818b8e1a08ed9557d8cca7ca21281cdcae1bdcb42846aaae2a8094297829719eca245dbc812a8017243f1e452406a815f47ccebd0e532f802c0fe954490b658da9592d84f758867facc67f907a2c3d00d8577a2edb92bac8819d4fe5edb70328832330561bdcf2360b9591e9e20f6769c4849e49dbd06e585c223b9c753b599e8d925a1f653e5725577e4ed8d22b6cda65bbf9dc57f475678c318efd7030e28e5e23b46d26a3e58b557192e0dc3ffbc75c12c82927c32884b256a8b748e8455c5a4a83b30273072352694ac119631b28ae2af57b90136e23efd0da494375e5970f4fdfbeba368ea1021c21a2bf4c091bb1925a41f8703e3538041afaa3c13d271a40ea3695710a47c2fb05b862e0c6a9951944b4a4be360a8e0b991788ab8053a87f9cf848dee79801d11125b1e0c3225486aeeaf8cf40167d70450b87e7723515416669c5398c68206636ab4bb1e9ef47959c2eea52088d770c7ec258bf734feac53470d23cbd84d6d31383ba7ae2956f870c47b664a4e19c9a804470f1adcbe21feaec95c60416d37b1441ab77a0c2fb7bc8c4bdeefc3b1b55926eca12ba744a6532f107a747544a10c654ac08a2406eb2b84aae230c8617e6e5f290e125019400892f88790d77aa042b03d1d6956876477e5a4529a0953da7e67db6a730fc7a28e26beff00b4540d729224ecfaaf6339e4d71ef5dfabe72dcae70e8d80651e57e50c85ae1134a1a58be462efe0bd06485e413b083853c70787d1f2aaf7dfdbd82db89b42c9641732b3d9c553a83875e9a8049ceeca728987246c4fffba67e4de53ca974c7d0abe30cd479955e91ec0aa21754fabecb2e8fd99c385378b57b7ad5afa51c8fb9e14a1ed6afea658c115bb7796cb77cdad8056b0c8bad3c19acb9bd338d62468bc910aaefb44b19179238b0dcf94fb5463026bccf5d4d01055a2c1900c01d345e98f18ae61c9b071392cbc4841e83c27fc8e19a06a40bbf212573af18d4179069181bb9c0d7f1f84af996224a650ff6c159a9d590903f2b7512fac056e398ac5ef8037c70b899138196b873f54a6065578776cfc49953215e0929e80b6425c4d9402005cd8ab0d49f6274ada7789b8375c590c31ff73e745a561af848f696b7b6d7a5bb49967245d82c28a2fe6b9d124086225d7471023ac192c73e493a705d8db934ba150600f9175810a8372519b2fd08affe07783ac285ac3cf4d8acc5f5069e2985820f291a224a94bf9a5453428a37ece3266f4b7ab93490e8bfc23baf14eca92690be7c605e7e3358a83c5cb26d094965b6679bbd5e2cd3af1a9222dc1d66a66d580b0f36f04cefc847fb2225c1d5a5704d3ecc0e46fe680035664b3147469bf51dc12efe4480ac8fe6cf48cc81f5b29c0e31d99fc43d19811ed02b041d94d4ce174c17effe709ec39514c284d76a5da5eb4acb5387dbfbeb650ce1a7b9a1a83d246091f571bccbe222a997224af13715f85e6be5e633630ddd3ff1990b1fd9bbc6f1ddc3ecc0ad99428e10375ce47f8c38f03da34242550b1eee6ba867915d4b8fc340bd30f52114b028886b1c0095e33afdde175afcc6616092163cfd17515e4436764692ea32111889204b317706a694bcaea717dfdd60395e70f9940d631a7f8b99cef217cf11228eaee2c7bd5effeb80ba12eeac636ff22cf42d6e40061ddf4bb63da958ceeaf40550fdfa9d3042a5ab83c4b26b229f7d547adc071be47c203794582f92b5d16cfcd326194cb1a880bafd489b0e4de01d4905c495a2909240595ae1320cedf67a6e8561444451941b645d1d3a1a899f83b259212dd8f543b27651eee653908009f8cf5170ab3bbee1302fc32af55bd4b64a39f04a56baf7edfa56b6ef7c55ad62dd26b2f2a4f56a5c061d52e6d791047ceb3a6f3f6060f044d213bf49fab65a458f43b32fde6111e4d2f49eb66add2c78d5fd61bb3c16536debd26d79dfaa7dea0c159c028dea715572aad09cadd28b17af40e712e732403d070286d33082cbdbc670c17fb66ae79b81c65b51c956185ba2dc3c9bfc7763f5fc89c16aff449a951bdfe1260e3e1d961a0e4be9d64d9787ca0a578c2412c241cec5b61f471acce3d0a70503f40f1adb6bb25d9cb08b65a3a8abf802c27342570d2b5bb6de56e61c6a0b62cdef0846f9ec06a90e05bc0898ad3a92d7eaa1b9af2a9b4d6a29e2d18aa5d81af6c35942828e7498dd4e53d5e6552a06a81ca04980003e6443d7753293ff06cbe5fcf2b939c79a1ae3f8fd748d9de14457c7731cb663f61bc375ab26294f7001d98d064c4b0035ab9b35e61b5737270d64d81b858286d8665b824d0fc610084852f2520eb1c9c1c890dcdd77addb9520abdc49b163334697a14a37251927d69ddb92637b406aba54c9284ba1ba376ed852cd01eaaaec3f074082de0640e41de83d21efa261c413e4be3150b53cbb58cd08875c82441c50a1362be75620b8153bde82cab78ef065dd95ecb7541b64ca4b12671e7ea6653ab4655bd1bdf4428b63a551b26ed3111009f81a3e5913109769b2d3fcd792b029b001dcf0a00de99b3520183d476532ff4da88cb950360581ef36db4f797a16e6943b932fb0d2c97b435359b531048d58d96281b7928ba9c3ac6e869f430294a8cc27d1ef77d3030f2588b96b8e71037130365d053ee87260adeacec0c8b29cef1bff2bc5e004169897a89096fcc5a24a036bb756f35a0000529f1dea30090870a134f68a4044d48e97d5a14695b780862d7f324eb410439705fe3c82b85d5429f44f8f729120fdfa9ea6b3eee6cd9f7af5622daf56ec3e45d92443754d9e44318db458af3ab152475b5ae2f8b204feecfd5f08a70ef561af381310c2f7ce9187391e18b8832a8c264a017d4ea9f06cb08c7dbb742d60c08f17601cc5b86b6cd27b094cb4d374e2f1cd77e0e192f1a10c03865f74887a0841175942ea8f062ae91e84c359ad20dd0a95d335f62ad53c747354b708d3697eb18e05d6ac0c3e3fd90fa7c977d40c971c818b66dd992f193db6d1d3da78150da5e7102a631ab90c40eb5a192e9fe4b09d5761340143573735cc6a5301ac453e2d30a448ea170cf4169ddae0e9faf260cbf64f91c723f7932364aa327b17de2618e66f48bdfd09bd9c49931a6867f390456092f478cdb8830fb53a359ac9c857fb5f76c249617da605d677af2d7566f476a8cb76523717500cd26a81c04d165672f337a4946be54b868e37963db026dbff7aca869c036278e6405159ca72ca995479170367f9863f64011f5bc1b5018eb8cc395fcf278c7f5180ac59f1f18ecdb00a44d47335af4242322f7db595408f442f9a23fa698f7c087f0b3c176501eb181d0ce1a49c900fe0d9df2674fd25e4e256efc8358f2d4e49d129e6228ae4a400cf65884e605948c94f83c283e861a042d5ff5d71c84da849f97813695495669fc432b0ad8b6a3dcb616f9a03d465b081808a5989fe9455cd892f827375a4b60d3a8cded4c9b8a05f4b3699aa4e2aed5b919fdac72f008aedc2a6a84940da643e303f63cd3b5aa7af0ee0f025aee050ffa3f00dcf1f13b7a9618ddea28785774715b6b5b66b4f880141c8f4d2151194ee48948e3a5bec6b78f5c0764a5df3cde1edb74d3ee9679c7d35cfd3eafb60c5280b3cf5fa25890124d62eceb2bdf34757ed1fbe9d5d6bbdfd05e95b94a343d6290aed4d8678249c3fa14ac67caaf6efb757306d2bb90b06a52697c3cf31f13835199a5b8ba4f9509c6e954343d5cda50c5263a57090fbffc9431deeb9977de66178b0471b4011555c5f9f084afde0a2c79c28e9dc87f326b6deccc1c08a319ffc72fa28db82b7eea11028686d7d53173e87573665b82e7d6575529766800cb14788a15a7803e2f657211f0101cf5bc0c47bcbf2e5802b416647dbc5382e0177bbaf6430b7146290741951f29c6aed0d9193ecea24cc133a55744277c9a4e8417d96a78de9bdfe62fcbb84440ca04b3a8b5d91427b440988b50c1038ee4dee493e74e2301ae77c7751a76b6aadb3436c24aedd866777db8ed7ac755c3429a279f0235371e5b4bd78906797b998ab09c6c950af81b97bb3bb2a67377886a386e66a71ddcc708e31e1470670623699db45b14c2cf24511d46d51abba67084554867135a222dd0d004d80759d1fd048552de0b65d237cca8263878bcd449d8b7d24c251b013535bf3fba5c21ad436d27559bcf954aec57b9298c870469d658352356e2e5f8cb582f6685e9f5b75225b241d70ad10efcac15cac35eaf392f9636faea6b3c94dcb2338754ade6b4529cd94a13bfe6001bc21423e01d3b355d7022b7e8e2bfd76d8b921e0c37506c5ed6e6ae57bfa658c47925e5dbe23452e82278da6cc1b2858617bcef74b5bb45989c8a22c796de8af6b759f1b76429781198e14330014bc9c958b2f84e0657b27d3b990e98fa6e919dd254cbeba595c69ceba4ff81f6deee9dd95d72cb0faed81c67a7168d411cf1cb5e81aaf1716da6b5d975f0350ee422727ce230933706a7d14fb9cbc6380e44f8048cb0d5369c121c3242e8e28de03e39ba166c204c25249ff847b348c02cedbdc5e52a9124d85da16280aaa734744e053cecc2ef75dc38a7323385e87d1c3c02da182cfab6c7e150ca031859630f43c3fdc16a90bc4e34e90da16273acfada5c5be59ff4407a02bcf5b6d811436274b94640ff35e2a4c20c32a1969f5e552632f07369756161c7d45fa2fa27e2d44dd803a88b58edd3446fdedf84212981e1de88ccd354f2720ec879b306dcbddae9fb3de061334c83533fc069ba5d6fd0ed168a8c584f932dd44cccc0b1e703724c2c7db98397a3e9d691a19e4cb45a0a06a2de71e9c38c133cbdfb4c3afedb651ea04225f7c567281782ea10373a22e64a99ef35d0aa5b8dcae96b7659cdfc702d9f43db15b64fb2369dccceaf7eed85fbd5f4f5c81394c4ad8fd767ad5a669df3f6a0e3fa9af92afbc73f17dbbf690398a02382c2ddab1b4cbdfc7b9a9942a0490dd2def0335488c5e6d61ce223be35470f6c24fae24d90980ca0e0ed888fae2f0f1c9ba0fb15eebd6fe44b51a8a78e4ecb7270cc86394c7a1b4256f8788456207f6256f8526a19b4ec86a07905f9f0d1faedce6bea082602dba5d9c9f05ebd5e93110f20813aa6c4aba1c3c6c6c3bef6ab1061c07e6e82e0c46177519d1d463d79a8a9988fa0ff8baa327a18708e5c37c652639466cbf6d2f80a7b0b0e67e0911d5fcee69e7ed1abd9481d13d1dc665cd5f934dc5befe03ab0632d403985ebb0a34ce784d6020d0a06837a0f543c8d0d00f30fc6bb4b164f2241cb50a55cdb23d53367c0d8c16ce11436eef4ef77576851784bd46c08a0dfd53c2f4ce9a38c7615825316f9e452ed9b77c741d3a887984d9982b427cf67a4f828beff7004fc6f0125d8454707712f90535329adb47d6bf4f5462dc4d373901fef8ef2861df5938ab7355f426372f3ad4ec83f7694c159fb988e51af1a4c697eef9ffadd153cb4cfbb575e28383c0f107d084c76ea3919b979b00461fb3d63ba627ad50a2837783ceb0f96a323308f1365f717b0f244782dec111efaf067d4eb4c2da2fa45dc343b6eddbc81391065b1d88f9d359048be19ea3222d9118d9a258c4efad1acc56199b65a6728de421ffa191e8baf0973013b2fa4371703d65ad6c6346213c788ba8bb976a66aa521a7f0c18e7faaaf627e02471c2a4cebfe29dd6171ecd05495f7ab766f103c952022cae574696fd0ee25654a52fe7187af3b5912d0953e43d526db29ae3903da060470c7d73cecf6ffd264f7eeecd90cb40007f801ae8f4aa8740cd7f0e126eece3acf36cb4d5c89b695b60c79130b5daf2ff028e9618217dece2bda88c2a537df32409ad2c3b8125c4b20f3b53aabb8d049b0f16a91dc241a48355519ab194fb8ac4705b3227c987602eaadb896d0f09e4bd1695e709c0712c3db84e5648913a4535b8bc6339ceb17d72209dac7c4a83ceb0b8aa280fcf2eedccf290bb45c7fd6383be95314bd90a27072fb77d9d5aabf0681726bbba9f547ecaae4c834d7178e808c51dfa5f16ffe4e0def4edd7160781ab26ccc9ce78a4080ddd02dbba91e97d771fa7543c836b06bf1df53caff1dcfd086f825aeef5b8191724dcf28007f92b5bfd42124d1cc51d619ebef6a84192928463b177c99c819d505cbb8c6ad45edc936f5ecf025e6b3f9ec57ac5ce9c7cea377fe82b5f0e8ffcb180a2373f75e4b4ba6b76abc0909af2c68ae8eb0920cdcd85aff9942c7b5815e71f838fd421de8619d041a18465a8f0e3e7c82dd7e8ddfd79cd5f83a3f722b00ba200dfaf942e44b9999a8d5055d600e5b69d5957ed57d2343fa86a348d89fe6927967020001b84d6914d7186b350ca856802e6caf99e3909ab6be5d3df408df5c81921afd053ad36c79891baeed6e74d9bc02c2243feb79cdbaf4d9ebcea439bdebabd01681c529f24109012d30495a6a10f307cc36b8bc63c0f547ef8e984a214b477ca9423dcae9a583d4b7625dbcc11684e62cd6d9697cf33635eb5a86dc909091590fa6c11ae9d4bbc22cfb461c1c21f604b2ac6fca2ba8e2bd44bbdd5f705c67e9f10aea9888ec67f286df0e65166b0894fba799a45d764da800df2f8b5517e7918a98114c9f323c8638c687e55560e41109f71df0599eb2a963eece9be62e5da9cc4dc8ae0e682354c4f508e20d34331857a872d47483fb2aece32c8be8e42b7bcc5e07bdbd16bd3eb6a524bfd948b413bbd14a693ed3a5b43c857e42fd6f2c48bb68462a964ed83bf5b3f7f38c1417620b9b500b3ccbe92522c1b149f8be208bd6c993460594ed90c502a5c64398b37079536dd1b494c205f41b0d198476c44f86a26ff4a5b7d5b2d792ff0a4598251c276949be3c54612ccaff4e07a0894a5cfebb5766ba5b9928a4eaa993ccde6d02ba87c17386b671a24c6d7b24ed4adda0234984e1c5a0ebaaf3f426cf3ec4276706c0da7090ad9a574d077080b3e59409148d5c59787f9a1e7451b5497745816caab4c05788b6aed54e529b8db10d279257f6c154e5468ed89017e8bbf3938a47709bf040ac911d143cc3c120ec31a82a76a2f3188cde3f04339c10953a7695be88a93662bd575884f4380495b81246f630a432e76d58ecec0ecb94bcbe804daad59b40e3008e8818ae21b4b113990e10a5efe7eaa5e5a1ee8382cf0db3ce539e6153ecd6418b38366864e93840aa9ab37131a1d6e58cac2d3b00c46399b2e274e96a330aaa641412a7e0725c8cd7b32222613cb638c5700f19397328c3a24c6f9cea352520af3584f74824677e78af848480b1b4b590b89ed396c8e635e051a9d6dc05e8a2bae7da398b3f481a8640d1a9448bc416148252b9aac3329738ccc0dfedf6d84cafb48679fb2e45da089f90136bceaa2c4378dbd0946eb8aea712d93fc7c1ecfcc703d2946e7658185b7c7c515b33792c1483a3f34a29d88bf5c5a3d11047518fd9873fe3632866ac22071f5699f5d594f9dd914b7c1e59f69d244fee4e948c85200250dadd677aea1b2919f79e4a4e4b24e34c0eb603c2e646b266b917c45c6da0108dd2af0eb7f1df4920fd6811aaecfecaeedb8d24c281f4bd5685bc9bdfaa8b41e9b2b942c2d2c5fa9edc3094ca5883a009c69fd4fe70a33abfbe736c798121eb92d0cb826ce6e42e22392f303ab90e40fa879d0e67ff31e928d8f15166497796acbae0af4c5cfa30d84c46d0ab9f776dbf6d389684e040a2673bf303c71977404d5108b163bbe295ca7b3753b134e5d75870228ffa24480b", 0x2000, 0x0) r0 = syz_usb_connect(0x3, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f0000000dc0)=ANY=[]) 1.472755878s ago: executing program 4 (id=1655): symlinkat(&(0x7f0000000080)='.\x00', 0xffffffffffffff9c, &(0x7f0000000200)='./file0\x00') mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f00000000c0)='tracefs\x00', 0x1214040, 0x0) socket(0x400000000010, 0x3, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0xa0202, 0x0, 0x11}, 0x18) 1.294620585s ago: executing program 2 (id=1657): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000000)=@req3={0x6, 0xfffffff7, 0x8, 0x10001, 0x8, 0xa98, 0x3}, 0x1c) 1.263323186s ago: executing program 4 (id=1658): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10) getpeername(r0, 0x0, &(0x7f0000000000)) 1.062540192s ago: executing program 2 (id=1659): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_mreqn(r0, 0x0, 0x27, &(0x7f0000000000)={@multicast1, @local}, 0xc) syz_clone3(&(0x7f0000000080)={0x801400, 0x0, 0x0, 0x0, {0xb}, 0x0, 0x0, 0x0, 0x0}, 0x58) getsockopt$inet_buf(r0, 0x0, 0x29, &(0x7f0000000000)=""/145, &(0x7f0000695ffc)=0x24b) 923.004767ms ago: executing program 4 (id=1660): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000c00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000c40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000c80)={0x24, r1, 0x611, 0x70bd28, 0x25dfdbff, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0x2}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x800) 815.008532ms ago: executing program 2 (id=1661): pipe(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) close(0x3) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) splice(r1, &(0x7f0000000040)=0xfffffffffffffffc, r0, 0x0, 0x6, 0x0) 787.539753ms ago: executing program 4 (id=1662): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) newfstatat(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x4000) setresuid(r1, r1, 0x0) ioctl$sock_bt_hci(r0, 0x400448cc, 0x0) 674.983887ms ago: executing program 4 (id=1663): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x3) lseek(r0, 0x9, 0x0) 623.153218ms ago: executing program 2 (id=1664): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x1}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x18, 0x0, &(0x7f0000000180)=[@acquire, @increfs, @release], 0x0, 0x0, 0x0}) 595.664469ms ago: executing program 1 (id=1665): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f00000000c0), 0x1, 0x553, &(0x7f0000000a40)="$eJzs3d9rW1UcAPDvTdv91nUwhopIYQ9O5tK19ccEH+aj6HCg7zO0d2U0WUaTjrUO3B7ciy8yBBEH4ru++zj8B/wrBjoYMoo++BK56U2XrUmbddnSmc8Hbjkn9ybnfnPv9/TcnBsSwNCayP4UIl6OiG+SiIMRkeTrRiNfObG23er9q7PZkkSj8elfSXO7rN56rdbz9ueVlyLit68ijhc2tltbXlkolcvpYl6frFcuTdaWV05cqJTm0/n04vTMzKm3Z6bfe/edvsX6xtl/vv/k9oenvj66+t0vdw/dTOJ0HMjXtcfxBK61VyZiIn9PxuL0IxtO9aGxnSQZ9A6wLSN5no9F1gccjJE864H/vy8jogEMqUT+w5BqjQNa1/Z9ug5+btz7YO0CaGP8o2ufjcSe5rXRvtXkoSuj7Hp3vA/tZ238+uetm9kS/fscAmBL165HxMnR0Y39X5L3f9t3sodtHm1D/wfPzu1s/PNmp/FPYX38Ex3GP/s75O52bJ3/hbt9aKarbPz3fsfx7/qk1fhIXnuhOeYbS85fKKdZ3/ZiRByLsd1ZfbP5nFOrdxrd1rWP/7Ila781Fsz34+7o7oefM1eql54k5nb3rke80nH8m6wf/6TD8c/ej7M9tnEkvfVat3Vbx/90NX6KeL3j8X8wo5VsPj852TwfJltnxUZ/3zjye7f2Bx1/dvz3bR7/eNI+X1t7/DZ+3PNv2m3dQ/FH7+f/ruSzZnlX/tiVUr2+OBWxK/l44+PTD57bqre2z+I/dnTz/q/T+b83Ij7vMf4bh39+taf4B3T85x7r+D9+4c5HX/zQrf3e+r+3mqVj+SO99H+97uCTvHcAAAAAAACw0xQi4kAkheJ6uVAoFtfu7zgc+wrlaq1+/Hx16eJcNL8rOx5jhdZM98G2+yGm8vthW/XpR+ozEXEoIr4d2dusF2er5blBBw8AAAAAAAAAAAAAAAAAAAA7xP4u3//P/DEy6L0Dnjo/+Q3Da8v878cvPQE7kv//MLzkPwwv+Q/DS/7D8JL/MLzkPwwv+Q/DS/4DAAAAAAAAAAAAAAAAAAAAAAAAAABAX509cyZbGqv3r85m9bnLy0sL1csn5tLaQrGyNFucrS5eKs5Xq/PltDhbrWz1euVq9dLUdCxdmayntfpkbXnlXKW6dLF+7kKlNJ+eS8eeSVQAAAAAAAAAAAAAAAAAAADwfKktryyUyuV0UUFhW4XRnbEbCn0uDLpnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAH/gsAAP//6AY3sQ==") r0 = creat(&(0x7f0000000180)='./file1\x00', 0x0) io_setup(0x1ff, &(0x7f00000001c0)=0x0) io_submit(r1, 0x1, &(0x7f0000000080)=[&(0x7f00000000c0)={0x2600, 0xc8, 0x8, 0x8, 0x0, r0, 0x0, 0x0, 0xfff, 0x0, 0x2}]) 443.445005ms ago: executing program 4 (id=1666): unshare(0x62040200) syz_usb_connect(0x0, 0x4a, &(0x7f0000000080)=ANY=[@ANYBLOB="120100005520f010402038b14201040000010902"], 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="5400000010001ffffcffff000000000000000000", @ANYRES32=0x0, @ANYBLOB="00000100000000002c0012800b00010067726574617000001c00028006000e000200000006000f000700000008000700ac"], 0x54}, 0x1, 0x0, 0x0, 0x40}, 0x0) 401.400676ms ago: executing program 2 (id=1667): syz_mount_image$erofs(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x3008003, &(0x7f0000002ac0)=ANY=[], 0x2, 0x200, &(0x7f00000002c0)="$eJzsmbFrFEEUxr+Z3ds7gwRtLGwsDBjR7O3uqaSJEMFSEKKo5WHWEN3k5LJC7kDwsLHRzkKwtbG0sLCy8C+w1UIFwcIrBQthZGZnd4e93fMOTwXzfpDJN/PezLz3YF6xB4Ig9iyfPn778PDc8qWTAPZjAXW9/sXKfbjh//7JnROPV84/ffHu2Zvt+buviucxAEJUXve9aHIAvF61EIPZyYoQmM/tC0YIWuMyOI5rfQUMbiJ/CEUyCcFwTfvcNHRnnxZR6F7vROs3NqPQk4Mvh0AOLTM+GdRwwLAOoKGiE4IZ9p1e/1Y7isJuUdREes+IaVrBK8up41vlWEFaPSGk/9UH9wdyrmsDDzyrnw8OX+sWGNa0XkYdruvmJTHyP2zn51uT5D9jcVbd9WjSXc+VOLj05wNLRPpGptkly/g3SvcfidpMzmHFFfmgs5VDw7QHmj6f/1nu+LVPY/xjhLaPmN7ORdGF34jQKSlUJvL+JDv7MaM/2bCz/tGMt243d3r9pc2t9ka4EW4HQeuMd8rzTgdN1YiScUz/a6j+NGecX6vwdZiD3XYcd/1dIO762TxIxjwBrL3sfJVbDkD1P47Fo+oI1VNV2vXyO5j+4+q/VItWuee9ypwIgiAIgiAIgiAIgiAIgiDKOQKG5JcwwfQH0TKCi+oL5c8AAAD//40vYXw=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fadvise64(r0, 0xe0ffff, 0x19, 0x3) mount$9p_fd(0x0, &(0x7f00000000c0)='./file1\x00', 0x0, 0x400, 0x0) 31.328249ms ago: executing program 1 (id=1668): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000002d40)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff48700000020000005c0000000000000095000000000000002ba728041598d6fbd307ce99e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f071326bd9174842fa9ea4318123341cf9d90a0e168c1884d005d94f204e345c652fbc1626e3a2a2ad35806150ae0209e62f51ee988e6e0dc84e974a22a550d6f97181980400003e05df3ceb9f1feae5737ecaa81d666963c474c2a19eed87b277be335c75e04ad6ee1cbf9b0a4def23d410f6296b32ae343881dcc7b1b85f3c3d44aeaced3641110bec4e90a634196508000000000000f0f4ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d4dcecb0c005d2a1bcf9436e101040000f73902ebcf0200822775985b231f000000ccb0ecf31b715f5888b2a858ab3f11afc9bd08c676d2b89432fb465b3dad9d2aa7f1521bc9901de2eb879a15943b6dc8ea15aab9dd6968698e3095c4c5c7a156cec33a7bb727667d81ff2757ca1e6bfdd4c968dacf81e65998b9091957d1d11a5730baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba165d876defd3541772f26e27c44cfd7bb5097379cf1756869cebc7b0b2d85d6d29983e830a9cdd1d0a017c100344c52a6f387a1340a1c8889464f90c284a4db539621fbb70f01a2c02dec4cd1f570dd39877dfb2ff1ae66e1ce917474b2e650ae610afd01409d9a337ac5d58bcb5e5fc231514952c5255f22bd8b325d9b76e57f041b665ab0249886c0a65cc99d5893521372c8d8b7bacac24000020a4a24d8dbd75062e1daef9dead619cc6e7baa72706287793c3d2a2661edcd3545236c204682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b993508000000e480cd9d4850a049ee19b67d17ef0477aeb12b1d2502000000d9051f22614d1f62734d678039a97d2b74f9e8e97f4e8e702512"], 0x0}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000001040)={r0, 0xffffffffffffffff, 0x32, 0x0, @void}, 0x10) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) ioctl(r1, 0xfffff000, &(0x7f0000000000)) 0s ago: executing program 2 (id=1669): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0x8, &(0x7f0000000040)=0xc65b, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x400c0d4, 0x0, 0x0) readv(r0, &(0x7f0000000400)=[{&(0x7f0000000480)=""/73, 0x49}], 0x1) kernel console output (not intermixed with test programs): rom 0 to 32768 [ 169.706803][ T7831] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.800 (7831) [ 169.742840][ T7831] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 169.754505][ T7831] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 169.763430][ T7831] BTRFS info (device loop0): using free space tree [ 169.880555][ T7831] BTRFS info (device loop0): enabling ssd optimizations [ 169.892049][ T7831] BTRFS info (device loop0): auto enabling async discard [ 170.008267][ T7831] BTRFS info (device loop0): scrub: started on devid 1 [ 170.019015][ T7831] BTRFS info (device loop0): scrub: finished on devid 1 with status: 0 [ 170.711447][ T5769] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 170.787418][ T7854] bridge0: port 2(bridge_slave_1) entered disabled state [ 170.875810][ T7856] loop3: detected capacity change from 0 to 512 [ 170.898738][ T7856] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 170.943160][ T7856] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 171.116100][ T7856] FAT-fs (loop3): FAT read failed (blocknr 128) [ 171.492821][ T7865] netem: change failed [ 171.624964][ T7869] netlink: 32 bytes leftover after parsing attributes in process `syz.0.809'. [ 172.412096][ T5808] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 172.604992][ T5808] usb 2-1: config 0 interface 0 has no altsetting 0 [ 172.611846][ T5808] usb 2-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 172.640315][ T5808] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 172.667250][ T5808] usb 2-1: config 0 descriptor?? [ 173.002184][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 173.192061][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 173.203590][ T9] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 173.212118][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 173.221888][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 173.233110][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 173.243532][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 173.256876][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 173.266387][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.508929][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 173.514567][ T9] usbtmc 3-1:16.0: can't read capabilities [ 173.523909][ T5808] video4linux radio48: keene_cmd_main failed (-71) [ 173.547857][ T5808] radio-keene 2-1:0.0: V4L2 device registered as radio48 [ 173.563301][ T5808] usb 2-1: USB disconnect, device number 9 [ 173.587484][ T7912] loop3: detected capacity change from 0 to 32768 [ 173.603915][ T7912] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 173.704164][ T7912] XFS (loop3): Ending clean mount [ 173.759552][ T27] usb 3-1: USB disconnect, device number 9 [ 173.863907][ T5767] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 174.132557][ T5809] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 174.350891][ T5809] usb 1-1: Using ep0 maxpacket: 16 [ 174.369276][ T5809] usb 1-1: unable to get BOS descriptor or descriptor too short [ 174.383963][ T5809] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 127, changing to 7 [ 174.399161][ T5809] usb 1-1: New USB device found, idVendor=103d, idProduct=0100, bcdDevice= 0.40 [ 174.413893][ T5809] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.422623][ T5809] usb 1-1: Product: syz [ 174.426915][ T5809] usb 1-1: Manufacturer: syz [ 174.443147][ T5809] usb 1-1: SerialNumber: syz [ 174.671834][ T7940] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 174.721876][ T5809] usb 1-1: Audio class v2/v3 interfaces need an interface association [ 174.754792][ T5809] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 175.114118][ T5809] usb 1-1: 2:1 : can't get Cluster Descriptor [ 175.312239][ T9] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 175.332583][ T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 175.397718][ T5856] usb 1-1: USB disconnect, device number 8 [ 175.524414][ T9] usb 3-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 175.536997][ T8] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 175.547554][ T8] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 175.559384][ T9] usb 3-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 175.568840][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 175.578087][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.587025][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 175.598205][ T9] usb 3-1: Product: syz [ 175.602708][ T9] usb 3-1: Manufacturer: syz [ 175.607366][ T9] usb 3-1: SerialNumber: syz [ 175.612046][ T8] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 175.627875][ T8] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 175.637302][ T8] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 175.647916][ T9] usb 3-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 175.658409][ T8] usb 2-1: Product: syz [ 175.662926][ T8] usb 2-1: Manufacturer: syz [ 175.675998][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 175.681463][ T8] cdc_wdm 2-1:1.0: skipping garbage [ 175.689703][ T8] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 175.695890][ T8] cdc_wdm 2-1:1.0: Unknown control protocol [ 176.269158][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -EPIPE [ 176.472831][ T27] usb 2-1: USB disconnect, device number 10 [ 176.484476][ T9] usb 3-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 176.509913][ T9] usb 3-1: USB disconnect, device number 10 [ 177.142622][ T7962] loop0: detected capacity change from 0 to 1024 [ 177.151095][ T7964] netlink: 'syz.2.855': attribute type 15 has an invalid length. [ 177.200571][ T7962] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.258453][ T7970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.858'. [ 177.415626][ T7962] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.0.854: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=8, size=56 fake=0 [ 177.469462][ T7962] EXT4-fs (loop0): Remounting filesystem read-only [ 177.546323][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.773836][ T7985] relay: one or more items not logged [item size (56) > sub-buffer size (3)] [ 178.198939][ T7997] loop2: detected capacity change from 0 to 4096 [ 178.234839][ T7997] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 178.410179][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.294212][ T8021] loop2: detected capacity change from 0 to 512 [ 179.329706][ T8021] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 179.366439][ T8021] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 179.415978][ T8025] loop3: detected capacity change from 0 to 512 [ 179.508729][ T8021] FAT-fs (loop2): FAT read failed (blocknr 128) [ 179.995486][ T8037] bridge0: port 2(bridge_slave_1) entered disabled state [ 180.172163][ T27] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 180.226728][ T8042] loop0: detected capacity change from 0 to 4096 [ 180.290259][ T8047] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 180.364756][ T28] audit: type=1800 audit(2000000053.440:13): pid=8042 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.880" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 180.404015][ T27] usb 3-1: config 0 interface 0 has no altsetting 0 [ 180.411898][ T27] usb 3-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 180.442374][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.469571][ T27] usb 3-1: config 0 descriptor?? [ 181.193435][ T8057] loop0: detected capacity change from 0 to 512 [ 181.314083][ T27] video4linux radio48: keene_cmd_main failed (-71) [ 181.320899][ T27] radio-keene 3-1:0.0: V4L2 device registered as radio48 [ 181.358034][ T27] usb 3-1: USB disconnect, device number 11 [ 181.697709][ T8068] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 182.000962][ T5808] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 182.191340][ T5808] usb 1-1: Using ep0 maxpacket: 16 [ 182.205760][ T5808] usb 1-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice= 0.40 [ 182.223274][ T5808] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.231507][ T5808] usb 1-1: Product: syz [ 182.236360][ T5808] usb 1-1: Manufacturer: syz [ 182.241333][ T5808] usb 1-1: SerialNumber: syz [ 182.264265][ T8081] bridge1: entered promiscuous mode [ 182.462151][ T5809] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 182.504667][ T5808] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 182.586427][ T8078] loop2: detected capacity change from 0 to 32768 [ 182.602359][ T8078] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.893 (8078) [ 182.643184][ T5808] usb 1-1: USB disconnect, device number 9 [ 182.657980][ T8078] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 182.694573][ T8078] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 182.704594][ T5809] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 182.736598][ T8078] BTRFS info (device loop2): using free space tree [ 182.753810][ T5761] udevd[5761]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 182.753948][ T5809] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 182.800693][ T8086] loop1: detected capacity change from 0 to 8192 [ 182.807724][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.829706][ T5809] usb 4-1: Product: syz [ 182.839146][ T8086] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 182.856528][ T8086] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 182.871116][ T8086] REISERFS (device loop1): using ordered data mode [ 182.878386][ T8086] reiserfs: using flush barriers [ 182.890718][ T5809] usb 4-1: Manufacturer: syz [ 182.900717][ T8086] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 182.909696][ T5809] usb 4-1: SerialNumber: syz [ 182.935566][ T8086] REISERFS (device loop1): checking transaction log (loop1) [ 182.956897][ T5809] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 182.969853][ T8078] BTRFS info (device loop2): enabling ssd optimizations [ 182.989173][ T8078] BTRFS info (device loop2): auto enabling async discard [ 183.270120][ T8078] BTRFS info (device loop2): scrub: started on devid 1 [ 183.279380][ T8078] BTRFS info (device loop2): scrub: finished on devid 1 with status: 0 [ 183.292732][ T8086] REISERFS (device loop1): Using r5 hash to sort names [ 183.316290][ T8086] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 183.517868][ T8105] bridge0: port 2(bridge_slave_1) entered disabled state [ 183.799050][ T5809] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 183.840646][ T8108] loop0: detected capacity change from 0 to 512 [ 183.855236][ T5809] usb 4-1: USB disconnect, device number 11 [ 183.934289][ T8108] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 183.961535][ T8108] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 184.053831][ T5770] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 184.107501][ T8108] FAT-fs (loop0): FAT read failed (blocknr 128) [ 184.467513][ T8112] loop2: detected capacity change from 0 to 4096 [ 184.517450][ T8113] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 184.631247][ T28] audit: type=1800 audit(2000000057.700:14): pid=8112 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.903" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 184.927749][ T8121] netlink: 32 bytes leftover after parsing attributes in process `syz.3.906'. [ 185.151587][ T8131] loop1: detected capacity change from 0 to 256 [ 185.209118][ T8131] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 185.392209][ T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 185.581524][ T8139] netem: change failed [ 185.589892][ T8141] loop2: detected capacity change from 0 to 64 [ 185.603599][ T9] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 185.617446][ T9] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 185.638318][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 185.659744][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 185.675477][ T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 185.723850][ T9] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 185.761276][ T9] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 185.780775][ T9] usb 4-1: Product: syz [ 185.786136][ T9] usb 4-1: Manufacturer: syz [ 185.837758][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 185.856965][ T9] cdc_wdm 4-1:1.0: skipping garbage [ 185.875817][ T9] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 185.881790][ T9] cdc_wdm 4-1:1.0: Unknown control protocol [ 186.127954][ T8151] loop1: detected capacity change from 0 to 4096 [ 186.187341][ T8152] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 186.259753][ T28] audit: type=1800 audit(2000000059.330:15): pid=8151 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.923" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 186.361089][ T8147] loop0: detected capacity change from 0 to 32768 [ 186.376925][ T8147] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.919 (8147) [ 186.426343][ T8147] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 186.459976][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -EPIPE [ 186.471847][ T8147] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 186.503718][ T8147] BTRFS info (device loop0): setting nodatasum [ 186.510126][ T8147] BTRFS info (device loop0): force zlib compression, level 3 [ 186.532377][ T8147] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 186.543188][ T8147] BTRFS info (device loop0): use lzo compression, level 0 [ 186.553528][ T8147] BTRFS info (device loop0): turning on flush-on-commit [ 186.562333][ T8147] BTRFS info (device loop0): enabling auto defrag [ 186.573244][ T8147] BTRFS info (device loop0): max_inline at 4096 [ 186.581455][ T8147] BTRFS info (device loop0): using free space tree [ 186.664793][ T5809] usb 4-1: USB disconnect, device number 12 [ 186.712470][ T8147] BTRFS info (device loop0): enabling ssd optimizations [ 186.982745][ T5769] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 189.355073][ T8220] loop0: detected capacity change from 0 to 32768 [ 189.384460][ T8220] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 189.395021][ T8220] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 189.448743][ T8220] XFS (loop0): Ending clean mount [ 189.461006][ T8220] XFS (loop0): Quotacheck needed: Please wait. [ 189.501121][ T59] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 [ 189.520147][ T59] XFS (loop0): Unmount and run xfs_repair [ 189.526546][ T59] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 189.535819][ T59] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 189.544994][ T59] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 189.554140][ T59] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 189.563322][ T59] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02 .... ......N.... [ 189.572502][ T59] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 189.581474][ T59] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 ................ [ 189.590719][ T59] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 189.599844][ T59] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 189.608899][ T59] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74 [ 189.634832][ T8220] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas. [ 189.719230][ T5809] XFS (loop0): Metadata CRC error detected at xfs_allocbt_read_verify+0x42/0xd0, xfs_cntbt block 0x10 [ 189.735781][ T5809] XFS (loop0): Unmount and run xfs_repair [ 189.741526][ T5809] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 189.749588][ T5809] 00000000: 41 42 33 43 00 00 00 02 ff ff ff ff ff ff ff ff AB3C............ [ 189.759435][ T5809] 00000010: 00 00 00 00 00 00 00 10 00 00 00 01 00 00 00 10 ................ [ 189.768489][ T5809] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 189.777412][ T5809] 00000030: 00 00 00 00 20 bb 84 11 00 00 04 4e 00 00 00 02 .... ......N.... [ 189.786563][ T5809] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 189.795503][ T5809] 00000050: 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 ................ [ 189.805088][ T5809] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 189.814151][ T5809] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 189.824694][ T8220] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1df/0x2e0" at daddr 0x10 len 8 error 74 [ 189.839075][ T8220] XFS (loop0): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x519/0x8b0 (fs/xfs/xfs_trans_buf.c:296). Shutting down filesystem. [ 189.854257][ T8220] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 189.882791][ T5769] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 190.750143][ T8262] netlink: 4 bytes leftover after parsing attributes in process `syz.0.957'. [ 191.241148][ T8276] sp0: Synchronizing with TNC [ 191.495069][ T8287] netlink: 4 bytes leftover after parsing attributes in process `syz.3.972'. [ 191.636554][ T8289] program syz.2.973 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 191.677301][ T8291] netlink: 8 bytes leftover after parsing attributes in process `syz.3.974'. [ 191.786420][ T8295] loop2: detected capacity change from 0 to 256 [ 191.931721][ T8298] loop0: detected capacity change from 0 to 256 [ 192.009153][ T8298] exFAT-fs (loop0): failed to load upcase table (idx : 0x000106cd, chksum : 0x3aeaf2c0, utbl_chksum : 0xe619d30d) [ 192.092739][ T8298] syz.0.985: attempt to access beyond end of device [ 192.092739][ T8298] loop0: rw=524288, sector=4280, nr_sectors = 1 limit=256 [ 192.142695][ T8304] exFAT-fs (loop0): error, found bogus dentry(11) beyond unused empty group(10) (start_clu : 5, cur_clu : 5) [ 192.191459][ T8304] exFAT-fs (loop0): Filesystem has been set read-only [ 192.212074][ T8306] sp0: Synchronizing with TNC [ 192.220869][ T8298] syz.0.985: attempt to access beyond end of device [ 192.220869][ T8298] loop0: rw=0, sector=4280, nr_sectors = 1 limit=256 [ 192.238802][ T28] audit: type=1800 audit(2000000065.310:16): pid=8298 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.985" name="file1" dev="loop0" ino=1048615 res=0 errno=0 [ 192.346090][ T8305] loop2: detected capacity change from 0 to 8192 [ 192.454579][ T8313] loop0: detected capacity change from 0 to 128 [ 192.481466][ T8313] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 192.494854][ T8313] ext4 filesystem being mounted at /241/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 192.684038][ T5769] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 192.799136][ T8319] loop2: detected capacity change from 0 to 128 [ 192.849214][ T8319] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 192.957303][ T8319] ext4 filesystem being mounted at /240/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 192.975696][ T8323] dvmrp1: tun_chr_ioctl cmd 2147767506 [ 193.044105][ T5770] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 193.062098][ T8] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 193.178826][ T8331] loop2: detected capacity change from 0 to 512 [ 193.196045][ T8331] EXT4-fs: Ignoring removed orlov option [ 193.225092][ T8331] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 193.258824][ T8331] EXT4-fs (loop2): 1 truncate cleaned up [ 193.271867][ T8331] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.282062][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 193.317034][ T8] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 193.330677][ T8] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 193.341742][ T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 193.354053][ T8] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 193.364656][ T8] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 193.378627][ T8] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 193.387781][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.556459][ T8339] loop1: detected capacity change from 0 to 1024 [ 193.637921][ T8339] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 193.654280][ T8] usb 4-1: GET_CAPABILITIES returned 0 [ 193.659793][ T8] usbtmc 4-1:16.0: can't read capabilities [ 193.721598][ T8339] EXT4-fs error (device loop1): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.1.992: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=8, size=56 fake=0 [ 193.828648][ T8339] EXT4-fs (loop1): Remounting filesystem read-only [ 193.924775][ T8] usb 4-1: USB disconnect, device number 13 [ 193.937456][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.061812][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.141400][ T8351] netlink: 'syz.1.996': attribute type 15 has an invalid length. [ 194.250036][ T8355] netlink: 8 bytes leftover after parsing attributes in process `syz.0.997'. [ 194.410478][ T8360] loop2: detected capacity change from 0 to 512 [ 194.420837][ T8360] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 194.488525][ T8364] loop1: detected capacity change from 0 to 128 [ 194.527949][ T8360] EXT4-fs (loop2): 1 orphan inode deleted [ 194.542554][ T8360] EXT4-fs (loop2): 1 truncate cleaned up [ 194.573362][ T8364] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 194.579144][ T8360] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.611050][ T8364] ext4 filesystem being mounted at /264/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 194.629185][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.659145][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.665166][ T8360] EXT4-fs (loop2): shut down requested (1) [ 194.734148][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.890222][ T5768] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 194.930282][ T8369] loop0: detected capacity change from 0 to 4096 [ 194.999931][ T8374] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 195.034752][ T8372] loop2: detected capacity change from 0 to 1024 [ 195.097388][ T8376] loop1: detected capacity change from 0 to 128 [ 195.122920][ T28] audit: type=1800 audit(2000000068.190:17): pid=8369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1004" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 195.185998][ T8372] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 195.425377][ T8372] EXT4-fs error (device loop2): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.2.1015: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=8, size=56 fake=0 [ 195.518450][ T8372] EXT4-fs (loop2): Remounting filesystem read-only [ 195.714530][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.074420][ T8395] loop0: detected capacity change from 0 to 1024 [ 196.140400][ T8395] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.156960][ T8391] loop1: detected capacity change from 0 to 8192 [ 196.248983][ T8391] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 196.256125][ T8395] EXT4-fs error (device loop0): ext4_generic_delete_entry:2729: inode #12: block 7: comm syz.0.1025: bad entry in directory: rec_len is smaller than minimal - offset=16, inode=14, rec_len=8, size=56 fake=0 [ 196.267740][ T8391] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 196.282101][ C1] vkms_vblank_simulate: vblank timer overrun [ 196.297924][ T8391] REISERFS (device loop1): using ordered data mode [ 196.305500][ T8395] EXT4-fs (loop0): Remounting filesystem read-only [ 196.312527][ T8391] reiserfs: using flush barriers [ 196.330974][ T8391] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 196.392582][ T8391] REISERFS (device loop1): checking transaction log (loop1) [ 196.420448][ T8391] REISERFS (device loop1): Using r5 hash to sort names [ 196.428656][ T8391] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 196.445243][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 196.688513][ T5782] Bluetooth: hci2: command 0x0406 tx timeout [ 196.694800][ T5782] Bluetooth: hci0: command 0x0406 tx timeout [ 196.699903][ T5776] Bluetooth: hci3: command 0x0406 tx timeout [ 196.832729][ T8403] loop3: detected capacity change from 0 to 4096 [ 196.869995][ T8403] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 197.070599][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 197.410135][ T8416] input: syz0 as /devices/virtual/input/input8 [ 198.253322][ T8414] loop0: detected capacity change from 0 to 40427 [ 198.270672][ T8414] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x7ffff [ 198.282051][ T8414] F2FS-fs (loop0): Image doesn't support compression [ 198.300747][ T8414] F2FS-fs (loop0): Image doesn't support compression [ 198.326433][ T8414] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x4 [ 198.343144][ T8414] F2FS-fs (loop0): invalid crc value [ 198.353392][ T8414] F2FS-fs (loop0): Found nat_bits in checkpoint [ 198.454854][ T8414] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 198.634965][ T28] audit: type=1800 audit(2000000071.710:18): pid=8414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1023" name="bus" dev="loop0" ino=14 res=0 errno=0 [ 198.685615][ T8426] loop2: detected capacity change from 0 to 32768 [ 198.693236][ T8433] bridge1: entered promiscuous mode [ 198.699408][ T5769] syz-executor: attempt to access beyond end of device [ 198.699408][ T5769] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 198.714288][ T8426] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1038 (8426) [ 198.746720][ T5769] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 198.762336][ T5769] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 198.777239][ T8426] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 198.792590][ T8426] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 198.823157][ T8426] BTRFS info (device loop2): setting nodatasum [ 198.829602][ T8426] BTRFS info (device loop2): force zlib compression, level 3 [ 198.892038][ T8426] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 198.901411][ T8426] BTRFS info (device loop2): use lzo compression, level 0 [ 198.952030][ T8426] BTRFS info (device loop2): turning on flush-on-commit [ 198.959068][ T8426] BTRFS info (device loop2): enabling auto defrag [ 198.989288][ T8426] BTRFS info (device loop2): max_inline at 4096 [ 198.999672][ T8426] BTRFS info (device loop2): using free space tree [ 199.192018][ T8426] BTRFS info (device loop2): enabling ssd optimizations [ 199.478018][ T5770] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 199.983020][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 200.172038][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 200.184544][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 200.196287][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 200.206742][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 200.227412][ T8] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 200.237575][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.261526][ T8] usb 1-1: config 0 descriptor?? [ 200.429062][ T8472] loop3: detected capacity change from 0 to 64 [ 200.525800][ T28] audit: type=1800 audit(2000000073.600:19): pid=8472 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1039" name="file2" dev="loop3" ino=21 res=0 errno=0 [ 200.719383][ T8] shield 0003:0955:7214.000C: unknown main item tag 0x0 [ 200.753725][ T8] shield 0003:0955:7214.000C: unknown main item tag 0x0 [ 200.770162][ T8] shield 0003:0955:7214.000C: item fetching failed at offset 2/5 [ 200.801712][ T8] shield 0003:0955:7214.000C: Parse failed [ 200.824987][ T8] shield: probe of 0003:0955:7214.000C failed with error -22 [ 201.015837][ T5808] usb 1-1: USB disconnect, device number 10 [ 202.352603][ T8506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1057'. [ 202.400447][ T8510] loop2: detected capacity change from 0 to 512 [ 202.407296][ T8506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1057'. [ 202.467091][ T8510] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1058: invalid indirect mapped block 10 (level 1) [ 202.492701][ T8510] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #13: comm syz.2.1058: invalid indirect mapped block 8 (level 1) [ 202.590064][ T8510] EXT4-fs (loop2): 1 truncate cleaned up [ 202.646888][ T8510] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 202.794110][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 203.105843][ T8526] erspan0: entered promiscuous mode [ 203.504844][ T8524] loop3: detected capacity change from 0 to 32768 [ 203.523811][ T8524] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.1063 (8524) [ 203.557265][ T8524] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 203.572207][ T8524] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 203.581117][ T8524] BTRFS info (device loop3): setting nodatasum [ 203.592282][ T8524] BTRFS info (device loop3): force zlib compression, level 3 [ 203.605689][ T8524] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 203.627330][ T8524] BTRFS info (device loop3): use lzo compression, level 0 [ 203.639856][ T8524] BTRFS info (device loop3): turning on flush-on-commit [ 203.652536][ T8524] BTRFS info (device loop3): enabling auto defrag [ 203.659252][ T8524] BTRFS info (device loop3): max_inline at 4096 [ 203.671186][ T8524] BTRFS info (device loop3): using free space tree [ 203.804670][ T8524] BTRFS info (device loop3): enabling ssd optimizations [ 203.991820][ T8551] loop2: detected capacity change from 0 to 764 [ 204.238863][ T5767] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 204.466668][ T8561] loop1: detected capacity change from 0 to 512 [ 204.473399][ T8562] loop0: detected capacity change from 0 to 64 [ 204.564639][ T8561] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1072: invalid indirect mapped block 10 (level 1) [ 204.663754][ T8561] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1072: invalid indirect mapped block 8 (level 1) [ 204.753106][ T8561] EXT4-fs (loop1): 1 truncate cleaned up [ 204.795191][ T8561] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 205.105672][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 205.603672][ T8560] loop2: detected capacity change from 0 to 32768 [ 205.623992][ T8560] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.1073 (8560) [ 205.703146][ T8560] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 205.732281][ T8560] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 205.751340][ T8560] BTRFS info (device loop2): force clearing of disk cache [ 205.771556][ T8560] BTRFS info (device loop2): metadata ratio 0 [ 205.782330][ T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 205.790703][ T8560] BTRFS info (device loop2): enabling ssd optimizations [ 205.790730][ T8560] BTRFS info (device loop2): using spread ssd allocation scheme [ 205.790747][ T8560] BTRFS info (device loop2): using free space tree [ 205.920372][ T8560] BTRFS info (device loop2): auto enabling async discard [ 205.934648][ T8560] BTRFS info (device loop2): rebuilding free space tree [ 206.009393][ T9] usb 1-1: unable to get BOS descriptor or descriptor too short [ 206.040149][ T9] usb 1-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 206.061451][ T9] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 2 [ 206.094389][ T9] usb 1-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=d4.fd [ 206.127037][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.147628][ T28] audit: type=1800 audit(2000000079.220:20): pid=8560 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1073" name="file1" dev="loop2" ino=260 res=0 errno=0 [ 206.152029][ T9] usb 1-1: Product: syz [ 206.222230][ T9] usb 1-1: Manufacturer: syz [ 206.227221][ T9] usb 1-1: SerialNumber: syz [ 206.337764][ T5770] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 206.532232][ T9] usb 1-1: USB disconnect, device number 11 [ 207.313927][ T8612] loop1: detected capacity change from 0 to 256 [ 207.376775][ T8612] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 207.637975][ T8619] loop1: detected capacity change from 0 to 256 [ 208.192086][ T5856] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 208.382921][ T5856] usb 1-1: Using ep0 maxpacket: 8 [ 208.388650][ T8636] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1101'. [ 208.390123][ T5856] usb 1-1: config index 0 descriptor too short (expected 301, got 45) [ 208.407530][ T5856] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 208.418127][ T5856] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 208.428739][ T5856] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 208.449961][ T5856] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 208.465076][ T5856] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 208.475568][ T5856] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.542528][ T5809] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 208.697281][ T5856] usb 1-1: GET_CAPABILITIES returned 0 [ 208.702969][ T5856] usbtmc 1-1:16.0: can't read capabilities [ 208.724980][ T5809] usb 4-1: unable to get BOS descriptor or descriptor too short [ 208.734271][ T5809] usb 4-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 208.746318][ T5809] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 2 [ 208.758095][ T5809] usb 4-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=d4.fd [ 208.767515][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.775689][ T5809] usb 4-1: Product: syz [ 208.779966][ T5809] usb 4-1: Manufacturer: syz [ 208.784608][ T5809] usb 4-1: SerialNumber: syz [ 208.932327][ T9] usb 1-1: USB disconnect, device number 12 [ 209.012975][ T5809] usb 4-1: USB disconnect, device number 14 [ 209.490200][ T8638] program syz.0.1102 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 209.907840][ T8654] loop3: detected capacity change from 0 to 512 [ 209.952416][ T8654] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 210.063257][ T8654] EXT4-fs (loop3): 1 orphan inode deleted [ 210.069651][ T8654] EXT4-fs (loop3): 1 truncate cleaned up [ 210.096444][ T8654] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.182189][ T8654] EXT4-fs (loop3): shut down requested (1) [ 210.251780][ T8664] loop0: detected capacity change from 0 to 512 [ 210.264720][ T8664] EXT4-fs: Ignoring removed orlov option [ 210.271856][ T8664] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 210.294752][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.307351][ T8664] EXT4-fs (loop0): 1 truncate cleaned up [ 210.315565][ T8664] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.432176][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 210.652464][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 210.676698][ T9] usb 3-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 210.688367][ T9] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 2 [ 210.710801][ T9] usb 3-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=d4.fd [ 210.720448][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.728815][ T9] usb 3-1: Product: syz [ 210.733179][ T9] usb 3-1: Manufacturer: syz [ 210.741066][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.762103][ T9] usb 3-1: SerialNumber: syz [ 210.810579][ T8672] loop3: detected capacity change from 0 to 128 [ 211.080680][ T9] usb 3-1: USB disconnect, device number 12 [ 211.126599][ T8671] loop1: detected capacity change from 0 to 8192 [ 211.172742][ T8671] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 211.188900][ T8671] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 211.201420][ T8671] REISERFS (device loop1): using ordered data mode [ 211.210154][ T8671] reiserfs: using flush barriers [ 211.217391][ T8671] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 211.238204][ T8671] REISERFS (device loop1): checking transaction log (loop1) [ 211.249810][ T8671] REISERFS (device loop1): Using r5 hash to sort names [ 211.277972][ T8671] reiserfs: enabling write barrier flush mode [ 211.288318][ T8671] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 211.305884][ T8671] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 211.317225][ T8671] REISERFS (device loop1): Remounting filesystem read-only [ 211.332438][ T8671] REISERFS error (device loop1): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 211.352490][ T27] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 211.363193][ T8671] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 211.391756][ T8671] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 211.408196][ T8671] REISERFS error (device loop1): zam-7001 reiserfs_find_entry: io error [ 211.417250][ T8671] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 211.433530][ T8671] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 211.445201][ T8671] REISERFS error (device loop1): vs-13050 reiserfs_update_sd_size: i/o failure occurred trying to update [2 1 0x0 SD] stat data [ 211.459249][ T8671] REISERFS warning (device loop1): jdm-20006 create_privroot: xattrs/ACLs enabled and couldn't find/create .reiserfs_priv. Failing mount. [ 211.488908][ T8671] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 1 0(1) DIR], item_len 35, item_location 3937, free_space(entry_count) 2 [ 211.504886][ T8671] REISERFS error (device loop1): vs-5150 search_by_key: invalid format found in block 531. Fsck? [ 211.515946][ T8671] REISERFS (device loop1): Remounting filesystem read-only [ 211.572052][ T27] usb 1-1: Using ep0 maxpacket: 8 [ 211.594874][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 211.616101][ T27] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 211.640350][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.675719][ T27] usb 1-1: config 0 descriptor?? [ 211.855544][ T8683] loop2: detected capacity change from 0 to 8192 [ 211.871839][ T8683] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 211.892622][ T8683] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 211.902448][ T8683] REISERFS (device loop2): using ordered data mode [ 211.910454][ T8683] reiserfs: using flush barriers [ 211.918251][ T8683] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 211.933212][ T27] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 211.942736][ T8683] REISERFS (device loop2): checking transaction log (loop2) [ 211.966132][ T8683] REISERFS (device loop2): Using r5 hash to sort names [ 211.979042][ T8683] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 212.042094][ T9] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 212.202879][ T5856] usb 1-1: USB disconnect, device number 13 [ 212.244347][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 212.261123][ T9] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 212.276876][ T9] usb 2-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.292171][ T9] usb 2-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 212.307049][ T9] usb 2-1: config 0 interface 0 has no altsetting 0 [ 212.317259][ T9] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 212.326757][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.338006][ T9] usb 2-1: config 0 descriptor?? [ 213.050450][ T5808] usb 2-1: USB disconnect, device number 11 [ 213.312095][ T9] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 213.412222][ T27] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 213.420769][ T8710] veth0_macvtap: left promiscuous mode [ 213.512249][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 213.519284][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.542011][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.552522][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 213.576781][ T9] usb 3-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 213.589997][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.602870][ T9] usb 3-1: config 0 descriptor?? [ 213.624977][ T27] usb 4-1: unable to get BOS descriptor or descriptor too short [ 213.643704][ T27] usb 4-1: config 250 has an invalid descriptor of length 0, skipping remainder of the config [ 213.662360][ T27] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 2 [ 213.685481][ T27] usb 4-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=d4.fd [ 213.697332][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.705921][ T27] usb 4-1: Product: syz [ 213.710211][ T27] usb 4-1: Manufacturer: syz [ 213.716468][ T27] usb 4-1: SerialNumber: syz [ 213.962773][ T27] usb 4-1: USB disconnect, device number 15 [ 214.038524][ T9] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 214.049377][ T9] shield 0003:0955:7214.000E: unknown main item tag 0x0 [ 214.058998][ T9] shield 0003:0955:7214.000E: item fetching failed at offset 2/5 [ 214.067999][ T9] shield 0003:0955:7214.000E: Parse failed [ 214.074153][ T9] shield: probe of 0003:0955:7214.000E failed with error -22 [ 214.257386][ T27] usb 3-1: USB disconnect, device number 13 [ 215.169052][ T8731] loop2: detected capacity change from 0 to 512 [ 215.216188][ T8733] program syz.1.1141 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 215.429697][ T8738] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 215.485763][ T8740] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 215.974476][ T1087] Bluetooth: hci4: Frame reassembly failed (-84) [ 216.163590][ T8755] loop3: detected capacity change from 0 to 64 [ 216.183744][ T8755] MINIX-fs: mounting file system with errors, running fsck is recommended [ 216.666128][ T8757] loop0: detected capacity change from 0 to 32768 [ 216.675786][ T8757] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 scanned by syz.0.1153 (8757) [ 216.698515][ T8757] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 216.709635][ T8757] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 216.719178][ T8757] BTRFS info (device loop0): enabling auto defrag [ 216.726330][ T8757] BTRFS info (device loop0): use no compression [ 216.733640][ T8757] BTRFS info (device loop0): force clearing of disk cache [ 216.740870][ T8757] BTRFS info (device loop0): max_inline at 4096 [ 216.752020][ T8757] BTRFS info (device loop0): disabling free space tree [ 216.820588][ T8757] BTRFS info (device loop0): enabling ssd optimizations [ 216.828579][ T8757] BTRFS info (device loop0): auto enabling async discard [ 216.839701][ T8757] BTRFS info (device loop0): rebuilding free space tree [ 216.866016][ T8757] BTRFS info (device loop0): disabling free space tree [ 216.873109][ T8757] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 216.884393][ T8757] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 217.018574][ T5769] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 217.260049][ T8780] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 217.286863][ T8782] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1154'. [ 217.344600][ T8785] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1154'. [ 217.550267][ T8787] erspan0: entered promiscuous mode [ 217.719704][ T8793] netlink: 'syz.2.1163': attribute type 2 has an invalid length. [ 217.752287][ T8793] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1163'. [ 218.042174][ T5781] Bluetooth: hci4: command 0xfc11 tx timeout [ 218.049466][ T5779] Bluetooth: hci4: Entering manufacturer mode failed (-110) [ 218.236590][ T8795] loop3: detected capacity change from 0 to 32768 [ 218.264367][ T8795] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.1166 (8795) [ 218.305040][ T8795] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 218.334941][ T8795] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 218.375463][ T8795] BTRFS info (device loop3): enabling auto defrag [ 218.393228][ T8795] BTRFS info (device loop3): use no compression [ 218.399555][ T8795] BTRFS info (device loop3): force clearing of disk cache [ 218.428100][ T8795] BTRFS info (device loop3): max_inline at 4096 [ 218.447929][ T8795] BTRFS info (device loop3): disabling free space tree [ 218.512247][ T9] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 218.581024][ T8795] BTRFS info (device loop3): enabling ssd optimizations [ 218.620785][ T8795] BTRFS info (device loop3): auto enabling async discard [ 218.672943][ T8795] BTRFS info (device loop3): rebuilding free space tree [ 218.731987][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 218.741810][ T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 218.757679][ T8795] BTRFS info (device loop3): disabling free space tree [ 218.765052][ T8795] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 218.787404][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 218.800819][ T8795] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 218.814296][ T8827] macvlan0: entered promiscuous mode [ 218.823817][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 218.848648][ T8827] netlink: 'syz.0.1172': attribute type 1 has an invalid length. [ 218.852136][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 218.881071][ T8827] netlink: 'syz.0.1172': attribute type 2 has an invalid length. [ 218.885702][ T9] usb 3-1: Product: syz [ 218.905977][ T9] usb 3-1: Manufacturer: syz [ 218.910663][ T9] usb 3-1: SerialNumber: syz [ 219.127939][ T5767] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 219.162385][ T8832] can0: slcan on ttyS3. [ 219.217672][ T9] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 219.282354][ T8831] can0 (unregistered): slcan off ttyS3. [ 219.517820][ T9] usb 3-1: USB disconnect, device number 14 [ 219.543484][ T9] usblp0: removed [ 219.758899][ T8842] loop0: detected capacity change from 0 to 2048 [ 219.838444][ T8842] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.006395][ T8842] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 220.196958][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.822096][ T5856] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 221.013687][ T5856] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 221.024250][ T5856] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 221.034273][ T5856] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 221.050349][ T5856] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 221.059628][ T5856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 221.067896][ T5856] usb 1-1: Product: syz [ 221.072279][ T5856] usb 1-1: Manufacturer: syz [ 221.076899][ T5856] usb 1-1: SerialNumber: syz [ 221.300810][ T5856] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 221.533343][ T8872] can0: slcan on ttyS3. [ 221.567565][ T27] usb 1-1: USB disconnect, device number 14 [ 221.591057][ T27] usblp0: removed [ 221.693856][ T8871] can0 (unregistered): slcan off ttyS3. [ 221.831907][ T8882] loop1: detected capacity change from 0 to 128 [ 221.928933][ T8882] syz.1.1192: attempt to access beyond end of device [ 221.928933][ T8882] loop1: rw=2049, sector=138, nr_sectors = 112 limit=128 [ 222.907939][ T8913] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1202'. [ 223.890672][ T8915] loop3: detected capacity change from 0 to 40427 [ 223.899438][ T8935] loop0: detected capacity change from 0 to 1024 [ 223.926304][ T8915] F2FS-fs (loop3): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 223.942190][ T8915] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 223.967302][ T8915] F2FS-fs (loop3): invalid crc value [ 223.974927][ T8935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 224.002337][ T8935] ext4 filesystem being mounted at /300/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 224.056191][ T8915] F2FS-fs (loop3): Found nat_bits in checkpoint [ 224.141689][ T8935] EXT4-fs error (device loop0): ext4_map_blocks:718: inode #15: comm syz.0.1205: lblock 0 mapped to illegal pblock 0 (length 1) [ 224.156373][ T28] audit: type=1800 audit(2000000097.200:21): pid=8935 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1205" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 224.217518][ T8935] EXT4-fs (loop0): Remounting filesystem read-only [ 224.230078][ T8915] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 224.245294][ T8915] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 224.344828][ T5767] syz-executor: attempt to access beyond end of device [ 224.344828][ T5767] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 224.385122][ T5767] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 224.399271][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 224.759876][ T8937] loop2: detected capacity change from 0 to 32768 [ 224.767933][ T8932] loop1: detected capacity change from 0 to 32768 [ 224.821845][ T8932] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 225.179409][ T8932] XFS (loop1): Ending clean mount [ 225.230030][ T8932] XFS (loop1): Quotacheck needed: Please wait. [ 225.331510][ T8932] XFS (loop1): Quotacheck: Done. [ 225.443486][ T28] audit: type=1800 audit(2000000098.520:22): pid=8932 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1203" name="file2" dev="loop1" ino=9287 res=0 errno=0 [ 225.711082][ T5768] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 226.047518][ T8967] program syz.0.1222 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 226.311600][ T8975] loop2: detected capacity change from 0 to 4096 [ 226.329812][ T8975] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 226.411119][ T8975] ntfs3: loop2: Inode r=19 is not in use! [ 226.423800][ T8975] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 226.457446][ T8975] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 226.966722][ T8973] loop1: detected capacity change from 0 to 32768 [ 227.005070][ T8976] loop0: detected capacity change from 0 to 32768 [ 227.036042][ T8983] __sock_release: fasync list not empty! [ 227.103679][ T8973] XFS (loop1): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 227.267806][ T8973] XFS (loop1): Ending clean mount [ 227.396126][ T8999] loop3: detected capacity change from 0 to 256 [ 227.420546][ T8976] JBD2: Ignoring recovery information on journal [ 227.634680][ T8976] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 227.660511][ T5768] XFS (loop1): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 227.899798][ T28] audit: type=1800 audit(2000000100.960:23): pid=9005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1216" name="bus" dev="loop0" ino=17059 res=0 errno=0 [ 227.946864][ T9008] loop3: detected capacity change from 0 to 1024 [ 227.999357][ T9008] EXT4-fs: Ignoring removed bh option [ 228.008415][ T9008] EXT4-fs: Ignoring removed oldalloc option [ 228.040372][ T9008] EXT4-fs: Ignoring removed nobh option [ 228.072916][ T9008] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 228.137012][ T9008] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 228.285538][ T9017] loop1: detected capacity change from 0 to 64 [ 228.295721][ T9017] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 228.327042][ T5769] ocfs2: Unmounting device (7,0) on (node local) [ 228.389654][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.510517][ T9019] loop1: detected capacity change from 0 to 512 [ 228.540087][ T28] audit: type=1800 audit(2000000101.610:24): pid=9019 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1233" name="file2" dev="loop1" ino=1048621 res=0 errno=0 [ 228.552382][ T9019] FAT-fs (loop1): error, corrupted file size (i_pos 51, 9216) [ 228.587774][ T9019] FAT-fs (loop1): error, corrupted file size (i_pos 51, 8960) [ 228.613120][ T9019] FAT-fs (loop1): error, corrupted file size (i_pos 51, 8960) [ 228.620952][ T9019] FAT-fs (loop1): error, corrupted file size (i_pos 51, 8960) [ 228.636516][ T9019] FAT-fs (loop1): error, corrupted file size (i_pos 51, 8960) [ 228.746409][ T9021] loop3: detected capacity change from 0 to 4096 [ 228.817779][ T9021] ntfs: volume version 3.1. [ 228.964427][ T9025] loop1: detected capacity change from 0 to 1024 [ 229.499911][ T9040] loop0: detected capacity change from 0 to 256 [ 229.579204][ T9040] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 229.969218][ T9054] loop3: detected capacity change from 0 to 512 [ 230.030585][ T9054] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 230.079093][ T9054] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.1249: invalid indirect mapped block 6684672 (level 2) [ 230.127892][ T9054] EXT4-fs (loop3): 1 truncate cleaned up [ 230.182373][ T9054] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 230.212462][ T9060] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1251'. [ 230.307780][ T9054] EXT4-fs error (device loop3): ext4_generic_delete_entry:2729: inode #2: block 13: comm syz.3.1249: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 230.328685][ C0] vkms_vblank_simulate: vblank timer overrun [ 230.340599][ T9066] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x1d73664b, utbl_chksum : 0xe619d30d) [ 230.387603][ T9054] EXT4-fs error (device loop3) in ext4_delete_entry:2800: Corrupt filesystem [ 230.513194][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.893157][ T9074] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 230.957228][ T9074] ntfs3: loop1: Failed to load $Extend (-22). [ 230.971333][ T9074] ntfs3: loop1: Failed to initialize $Extend. [ 232.207405][ T9114] set_capacity_and_notify: 3 callbacks suppressed [ 232.207422][ T9114] loop0: detected capacity change from 0 to 1024 [ 232.649724][ T9118] loop1: detected capacity change from 0 to 64 [ 232.692888][ T9118] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 232.819526][ T9109] loop3: detected capacity change from 0 to 32768 [ 232.822305][ T9120] ieee802154 phy0 wpan0: encryption failed: -22 [ 232.843791][ T8] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 232.880608][ T9109] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 233.055563][ T8] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 233.080042][ T8] usb 1-1: config 0 has no interface number 0 [ 233.098064][ T8] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 233.109789][ T9109] XFS (loop3): Ending clean mount [ 233.115133][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.126128][ T8] usb 1-1: Product: syz [ 233.132801][ T8] usb 1-1: Manufacturer: syz [ 233.137632][ T8] usb 1-1: SerialNumber: syz [ 233.155649][ T8] usb 1-1: config 0 descriptor?? [ 233.308306][ T5767] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 233.382531][ T8] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 233.420946][ T8] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 233.453676][ T8] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 233.478902][ T8] usb 1-1: media controller created [ 233.533543][ T8] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 234.042118][ T5856] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 234.053066][ T9137] loop1: detected capacity change from 0 to 40427 [ 234.067129][ T9137] F2FS-fs (loop1): invalid crc value [ 234.104698][ T9137] F2FS-fs (loop1): Found nat_bits in checkpoint [ 234.248515][ T5856] usb 4-1: unable to get BOS descriptor or descriptor too short [ 234.248773][ T9137] F2FS-fs (loop1): Start checkpoint disabled! [ 234.278826][ T9137] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 234.279173][ T5856] usb 4-1: not running at top speed; connect to a high speed hub [ 234.341063][ T5856] usb 4-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 234.356767][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.367204][ T5856] usb 4-1: Product: syz [ 234.371452][ T5856] usb 4-1: Manufacturer: syz [ 234.382060][ T5856] usb 4-1: SerialNumber: syz [ 234.554861][ T1087] kworker/u4:6: attempt to access beyond end of device [ 234.554861][ T1087] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427 [ 234.577693][ T1087] kworker/u4:6: attempt to access beyond end of device [ 234.577693][ T1087] loop1: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 234.592361][ T1087] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 234.616042][ T9143] loop2: detected capacity change from 0 to 32768 [ 234.620843][ T1087] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 234.638909][ T1087] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 234.683997][ T8] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 234.700145][ T9143] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 234.802945][ T8] usb 1-1: USB disconnect, device number 15 [ 234.816999][ T9143] XFS (loop2): Ending clean mount [ 234.868735][ T9143] XFS (loop2): Quotacheck needed: Please wait. [ 234.935323][ T9143] XFS (loop2): Quotacheck: Done. [ 234.989554][ T28] audit: type=1800 audit(2000000108.060:25): pid=9143 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1284" name="file2" dev="loop2" ino=4423 res=0 errno=0 [ 235.137690][ T5770] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 235.255979][ T5856] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 235.257808][ T9155] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 235.267538][ T5856] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 235.302343][ T9155] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 235.347694][ T9155] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 235.385013][ T9155] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 235.395120][ T5856] usb 4-1: USB disconnect, device number 16 [ 235.429014][ T9155] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 235.452636][ T9155] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 235.565711][ T9160] loop0: detected capacity change from 0 to 64 [ 235.671667][ T6048] udevd[6048]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 236.126945][ T9172] hsr0: entered promiscuous mode [ 236.133326][ T9172] macsec3: entered allmulticast mode [ 236.138670][ T9172] hsr0: entered allmulticast mode [ 236.144342][ T9172] hsr_slave_0: entered allmulticast mode [ 236.150107][ T9172] hsr_slave_1: entered allmulticast mode [ 236.159208][ T9172] hsr0: left allmulticast mode [ 236.166174][ T9172] hsr_slave_0: left allmulticast mode [ 236.182053][ T9172] hsr_slave_1: left allmulticast mode [ 236.248705][ T5809] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 236.442486][ T5809] usb 1-1: Using ep0 maxpacket: 8 [ 236.460218][ T5809] usb 1-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 236.468671][ T5779] Bluetooth: hci2: unexpected event for opcode 0x0c7b [ 236.476280][ T5809] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 236.476310][ T5809] usb 1-1: Product: syz [ 236.516443][ T5809] usb 1-1: Manufacturer: syz [ 236.543387][ T5809] usb 1-1: SerialNumber: syz [ 236.563321][ T5809] usb 1-1: config 0 descriptor?? [ 236.648182][ T9162] loop1: detected capacity change from 0 to 32768 [ 236.730383][ T9162] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 236.846826][ T9162] XFS (loop1): Ending clean mount [ 236.874663][ T5809] usb 1-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 236.916753][ T9162] XFS (loop1): Quotacheck needed: Please wait. [ 236.986767][ T9162] XFS (loop1): Quotacheck: Done. [ 237.009044][ T9189] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1297'. [ 237.137237][ T5768] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 237.415723][ T9198] devpts: called with bogus options [ 237.483530][ T5809] usb write operation failed. (-71) [ 237.517424][ T5809] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 237.557326][ T5809] dvbdev: DVB: registering new adapter (Terratec H7) [ 237.574920][ T5809] usb 1-1: media controller created [ 237.602142][ T5809] usb read operation failed. (-71) [ 237.614073][ T5809] usb write operation failed. (-71) [ 237.634353][ T5809] dvb_usb_az6007: probe of 1-1:0.0 failed with error -5 [ 237.661173][ T5809] usb 1-1: USB disconnect, device number 16 [ 238.022401][ T9206] loop3: detected capacity change from 0 to 32768 [ 238.068405][ T9206] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 238.068405][ T9206] [ 238.079955][ T9206] xtLookup: xtSearch returned -5 [ 238.085562][ T9206] add_index: get/read_metapage failed! [ 238.091112][ T9206] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 238.091112][ T9206] [ 238.105735][ T27] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 238.106152][ T9206] xtLookup: xtSearch returned -5 [ 238.118603][ T9206] free_index: error reading directory table [ 238.132426][ T9206] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 238.132426][ T9206] [ 238.144446][ T9206] xtLookup: xtSearch returned -5 [ 238.151262][ T9206] free_index: error reading directory table [ 238.158960][ T9206] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 238.158960][ T9206] [ 238.186931][ T9206] xtLookup: xtSearch returned -5 [ 238.192904][ T9206] free_index: error reading directory table [ 238.200102][ T9206] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 238.200102][ T9206] [ 238.219898][ T9206] xtLookup: xtSearch returned -5 [ 238.225985][ T9206] free_index: error reading directory table [ 238.237634][ T9206] ERROR: (device loop3): xtSearch: XT_GETPAGE: xtree page corrupt [ 238.237634][ T9206] [ 238.248048][ T9206] xtLookup: xtSearch returned -5 [ 238.261653][ T9206] free_index: error reading directory table [ 238.302928][ T27] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 238.332068][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.340134][ T27] usb 3-1: Product: syz [ 238.347169][ T27] usb 3-1: Manufacturer: syz [ 238.351908][ T27] usb 3-1: SerialNumber: syz [ 238.655541][ T9214] loop1: detected capacity change from 0 to 2048 [ 238.748616][ T9214] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.899585][ T9212] loop0: detected capacity change from 0 to 32768 [ 238.939705][ T9212] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.1307 (9212) [ 239.012032][ T9212] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 239.043567][ T9212] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 239.070476][ T27] rtl8150 3-1:1.0: eth1: rtl8150 is detected [ 239.089968][ T9212] BTRFS info (device loop0): using free space tree [ 239.218902][ T9221] loop1: detected capacity change from 0 to 4096 [ 239.233726][ T9221] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 239.345697][ T9212] BTRFS info (device loop0): enabling ssd optimizations [ 239.396324][ T9212] BTRFS info (device loop0): auto enabling async discard [ 239.455988][ T5856] usb 3-1: USB disconnect, device number 15 [ 240.020276][ T5769] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 240.235493][ T6048] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop0 scanned by udevd (6048) [ 240.382140][ T5808] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 240.445976][ T9255] tun0: tun_chr_ioctl cmd 1074025677 [ 240.453075][ T9255] tun0: linktype set to 270 [ 240.525402][ T5779] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 240.535606][ T5779] Bluetooth: hci2: Injecting HCI hardware error event [ 240.546192][ T5779] Bluetooth: hci2: hardware error 0x00 [ 240.577168][ T5808] usb 2-1: Using ep0 maxpacket: 32 [ 240.652418][ T5808] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 240.679870][ T5808] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 240.774007][ T5808] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 240.808007][ T5808] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 240.818246][ T5808] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 240.842247][ T5808] usb 2-1: Product: syz [ 240.846495][ T5808] usb 2-1: Manufacturer: syz [ 240.869635][ T5808] usb 2-1: SerialNumber: syz [ 240.875186][ T9261] loop3: detected capacity change from 0 to 2048 [ 240.937628][ T9261] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 240.969156][ T5808] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input10 [ 241.314224][ T8] usb 2-1: USB disconnect, device number 12 [ 241.314310][ C1] appletouch 2-1:1.0: atp_complete: usb_submit_urb failed with result -19 [ 241.493731][ T8] appletouch 2-1:1.0: input: appletouch disconnected [ 241.570166][ T9278] loop2: detected capacity change from 0 to 1024 [ 241.647166][ T9284] loop0: detected capacity change from 0 to 64 [ 241.834269][ T12] hfsplus: b-tree write err: -5, ino 25 [ 241.855920][ T12] hfsplus: b-tree write err: -5, ino 4 [ 241.861676][ T12] hfsplus: b-tree write err: -5, ino 2 [ 242.433419][ T9304] loop2: detected capacity change from 0 to 2048 [ 242.487778][ T9309] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 242.682189][ T5779] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 243.099320][ T9326] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1332'. [ 243.257242][ T9291] loop0: detected capacity change from 0 to 32768 [ 243.301399][ T9291] gfs2: fsid=Ô±rÐÛ»ð_î [ 243.301399][ T9291] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 243.301399][ T9291] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM" [ 243.330818][ T9324] loop2: detected capacity change from 0 to 8192 [ 243.339428][ T9291] gfs2: fsid=Ô±rÐÛ»ð_î [ 243.339428][ T9291] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM: Now mounting FS (format 1801)... [ 243.647210][ T9291] gfs2: fsid=Ô±rÐÛ»ð_î [ 243.647210][ T9291] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM.s: journal 0 mapped with 5 extents in 0ms [ 243.912112][ T9291] gfs2: fsid=Ô±rÐÛ»ð_î [ 243.912112][ T9291] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM.s: first mount done, others may mount [ 244.717303][ T9332] loop3: detected capacity change from 0 to 32768 [ 244.788106][ T9332] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 244.817173][ T9332] JBD2: Ignoring recovery information on journal [ 244.966129][ T9332] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 245.281297][ T5767] ocfs2: Unmounting device (7,3) on (node local) [ 245.429926][ T9359] loop0: detected capacity change from 0 to 4096 [ 245.573073][ T9359] ntfs: volume version 3.1. [ 245.581348][ T9365] loop2: detected capacity change from 0 to 512 [ 245.608434][ T9363] loop1: detected capacity change from 0 to 4096 [ 245.631808][ T9365] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 245.703456][ T9367] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 245.751339][ T9365] EXT4-fs (loop2): 1 truncate cleaned up [ 245.792893][ T9365] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.000033][ T9372] loop3: detected capacity change from 0 to 1024 [ 246.013555][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.176887][ T28] audit: type=1800 audit(2000000119.240:26): pid=9372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1352" name="file1" dev="loop3" ino=3 res=0 errno=0 [ 246.343011][ T146] hfsplus: b-tree write err: -5, ino 3 [ 246.812756][ T5856] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 247.054547][ T5856] usb 3-1: Using ep0 maxpacket: 16 [ 247.095103][ T5856] usb 3-1: unable to get BOS descriptor or descriptor too short [ 247.128602][ T5856] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 247.168053][ T5856] usb 3-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 247.219832][ T5856] usb 3-1: config 1 interface 0 has no altsetting 0 [ 247.249958][ T5856] usb 3-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 247.282030][ T5856] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.290093][ T5856] usb 3-1: Product: syz [ 247.335241][ T5856] usb 3-1: Manufacturer: syz [ 247.368232][ T5856] usb 3-1: SerialNumber: syz [ 247.381944][ C1] sched: RT throttling activated [ 247.405675][ T5856] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input11 [ 247.640983][ T5123] bcm5974 3-1:1.0: could not read from device [ 247.674119][ T5123] bcm5974 3-1:1.0: could not read from device [ 247.688757][ T9380] loop1: detected capacity change from 0 to 131072 [ 247.699424][ T9380] F2FS-fs (loop1): Wrong CP boundary, start(512) end(1536) blocks(0) [ 247.708076][ T9380] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 247.711095][ T5856] bcm5974 3-1:1.0: could not read from device [ 247.730004][ T9380] F2FS-fs (loop1): invalid crc value [ 247.768154][ T9380] F2FS-fs (loop1): Found nat_bits in checkpoint [ 247.820687][ T5856] input: failed to attach handler mousedev to device input11, error: -5 [ 247.833422][ T9380] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 247.840611][ T9380] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 247.870534][ T9380] overlayfs: failed to resolve './file0/file1': -2 [ 247.885560][ T5123] bcm5974 3-1:1.0: could not read from device [ 247.941685][ T5856] usb 3-1: USB disconnect, device number 16 [ 248.112350][ T9390] loop3: detected capacity change from 0 to 32768 [ 248.182759][ T9390] JBD2: Ignoring recovery information on journal [ 248.231239][ T9400] loop0: detected capacity change from 0 to 4096 [ 248.244715][ T9400] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 248.277615][ T9390] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 248.563402][ T28] audit: type=1800 audit(2000000121.640:27): pid=9390 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1358" name="bus" dev="loop3" ino=17059 res=0 errno=0 [ 248.748904][ T5767] ocfs2: Unmounting device (7,3) on (node local) [ 249.192791][ T9409] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1365'. [ 249.614443][ T9420] loop3: detected capacity change from 0 to 2048 [ 249.688682][ T9422] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 250.261466][ T9436] loop1: detected capacity change from 0 to 4096 [ 250.282952][ T9436] EXT4-fs: Ignoring removed mblk_io_submit option [ 250.580440][ T9436] EXT4-fs (loop1): Test dummy encryption mode enabled [ 250.582719][ T9443] loop0: detected capacity change from 0 to 128 [ 250.635562][ T9436] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 250.689231][ T9428] loop2: detected capacity change from 0 to 32768 [ 250.800198][ T9428] JBD2: Ignoring recovery information on journal [ 250.865330][ T9434] loop3: detected capacity change from 0 to 32768 [ 250.992563][ T9434] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 251.037327][ T9428] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 251.037495][ T9436] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 251.091548][ T9434] XFS (loop3): Ending clean mount [ 251.130429][ T9434] XFS (loop3): Quotacheck needed: Please wait. [ 251.266255][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 251.280786][ T9434] XFS (loop3): Quotacheck: Done. [ 251.328194][ T28] audit: type=1800 audit(2000000124.400:28): pid=9428 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1374" name="bus" dev="loop2" ino=17059 res=0 errno=0 [ 251.417779][ T28] audit: type=1800 audit(2000000124.490:29): pid=9434 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1375" name="file2" dev="loop3" ino=4423 res=0 errno=0 [ 251.529151][ T5767] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 251.546099][ T5770] ocfs2: Unmounting device (7,2) on (node local) [ 251.669997][ T9464] syz.1.1381 (9464) used greatest stack depth: 19144 bytes left [ 252.004461][ T9466] loop2: detected capacity change from 0 to 4096 [ 252.039797][ T9466] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 252.083592][ T9466] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 252.152079][ T9466] ntfs: (device loop2): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 252.192159][ T9466] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 252.218332][ T9466] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 252.275795][ T9466] ntfs: volume version 3.1. [ 252.340239][ T9466] ntfs: (device loop2): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 252.382253][ T9466] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 252.421348][ T9466] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 252.506250][ T9478] loop0: detected capacity change from 0 to 2048 [ 252.573283][ T9478] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 252.603762][ T5809] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 252.725060][ T9484] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1391'. [ 252.794076][ T5809] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 252.802702][ T5809] usb 4-1: config 0 has no interface number 0 [ 252.811252][ T5809] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 252.821316][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.829392][ T5809] usb 4-1: Product: syz [ 252.833854][ T5809] usb 4-1: Manufacturer: syz [ 252.838466][ T5809] usb 4-1: SerialNumber: syz [ 252.845369][ T5809] usb 4-1: config 0 descriptor?? [ 252.896901][ T8] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 253.065939][ T5809] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 253.079950][ T5809] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 253.082249][ T8] usb 2-1: Using ep0 maxpacket: 16 [ 253.091073][ T5809] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 253.101109][ T8] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 253.106947][ T5809] usb 4-1: media controller created [ 253.116452][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 253.130565][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 253.138369][ T5809] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 253.140901][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 253.158889][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 253.174554][ T8] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 253.186237][ T8] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 253.194387][ T8] usb 2-1: Manufacturer: syz [ 253.202335][ T8] usb 2-1: config 0 descriptor?? [ 253.492042][ T8] rc_core: IR keymap rc-hauppauge not found [ 253.498134][ T8] Registered IR keymap rc-empty [ 253.503765][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.535999][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.578067][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 253.594230][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input12 [ 253.617942][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.654421][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.692944][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.722462][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.752134][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.782151][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.812303][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.842176][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.872137][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.902111][ T8] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 253.934346][ T8] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 253.943657][ T8] mceusb 2-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active) [ 253.957934][ T8] usb 2-1: USB disconnect, device number 13 [ 254.202505][ T5809] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 254.241045][ T5809] usb 4-1: USB disconnect, device number 17 [ 255.207185][ T9492] loop1: detected capacity change from 0 to 32768 [ 255.255418][ T9492] JBD2: Ignoring recovery information on journal [ 255.330132][ T9492] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 255.509050][ T9490] loop2: detected capacity change from 0 to 32768 [ 255.613499][ T9490] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present! [ 255.700757][ T9490] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 255.731167][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 256.046233][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.054139][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.074659][ T9490] (syz.2.1393,9490,0):ocfs2_double_lock:1190 ERROR: status = -2 [ 256.116438][ T9490] (syz.2.1393,9490,0):ocfs2_rename:1299 ERROR: status = -2 [ 256.152219][ T9490] (syz.2.1393,9490,0):ocfs2_rename:1690 ERROR: status = -2 [ 256.346246][ T5770] ocfs2: Unmounting device (7,2) on (node local) [ 256.824056][ T5856] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 257.027791][ T5856] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 257.048109][ T5856] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.071983][ T5856] usb 4-1: Product: syz [ 257.079837][ T5856] usb 4-1: Manufacturer: syz [ 257.096692][ T5856] usb 4-1: SerialNumber: syz [ 257.119786][ T9525] loop0: detected capacity change from 0 to 32768 [ 257.145074][ T9525] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 257.192966][ T9531] loop2: detected capacity change from 0 to 2048 [ 257.213152][ T9525] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 257.264086][ T9531] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 257.426865][ T9521] loop1: detected capacity change from 0 to 32768 [ 257.448668][ T9521] gfs2: fsid=Ô±rÐÛ»ð_î [ 257.448668][ T9521] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM: Trying to join cluster "lock_nolock", "Ô±rÐÛ»ð_î [ 257.448668][ T9521] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM" [ 257.469258][ T9521] gfs2: fsid=Ô±rÐÛ»ð_î [ 257.469258][ T9521] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM: Now mounting FS (format 1801)... [ 257.533534][ T9521] gfs2: fsid=Ô±rÐÛ»ð_î [ 257.533534][ T9521] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM.s: journal 0 mapped with 5 extents in 0ms [ 257.622836][ T5769] ocfs2: Unmounting device (7,0) on (node local) [ 257.672493][ T9521] gfs2: fsid=Ô±rÐÛ»ð_î [ 257.672493][ T9521] ˜b‚瀫ñ§Ö]êk;.Ä Œ±OŽ¿²ˆ:‚.£’t‹‰U§æM.s: first mount done, others may mount [ 257.817501][ T5856] rtl8150 4-1:1.0: eth1: rtl8150 is detected [ 258.125695][ T27] usb 4-1: USB disconnect, device number 18 [ 258.494008][ T9554] loop0: detected capacity change from 0 to 256 [ 258.551397][ T9554] exfat: Deprecated parameter 'utf8' [ 258.597888][ T9554] exfat: Deprecated parameter 'utf8' [ 258.721444][ T9554] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 258.925406][ T9565] loop2: detected capacity change from 0 to 256 [ 259.031137][ T9565] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 259.502035][ T9579] mmap: syz.2.1425 (9579) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 260.179415][ T9572] loop0: detected capacity change from 0 to 32768 [ 260.226988][ T9572] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 260.360763][ T9572] XFS (loop0): Ending clean mount [ 260.448215][ T9572] XFS (loop0): Quotacheck needed: Please wait. [ 260.610769][ T9572] XFS (loop0): Quotacheck: Done. [ 260.691703][ T9615] loop3: detected capacity change from 0 to 1024 [ 260.725221][ T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 260.749997][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 260.750014][ T28] audit: type=1800 audit(2000000133.820:31): pid=9572 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1422" name="file2" dev="loop0" ino=4423 res=0 errno=0 [ 260.777313][ C0] vkms_vblank_simulate: vblank timer overrun [ 260.830378][ T9618] loop1: detected capacity change from 0 to 256 [ 260.928593][ T5769] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 260.982387][ T8] usb 3-1: Using ep0 maxpacket: 32 [ 260.995491][ T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 261.023304][ T8] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 261.041072][ T8] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 261.082211][ T8] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 261.121977][ T8] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 261.167357][ T8] usb 3-1: Product: syz [ 261.188146][ T8] usb 3-1: Manufacturer: syz [ 261.202141][ T8] usb 3-1: SerialNumber: syz [ 261.230567][ T8] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input13 [ 261.641629][ T9622] loop3: detected capacity change from 0 to 8192 [ 261.642388][ T8] usb 3-1: USB disconnect, device number 17 [ 261.686233][ T8] appletouch 3-1:1.0: input: appletouch disconnected [ 262.575910][ T9635] loop0: detected capacity change from 0 to 32768 [ 262.952207][ T8] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 263.168922][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 263.191577][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 263.211571][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 263.231001][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 263.249866][ T8] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 263.269002][ T5779] Bluetooth: hci1: command 0x0406 tx timeout [ 263.277831][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.291263][ T8] usb 2-1: Product: syz [ 263.331980][ T8] usb 2-1: Manufacturer: syz [ 263.351220][ T8] usb 2-1: SerialNumber: syz [ 263.377963][ T8] usb 2-1: config 0 descriptor?? [ 263.670727][ T8] adutux 2-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 263.911202][ T9647] usb 2-1: Couldn't submit interrupt_out_urb -90 [ 263.968499][ T5856] usb 2-1: USB disconnect, device number 14 [ 265.069727][ T9703] loop1: detected capacity change from 0 to 2048 [ 265.108209][ T9703] EXT4-fs: Ignoring removed i_version option [ 265.199155][ T9703] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 265.240884][ T9707] loop2: detected capacity change from 0 to 1024 [ 265.366743][ T9703] EXT4-fs error (device loop1): ext4_find_extent:945: inode #2: comm syz.1.1471: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 265.477426][ T9707] hfsplus: walked past end of dir [ 265.538550][ T9703] EXT4-fs (loop1): Remounting filesystem read-only [ 265.562872][ T9712] loop0: detected capacity change from 0 to 512 [ 265.601323][ T9712] EXT4-fs: Ignoring removed i_version option [ 265.714768][ T9712] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 265.845453][ T9712] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 265.906812][ T9712] ext4 filesystem being mounted at /365/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 266.052416][ T9699] loop3: detected capacity change from 0 to 131072 [ 266.082444][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.116069][ T9699] F2FS-fs (loop3): Found nat_bits in checkpoint [ 266.159720][ T5769] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.171188][ T9699] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 266.235571][ T9699] F2FS-fs (loop3): recover xattr in inode (7), error(0) [ 266.243264][ T9699] F2FS-fs (loop3): set inode (7) has corrupted xattr [ 266.521054][ T9729] syz.2.1486 uses obsolete (PF_INET,SOCK_PACKET) [ 266.581274][ T9731] loop1: detected capacity change from 0 to 128 [ 266.623308][ T9731] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 266.724447][ T9731] ext4 filesystem being mounted at /383/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 266.862228][ T9736] input: syz1 as /devices/virtual/input/input14 [ 266.903712][ T28] audit: type=1800 audit(2000000139.970:32): pid=9731 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1479" name="file2" dev="loop1" ino=12 res=0 errno=0 [ 267.054371][ T5768] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 267.271629][ T9744] loop1: detected capacity change from 0 to 128 [ 267.391972][ T5856] kernel write not supported for file /sequencer (pid: 5856 comm: kworker/0:5) [ 267.409441][ T9742] loop2: detected capacity change from 0 to 4096 [ 267.429620][ T9742] EXT4-fs: Ignoring removed mblk_io_submit option [ 267.466771][ T9742] EXT4-fs (loop2): Test dummy encryption mode enabled [ 267.495888][ T9742] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.834569][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.861533][ T9773] team_slave_0: entered promiscuous mode [ 268.868210][ T9773] team_slave_1: entered promiscuous mode [ 268.981332][ T9779] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1501'. [ 269.018298][ T9777] loop3: detected capacity change from 0 to 4096 [ 269.050482][ T9777] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 269.078317][ T9777] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 269.131609][ T9777] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 269.162109][ T9777] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 269.189463][ T9777] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 269.225650][ T9777] ntfs: volume version 3.1. [ 269.235570][ T9777] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 269.264130][ T9777] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 269.302540][ T9777] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 269.359971][ T9777] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 269.401130][ T9789] input: syz0 as /devices/virtual/input/input15 [ 269.730061][ T9799] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 270.430884][ T9819] loop3: detected capacity change from 0 to 4096 [ 270.461058][ T9819] EXT4-fs: inline encryption not supported [ 270.510429][ T9819] EXT4-fs (loop3): Test dummy encryption mode enabled [ 270.552599][ T9819] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 270.584744][ T9819] System zones: 0-5 [ 270.611616][ T9819] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.820652][ T5767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.236955][ T9822] loop1: detected capacity change from 0 to 32768 [ 271.301864][ T9822] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 271.478531][ T9822] XFS (loop1): Ending clean mount [ 271.673038][ T5768] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 272.130110][ T9861] loop1: detected capacity change from 0 to 256 [ 272.281032][ T9863] loop2: detected capacity change from 0 to 256 [ 272.330519][ T9852] loop3: detected capacity change from 0 to 32768 [ 272.358102][ T28] kauditd_printk_skb: 5 callbacks suppressed [ 272.358121][ T28] audit: type=1800 audit(2000000146.435:33): pid=9863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1535" name="bus" dev="loop2" ino=1048640 res=0 errno=0 [ 272.439459][ T9863] Invalid ELF header magic: != ELF [ 272.797303][ T28] audit: type=1326 audit(2000000146.875:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9870 comm="syz.3.1539" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2d2c39c819 code=0x0 [ 272.822094][ T5807] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 273.012235][ T5807] usb 3-1: Using ep0 maxpacket: 16 [ 273.020818][ T5807] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 273.032914][ T5807] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 273.044972][ T5807] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.053168][ T5807] usb 3-1: Product: syz [ 273.057388][ T5807] usb 3-1: Manufacturer: syz [ 273.062194][ T5807] usb 3-1: SerialNumber: syz [ 273.071075][ T5807] usb 3-1: config 0 descriptor?? [ 273.078629][ T5807] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 273.088542][ T5807] usb 3-1: Detected FT232R [ 273.293473][ T5807] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 273.532600][ T5807] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 273.788546][ T5807] usb 3-1: USB disconnect, device number 18 [ 273.852869][ T5807] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 273.886046][ T5807] ftdi_sio 3-1:0.0: device disconnected [ 274.180494][ T9902] loop1: detected capacity change from 0 to 512 [ 274.194455][ T9902] EXT4-fs: Ignoring removed mblk_io_submit option [ 274.227848][ T9902] EXT4-fs: inline encryption not supported [ 274.247508][ T9902] EXT4-fs: Ignoring removed mblk_io_submit option [ 274.257143][ T9902] EXT4-fs (loop1): Test dummy encryption mode enabled [ 274.270168][ T9902] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 274.292537][ T9902] EXT4-fs (loop1): 1 truncate cleaned up [ 274.299268][ T9902] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 274.570746][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.936341][ T5781] Bluetooth: hci0: unknown advertising packet type: 0x39 [ 274.936444][ T5781] Bluetooth: hci0: Dropping invalid advertising data [ 274.953602][ T5781] Bluetooth: hci0: Malformed LE Event: 0x02 [ 275.247422][ T9924] netlink: 136 bytes leftover after parsing attributes in process `syz.0.1563'. [ 275.282445][ T9924] A link change request failed with some changes committed already. Interface erspan0 may have been left with an inconsistent configuration, please check. [ 275.348111][ T9912] loop3: detected capacity change from 0 to 32768 [ 275.365971][ T9912] [ 275.365971][ T9912] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.365971][ T9912] [ 275.603617][ T146] read_mapping_page failed! [ 275.608692][ T146] ERROR: (device loop3): txCommit: [ 275.608692][ T146] [ 275.648436][ T146] jfs_write_inode: jfs_commit_inode failed! [ 275.669979][ T5767] [ 275.669979][ T5767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.669979][ T5767] [ 275.673865][ T9932] loop1: detected capacity change from 0 to 2048 [ 275.707581][ T5767] [ 275.707581][ T5767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 275.707581][ T5767] [ 275.759953][ T9932] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 276.012103][ T27] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 276.236091][ T27] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 276.274501][ T27] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 276.291463][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 276.308154][ T27] usb 1-1: SerialNumber: syz [ 276.609067][ T9930] loop2: detected capacity change from 0 to 40427 [ 276.642686][ T9930] F2FS-fs (loop2): Invalid segment/section count (31, 24 x 1) [ 276.662021][ T9930] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 276.685111][ T9930] F2FS-fs (loop2): invalid crc value [ 276.690682][ T9930] F2FS-fs (loop2): Ignore s_resuid=0, s_resgid=60928 w/o reserve_root [ 276.741620][ T9930] F2FS-fs (loop2): Found nat_bits in checkpoint [ 276.897182][ T9930] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 276.918742][ T9930] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 276.962322][ T27] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 277.082986][ T5770] syz-executor: attempt to access beyond end of device [ 277.082986][ T5770] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 277.108196][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 277.221692][ T5809] usb 1-1: USB disconnect, device number 17 [ 277.450717][ T9957] loop1: detected capacity change from 0 to 32768 [ 277.489597][ T9957] (syz.1.1578,9957,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 277.504889][ T9957] (syz.1.1578,9957,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 277.559186][ T9957] JBD2: Ignoring recovery information on journal [ 277.657883][ T9957] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 277.953211][ T5768] ocfs2: Unmounting device (7,1) on (node local) [ 278.349667][ T9979] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1587'. [ 278.395824][ T9979] bridge0: entered promiscuous mode [ 278.443174][ T9979] macvtap1: entered promiscuous mode [ 278.449156][ T9979] macvtap1: entered allmulticast mode [ 278.507186][ T9979] bridge0: entered allmulticast mode [ 278.518741][ T9979] bridge0: port 3(macvtap1) entered blocking state [ 278.545107][ T9979] bridge0: port 3(macvtap1) entered disabled state [ 278.550980][ T9986] loop1: detected capacity change from 0 to 256 [ 278.586459][ T9979] bridge0: left allmulticast mode [ 278.592881][ T9979] bridge0: left promiscuous mode [ 278.801750][ T9989] loop3: detected capacity change from 0 to 64 [ 278.874704][ T9989] syz.3.1591: attempt to access beyond end of device [ 278.874704][ T9989] loop3: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 278.903681][ T9973] loop0: detected capacity change from 0 to 32768 [ 278.927292][ T9989] buffer_io_error: 60 callbacks suppressed [ 278.927312][ T9989] Buffer I/O error on dev loop3, logical block 512, async page read [ 278.953561][ T9973] XFS: noikeep mount option is deprecated. [ 278.965672][ T9989] syz.3.1591: attempt to access beyond end of device [ 278.965672][ T9989] loop3: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 278.981234][ T9989] Buffer I/O error on dev loop3, logical block 56576, async page read [ 279.013760][ T9973] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 279.112152][ T27] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 279.170144][ T5767] syz-executor: attempt to access beyond end of device [ 279.170144][ T5767] loop3: rw=0, sector=1024, nr_sectors = 2 limit=64 [ 279.216443][ T9973] XFS (loop0): Ending clean mount [ 279.237592][ T9973] XFS (loop0): Quotacheck needed: Please wait. [ 279.285251][ T5767] Buffer I/O error on dev loop3, logical block 512, async page read [ 279.331986][ T27] usb 2-1: Using ep0 maxpacket: 32 [ 279.340735][ T5767] syz-executor: attempt to access beyond end of device [ 279.340735][ T5767] loop3: rw=0, sector=113152, nr_sectors = 2 limit=64 [ 279.351044][ T27] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.354597][ T5767] Buffer I/O error on dev loop3, logical block 56576, async page read [ 279.378366][ T5767] Bad inode number on dev loop3: 2 is out of range [ 279.387420][ T5767] Bad inode number on dev loop3: 2 is out of range [ 279.430652][ T27] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 279.454994][ T9973] XFS (loop0): Quotacheck: Done. [ 279.482302][ T27] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 279.508854][ T27] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 279.542090][ T27] usb 2-1: Product: syz [ 279.546993][ T27] usb 2-1: Manufacturer: syz [ 279.558880][ T27] hub 2-1:4.0: USB hub found [ 279.703915][ T5769] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 279.774912][ T27] hub 2-1:4.0: 2 ports detected [ 279.823144][T10006] batadv1: entered allmulticast mode [ 279.853813][T10006] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 279.879694][T10006] bridge0: port 3(batadv1) entered blocking state [ 279.936194][T10006] bridge0: port 3(batadv1) entered disabled state [ 279.974022][T10006] batadv1: entered promiscuous mode [ 279.975285][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 279.983450][T10006] bridge0: port 3(batadv1) entered blocking state [ 279.986967][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 279.993137][T10006] bridge0: port 3(batadv1) entered forwarding state [ 280.000465][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 280.046006][ T27] hub 2-1:4.0: hub_hub_status failed (err = -32) [ 280.062375][ T27] hub 2-1:4.0: config failed, can't get hub status (err -32) [ 280.130009][ T27] usb 2-1: USB disconnect, device number 15 [ 280.297806][ T48] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 280.308121][ T48] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 280.767714][T10020] loop1: detected capacity change from 0 to 256 [ 280.842374][T10020] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 280.897389][T10022] loop0: detected capacity change from 0 to 2048 [ 280.902005][ T28] audit: type=1800 audit(2000000154.975:35): pid=10020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1602" name="file1" dev="loop1" ino=1048642 res=0 errno=0 [ 280.984927][T10022] loop0: p1 < > p3 [ 281.023009][T10022] loop0: p3 size 134217728 extends beyond EOD, truncated [ 281.037685][ T146] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 281.046005][ T28] audit: type=1800 audit(2000000155.005:36): pid=10020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1602" name="file1" dev="loop1" ino=1048642 res=0 errno=0 [ 281.076349][ T146] FAT-fs (loop1): Filesystem has been set read-only [ 281.116874][ T146] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 281.158511][ T146] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 281.204639][ T146] FAT-fs (loop1): error, corrupted file size (i_pos 196, 16779008) [ 281.248216][T10024] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 281.270934][ T5779] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 281.306862][ T5779] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 281.315876][ T5779] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 281.326605][ T5779] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 281.341618][ T5779] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 281.349481][ T5779] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 281.700480][T10038] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1607'. [ 281.742766][T10038] bridge0: port 4(vlan3) entered blocking state [ 281.750385][T10038] bridge0: port 4(vlan3) entered disabled state [ 281.757668][T10038] vlan3: entered allmulticast mode [ 281.764151][T10038] gretap0: entered allmulticast mode [ 281.773097][T10038] vlan3: entered promiscuous mode [ 281.780520][T10038] gretap0: entered promiscuous mode [ 281.787967][T10038] bridge0: port 4(vlan3) entered blocking state [ 281.794670][T10038] bridge0: port 4(vlan3) entered forwarding state [ 282.082710][ T5809] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 282.182551][T10028] chnl_net:caif_netlink_parms(): no params data found [ 282.437821][T10028] bridge0: port 1(bridge_slave_0) entered blocking state [ 282.477443][T10028] bridge0: port 1(bridge_slave_0) entered disabled state [ 282.492218][T10028] bridge_slave_0: entered allmulticast mode [ 282.500448][T10028] bridge_slave_0: entered promiscuous mode [ 282.543888][T10028] bridge0: port 2(bridge_slave_1) entered blocking state [ 282.551083][T10028] bridge0: port 2(bridge_slave_1) entered disabled state [ 282.575700][T10028] bridge_slave_1: entered allmulticast mode [ 282.587917][T10028] bridge_slave_1: entered promiscuous mode [ 282.707426][T10028] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 282.745691][T10028] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.842553][ T5807] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 282.855167][T10028] team0: Port device team_slave_0 added [ 282.884798][T10028] team0: Port device team_slave_1 added [ 283.000357][T10028] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 283.032106][T10028] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.092048][T10028] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 283.129360][T10028] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 283.152103][T10028] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 283.178252][ C0] vkms_vblank_simulate: vblank timer overrun [ 283.195234][T10028] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 283.301874][T10028] hsr_slave_0: entered promiscuous mode [ 283.321490][T10028] hsr_slave_1: entered promiscuous mode [ 283.332259][T10028] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 283.353645][T10028] Cannot create hsr debugfs directory [ 283.404758][ T5779] Bluetooth: hci1: command tx timeout [ 283.640146][T10070] block device autoloading is deprecated and will be removed. [ 283.654742][T10066] loop2: detected capacity change from 0 to 40427 [ 283.712206][T10066] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 283.719186][T10066] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 283.738695][T10066] F2FS-fs (loop2): invalid crc value [ 283.879495][T10028] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 283.930674][T10028] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 283.984055][T10066] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 283.991281][T10028] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 283.998817][T10066] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 284.020266][T10028] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 284.250058][ T5770] syz-executor: attempt to access beyond end of device [ 284.250058][ T5770] loop2: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 284.307210][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 284.347984][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 284.362259][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 284.364617][T10028] 8021q: adding VLAN 0 to HW filter on device bond0 [ 284.369176][ T5770] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 284.413199][T10028] 8021q: adding VLAN 0 to HW filter on device team0 [ 284.427721][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 284.434964][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 284.487761][ T48] bridge0: port 2(bridge_slave_1) entered blocking state [ 284.495282][ T48] bridge0: port 2(bridge_slave_1) entered forwarding state [ 284.705721][T10028] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 284.942731][ T5809] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 285.040954][T10097] loop2: detected capacity change from 0 to 128 [ 285.152330][ T5809] usb 2-1: Using ep0 maxpacket: 32 [ 285.178192][ T5809] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 285.202168][ T5809] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.245602][ T5809] usb 2-1: config 0 descriptor?? [ 285.299391][T10028] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 285.485414][ T5779] Bluetooth: hci1: command tx timeout [ 285.548378][ T5809] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 285.608755][ T5809] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 285.642686][ T5809] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 285.649931][ T5809] usb 2-1: media controller created [ 285.738148][ T5809] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 285.783600][ T5809] az6027: usb out operation failed. (-71) [ 285.832307][ T5809] az6027: usb out operation failed. (-71) [ 285.838121][ T5809] stb0899_attach: Driver disabled by Kconfig [ 285.872927][ T5809] az6027: no front-end attached [ 285.872927][ T5809] [ 285.885671][ T5809] az6027: usb out operation failed. (-71) [ 285.891481][ T5809] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 285.948418][ T5809] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input16 [ 285.967647][ T5809] dvb-usb: schedule remote query interval to 400 msecs. [ 285.984628][ T5809] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 286.031892][ T5809] usb 2-1: USB disconnect, device number 16 [ 286.211085][T10028] veth0_vlan: entered promiscuous mode [ 286.218427][ T5809] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 286.249830][T10125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1639'. [ 286.271088][T10028] veth1_vlan: entered promiscuous mode [ 286.404783][T10028] veth0_macvtap: entered promiscuous mode [ 286.467950][T10028] veth1_macvtap: entered promiscuous mode [ 286.536590][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.566576][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.574048][T10133] program syz.2.1643 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 286.579626][T10131] loop0: detected capacity change from 0 to 128 [ 286.602264][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.639880][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.650447][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.673477][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.701999][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.725934][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.738124][T10028] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 286.750991][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.767733][ T6048] blk_print_req_error: 62 callbacks suppressed [ 286.767754][ T6048] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 286.782070][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.842001][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.882067][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.911761][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.943986][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.979124][T10028] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 287.002992][T10028] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 287.026362][T10028] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 287.067505][T10028] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.087162][T10028] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.097687][T10028] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.106787][T10028] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 287.202077][ T8] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 287.284081][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.308264][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.370196][T10146] batadv1: entered allmulticast mode [ 287.393358][T10146] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 287.400831][T10146] bridge0: port 3(batadv1) entered blocking state [ 287.408755][T10146] bridge0: port 3(batadv1) entered disabled state [ 287.415533][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 287.422931][ T8] usb 2-1: config 2 has an invalid interface number: 88 but max is 0 [ 287.433134][T10146] batadv1: entered promiscuous mode [ 287.438432][ T8] usb 2-1: config 2 has no interface number 0 [ 287.445414][T10146] bridge0: port 3(batadv1) entered blocking state [ 287.452076][T10146] bridge0: port 3(batadv1) entered forwarding state [ 287.459295][ T8] usb 2-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 287.469798][ T8] usb 2-1: config 2 interface 88 has no altsetting 0 [ 287.480783][ T8] usb 2-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 287.500973][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.512112][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.520084][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.540850][ T8] usb 2-1: Product: syz [ 287.548511][ T8] usb 2-1: Manufacturer: syz [ 287.562334][ T5779] Bluetooth: hci1: command tx timeout [ 287.572077][ T8] usb 2-1: SerialNumber: syz [ 287.591391][T10138] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 287.849556][T10138] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 287.918416][ T1087] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 287.927997][ T1087] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 288.242222][ T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 288.442199][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 288.460727][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 288.487971][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 288.501399][ T8] asix 2-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 288.513430][ T8] asix: probe of 2-1:2.88 failed with error -71 [ 288.544149][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 288.563036][ T8] usb 2-1: USB disconnect, device number 17 [ 288.583231][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 288.632238][ T9] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 288.689824][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 288.712196][ T9] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 288.720263][ T9] usb 1-1: Manufacturer: syz [ 288.748415][ T9] usb 1-1: config 0 descriptor?? [ 289.132529][ T9] rc_core: IR keymap rc-hauppauge not found [ 289.138552][ T9] Registered IR keymap rc-empty [ 289.169950][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.232210][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.283377][ T9] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 289.306767][ T9] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input17 [ 289.341615][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.382336][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.395592][T10188] loop1: detected capacity change from 0 to 1024 [ 289.418454][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.462213][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.502121][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.506359][T10188] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 289.522718][T10194] loop2: detected capacity change from 0 to 16 [ 289.546306][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.563730][T10194] erofs: (device loop2): mounted with root inode @ nid 36. [ 289.582569][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.599344][T10194] syz.2.1667: attempt to access beyond end of device [ 289.599344][T10194] loop2: rw=524288, sector=16, nr_sectors = 32 limit=16 [ 289.615034][T10194] syz.2.1667: attempt to access beyond end of device [ 289.615034][T10194] loop2: rw=524288, sector=8, nr_sectors = 32 limit=16 [ 289.635034][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.643701][ T5779] Bluetooth: hci1: command tx timeout [ 289.653210][T10197] syz.2.1667: attempt to access beyond end of device [ 289.653210][T10197] loop2: rw=0, sector=8, nr_sectors = 32 limit=16 [ 289.672096][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.702422][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.733368][ T9] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 289.782106][ T8] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 289.797150][ T5768] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.804220][ T9] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version cf [ 289.842684][ T5770] BUG: Bad page state in process syz-executor pfn:69919 [ 289.850485][ T5770] page:ffffea0001a64640 refcount:0 mapcount:0 mapping:ffff888077650270 index:0x2 pfn:0x69919 [ 289.862130][ T5770] aops:z_erofs_cache_aops ino:0 [ 289.867123][ T5770] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 289.875658][ T5770] page_type: 0xffffffff() [ 289.880039][ T5770] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff888077650270 [ 289.889307][ T5770] raw: 0000000000000002 0000000000000000 00000000ffffffff 0000000000000000 [ 289.898616][ T5770] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 289.906040][ T5770] page_owner tracks the page as allocated [ 289.912522][ T5770] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 10194, tgid 10193 (syz.2.1667), ts 289598681734, free_ts 280403400388 [ 289.934973][ T5770] post_alloc_hook+0x1c1/0x200 [ 289.940275][ T5770] get_page_from_freelist+0x1951/0x19e0 [ 289.946089][ T5770] __alloc_pages+0x1f0/0x460 [ 289.950730][ T5770] z_erofs_do_read_page+0x2181/0x36b0 [ 289.956219][ T5770] z_erofs_readahead+0x88b/0xda0 [ 289.961236][ T5770] read_pages+0x189/0x850 [ 289.966623][ T5770] page_cache_ra_unbounded+0x68a/0x770 [ 289.972540][ T5770] force_page_cache_ra+0x2c1/0x320 [ 289.977721][ T5770] generic_fadvise+0x47e/0x780 [ 289.982618][ T5770] __x64_sys_fadvise64+0x140/0x180 [ 289.987788][ T5770] do_syscall_64+0x55/0xa0 [ 289.992371][ T5770] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 289.998323][ T5770] page last free stack trace: [ 290.003098][ T5770] free_unref_page_prepare+0x7b2/0x8c0 [ 290.008627][ T5770] free_unref_page+0x32/0x2e0 [ 290.013404][ T5770] kasan_depopulate_vmalloc_pte+0x75/0x90 [ 290.019477][ T5770] __apply_to_page_range+0x860/0xdd0 [ 290.025078][ T5770] kasan_release_vmalloc+0x97/0xb0 [ 290.030232][ T5770] __purge_vmap_area_lazy+0xfa7/0x1af0 [ 290.035878][ T5770] drain_vmap_area_work+0x40/0xd0 [ 290.041366][ T5770] process_scheduled_works+0xa5d/0x15d0 [ 290.047133][ T5770] worker_thread+0xa55/0xfc0 [ 290.051858][ T5770] kthread+0x2fa/0x390 [ 290.056132][ T5770] ret_from_fork+0x48/0x80 [ 290.060610][ T5770] ret_from_fork_asm+0x11/0x20 [ 290.066088][ T5770] Modules linked in: [ 290.070276][ T5770] CPU: 0 PID: 5770 Comm: syz-executor Not tainted syzkaller #0 [ 290.077820][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 290.087980][ T5770] Call Trace: [ 290.091445][ T5770] [ 290.094543][ T5770] dump_stack_lvl+0x18c/0x250 [ 290.099597][ T5770] ? show_regs_print_info+0x20/0x20 [ 290.105102][ T5770] ? swiotlb_print_info+0x70/0x70 [ 290.110154][ T5770] bad_page+0x14b/0x170 [ 290.114436][ T5770] free_unref_page_prepare+0x85f/0x8c0 [ 290.119953][ T5770] free_unref_page+0x32/0x2e0 [ 290.124655][ T5770] ? __folio_put+0xef/0x210 [ 290.129200][ T5770] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 290.135654][ T5770] erofs_shrink_workstation+0x11f/0x290 [ 290.141306][ T5770] ? erofs_shrinker_unregister+0x170/0x170 [ 290.147130][ T5770] ? io_schedule+0xd0/0xd0 [ 290.151655][ T5770] ? kobject_put+0x428/0x460 [ 290.156268][ T5770] erofs_shrinker_unregister+0x5d/0x170 [ 290.161838][ T5770] erofs_put_super+0x4e/0x150 [ 290.166623][ T5770] ? erofs_free_inode+0xb0/0xb0 [ 290.171590][ T5770] generic_shutdown_super+0x134/0x2b0 [ 290.176981][ T5770] kill_block_super+0x44/0x90 [ 290.181694][ T5770] erofs_kill_sb+0x4c/0x140 [ 290.186212][ T5770] deactivate_locked_super+0x97/0x100 [ 290.191603][ T5770] cleanup_mnt+0x43b/0x4d0 [ 290.196041][ T5770] task_work_run+0x1d4/0x260 [ 290.200774][ T5770] ? task_work_cancel+0x220/0x220 [ 290.206021][ T5770] ? exit_to_user_mode_loop+0x3b/0x110 [ 290.211546][ T5770] exit_to_user_mode_loop+0xe6/0x110 [ 290.216851][ T5770] exit_to_user_mode_prepare+0xee/0x180 [ 290.222419][ T5770] syscall_exit_to_user_mode+0x1a/0x50 [ 290.227899][ T5770] do_syscall_64+0x61/0xa0 [ 290.232521][ T5770] ? clear_bhb_loop+0x40/0x90 [ 290.237209][ T5770] ? clear_bhb_loop+0x40/0x90 [ 290.241900][ T5770] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.247812][ T5770] RIP: 0033:0x7f049019da57 [ 290.252249][ T5770] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 290.271871][ T5770] RSP: 002b:00007ffd166162f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 290.280396][ T5770] RAX: 0000000000000000 RBX: 00007f0490232048 RCX: 00007f049019da57 [ 290.288380][ T5770] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd166163b0 [ 290.296383][ T5770] RBP: 00007ffd166163b0 R08: 00007ffd166173b0 R09: 00000000ffffffff [ 290.304384][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd16617440 [ 290.312550][ T5770] R13: 00007f0490232048 R14: 0000000000046b6c R15: 00007ffd16617480 [ 290.320636][ T5770] [ 290.323749][ C0] vkms_vblank_simulate: vblank timer overrun [ 290.329910][ T5770] Disabling lock debugging due to kernel taint [ 290.337501][ T5770] BUG: Bad page state in process syz-executor pfn:6991a [ 290.344801][ T5770] page:ffffea0001a64680 refcount:0 mapcount:0 mapping:ffff888077650270 index:0x3 pfn:0x6991a [ 290.355253][ T5770] aops:z_erofs_cache_aops ino:0 [ 290.360217][ T5770] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 290.368256][ T5770] page_type: 0xffffffff() [ 290.373130][ T5770] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff888077650270 [ 290.381852][ T5770] raw: 0000000000000003 0000000000000000 00000000ffffffff 0000000000000000 [ 290.390533][ T5770] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 290.397878][ T5770] page_owner tracks the page as allocated [ 290.403666][ T5770] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 10194, tgid 10193 (syz.2.1667), ts 289598735039, free_ts 280403416991 [ 290.425829][ C0] vkms_vblank_simulate: vblank timer overrun [ 290.431954][ T5770] post_alloc_hook+0x1c1/0x200 [ 290.436773][ T5770] get_page_from_freelist+0x1951/0x19e0 [ 290.442540][ T5770] __alloc_pages+0x1f0/0x460 [ 290.447142][ T5770] z_erofs_do_read_page+0x2181/0x36b0 [ 290.452777][ T5770] z_erofs_readahead+0x88b/0xda0 [ 290.457721][ T5770] read_pages+0x189/0x850 [ 290.462139][ T5770] page_cache_ra_unbounded+0x68a/0x770 [ 290.467614][ T5770] force_page_cache_ra+0x2c1/0x320 [ 290.472765][ T5770] generic_fadvise+0x47e/0x780 [ 290.477868][ T5770] __x64_sys_fadvise64+0x140/0x180 [ 290.483078][ T5770] do_syscall_64+0x55/0xa0 [ 290.487520][ T5770] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.493496][ T5770] page last free stack trace: [ 290.498178][ T5770] free_unref_page_prepare+0x7b2/0x8c0 [ 290.503684][ T5770] free_unref_page+0x32/0x2e0 [ 290.508396][ T5770] kasan_depopulate_vmalloc_pte+0x75/0x90 [ 290.514180][ T5770] __apply_to_page_range+0x860/0xdd0 [ 290.519488][ T5770] kasan_release_vmalloc+0x97/0xb0 [ 290.525128][ T5770] __purge_vmap_area_lazy+0xfa7/0x1af0 [ 290.530618][ T5770] drain_vmap_area_work+0x40/0xd0 [ 290.535880][ T5770] process_scheduled_works+0xa5d/0x15d0 [ 290.541671][ T5770] worker_thread+0xa55/0xfc0 [ 290.546308][ T5770] kthread+0x2fa/0x390 [ 290.550530][ T5770] ret_from_fork+0x48/0x80 [ 290.555333][ T5770] ret_from_fork_asm+0x11/0x20 [ 290.560146][ T5770] Modules linked in: [ 290.564261][ T5770] CPU: 0 PID: 5770 Comm: syz-executor Tainted: G B syzkaller #0 [ 290.573392][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 290.583449][ T5770] Call Trace: [ 290.586727][ T5770] [ 290.589678][ T5770] dump_stack_lvl+0x18c/0x250 [ 290.594364][ T5770] ? show_regs_print_info+0x20/0x20 [ 290.599655][ T5770] ? swiotlb_print_info+0x70/0x70 [ 290.604687][ T5770] bad_page+0x14b/0x170 [ 290.608838][ T5770] free_unref_page_prepare+0x85f/0x8c0 [ 290.614313][ T5770] free_unref_page+0x32/0x2e0 [ 290.619009][ T5770] ? __folio_put+0xef/0x210 [ 290.623538][ T5770] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 290.629977][ T5770] erofs_shrink_workstation+0x11f/0x290 [ 290.635661][ T5770] ? erofs_shrinker_unregister+0x170/0x170 [ 290.641544][ T5770] ? io_schedule+0xd0/0xd0 [ 290.645995][ T5770] ? kobject_put+0x428/0x460 [ 290.650620][ T5770] erofs_shrinker_unregister+0x5d/0x170 [ 290.656265][ T5770] erofs_put_super+0x4e/0x150 [ 290.660969][ T5770] ? erofs_free_inode+0xb0/0xb0 [ 290.665821][ T5770] generic_shutdown_super+0x134/0x2b0 [ 290.671204][ T5770] kill_block_super+0x44/0x90 [ 290.676069][ T5770] erofs_kill_sb+0x4c/0x140 [ 290.680598][ T5770] deactivate_locked_super+0x97/0x100 [ 290.685980][ T5770] cleanup_mnt+0x43b/0x4d0 [ 290.690415][ T5770] task_work_run+0x1d4/0x260 [ 290.695017][ T5770] ? task_work_cancel+0x220/0x220 [ 290.700053][ T5770] ? exit_to_user_mode_loop+0x3b/0x110 [ 290.705597][ T5770] exit_to_user_mode_loop+0xe6/0x110 [ 290.710893][ T5770] exit_to_user_mode_prepare+0xee/0x180 [ 290.716447][ T5770] syscall_exit_to_user_mode+0x1a/0x50 [ 290.721921][ T5770] do_syscall_64+0x61/0xa0 [ 290.726358][ T5770] ? clear_bhb_loop+0x40/0x90 [ 290.731041][ T5770] ? clear_bhb_loop+0x40/0x90 [ 290.735723][ T5770] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.741885][ T5770] RIP: 0033:0x7f049019da57 [ 290.746424][ T5770] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 290.766501][ T5770] RSP: 002b:00007ffd166162f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 290.774939][ T5770] RAX: 0000000000000000 RBX: 00007f0490232048 RCX: 00007f049019da57 [ 290.782921][ T5770] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd166163b0 [ 290.790903][ T5770] RBP: 00007ffd166163b0 R08: 00007ffd166173b0 R09: 00000000ffffffff [ 290.798896][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd16617440 [ 290.806978][ T5770] R13: 00007f0490232048 R14: 0000000000046b6c R15: 00007ffd16617480 [ 290.814968][ T5770] [ 290.818087][ C0] vkms_vblank_simulate: vblank timer overrun [ 290.825043][ T5770] BUG: Bad page state in process syz-executor pfn:6991b [ 290.832227][ T5770] page:ffffea0001a646c0 refcount:0 mapcount:0 mapping:ffff888077650270 index:0x4 pfn:0x6991b [ 290.842845][ T5770] aops:z_erofs_cache_aops ino:0 [ 290.847733][ T5770] flags: 0xfff00000000001(locked|node=0|zone=1|lastcpupid=0x7ff) [ 290.855615][ T5770] page_type: 0xffffffff() [ 290.860090][ T5770] raw: 00fff00000000001 dead000000000100 dead000000000122 ffff888077650270 [ 290.868857][ T5770] raw: 0000000000000004 0000000000000000 00000000ffffffff 0000000000000000 [ 290.877515][ T5770] page dumped because: PAGE_FLAGS_CHECK_AT_FREE flag(s) set [ 290.885269][ T5770] page_owner tracks the page as allocated [ 290.890987][ T5770] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x192840(GFP_NOWAIT|__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 10194, tgid 10193 (syz.2.1667), ts 289598754410, free_ts 280403433455 [ 290.913290][ C0] vkms_vblank_simulate: vblank timer overrun [ 290.919539][ T5770] post_alloc_hook+0x1c1/0x200 [ 290.924475][ T5770] get_page_from_freelist+0x1951/0x19e0 [ 290.930083][ T5770] __alloc_pages+0x1f0/0x460 [ 290.935002][ T5770] z_erofs_do_read_page+0x2181/0x36b0 [ 290.940511][ T5770] z_erofs_readahead+0x88b/0xda0 [ 290.945527][ T5770] read_pages+0x189/0x850 [ 290.949876][ T5770] page_cache_ra_unbounded+0x68a/0x770 [ 290.955371][ T5770] force_page_cache_ra+0x2c1/0x320 [ 290.960681][ T5770] generic_fadvise+0x47e/0x780 [ 290.965533][ T5770] __x64_sys_fadvise64+0x140/0x180 [ 290.970676][ T5770] do_syscall_64+0x55/0xa0 [ 290.975192][ T5770] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.981198][ T5770] page last free stack trace: [ 290.986377][ T5770] free_unref_page_prepare+0x7b2/0x8c0 [ 290.991985][ T5770] free_unref_page+0x32/0x2e0 [ 290.996694][ T5770] kasan_depopulate_vmalloc_pte+0x75/0x90 [ 291.002548][ T5770] __apply_to_page_range+0x860/0xdd0 [ 291.007870][ T5770] kasan_release_vmalloc+0x97/0xb0 [ 291.013046][ T5770] __purge_vmap_area_lazy+0xfa7/0x1af0 [ 291.018574][ T5770] drain_vmap_area_work+0x40/0xd0 [ 291.023671][ T5770] process_scheduled_works+0xa5d/0x15d0 [ 291.029366][ T5770] worker_thread+0xa55/0xfc0 [ 291.034023][ T5770] kthread+0x2fa/0x390 [ 291.038184][ T5770] ret_from_fork+0x48/0x80 [ 291.042807][ T5770] ret_from_fork_asm+0x11/0x20 [ 291.047866][ T5770] Modules linked in: [ 291.051758][ T5770] CPU: 0 PID: 5770 Comm: syz-executor Tainted: G B syzkaller #0 [ 291.060779][ T5770] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 291.070848][ T5770] Call Trace: [ 291.074126][ T5770] [ 291.077052][ T5770] dump_stack_lvl+0x18c/0x250 [ 291.081774][ T5770] ? show_regs_print_info+0x20/0x20 [ 291.087074][ T5770] ? swiotlb_print_info+0x70/0x70 [ 291.092218][ T5770] bad_page+0x14b/0x170 [ 291.096382][ T5770] free_unref_page_prepare+0x85f/0x8c0 [ 291.101957][ T5770] free_unref_page+0x32/0x2e0 [ 291.106757][ T5770] ? __folio_put+0xef/0x210 [ 291.111371][ T5770] erofs_try_to_free_all_cached_pages+0x295/0x5f0 [ 291.117803][ T5770] erofs_shrink_workstation+0x11f/0x290 [ 291.123354][ T5770] ? erofs_shrinker_unregister+0x170/0x170 [ 291.129166][ T5770] ? io_schedule+0xd0/0xd0 [ 291.133590][ T5770] ? kobject_put+0x428/0x460 [ 291.138187][ T5770] erofs_shrinker_unregister+0x5d/0x170 [ 291.143743][ T5770] erofs_put_super+0x4e/0x150 [ 291.148438][ T5770] ? erofs_free_inode+0xb0/0xb0 [ 291.153384][ T5770] generic_shutdown_super+0x134/0x2b0 [ 291.158769][ T5770] kill_block_super+0x44/0x90 [ 291.163452][ T5770] erofs_kill_sb+0x4c/0x140 [ 291.167978][ T5770] deactivate_locked_super+0x97/0x100 [ 291.173360][ T5770] cleanup_mnt+0x43b/0x4d0 [ 291.177797][ T5770] task_work_run+0x1d4/0x260 [ 291.182487][ T5770] ? task_work_cancel+0x220/0x220 [ 291.187529][ T5770] ? exit_to_user_mode_loop+0x3b/0x110 [ 291.193005][ T5770] exit_to_user_mode_loop+0xe6/0x110 [ 291.198318][ T5770] exit_to_user_mode_prepare+0xee/0x180 [ 291.203877][ T5770] syscall_exit_to_user_mode+0x1a/0x50 [ 291.209520][ T5770] do_syscall_64+0x61/0xa0 [ 291.214048][ T5770] ? clear_bhb_loop+0x40/0x90 [ 291.218824][ T5770] ? clear_bhb_loop+0x40/0x90 [ 291.223513][ T5770] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.229413][ T5770] RIP: 0033:0x7f049019da57 [ 291.233842][ T5770] Code: a2 c7 05 9c fc 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 291.253562][ T5770] RSP: 002b:00007ffd166162f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 291.262073][ T5770] RAX: 0000000000000000 RBX: 00007f0490232048 RCX: 00007f049019da57 [ 291.270309][ T5770] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd166163b0 [ 291.278292][ T5770] RBP: 00007ffd166163b0 R08: 00007ffd166173b0 R09: 00000000ffffffff [ 291.286516][ T5770] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd16617440 [ 291.294581][ T5770] R13: 00007f0490232048 R14: 0000000000046b6c R15: 00007ffd16617480 [ 291.302654][ T5770] [ 291.305729][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.319289][ T9] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 291.336877][ T9] usb 1-1: USB disconnect, device number 18 [ 291.422472][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 291.429549][ T8] usb 5-1: config 0 has no interfaces? [ 291.438283][ T8] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 291.459618][ T8] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 291.484239][ T8] usb 5-1: Manufacturer: syz [ 291.493066][ T8] usb 5-1: config 0 descriptor?? [ 291.722036][T10190] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1666'. [ 291.744814][ T5808] usb 5-1: USB disconnect, device number 2