last executing test programs: 5.225707952s ago: executing program 0 (id=2020): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x15, 0x17, 0xee, 0x40, 0xaf0, 0x7a05, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xff, 0x5, 0x49}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000004c0)={0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="00001100000006"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.706140856s ago: executing program 1 (id=2026): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_PR_STREAM_STATUS(r0, 0x84, 0x10, &(0x7f0000001580), &(0x7f0000002580)=0x1000) 3.501093773s ago: executing program 2 (id=2027): capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb}) openat$comedi(0xffffffffffffff9c, &(0x7f0000000180)='/dev/comedi0\x00', 0xe6482, 0x0) 3.45536189s ago: executing program 3 (id=2028): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl$sock_SIOCGIFVLAN_ADD_VLAN_CMD(r0, 0x8982, &(0x7f0000001ac0)={0x0, 'batadv0\x00', {0x7}, 0x802}) 3.407073218s ago: executing program 4 (id=2029): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x1ff, 0x103202) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f0000000040)={0x23, 0x1, 0x11, 0x8001, 0x0, 0xbfeffff7, 0x0}) 3.076240919s ago: executing program 1 (id=2030): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)=@getlink={0x28, 0x12, 0x1, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x828, 0x10100}, [@IFLA_NET_NS_FD={0x8}]}, 0x28}, 0x1, 0x0, 0x0, 0x20000040}, 0x80) 2.987403908s ago: executing program 2 (id=2031): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8947, &(0x7f00000002c0)={'bond0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x6}}) 2.854921325s ago: executing program 4 (id=2032): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000540)=@ipv6_deladdr={0x2c, 0x15, 0x1, 0x70bd2d, 0x25dfdbff, {0xa, 0x8, 0x88, 0xff}, [@IFA_ADDRESS={0xd, 0x1, @mcast2}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8000}, 0x40000) 2.831238307s ago: executing program 0 (id=2033): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) preadv(r0, &(0x7f0000000000)=[{&(0x7f0000000040)=""/99, 0x63}], 0x1, 0xfffffffc, 0x0) 2.660877652s ago: executing program 3 (id=2034): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000200)={0x0, @in6={{0xa, 0x4e24, 0x3b, @remote, 0xfffffff8}}}, 0x84) 2.424444947s ago: executing program 1 (id=2035): r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1ff, 0x8000) ioctl$DRM_IOCTL_MODE_CURSOR2(r0, 0xc02464bb, &(0x7f0000000100)={0x1f, 0x0, 0x1ff, 0x0, 0x4, 0x80000c, 0x0, 0x4, 0x4000}) 2.339369499s ago: executing program 2 (id=2036): pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) ioctl$IOC_WATCH_QUEUE_SET_FILTER(r0, 0x5761, &(0x7f0000000340)={0x1, 0x0, [{0x3, 0x4, 0x81, [0x4, 0xffff, 0x687f, 0x5, 0x7ff, 0x26, 0x5, 0xffff]}]}) 2.191351732s ago: executing program 4 (id=2037): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_adj\x00') write$binfmt_aout(r0, 0x0, 0xc8) 2.166817579s ago: executing program 0 (id=2038): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000002a80)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000009c0)={0x14, 0x13, 0x1, 0x70bd2b, 0x25dfdbf8, "", [@nested={0x4, 0x4f}]}, 0x14}], 0x1, 0x0, 0x0, 0x8000}, 0x8880) 2.116365641s ago: executing program 3 (id=2039): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x54, 0x9, 0x6, 0x3, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @empty}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 1.670220403s ago: executing program 1 (id=2040): r0 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) write$binfmt_register(r0, &(0x7f0000000100)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x0, 0x3a, '#.', 0x3a, '^`', 0x3a, './file0', 0x3a, [0x50, 0x43]}, 0x2d) 1.581905689s ago: executing program 2 (id=2041): syz_mount_image$squashfs(&(0x7f0000000940), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="007e2a01b3e93dc9b01cde3a16380b3485a43d22a0baf1475abb31820c847c4cc9c5f7fb5b0346e9584bd76d3e0284a2d88a1203a216f9000000000000000000cd53386d3903cd1c5feea0df6ae2ffebef5a71b94f19fe6b85f2e967358056b96f0ea03203e45120741be6031f1d069575c54d3635d0bfe4f1c7021f"], 0x1, 0x183, &(0x7f0000000380)="$eJzskL9OKkEUxr/ZXbhwixtIbkUDiUaxUHYXNcZGS+x9AAmsSFz8w5KohGKNMRQWxtIn4DVMfAEtDLG2M6Eg1mbNzJ4dhmdwfsV+e875zpk5cxScB38AfE8HDexCYOIfXhmDBaDI4tzEiPWB9I30Pha8kG+P8jekheCqf1z3fa9b2i4hP0tEouFL5KQn2Lk2MOGVzHg6aPCfAwBRFEXc3QQ+8wDIA+4x3y1xUOIpWMB/sUQkPdzBg2UAlV7nrJJFf7Xdqbe8lnfiutVNe922N9zKYdv37PjLlCNoFXBdAcDfK6vUUwBuyfOX6glMuRrVmdqbVt6wvIA5DGTlfzKD4Un2JueYAPaxhAyAi5DNsuN4igWxUg0MJgWOpdwvdmVEYa1x6jeHYGBJ2wiWnOF8ICUDVw2qW2Fy1SHpImmNdIQcgLRcqZhW3hWAJSbcUVQOkyt2HW68rPd6XYf3iz9X5txcqA7ipz4a88s9G9BoNBqNRqPRaDSa385PAAAA///MJnUo") truncate(&(0x7f0000000000)='./file1\x00', 0x1) 1.499241499s ago: executing program 0 (id=2042): r0 = socket(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2713, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) 1.495644979s ago: executing program 4 (id=2043): r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x1, @pix={0x0, 0x0, 0x58595556, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}}) 1.431287s ago: executing program 3 (id=2044): r0 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000000), 0x1) writev(r0, &(0x7f0000000780)=[{&(0x7f0000000100)="031735594760a6bf61e435d5d6af43804f70c8d1e253ac7d5a1eb7bd0cdd296ffbc708e500a830573237f8af90393fa4c29a931b33855a7fead2a9cd2b108a", 0x4}, {0x0}], 0x2) 1.004864153s ago: executing program 1 (id=2045): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r0, 0x0, 0x0) 964.853897ms ago: executing program 0 (id=2046): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8922, &(0x7f0000000180)={'veth0_vlan\x00', @random="440f00"}) 927.853795ms ago: executing program 3 (id=2047): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_RES_CQ_GET(r0, &(0x7f0000000340)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x20000000}, 0xc, &(0x7f0000000300)={&(0x7f0000000280)={0x48, 0x140c, 0x1, 0x70bd2c, 0x25dfdbfe, "", [@RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x1}, @RDMA_NLDEV_ATTR_RES_CQN={0x8, 0x3d, 0x4}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x4}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8, 0x1, 0x2}, @RDMA_NLDEV_ATTR_PORT_INDEX={0x8, 0x3, 0x1}, @RDMA_NLDEV_ATTR_DEV_INDEX={0x8}]}, 0x48}, 0x1, 0x0, 0x0, 0x800}, 0x0) 758.930448ms ago: executing program 2 (id=2048): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x18, 0xb, &(0x7f00000008c0)=ANY=[@ANYBLOB="1800000019ffff0f0000000000000000180100002020732500000000002020207b0af8ff00000000bfa100000000000007010000f6ffffffb702000008000000b7030000ff000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x9, 0xfe4, &(0x7f0000001e00)=""/4068, 0x41000, 0x45}, 0x94) 750.878351ms ago: executing program 4 (id=2049): setfsgid(0xee00) setresgid(0x0, 0x0, 0x0) 459.672808ms ago: executing program 3 (id=2050): r0 = socket$xdp(0x2c, 0x3, 0x0) getsockopt$XDP_STATISTICS(r0, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30) 382.486286ms ago: executing program 1 (id=2051): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000280)={0x14, 0x15, 0x301, 0x3, 0x0, {0xf}}, 0x14}, 0x1, 0x0, 0x0, 0x2200c090}, 0x24000800) 283.695708ms ago: executing program 4 (id=2052): r0 = syz_open_dev$dvb_demux(&(0x7f0000000080), 0x0, 0x41) ioctl$DVB_DEMUX_DMX_SET_PES_FILTER(r0, 0x40146f2c, &(0x7f00000000c0)={0xfd03, 0x0, 0x0, 0x5, 0x4}) 257.113767ms ago: executing program 0 (id=2053): r0 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0x80000000, 0x0, 0x56595559, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x3}}) 0s ago: executing program 2 (id=2054): syz_emit_ethernet(0x2a, &(0x7f0000000200)={@multicast, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x4, 0x4e25, 0x8}}}}}, 0x0) syz_emit_ethernet(0x6a, &(0x7f0000000000)={@multicast, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x4002, 0x5, 0x11, 0x0, @empty, @empty}, {0x4e24, 0x0, 0x48, 0x0, @wg=@cookie={0x3, 0x4, "96597d00c5c0577eec4f99e3a24dd89fb66655d7b05291cb", "af6af5116bf52dbb91d30ae25aab828a961858f6c338a29f34c53e0526788e16"}}}}}}, 0x0) kernel console output (not intermixed with test programs): g=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 247.737701][ T6198] loop4: detected capacity change from 0 to 512 [ 247.901110][ T6198] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 247.948527][ T6198] ext4 filesystem being mounted at /21/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 248.500751][ T5789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 249.001778][ T6223] overlayfs: missing 'lowerdir' [ 250.426160][ T6247] bridge1: entered allmulticast mode [ 250.897587][ T6253] netlink: 'syz.1.137': attribute type 4 has an invalid length. [ 250.905659][ T6253] netlink: 152 bytes leftover after parsing attributes in process `syz.1.137'. [ 251.134338][ T6253] .`: renamed from bond0 (while UP) [ 254.812472][ T6312] loop1: detected capacity change from 0 to 1024 [ 255.461532][ T6317] bond1: option updelay: invalid value (18446744073709551615) [ 255.469987][ T6317] bond1: option updelay: allowed values 0 - 2147483647 [ 255.546426][ T6317] bond1 (unregistering): Released all slaves [ 255.629498][ T10] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 255.835287][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 255.867436][ T10] usb 3-1: config 254 has an invalid interface number: 235 but max is 0 [ 255.876213][ T10] usb 3-1: config 254 has no interface number 0 [ 255.917347][ T10] usb 3-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 255.928656][ T10] usb 3-1: config 254 interface 235 altsetting 2 has an endpoint descriptor with address 0xE7, changing to 0x87 [ 255.941043][ T10] usb 3-1: config 254 interface 235 altsetting 2 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 255.962442][ T10] usb 3-1: config 254 interface 235 altsetting 2 endpoint 0x87 has invalid wMaxPacketSize 0 [ 255.976059][ T10] usb 3-1: config 254 interface 235 has no altsetting 0 [ 256.295073][ T10] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 256.305137][ T10] usb 3-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3 [ 256.314700][ T10] usb 3-1: Product: syz [ 256.319532][ T10] usb 3-1: Manufacturer: syz [ 256.334253][ T10] usb 3-1: SerialNumber: syz [ 256.486559][ T6323] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 256.889196][ T6323] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 257.021955][ T10] usbtest 3-1:254.235: Linux gadget zero [ 257.030460][ T10] usbtest 3-1:254.235: high-speed {control in/out bulk-out iso-in} tests (+alt) [ 257.254750][ T5836] usb 3-1: USB disconnect, device number 3 [ 257.976021][ T6344] netlink: 12 bytes leftover after parsing attributes in process `syz.3.181'. [ 257.985494][ T6344] netlink: 'syz.3.181': attribute type 1 has an invalid length. [ 257.993765][ T6344] netlink: 31 bytes leftover after parsing attributes in process `syz.3.181'. [ 259.462899][ T6356] netlink: 32 bytes leftover after parsing attributes in process `syz.3.186'. [ 259.682326][ T6359] loop1: detected capacity change from 0 to 256 [ 260.030261][ T6359] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d) [ 260.862507][ T6370] loop4: detected capacity change from 0 to 1024 [ 261.674214][ T58] hfsplus: b-tree write err: -5, ino 4 [ 261.797662][ T5836] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 262.035405][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 262.077746][ T5836] usb 1-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 262.087424][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.103118][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 262.140122][ T5836] usb 1-1: config 0 descriptor?? [ 262.148029][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 262.235796][ T5836] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 262.292504][ T6384] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 262.566935][ T6384] infiniband yz2: RDMA CMA: cma_listen_on_dev, error -98 [ 262.687979][ T5836] gspca_sn9c2028: read1 error -71 [ 262.709131][ T5836] gspca_sn9c2028: read1 error -71 [ 262.714663][ T5836] sn9c2028 1-1:0.0: probe with driver sn9c2028 failed with error -71 [ 262.801540][ T6391] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 262.811095][ T6391] overlayfs: missing 'lowerdir' [ 262.824609][ T5836] usb 1-1: USB disconnect, device number 2 [ 262.997983][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 263.044774][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 263.093128][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 263.124596][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 263.146194][ T6384] wlan1 speed is unknown, defaulting to 1000 [ 264.106458][ T6408] netlink: 14 bytes leftover after parsing attributes in process `syz.4.212'. [ 264.979218][ T6418] loop4: detected capacity change from 0 to 512 [ 265.023553][ T6418] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 265.232608][ T6418] FAT-fs (loop4): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 269.054638][ T6482] netlink: 12 bytes leftover after parsing attributes in process `syz.1.248'. [ 269.429760][ T6488] loop4: detected capacity change from 0 to 64 [ 269.474989][ T6489] netlink: 20 bytes leftover after parsing attributes in process `syz.2.251'. [ 269.484594][ T6489] netlink: 'syz.2.251': attribute type 2 has an invalid length. [ 269.664144][ T6490] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 269.763286][ T6492] loop1: detected capacity change from 0 to 512 [ 269.972656][ T6492] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 270.097573][ T6492] ext4 filesystem being mounted at /47/file0/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.530340][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.046182][ T6511] dlm: plock device version mismatch: kernel (1.2.0), user (64.6.0) [ 271.072250][ T6513] loop4: detected capacity change from 0 to 64 [ 271.357499][ T6517] netlink: 'syz.0.263': attribute type 1 has an invalid length. [ 272.120961][ T6524] loop2: detected capacity change from 0 to 64 [ 274.299752][ T6558] xt_hashlimit: max too large, truncated to 1048576 [ 276.517757][ T6594] loop3: detected capacity change from 0 to 1024 [ 276.575178][ T6594] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 276.746341][ T6594] hfsplus: filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. leaving read-only. [ 276.783170][ T6598] loop0: detected capacity change from 0 to 512 [ 276.851974][ T6598] EXT4-fs (loop0): Test dummy encryption mode enabled [ 276.937873][ T6598] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 277.122984][ T6604] netlink: 'syz.2.303': attribute type 11 has an invalid length. [ 277.132111][ T6598] EXT4-fs (loop0): Couldn't remount RDWR because of unprocessed orphan inode list. Please umount/remount instead [ 277.144905][ T6604] netlink: 140 bytes leftover after parsing attributes in process `syz.2.303'. [ 277.647280][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 277.769975][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.852838][ T6612] loop2: detected capacity change from 0 to 64 [ 277.859836][ T10] usb 2-1: config 0 has an invalid interface number: 211 but max is 0 [ 277.870426][ T10] usb 2-1: config 0 has no interface number 0 [ 277.930688][ T10] usb 2-1: New USB device found, idVendor=04e2, idProduct=1410, bcdDevice=75.15 [ 277.940332][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.948907][ T10] usb 2-1: Product: syz [ 277.953340][ T10] usb 2-1: Manufacturer: syz [ 277.958293][ T10] usb 2-1: SerialNumber: syz [ 278.096493][ T10] usb 2-1: config 0 descriptor?? [ 278.470874][ T10] usb 2-1: USB disconnect, device number 4 [ 278.621014][ T6618] loop4: detected capacity change from 0 to 16 [ 278.677782][ T6618] erofs (device loop4): mounted with root inode @ nid 36. [ 278.982585][ T6625] loop0: detected capacity change from 0 to 16 [ 279.097502][ T6627] nbd: must specify an index to disconnect [ 279.128212][ T6625] erofs (device loop0): mounted with root inode @ nid 36. [ 280.228498][ T6644] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 280.655162][ T6647] loop0: detected capacity change from 0 to 1024 [ 280.922067][ T6655] loop1: detected capacity change from 0 to 64 [ 281.197763][ T6656] ALSA: mixer_oss: invalid OSS volume '`N9' [ 281.774094][ T6663] loop3: detected capacity change from 0 to 2048 [ 281.848110][ T6665] Cannot find set identified by id 3 to match [ 281.899094][ T6663] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 283.077614][ T6678] trusted_key: encrypted_key: keyword 'loa}fault' not recognized [ 283.107946][ T6679] netlink: 8 bytes leftover after parsing attributes in process `syz.2.339'. [ 283.615942][ T6685] loop4: detected capacity change from 0 to 1024 [ 284.223034][ T6693] QAT: failed to copy from user cfg_data. [ 284.846352][ T6699] netlink: 256 bytes leftover after parsing attributes in process `syz.0.348'. [ 285.141183][ T6703] loop3: detected capacity change from 0 to 512 [ 285.382469][ T6703] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.513090][ T6703] ext4 filesystem being mounted at /68/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.906484][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.934376][ T6719] netlink: 'syz.4.357': attribute type 1 has an invalid length. [ 286.887653][ T6733] Cannot find del_set index 4 as target [ 288.180802][ T6751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.372'. [ 288.475240][ T6755] libceph: resolve '4' (ret=-3): failed [ 288.606808][ T6759] vlan0: entered promiscuous mode [ 289.023847][ T6762] libceph: resolve '0..' (ret=-3): failed [ 291.580790][ T6801] warning: `syz.3.395' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 291.841163][ T6806] netlink: 24 bytes leftover after parsing attributes in process `syz.4.398'. [ 292.417931][ T6813] netlink: 'syz.2.401': attribute type 3 has an invalid length. [ 293.819762][ T30] audit: type=1400 audit(1770498074.039:5): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=6834 comm="syz.1.413" [ 294.600185][ T6843] loop3: detected capacity change from 0 to 1024 [ 294.670583][ T6843] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 294.800462][ T6843] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2858: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 294.922140][ T6843] EXT4-fs error (device loop3): ext4_xattr_inode_iget:441: inode #11: comm syz.3.416: missing EA_INODE flag [ 295.032676][ T6843] EXT4-fs (loop3): Remounting filesystem read-only [ 295.434972][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.315927][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 296.322724][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 296.617383][ T6877] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 296.698346][ T6880] netlink: 4 bytes leftover after parsing attributes in process `syz.3.433'. [ 297.710241][ T6893] netlink: 8 bytes leftover after parsing attributes in process `syz.4.439'. [ 297.859218][ T6890] loop3: detected capacity change from 0 to 4096 [ 297.932121][ T30] audit: type=1326 audit(1770498078.149:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.1.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba54d9aeb9 code=0x7ffc0000 [ 297.979904][ T6898] netlink: 32 bytes leftover after parsing attributes in process `syz.2.442'. [ 297.999131][ T6898] netlink: 32 bytes leftover after parsing attributes in process `syz.2.442'. [ 298.011140][ T6898] netlink: 11 bytes leftover after parsing attributes in process `syz.2.442'. [ 298.048972][ T30] audit: type=1326 audit(1770498078.149:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.1.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba54d9aeb9 code=0x7ffc0000 [ 298.071920][ T30] audit: type=1326 audit(1770498078.189:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.1.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=103 compat=0 ip=0x7fba54d9aeb9 code=0x7ffc0000 [ 298.101851][ T30] audit: type=1326 audit(1770498078.189:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.1.440" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba54d9aeb9 code=0x7ffc0000 [ 298.998792][ T5835] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 299.253748][ T5835] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 299.262638][ T5835] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 299.273303][ T5835] usb 1-1: config 220 has no interface number 2 [ 299.384989][ T5835] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 299.399188][ T5835] usb 1-1: config 220 interface 0 has no altsetting 0 [ 299.406406][ T5835] usb 1-1: config 220 interface 76 has no altsetting 0 [ 299.414041][ T5835] usb 1-1: config 220 interface 1 has no altsetting 0 [ 299.651601][ T5835] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 299.661164][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.669673][ T5835] usb 1-1: Product: syz [ 299.674041][ T5835] usb 1-1: Manufacturer: syz [ 299.679118][ T5835] usb 1-1: SerialNumber: syz [ 300.113920][ T5835] usb 1-1: selecting invalid altsetting 0 [ 300.131099][ T5835] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 300.150459][ T5835] uvcvideo 1-1:220.0: No valid video chain found. [ 300.197301][ T5845] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 300.204176][ C1] hrtimer: interrupt took 631741 ns [ 300.315053][ T5835] usb 1-1: selecting invalid altsetting 0 [ 300.321532][ T5835] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 300.418047][ T5835] usb 1-1: USB disconnect, device number 3 [ 300.429520][ T5845] usb 5-1: Using ep0 maxpacket: 16 [ 300.499031][ T5845] usb 5-1: config 0 has an invalid interface number: 126 but max is 0 [ 300.509843][ T5845] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 300.520905][ T5845] usb 5-1: config 0 has no interface number 0 [ 300.621907][ T5845] usb 5-1: config 0 interface 126 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 300.634995][ T5845] usb 5-1: config 0 interface 126 altsetting 0 endpoint 0x87 has invalid maxpacket 34328, setting to 1024 [ 300.647990][ T5845] usb 5-1: config 0 interface 126 altsetting 0 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 300.660042][ T5845] usb 5-1: config 0 interface 126 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 300.672002][ T5845] usb 5-1: config 0 interface 126 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 300.695929][ T5845] usb 5-1: New USB device found, idVendor=0763, idProduct=1015, bcdDevice=56.88 [ 300.705645][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.021478][ T6931] i2c i2c-0: Invalid block read size 33 [ 301.120039][ T5845] usb 5-1: config 0 descriptor?? [ 301.210409][ T6920] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 301.355413][ T5845] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 301.738726][ T6937] loop3: detected capacity change from 0 to 64 [ 301.779276][ T6937] minix: block size(59136) > page size(4096) not supported by filesystem [ 301.886512][ T6939] netlink: 12 bytes leftover after parsing attributes in process `syz.1.461'. [ 301.998108][ T5845] usb 5-1: USB disconnect, device number 2 [ 302.798368][ T5845] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 302.883099][ T6953] team0: Port device team_slave_0 removed [ 302.923958][ T6953] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 303.020606][ T5845] usb 5-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 303.030184][ T5845] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 303.038946][ T5845] usb 5-1: Product: syz [ 303.043515][ T5845] usb 5-1: Manufacturer: syz [ 303.048469][ T5845] usb 5-1: SerialNumber: syz [ 303.093665][ T5845] usb 5-1: config 0 descriptor?? [ 303.127901][ T5845] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 303.543344][ T5845] gspca_sunplus: reg_w_riv err -71 [ 303.551056][ T5845] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 303.704345][ T5845] usb 5-1: USB disconnect, device number 3 [ 304.162195][ T5948] udevd[5948]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.126/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 304.497758][ T6971] comedi comedi2: dt2814: I/O port conflict (0xfffffffffffffff9,2) [ 304.771240][ T6979] loop2: detected capacity change from 0 to 128 [ 304.823510][ T6979] FAT-fs (loop2): bogus number of reserved sectors [ 304.830642][ T6979] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 304.840676][ T6979] FAT-fs (loop2): Can't find a valid FAT filesystem [ 305.337951][ T5845] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 305.437372][ T5835] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 305.524995][ T6991] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 305.567214][ T5845] usb 3-1: Using ep0 maxpacket: 16 [ 305.608742][ T5845] usb 3-1: unable to get BOS descriptor or descriptor too short [ 305.657992][ T5845] usb 3-1: config 1 has an invalid interface number: 206 but max is 0 [ 305.667367][ T5845] usb 3-1: config 1 has no interface number 0 [ 305.735062][ T5845] usb 3-1: New USB device found, idVendor=152d, idProduct=0310, bcdDevice=3b.0a [ 305.744563][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.745387][ T5835] usb 5-1: New USB device found, idVendor=0856, idProduct=ac31, bcdDevice=93.1e [ 305.752941][ T5845] usb 3-1: Product: syz [ 305.753089][ T5845] usb 3-1: Manufacturer: syz [ 305.762293][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.767374][ T5845] usb 3-1: SerialNumber: syz [ 305.794741][ T5835] usb 5-1: Product: syz [ 305.799254][ T5835] usb 5-1: Manufacturer: syz [ 305.804057][ T5835] usb 5-1: SerialNumber: syz [ 305.935175][ T5835] usb 5-1: config 0 descriptor?? [ 306.229384][ T5835] mos7840 5-1:0.0: required endpoints missing [ 306.243791][ T5845] uvcvideo 3-1:1.206: probe with driver uvcvideo failed with error -22 [ 306.329058][ T5845] usb 3-1: USB disconnect, device number 4 [ 306.468852][ T5835] usb 5-1: USB disconnect, device number 4 [ 307.600268][ T7005] loop1: detected capacity change from 0 to 2048 [ 307.693066][ T7005] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 307.831611][ T7013] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 307.912370][ T7005] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 8796093022222 [ 307.930486][ T7005] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 308.036575][ T7005] Remounting filesystem read-only [ 308.042017][ T7005] NILFS (loop1): error -5 truncating bmap (ino=16) [ 308.293395][ T7018] loop2: detected capacity change from 0 to 128 [ 308.586616][ T7018] FAT-fs (loop2): error, clusters badly computed (2 != 0) [ 308.595035][ T7018] FAT-fs (loop2): Filesystem has been set read-only [ 308.614293][ T5790] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 308.684279][ T7018] FAT-fs (loop2): error, clusters badly computed (3 != 1) [ 308.732001][ T7018] FAT-fs (loop2): error, clusters badly computed (4 != 2) [ 310.452864][ T7037] bond0: entered promiscuous mode [ 310.537177][ T30] audit: type=1326 audit(1770498090.749:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 310.670429][ T30] audit: type=1326 audit(1770498090.749:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 310.700942][ T30] audit: type=1326 audit(1770498090.819:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 310.726414][ T30] audit: type=1326 audit(1770498090.819:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 310.749032][ T30] audit: type=1326 audit(1770498090.819:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7043 comm="syz.3.511" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 311.116250][ T7049] loop2: detected capacity change from 0 to 2048 [ 311.175055][ T7049] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 311.316164][ T7049] UDF-fs: unknown compression code (0) [ 312.670187][ T7069] loop4: detected capacity change from 0 to 256 [ 312.898021][ T7072] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 312.950053][ T7069] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x8d1bf2bd, utbl_chksum : 0xe619d30d) [ 313.822053][ T7083] loop4: detected capacity change from 0 to 16 [ 313.912409][ T7083] erofs (device loop4): mounted with root inode @ nid 36. [ 314.945106][ T7100] loop1: detected capacity change from 0 to 512 [ 315.130319][ T7100] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.151068][ T7106] netlink: 'syz.3.539': attribute type 1 has an invalid length. [ 315.232730][ T7100] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 315.405154][ T7100] EXT4-fs error (device loop1): ext4_empty_dir:3075: inode #12: comm syz.1.537: invalid size [ 315.477456][ T7100] EXT4-fs (loop1): Remounting filesystem read-only [ 315.882839][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.928894][ T59] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 315.941134][ T59] Quota error (device loop1): write_blk: dquota write failed [ 315.948986][ T59] Quota error (device loop1): free_dqentry: Can't write quota data block 5 [ 316.007827][ T59] EXT4-fs (loop1): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 316.019103][ T59] Quota error (device loop1): write_blk: dquota write failed [ 316.028096][ T59] Quota error (device loop1): free_dqentry: Can't write quota data block 5 [ 316.599203][ T30] audit: type=1400 audit(1770498096.819:15): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=1A5DC6237B2F2F28 pid=7124 comm="syz.3.548" [ 317.899491][ T7146] netlink: 268 bytes leftover after parsing attributes in process `syz.1.557'. [ 318.477509][ T7155] syz.3.562: vmalloc error: size 35184372108224, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 318.492517][ T7155] CPU: 1 UID: 0 PID: 7155 Comm: syz.3.562 Not tainted syzkaller #0 PREEMPT(voluntary) [ 318.492661][ T7155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 318.492764][ T7155] Call Trace: [ 318.492820][ T7155] [ 318.492874][ T7155] __dump_stack+0x26/0x30 [ 318.493059][ T7155] dump_stack_lvl+0x14c/0x1c0 [ 318.493236][ T7155] dump_stack+0x1e/0x25 [ 318.493402][ T7155] warn_alloc+0x46f/0x6a0 [ 318.493613][ T7155] ? kmsan_get_metadata+0xf1/0x160 [ 318.493843][ T7155] __vmalloc_node_range_noprof+0x142/0x2d80 [ 318.494028][ T7155] ? stack_depot_save_flags+0x35/0x790 [ 318.494196][ T7155] ? kmsan_get_metadata+0xf1/0x160 [ 318.494416][ T7155] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 318.494624][ T7155] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 318.494854][ T7155] ? kmsan_get_metadata+0xf1/0x160 [ 318.495066][ T7155] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 318.495274][ T7155] ? kmsan_get_metadata+0xf1/0x160 [ 318.495483][ T7155] ? kmsan_get_metadata+0xf1/0x160 [ 318.495705][ T7155] vmalloc_noprof+0xce/0x140 [ 318.495870][ T7155] ? dvb_dvr_do_ioctl+0x23d/0x4e0 [ 318.496058][ T7155] dvb_dvr_do_ioctl+0x23d/0x4e0 [ 318.496226][ T7155] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 318.496446][ T7155] ? __pfx_dvb_dvr_do_ioctl+0x10/0x10 [ 318.496622][ T7155] dvb_usercopy+0x263/0x500 [ 318.496809][ T7155] ? kmsan_get_metadata+0xf1/0x160 [ 318.497025][ T7155] dvb_dvr_ioctl+0x46/0x70 [ 318.497186][ T7155] ? __pfx_dvb_dvr_ioctl+0x10/0x10 [ 318.497356][ T7155] __se_sys_ioctl+0x23c/0x400 [ 318.497535][ T7155] __x64_sys_ioctl+0x97/0xe0 [ 318.497720][ T7155] x64_sys_call+0x18a7/0x3e70 [ 318.497915][ T7155] do_syscall_64+0xc9/0xf80 [ 318.498097][ T7155] ? clear_bhb_loop+0x40/0x90 [ 318.498261][ T7155] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 318.498446][ T7155] RIP: 0033:0x7fc12d99aeb9 [ 318.498566][ T7155] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 318.498691][ T7155] RSP: 002b:00007fc12e91a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 318.498829][ T7155] RAX: ffffffffffffffda RBX: 00007fc12dc15fa0 RCX: 00007fc12d99aeb9 [ 318.498933][ T7155] RDX: 0000200000004bc0 RSI: 0000000000006f2d RDI: 0000000000000003 [ 318.499025][ T7155] RBP: 00007fc12da08c1f R08: 0000000000000000 R09: 0000000000000000 [ 318.499119][ T7155] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 318.499208][ T7155] R13: 00007fc12dc16038 R14: 00007fc12dc15fa0 R15: 00007ffc7ce94f28 [ 318.499359][ T7155] [ 318.761309][ T7155] Mem-Info: [ 318.764785][ T7155] active_anon:6969 inactive_anon:0 isolated_anon:0 [ 318.764785][ T7155] active_file:3600 inactive_file:39962 isolated_file:0 [ 318.764785][ T7155] unevictable:768 dirty:362 writeback:0 [ 318.764785][ T7155] slab_reclaimable:5023 slab_unreclaimable:20288 [ 318.764785][ T7155] mapped:29915 shmem:1357 pagetables:1595 [ 318.764785][ T7155] sec_pagetables:0 bounce:0 [ 318.764785][ T7155] kernel_misc_reclaimable:0 [ 318.764785][ T7155] free:374503 free_pcp:9576 free_cma:0 [ 318.821493][ T7155] Node 0 active_anon:27876kB inactive_anon:0kB active_file:14400kB inactive_file:159640kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119660kB dirty:1448kB writeback:0kB shmem:3892kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:5200kB pagetables:6048kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 318.856644][ T7155] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:16kB pagetables:332kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 318.895915][ T7155] Node 0 DMA free:4096kB boost:0kB min:164kB low:204kB high:244kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:4096kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 318.929006][ T7155] lowmem_reserve[]: 0 928 1241 1241 1241 [ 318.935241][ T7155] Node 0 DMA32 free:579408kB boost:0kB min:36872kB low:46088kB high:55304kB reserved_highatomic:0KB free_highatomic:0KB active_anon:3836kB inactive_anon:0kB active_file:10748kB inactive_file:77512kB unevictable:0kB writepending:348kB zspages:0kB present:3129332kB managed:951132kB mlocked:0kB bounce:0kB free_pcp:27044kB local_pcp:18920kB free_cma:0kB [ 318.968706][ T7155] lowmem_reserve[]: 0 0 312 312 312 [ 318.983179][ T7155] Node 0 Normal free:16264kB boost:0kB min:13004kB low:16252kB high:19500kB reserved_highatomic:0KB free_highatomic:0KB active_anon:23972kB inactive_anon:0kB active_file:3652kB inactive_file:82128kB unevictable:1536kB writepending:1100kB zspages:0kB present:1048580kB managed:320476kB mlocked:0kB bounce:0kB free_pcp:11436kB local_pcp:5488kB free_cma:0kB [ 319.019389][ T7155] lowmem_reserve[]: 0 0 0 0 0 [ 319.024675][ T7155] Node 1 Normal free:898244kB boost:0kB min:40064kB low:50080kB high:60096kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:208kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:987120kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 319.057279][ T7155] lowmem_reserve[]: 0 0 0 0 0 [ 319.062537][ T7155] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 1*4096kB (M) = 4096kB [ 319.075824][ T7155] Node 0 DMA32: 2*4kB (UM) 3*8kB (UME) 1*16kB (U) 3*32kB (UME) 1*64kB (M) 1*128kB (U) 2*256kB (UE) 0*512kB 1*1024kB (M) 2*2048kB (UM) 140*4096kB (M) = 579408kB [ 319.107290][ T7155] Node 0 Normal: 0*4kB 1*8kB (E) 2*16kB (UE) 7*32kB (U) 6*64kB (UE) 4*128kB (UM) 7*256kB (UME) 6*512kB (UM) 6*1024kB (UME) 2*2048kB (UM) 0*4096kB = 16264kB [ 319.125669][ T7155] Node 1 Normal: 1*4kB (E) 12*8kB (UME) 16*16kB (UE) 21*32kB (UME) 11*64kB (UME) 8*128kB (UME) 8*256kB (UME) 3*512kB (UE) 3*1024kB (UME) 4*2048kB (UME) 215*4096kB (M) = 898244kB [ 319.145520][ T7155] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 319.155811][ T7155] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 319.165442][ T7155] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 319.175387][ T7155] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 319.193611][ T7155] 44910 total pagecache pages [ 319.201123][ T7155] 0 pages in swap cache [ 319.205457][ T7155] Free swap = 124996kB [ 319.209895][ T7155] Total swap = 124996kB [ 319.214224][ T7155] 2097051 pages RAM [ 319.218332][ T7155] 0 pages HighMem/MovableOnly [ 319.223173][ T7155] 1531345 pages reserved [ 319.229583][ T7155] 0 pages cma reserved [ 319.670273][ T7163] program syz.4.565 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 320.768316][ T7181] loop0: detected capacity change from 0 to 256 [ 321.093707][ T7181] FAT-fs (loop0): Directory bread(block 64) failed [ 321.157587][ T7181] FAT-fs (loop0): Directory bread(block 65) failed [ 321.197576][ T7181] FAT-fs (loop0): Directory bread(block 66) failed [ 321.205058][ T7181] FAT-fs (loop0): Directory bread(block 67) failed [ 321.314038][ T7181] FAT-fs (loop0): Directory bread(block 68) failed [ 321.325765][ T7181] FAT-fs (loop0): Directory bread(block 69) failed [ 321.365479][ T7181] FAT-fs (loop0): Directory bread(block 70) failed [ 321.405226][ T7181] FAT-fs (loop0): Directory bread(block 71) failed [ 321.423963][ T7181] FAT-fs (loop0): Directory bread(block 72) failed [ 321.511331][ T7181] FAT-fs (loop0): Directory bread(block 73) failed [ 322.747899][ T7210] netlink: 32 bytes leftover after parsing attributes in process `syz.0.584'. [ 323.335476][ T7217] loop4: detected capacity change from 0 to 1024 [ 323.368309][ T7219] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 323.376800][ T7219] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 324.014525][ T58] hfsplus: b-tree write err: -5, ino 4 [ 324.903343][ T7241] xt_connbytes: Forcing CT accounting to be enabled [ 325.446038][ T7251] netlink: 'syz.1.603': attribute type 10 has an invalid length. [ 325.493588][ T7251] veth0_vlan: entered allmulticast mode [ 325.732168][ T7251] veth0_vlan: left promiscuous mode [ 325.784701][ T7251] veth0_vlan: entered promiscuous mode [ 325.987591][ T7251] team0: Device veth0_vlan failed to register rx_handler [ 326.383031][ T7261] loop4: detected capacity change from 0 to 16 [ 326.465607][ T7261] erofs (device loop4): mounted with root inode @ nid 36. [ 326.580655][ T50] erofs (device loop4): failed to decompress (lz4) -117 @ pa 4096 size 4096 => 9000 [ 326.624213][ T7261] erofs (device loop4): failed to decompress (lz4) -117 @ pa 4096 size 4096 => 8192 [ 326.634605][ T7261] erofs (device loop4): read error -117 @ 1 of nid 89 [ 326.789737][ T30] audit: type=1800 audit(1770498106.989:16): pid=7261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.608" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 326.923088][ T7265] loop2: detected capacity change from 0 to 1024 [ 327.109945][ T7265] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 327.643452][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.139309][ T7282] nvme_fabrics: unknown parameter or missing value ':syz3:M:00000000000000000000:Q.931' in ctrl creation request [ 328.231610][ T7272] loop3: detected capacity change from 0 to 8192 [ 328.390409][ T7272] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 328.552320][ T7272] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 328.560989][ T7272] FAT-fs (loop3): Filesystem has been set read-only [ 328.643766][ T7272] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 328.695451][ T7272] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 329.068002][ T5782] Bluetooth: hci0: command 0x0406 tx timeout [ 329.074272][ T5782] Bluetooth: hci2: command 0x0406 tx timeout [ 329.083329][ T5782] Bluetooth: hci1: command 0x0406 tx timeout [ 329.706686][ T7299] netlink: 16 bytes leftover after parsing attributes in process `syz.0.625'. [ 330.734365][ T7316] netlink: 'syz.3.633': attribute type 3 has an invalid length. [ 330.743081][ T7316] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.633'. [ 331.486045][ T7329] netlink: 'syz.0.640': attribute type 13 has an invalid length. [ 331.495181][ T7329] netlink: 'syz.0.640': attribute type 27 has an invalid length. [ 331.670233][ T5835] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 331.917591][ T5835] usb 5-1: Using ep0 maxpacket: 8 [ 331.977679][ T5835] usb 5-1: config 0 has an invalid interface number: 31 but max is 0 [ 331.993749][ T5835] usb 5-1: config 0 has no interface number 0 [ 332.062244][ T5835] usb 5-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 332.071888][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.080302][ T5835] usb 5-1: Product: syz [ 332.092384][ T5835] usb 5-1: Manufacturer: syz [ 332.100003][ T5835] usb 5-1: SerialNumber: syz [ 332.124040][ T5835] usb 5-1: config 0 descriptor?? [ 332.379886][ T5835] uvcvideo 5-1:0.31: Found UVC 0.04 device syz (046d:08c3) [ 332.437727][ T5835] uvcvideo 5-1:0.31: Failed to initialize entity for entity 6 [ 332.445468][ T5835] uvcvideo 5-1:0.31: Failed to register entities (-22). [ 332.590709][ T5845] usb 5-1: USB disconnect, device number 5 [ 333.606620][ T7355] bridge2: entered promiscuous mode [ 334.189971][ T5783] Bluetooth: hci3: command 0x0406 tx timeout [ 334.191479][ T5781] Bluetooth: hci4: command 0x0406 tx timeout [ 335.322156][ T7376] loop4: detected capacity change from 0 to 1024 [ 336.158965][ T7383] xt_CT: No such helper "netbios-ns" [ 336.445733][ T7393] loop4: detected capacity change from 0 to 512 [ 336.570837][ T7393] EXT4-fs: Ignoring removed orlov option [ 336.576776][ T7393] EXT4-fs: Ignoring removed nobh option [ 336.667577][ T7393] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 336.857278][ T7393] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.670: bg 0: block 248: padding at end of block bitmap is not set [ 336.978091][ T7393] Quota error (device loop4): write_blk: dquota write failed [ 336.986064][ T7393] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 337.006079][ T7393] EXT4-fs error (device loop4): ext4_acquire_dquot:6986: comm syz.4.670: Failed to acquire dquot type 1 [ 337.223299][ T7393] EXT4-fs (loop4): 1 truncate cleaned up [ 337.299391][ T7393] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.403336][ T7393] ext4 filesystem being mounted at /129/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 337.586425][ T7393] EXT4-fs: Ignoring removed orlov option [ 337.592743][ T7393] EXT4-fs: Ignoring removed nobh option [ 337.642949][ T7409] loop0: detected capacity change from 0 to 512 [ 337.650509][ T7393] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 337.699606][ T7393] EXT4-fs error (device loop4): __ext4_remount:6789: comm syz.4.670: Abort forced by user [ 337.716296][ T5845] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 337.763851][ T7393] EXT4-fs (loop4): Remounting filesystem read-only [ 337.770907][ T7393] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 337.804647][ T7409] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.829698][ T7409] ext4 filesystem being mounted at /134/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 337.905403][ T7409] Quota error (device loop0): do_check_range: Getting block 524292 out of range 1-5 [ 337.916404][ T7409] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 337.927356][ T7409] EXT4-fs error (device loop0): ext4_acquire_dquot:6986: comm syz.0.677: Failed to acquire dquot type 0 [ 337.989396][ T5845] usb 4-1: Using ep0 maxpacket: 32 [ 338.014439][ T5845] usb 4-1: config 0 has an invalid interface number: 166 but max is 0 [ 338.024209][ T5845] usb 4-1: config 0 has no interface number 0 [ 338.087199][ T5845] usb 4-1: config 0 interface 166 has no altsetting 0 [ 338.146680][ T5845] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 338.156424][ T5845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.164975][ T5845] usb 4-1: Product: syz [ 338.169458][ T5845] usb 4-1: Manufacturer: syz [ 338.174263][ T5845] usb 4-1: SerialNumber: syz [ 338.314771][ T5845] usb 4-1: config 0 descriptor?? [ 338.326641][ T7418] loop2: detected capacity change from 0 to 512 [ 338.368167][ T5789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.458550][ T7418] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 338.475789][ T7418] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 338.486276][ T7418] EXT4-fs (loop2): bad geometry: first data block is 0 with a 1k block and cluster size [ 338.570435][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 338.637480][ T5845] ums-usbat 4-1:0.166: USB Mass Storage device detected [ 338.715037][ T5845] ums-usbat 4-1:0.166: Quirks match for vid 0781 pid 0005: 1 [ 338.804495][ T5845] ums-usbat 4-1:0.166: probe with driver ums-usbat failed with error -5 [ 338.968047][ T5845] usb 4-1: USB disconnect, device number 2 [ 339.027208][ T5835] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 339.248756][ T5835] usb 3-1: Using ep0 maxpacket: 32 [ 339.370422][ T5835] usb 3-1: New USB device found, idVendor=0403, idProduct=f850, bcdDevice= 0.08 [ 339.380166][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 339.388662][ T5835] usb 3-1: SerialNumber: syz [ 339.410317][ T5836] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 339.477860][ T5835] usb 3-1: config 0 descriptor?? [ 339.534498][ T5835] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 339.587689][ T5835] usb 3-1: Detected SIO [ 339.602637][ T5836] usb 5-1: Using ep0 maxpacket: 8 [ 339.641421][ T5836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 339.653051][ T5836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 339.671108][ T5836] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 339.683559][ T5836] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 339.695220][ T5836] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 339.705806][ T5836] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 339.715375][ T5836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.733241][ T5835] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 339.808061][ T5835] usb 3-1: USB disconnect, device number 5 [ 339.854571][ T5835] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 339.950010][ T5835] ftdi_sio 3-1:0.0: device disconnected [ 339.999141][ T5836] usb 5-1: config 0 descriptor?? [ 340.021829][ T7426] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 340.589055][ T5845] usb 5-1: USB disconnect, device number 6 [ 340.598346][ T5781] Bluetooth: hci5: Opcode 0x0c03 failed: -19 [ 341.832451][ T7458] loop0: detected capacity change from 0 to 256 [ 341.944572][ T7461] netlink: 40 bytes leftover after parsing attributes in process `syz.2.699'. [ 342.049023][ T7463] loop3: detected capacity change from 0 to 128 [ 342.136508][ T7463] FAT-fs (loop3): Directory bread(block 414) failed [ 342.181772][ T7463] FAT-fs (loop3): Directory bread(block 415) failed [ 342.217766][ T7463] FAT-fs (loop3): Directory bread(block 416) failed [ 342.254407][ T7463] FAT-fs (loop3): Directory bread(block 417) failed [ 342.277261][ T7463] FAT-fs (loop3): Directory bread(block 418) failed [ 342.323518][ T7463] FAT-fs (loop3): Directory bread(block 419) failed [ 342.405192][ T7463] FAT-fs (loop3): Directory bread(block 420) failed [ 342.478890][ T7463] FAT-fs (loop3): Directory bread(block 421) failed [ 342.518789][ T7467] netlink: 16 bytes leftover after parsing attributes in process `syz.4.701'. [ 342.556705][ T7463] FAT-fs (loop3): Directory bread(block 414) failed [ 342.576716][ T7463] FAT-fs (loop3): Directory bread(block 415) failed [ 342.633712][ T7469] loop2: detected capacity change from 0 to 8 [ 343.676377][ T7486] x9: renamed from bridge_slave_0 (while UP) [ 344.189389][ T5845] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 344.397432][ T5845] usb 1-1: Using ep0 maxpacket: 8 [ 344.442608][ T5845] usb 1-1: config 0 has an invalid interface number: 88 but max is 3 [ 344.451344][ T5845] usb 1-1: config 0 has an invalid interface number: 250 but max is 3 [ 344.463631][ T5845] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 344.475248][ T5845] usb 1-1: config 0 has 2 interfaces, different from the descriptor's value: 4 [ 344.485202][ T5845] usb 1-1: config 0 has no interface number 0 [ 344.491662][ T5845] usb 1-1: config 0 has no interface number 1 [ 344.668775][ T5845] usb 1-1: config 0 interface 88 has no altsetting 0 [ 344.675986][ T5845] usb 1-1: config 0 interface 250 has no altsetting 0 [ 344.684303][ T5845] usb 1-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=12.b3 [ 344.694157][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 344.721631][ T7494] loop1: detected capacity change from 0 to 4096 [ 344.892740][ T5845] usb 1-1: config 0 descriptor?? [ 345.155406][ T5845] usb 1-1: string descriptor 0 read error: -71 [ 345.388618][ T5845] usb 1-1: USB disconnect, device number 4 [ 345.792343][ T7508] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 346.238525][ T7510] netlink: 28 bytes leftover after parsing attributes in process `syz.3.722'. [ 346.248564][ T7510] netlink: 8 bytes leftover after parsing attributes in process `syz.3.722'. [ 346.308924][ T7510] netlink: 148 bytes leftover after parsing attributes in process `syz.3.722'. [ 346.844546][ T7295] ------------[ cut here ]------------ [ 346.850466][ T7295] WARNING: net/bluetooth/hci_conn.c:567 at hci_conn_timeout+0xad/0x530, CPU#1: kworker/u9:5/7295 [ 346.861766][ T7295] Modules linked in: [ 346.865927][ T7295] CPU: 1 UID: 0 PID: 7295 Comm: kworker/u9:5 Not tainted syzkaller #0 PREEMPT(voluntary) [ 346.876206][ T7295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 346.886818][ T7295] Workqueue: hci1 hci_conn_timeout [ 346.892454][ T7295] RIP: 0010:hci_conn_timeout+0xad/0x530 [ 346.898763][ T7295] Code: 41 f7 d4 45 21 f4 74 27 45 85 f6 74 2f e8 bb fb b0 f2 e9 59 04 00 00 44 89 ff e8 be e6 59 f3 45 85 f6 79 bc e8 a4 fb b0 f2 90 <0f> 0b 90 eb 12 44 89 ff e8 a6 e6 59 f3 45 85 f6 75 d1 e8 8c fb b0 [ 346.918940][ T7295] RSP: 0018:ffff8880501a7b68 EFLAGS: 00010293 [ 346.925515][ T7295] RAX: ffffffff8f4c6ccc RBX: ffff88804c49acd0 RCX: ffff88804c49a140 [ 346.942572][ T7295] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 346.953655][ T7295] RBP: ffff8880501a7bc8 R08: ffffea000000000f R09: 0000000000000000 [ 346.961979][ T7295] R10: ffff888237bb3028 R11: ffffffff8f4c6c20 R12: 0000000000000000 [ 346.970439][ T7295] R13: ffff8881313339c0 R14: 00000000ffffffff R15: 0000000000000000 [ 346.978965][ T7295] FS: 0000000000000000(0000) GS:ffff8881aa958000(0000) knlGS:0000000000000000 [ 346.988461][ T7295] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 346.995321][ T7295] CR2: 00007fc12e7456b8 CR3: 000000011f38c000 CR4: 00000000003526f0 [ 347.003650][ T7295] Call Trace: [ 347.007223][ T7295] [ 347.010323][ T7295] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 347.016476][ T7295] ? __pfx_hci_conn_timeout+0x10/0x10 [ 347.022335][ T7295] process_scheduled_works+0xae7/0x1d60 [ 347.028396][ T7295] worker_thread+0x1741/0x1de0 [ 347.042308][ T7295] kthread+0xd5a/0xf00 [ 347.046685][ T7295] ? __pfx_worker_thread+0x10/0x10 [ 347.055245][ T7295] ? __pfx_kthread+0x10/0x10 [ 347.060195][ T7295] ret_from_fork+0x207/0x6f0 [ 347.065101][ T7295] ? __switch_to+0x521/0x750 [ 347.070158][ T7295] ? __pfx_kthread+0x10/0x10 [ 347.075015][ T7295] ret_from_fork_asm+0x1a/0x30 [ 347.080239][ T7295] [ 347.083456][ T7295] ---[ end trace 0000000000000000 ]--- [ 347.091472][ T5781] Bluetooth: hci1: command 0x0406 tx timeout [ 348.289569][ T7533] loop3: detected capacity change from 0 to 16 [ 348.359302][ T7533] erofs (device loop3): mounted with root inode @ nid 36. [ 348.608066][ T7539] delete_channel: no stack [ 349.119641][ T7543] : renamed from hsr0 (while UP) [ 349.148257][ T7295] Bluetooth: hci1: command 0x0406 tx timeout [ 349.212826][ T7548] loop1: detected capacity change from 0 to 2048 [ 349.810762][ T7553] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 350.542201][ T7564] xt_CT: You must specify a L4 protocol and not use inversions on it [ 351.178005][ T7574] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 351.185496][ T7574] IPv6: NLM_F_CREATE should be set when creating new route [ 351.193248][ T7574] IPv6: NLM_F_CREATE should be set when creating new route [ 351.227956][ T7295] Bluetooth: hci1: command 0x0406 tx timeout [ 351.358603][ T7577] netlink: 48 bytes leftover after parsing attributes in process `syz.2.754'. [ 351.946771][ T7587] loop2: detected capacity change from 0 to 256 [ 352.007368][ T7588] netlink: 20 bytes leftover after parsing attributes in process `syz.1.759'. [ 352.150819][ T7587] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xd22393c8, utbl_chksum : 0xe619d30d) [ 353.509628][ T7608] netlink: 28 bytes leftover after parsing attributes in process `syz.3.771'. [ 353.518569][ T7609] netlink: 596 bytes leftover after parsing attributes in process `syz.1.770'. [ 353.528604][ T7608] netlink: 28 bytes leftover after parsing attributes in process `syz.3.771'. [ 353.672601][ T7611] netlink: 64 bytes leftover after parsing attributes in process `syz.2.772'. [ 353.932921][ T7613] xt_hashlimit: max too large, truncated to 1048576 [ 353.958077][ T7613] No such timeout policy "syz1" [ 354.805976][ T7623] loop0: detected capacity change from 0 to 2048 [ 354.858634][ T7623] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=66359, location=66359 [ 354.978812][ T7623] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 355.400482][ T7638] syz.4.785 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 355.938309][ T7647] netlink: 'syz.4.790': attribute type 5 has an invalid length. [ 356.094023][ T7639] loop3: detected capacity change from 0 to 4096 [ 356.432390][ T7652] loop0: detected capacity change from 0 to 256 [ 356.505582][ T7653] x_tables: duplicate underflow at hook 3 [ 356.622531][ T7652] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xf4000b1f, utbl_chksum : 0xe619d30d) [ 356.786689][ T30] audit: type=1800 audit(1770498136.999:17): pid=7652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.793" name="file1" dev="loop0" ino=1048615 res=0 errno=0 [ 356.977947][ T5836] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 357.221315][ T5836] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 357.258189][ T5836] usb 2-1: config 0 interface 0 has no altsetting 0 [ 357.324130][ T5836] usb 2-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9 [ 357.333918][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.342376][ T5836] usb 2-1: Product: syz [ 357.346762][ T5836] usb 2-1: Manufacturer: syz [ 357.351736][ T5836] usb 2-1: SerialNumber: syz [ 357.455921][ T5836] usb 2-1: config 0 descriptor?? [ 357.502747][ T5836] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 357.562016][ T5836] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 357.658498][ T5836] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 357.729906][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 357.736836][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 357.763929][ T5836] usb 2-1: media controller created [ 358.081936][ T5836] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 359.059466][ T7676] loop4: detected capacity change from 0 to 1024 [ 359.288988][ T7676] hfsplus: detected inconsistent attributes file, running fsck.hfsplus is recommended. [ 359.405790][ T5836] DVB: Unable to find symbol tda10046_attach() [ 359.412713][ T5836] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 359.421872][ T5836] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 360.181363][ T5836] dvb_usb_m920x 2-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 360.308819][ T5836] usb 2-1: USB disconnect, device number 5 [ 361.258893][ T7701] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 361.360913][ T7703] netlink: 'syz.1.814': attribute type 1 has an invalid length. [ 362.676606][ T7713] loop1: detected capacity change from 0 to 4096 [ 362.767732][ T7713] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 363.098021][ T7713] ntfs3(loop1): ino=19, mi_enum_attr [ 363.152550][ T7713] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 364.500105][ T7738] loop0: detected capacity change from 0 to 2048 [ 364.728895][ T7738] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 364.741767][ T7738] ext4 filesystem being mounted at /164/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 365.092346][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 365.765943][ T7753] Cannot find del_set index 286 as target [ 366.110978][ T7763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.842'. [ 367.094372][ T7779] loop4: detected capacity change from 0 to 736 [ 367.708737][ T7785] 9p: Unknown Cache mode or invalid value f [ 367.924163][ T7773] loop3: detected capacity change from 0 to 8192 [ 368.378108][ T7792] netlink: 'syz.0.856': attribute type 1 has an invalid length. [ 368.899687][ T7797] cgroup: No subsys list or none specified [ 369.214230][ T7802] netlink: 40 bytes leftover after parsing attributes in process `syz.3.861'. [ 369.456699][ T5845] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 369.709372][ T5845] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 369.719399][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.728029][ T5845] usb 1-1: Product: syz [ 369.732556][ T5845] usb 1-1: Manufacturer: syz [ 369.737678][ T5845] usb 1-1: SerialNumber: syz [ 369.928522][ T5845] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 370.150451][ T10] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 370.674215][ T5836] usb 1-1: USB disconnect, device number 5 [ 370.729765][ T7817] netlink: 40 bytes leftover after parsing attributes in process `syz.3.869'. [ 370.829000][ T7817] bridge2: trying to set multicast startup query interval above maximum, setting to 8640000 (86400000ms) [ 370.882683][ T7817] bridge2: entered promiscuous mode [ 371.036834][ T7822] netlink: 100 bytes leftover after parsing attributes in process `syz.2.872'. [ 371.077158][ T7822] netlink: 84 bytes leftover after parsing attributes in process `syz.2.872'. [ 371.486540][ T10] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 371.519301][ T10] ath9k_htc: Failed to initialize the device [ 371.578117][ T5836] usb 1-1: ath9k_htc: USB layer deinitialized [ 371.684524][ T7828] xt_l2tp: missing protocol rule (udp|l2tpip) [ 372.516105][ T7841] netlink: 40 bytes leftover after parsing attributes in process `syz.2.881'. [ 373.774347][ T7861] IPv6: Can't replace route, no match found [ 375.692232][ T7890] netlink: 4 bytes leftover after parsing attributes in process `syz.2.904'. [ 376.924981][ T7906] netlink: 'syz.1.912': attribute type 4 has an invalid length. [ 376.934208][ T7906] netlink: 17 bytes leftover after parsing attributes in process `syz.1.912'. [ 378.012508][ T7917] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 378.131530][ T7917] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 378.968023][ T7933] netlink: 8 bytes leftover after parsing attributes in process `syz.0.926'. [ 379.048689][ T7933] wlan1 speed is unknown, defaulting to 1000 [ 379.476717][ T7929] loop2: detected capacity change from 0 to 4096 [ 379.680658][ T7944] netlink: 'syz.0.931': attribute type 1 has an invalid length. [ 379.987224][ T7929] ntfs3(loop2): ino=b, mi_enum_attr [ 380.013785][ T7929] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 380.073528][ T7929] ntfs3(loop2): Failed to load $Extend (-22). [ 380.112139][ T7929] ntfs3(loop2): Failed to initialize $Extend. [ 380.533043][ T30] audit: type=1326 audit(1770498160.749:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.569485][ T7955] loop1: detected capacity change from 0 to 256 [ 380.651835][ T30] audit: type=1326 audit(1770498160.749:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.675341][ T30] audit: type=1326 audit(1770498160.799:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.698324][ T30] audit: type=1326 audit(1770498160.799:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.721162][ T30] audit: type=1326 audit(1770498160.839:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=328 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.745446][ T30] audit: type=1326 audit(1770498160.849:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.768500][ T30] audit: type=1326 audit(1770498160.849:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.791211][ T30] audit: type=1326 audit(1770498160.849:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 380.816008][ T30] audit: type=1326 audit(1770498160.849:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7954 comm="syz.3.937" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fc12d99aeb9 code=0x7ffc0000 [ 381.190744][ T7955] FAT-fs (loop1): Directory bread(block 64) failed [ 381.267368][ T7955] FAT-fs (loop1): Directory bread(block 65) failed [ 381.274386][ T7955] FAT-fs (loop1): Directory bread(block 66) failed [ 381.322659][ T7955] FAT-fs (loop1): Directory bread(block 67) failed [ 381.365042][ T7955] FAT-fs (loop1): Directory bread(block 68) failed [ 381.407608][ T7955] FAT-fs (loop1): Directory bread(block 69) failed [ 381.414610][ T7955] FAT-fs (loop1): Directory bread(block 70) failed [ 381.446310][ T30] audit: type=1326 audit(1770498161.649:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7966 comm="syz.0.943" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb499b9aeb9 code=0x7ffc0000 [ 381.482100][ T7955] FAT-fs (loop1): Directory bread(block 71) failed [ 381.524889][ T7955] FAT-fs (loop1): Directory bread(block 72) failed [ 381.563445][ T7955] FAT-fs (loop1): Directory bread(block 73) failed [ 384.487916][ T8012] loop4: detected capacity change from 0 to 512 [ 384.647776][ T8012] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 384.656743][ T8012] EXT4-fs (loop4): orphan cleanup on readonly fs [ 384.706329][ T8012] EXT4-fs warning (device loop4): ext4_enable_quotas:7221: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 384.763714][ T8014] loop2: detected capacity change from 0 to 2048 [ 384.860561][ T8012] EXT4-fs (loop4): Cannot turn on quotas: error -22 [ 384.910249][ T8012] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #13: comm syz.4.965: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 385.020234][ T8012] EXT4-fs error (device loop4): ext4_orphan_get:1396: comm syz.4.965: couldn't read orphan inode 13 (err -117) [ 385.090119][ T8014] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 385.188248][ T8012] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 385.223039][ T8014] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 385.353296][ T8012] EXT4-fs error (device loop4): ext4_lookup:1785: comm syz.4.965: inode #15: comm syz.4.965: iget: illegal inode # [ 385.830256][ T5789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 385.915145][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 386.414857][ T8032] loop4: detected capacity change from 0 to 256 [ 386.947390][ T8032] FAT-fs (loop4): Directory bread(block 64) failed [ 386.954284][ T8032] FAT-fs (loop4): Directory bread(block 65) failed [ 386.992465][ T8032] FAT-fs (loop4): Directory bread(block 66) failed [ 387.037710][ T8032] FAT-fs (loop4): Directory bread(block 67) failed [ 387.044741][ T8032] FAT-fs (loop4): Directory bread(block 68) failed [ 387.107286][ T8032] FAT-fs (loop4): Directory bread(block 69) failed [ 387.114336][ T8032] FAT-fs (loop4): Directory bread(block 70) failed [ 387.197216][ T8032] FAT-fs (loop4): Directory bread(block 71) failed [ 387.204224][ T8032] FAT-fs (loop4): Directory bread(block 72) failed [ 387.273831][ T8032] FAT-fs (loop4): Directory bread(block 73) failed [ 388.408951][ T8059] netlink: 'syz.1.985': attribute type 1 has an invalid length. [ 388.417552][ T8059] netlink: 224 bytes leftover after parsing attributes in process `syz.1.985'. [ 388.427388][ T8059] NCSI netlink: No device for ifindex 0 [ 389.376320][ T8063] loop0: detected capacity change from 0 to 4096 [ 390.583638][ T8085] netlink: 8 bytes leftover after parsing attributes in process `syz.0.998'. [ 391.012922][ T8091] loop4: detected capacity change from 0 to 764 [ 391.057345][ T5836] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 391.148650][ T8091] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 391.298748][ T5836] usb 4-1: Using ep0 maxpacket: 16 [ 391.350391][ T5836] usb 4-1: config 1 has an invalid interface number: 105 but max is 0 [ 391.359086][ T5836] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 391.369648][ T5836] usb 4-1: config 1 has no interface number 0 [ 391.497280][ T5836] usb 4-1: config 1 interface 105 altsetting 2 endpoint 0x4 has invalid wMaxPacketSize 0 [ 391.512050][ T5836] usb 4-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 391.525669][ T5836] usb 4-1: config 1 interface 105 has no altsetting 0 [ 391.733089][ T5836] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 391.743725][ T5836] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.752429][ T5836] usb 4-1: Product: syz [ 391.756832][ T5836] usb 4-1: Manufacturer: syz [ 391.761940][ T5836] usb 4-1: SerialNumber: syz [ 391.910751][ T8100] xt_TCPMSS: Only works on TCP SYN packets [ 392.042290][ T8105] loop1: detected capacity change from 0 to 256 [ 392.128971][ T5836] aqc111 4-1:1.105: probe with driver aqc111 failed with error -22 [ 392.215763][ T8105] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xd67973f8, utbl_chksum : 0xe619d30d) [ 392.346705][ T5836] usb 4-1: USB disconnect, device number 3 [ 392.386346][ T8105] exFAT-fs (loop1): error, in sector 160, dentry 12 should be unused, but 0x85 [ 392.404545][ T8105] exFAT-fs (loop1): Filesystem has been set read-only [ 392.666575][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 392.666655][ T30] audit: type=1326 audit(1770498172.879:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.4.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd0239aeb9 code=0x7ffc0000 [ 392.847654][ T30] audit: type=1326 audit(1770498172.949:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.4.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd0239aeb9 code=0x7ffc0000 [ 392.871673][ T30] audit: type=1326 audit(1770498172.989:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.4.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7fdd0239aeb9 code=0x7ffc0000 [ 392.894435][ T30] audit: type=1326 audit(1770498172.989:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.4.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd0239aeb9 code=0x7ffc0000 [ 392.918416][ T30] audit: type=1326 audit(1770498172.989:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8106 comm="syz.4.1009" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdd0239aeb9 code=0x7ffc0000 [ 394.050086][ T8127] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1019'. [ 394.059614][ T8127] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1019'. [ 394.117914][ T8127] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1019'. [ 394.205977][ T8127] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1019'. [ 395.145646][ T8145] netlink: 14872 bytes leftover after parsing attributes in process `syz.2.1028'. [ 395.980263][ T8161] loop0: detected capacity change from 0 to 16 [ 396.028675][ T8161] erofs (device loop0): mounted with root inode @ nid 36. [ 396.780347][ T8167] loop3: detected capacity change from 0 to 2048 [ 396.824062][ T8167] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 396.983762][ T8176] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 397.022063][ T8175] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1043'. [ 397.657152][ T8183] loop2: detected capacity change from 0 to 128 [ 397.902750][ T8183] FAT-fs (loop2): error, corrupted directory (invalid entries) [ 397.910856][ T8183] FAT-fs (loop2): Filesystem has been set read-only [ 398.148103][ T8191] loop0: detected capacity change from 0 to 8 [ 398.279420][ T8191] cramfs: Error -3 while decompressing! [ 398.285324][ T8191] cramfs: ffffffff9554c088(26)->ffff88812d654000(4096) [ 398.374044][ T8191] cramfs: Error 2 while decompressing! [ 398.380122][ T8191] cramfs: ffffffff9554c0a2(26)->ffff88812d652000(4096) [ 398.398909][ T8191] cramfs: Error -3 while decompressing! [ 398.404865][ T8191] cramfs: ffffffff9554c0bc(16)->ffff88812a707000(4096) [ 398.477971][ T8191] cramfs: Error -3 while decompressing! [ 398.484175][ T8191] cramfs: ffffffff9554c088(26)->ffff88812d654000(4096) [ 398.537702][ T30] audit: type=1800 audit(1770498178.749:36): pid=8191 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.1050" name="file2" dev="loop0" ino=348 res=0 errno=0 [ 398.979804][ T8199] loop1: detected capacity change from 0 to 1024 [ 400.057574][ T8209] bond1: Removing last arp target with arp_interval on [ 400.806668][ T8223] 8021q: adding VLAN 0 to HW filter on device bond0 [ 400.875735][ T8223] bond0: (slave gre0): The slave device specified does not support setting the MAC address [ 400.971332][ T8223] bond0: (slave gre0): Error -95 calling set_mac_address [ 402.101157][ T8239] loop4: detected capacity change from 0 to 512 [ 402.159298][ T8239] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 402.174498][ T8241] netlink: 'syz.3.1071': attribute type 1 has an invalid length. [ 402.211896][ T8239] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c842e02c, mo2=0002] [ 402.269974][ T8239] EXT4-fs (loop4): orphan cleanup on readonly fs [ 402.276583][ T8239] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.1070: bad orphan inode 267 [ 402.398927][ T8239] EXT4-fs (loop4): Remounting filesystem read-only [ 402.491551][ T8239] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 402.529578][ T8246] loop2: detected capacity change from 0 to 512 [ 402.616047][ T8246] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 402.645830][ T8239] EXT4-fs warning (device loop4): dx_probe:861: inode #2: comm syz.4.1070: dx entry: limit 0 != root limit 125 [ 402.658070][ T8239] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.1070: Corrupt directory, running e2fsck is recommended [ 402.794792][ T8246] EXT4-fs (loop2): 1 orphan inode deleted [ 402.805016][ T8246] EXT4-fs (loop2): 1 truncate cleaned up [ 402.890214][ T8246] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 403.087883][ T8246] EXT4-fs error (device loop2): empty_inline_dir:1770: inode #12: block 7: comm syz.2.1073: bad entry in directory: rec_len is too small for name_len - offset=4, inode=13, rec_len=16, size=60 fake=0 [ 403.171180][ T5789] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 403.226276][ T8246] EXT4-fs warning (device loop2): empty_inline_dir:1777: bad inline directory (dir #12) - inode 13, rec_len 16, name_len 53inline size 60 [ 403.735104][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 406.347338][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 406.567360][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 406.619629][ T10] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 406.628717][ T10] usb 4-1: config 179 has no interface number 0 [ 406.672599][ T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 406.672780][ T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 406.672949][ T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 406.673117][ T10] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 406.673278][ T10] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 406.673444][ T10] usb 4-1: config 179 interface 65 has no altsetting 0 [ 406.673621][ T10] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 406.673765][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 406.814788][ T10] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input9 [ 406.954840][ T5122] input input9: unable to receive magic message: -110 [ 406.987795][ T5122] input input9: unable to receive magic message: -32 [ 407.004929][ T5122] input input9: unable to receive magic message: -32 [ 407.077775][ T5122] input input9: unable to receive magic message: -32 [ 407.150241][ T8304] loop2: detected capacity change from 0 to 4096 [ 407.227433][ T8304] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 407.267302][ T5836] usb 4-1: USB disconnect, device number 4 [ 407.267563][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 407.637414][ T8304] ntfs3(loop2): ino=19, mi_enum_attr [ 407.637549][ T8304] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 408.651245][ T7295] Bluetooth: hci0: unexpected event for opcode 0x204e [ 409.260078][ T8332] loop1: detected capacity change from 0 to 512 [ 409.314058][ T8332] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 412.328035][ T8384] loop1: detected capacity change from 0 to 1024 [ 412.494833][ T8384] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 414.277448][ T8415] F2FS-fs: Value of option "test_dummy_encryption" is unrecognized [ 416.574269][ T8447] netlink: 'syz.1.1153': attribute type 1 has an invalid length. [ 418.066648][ T8472] autofs: Bad value for 'fd' [ 418.496619][ T8479] netlink: 'syz.0.1167': attribute type 1 has an invalid length. [ 419.190224][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 419.198445][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 419.653112][ T8497] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1176'. [ 420.164878][ T8503] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1179'. [ 420.174249][ T8503] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1179'. [ 420.966578][ T8515] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 421.127948][ T8519] netlink: 'syz.2.1187': attribute type 2 has an invalid length. [ 421.672366][ T8526] loop3: detected capacity change from 0 to 512 [ 421.688863][ T8529] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 421.754095][ T8528] loop0: detected capacity change from 0 to 512 [ 421.879840][ T8528] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 422.039810][ T8528] EXT4-fs (loop0): 1 truncate cleaned up [ 422.072110][ T8528] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 422.671755][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 423.494169][ T8551] 9pnet_fd: p9_fd_create_tcp (8551): problem connecting socket to 127.0.0.1 [ 424.494929][ T8564] ieee802154 phy0 wpan0: encryption failed: -22 [ 425.105394][ T8577] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1215'. [ 425.197416][ T5845] usb 1-1: new full-speed USB device number 6 using dummy_hcd [ 425.377908][ T5845] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 425.391064][ T5845] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 425.510519][ T5845] usb 1-1: config 0 descriptor?? [ 425.738376][ T8581] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1217'. [ 425.771900][ T8579] loop3: detected capacity change from 0 to 1764 [ 425.794469][ T5845] udl 1-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 425.993815][ T5845] [drm:udl_init] *ERROR* Selecting channel failed [ 426.105045][ T5845] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 426.112875][ T5845] [drm] Initialized udl on minor 2 [ 426.178513][ T5845] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 426.226038][ T5845] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 426.276396][ T10] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 426.320615][ T5845] usb 1-1: USB disconnect, device number 6 [ 426.337860][ T10] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 426.771945][ T8590] loop4: detected capacity change from 0 to 1024 [ 427.383642][ T8596] loop0: detected capacity change from 0 to 2048 [ 427.460909][ T8596] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 427.671690][ T8596] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 428.522743][ T8613] loop0: detected capacity change from 0 to 16 [ 428.609725][ T8613] erofs (device loop0): mounted with root inode @ nid 36. [ 428.926144][ T8617] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1235'. [ 428.965489][ T8618] BTRFS info: 'norecovery' is for compatibility only, recommended to use 'rescue=nologreplay' [ 429.182663][ T8621] loop1: detected capacity change from 0 to 64 [ 429.457763][ T5845] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 429.615867][ T8624] loop0: detected capacity change from 0 to 2048 [ 429.687246][ T5845] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 429.696591][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 429.747321][ T8624] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 429.769829][ T5845] usb 5-1: config 0 descriptor?? [ 429.825433][ T5845] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 429.968272][ T8630] bpf: Bad value for 'mode' [ 430.273521][ T5845] gp8psk: usb out operation failed. [ 430.279254][ T5845] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 430.291621][ T5845] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 430.462382][ T5845] usb 5-1: USB disconnect, device number 7 [ 432.148857][ T8657] Device name not specified. [ 432.148857][ T8657] [ 432.877834][ T8666] loop1: detected capacity change from 0 to 512 [ 433.114837][ T8666] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.1259: couldn't read orphan inode 26 (err -116) [ 433.226612][ T8666] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 433.282299][ T8666] ext4 filesystem being mounted at /251/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 433.425637][ T8666] Quota error (device loop1): do_check_range: Getting block 59136 out of range 0-1 [ 433.853679][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.089013][ T8685] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1267'. [ 435.017915][ T8697] binder: 8696:8697 ioctl c018620c 200000000040 returned -22 [ 435.717672][ T8710] Invalid ELF header magic: != ELF [ 436.218545][ T8715] netlink: 'syz.3.1282': attribute type 23 has an invalid length. [ 437.086728][ T8725] delete_channel: no stack [ 437.098620][ T8729] netlink: 'syz.1.1289': attribute type 1 has an invalid length. [ 438.019143][ T8743] netlink: 'syz.4.1296': attribute type 1 has an invalid length. [ 438.356422][ T8749] loop0: detected capacity change from 0 to 512 [ 438.447486][ T8749] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 438.522955][ T8749] EXT4-fs (loop0): orphan cleanup on readonly fs [ 438.547868][ T8749] EXT4-fs error (device loop0): ext4_orphan_get:1391: comm syz.0.1298: inode #15: comm syz.0.1298: iget: illegal inode # [ 438.722201][ T8749] EXT4-fs error (device loop0): ext4_orphan_get:1396: comm syz.0.1298: couldn't read orphan inode 15 (err -117) [ 438.758602][ T8754] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1301'. [ 438.768135][ T8754] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1301'. [ 438.777660][ T8754] netlink: 19 bytes leftover after parsing attributes in process `syz.4.1301'. [ 438.834855][ T8749] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 438.941153][ T8749] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 439.042634][ T8749] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 439.495194][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 439.795894][ T8765] loop1: detected capacity change from 0 to 512 [ 439.878703][ T8765] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 439.965593][ T8765] EXT4-fs (loop1): 1 truncate cleaned up [ 439.965895][ T8769] loop3: detected capacity change from 0 to 512 [ 440.042942][ T8765] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 440.122042][ T8769] EXT4-fs (loop3): 1 truncate cleaned up [ 440.133737][ T8772] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1309'. [ 440.143445][ T8772] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1309'. [ 440.185972][ T8769] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 440.532097][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.584090][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 440.617378][ T5835] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 440.839614][ T5835] usb 1-1: Using ep0 maxpacket: 8 [ 440.898877][ T5835] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 440.912398][ T8783] syz.1.1313 uses obsolete (PF_INET,SOCK_PACKET) [ 440.971254][ T5835] usb 1-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 440.980880][ T5835] usb 1-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 440.989498][ T5835] usb 1-1: Product: syz [ 440.994407][ T5835] usb 1-1: Manufacturer: syz [ 440.999421][ T5835] usb 1-1: SerialNumber: syz [ 441.351211][ T5835] usb 1-1: Handspring Visor / Palm OS: No valid connect info available [ 441.360173][ T5835] usb 1-1: Handspring Visor / Palm OS: port 208, is for unknown use [ 441.368819][ T5835] usb 1-1: Handspring Visor / Palm OS: port 187, is for Console use [ 441.377220][ T5835] usb 1-1: Handspring Visor / Palm OS: Number of ports: 2 [ 441.572555][ T5835] usb 1-1: palm_os_3_probe - error -71 getting bytes available request [ 441.592730][ T8792] loop2: detected capacity change from 0 to 128 [ 441.597699][ T5835] visor 1-1:1.0: Handspring Visor / Palm OS converter detected [ 441.636780][ T8792] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 441.665035][ T8792] ext4 filesystem being mounted at /275/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 441.675963][ T5835] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 441.719405][ T5835] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 441.828640][ T5835] usb 1-1: USB disconnect, device number 7 [ 441.899203][ T5835] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 441.985106][ T5835] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 442.027597][ T5780] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 442.040328][ T5835] visor 1-1:1.0: device disconnected [ 442.494585][ T8805] xt_SECMARK: invalid mode: 2 [ 443.728311][ T8828] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1335'. [ 444.235766][ T8833] loop3: detected capacity change from 0 to 1024 [ 444.316065][ T8833] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 444.498452][ T8842] libceph: resolve '0.' (ret=-3): failed [ 444.531893][ T8833] EXT4-fs error (device loop3): ext4_search_dir:1474: inode #12: block 7: comm syz.3.1338: bad entry in directory: inode out of bounds - offset=0, inode=150994957, rec_len=16, size=56 fake=0 [ 444.559434][ T8833] EXT4-fs (loop3): Remounting filesystem read-only [ 444.660428][ T8844] cgroup: release_agent respecified [ 444.962163][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 445.102560][ T8848] capability: warning: `syz.1.1344' uses deprecated v2 capabilities in a way that may be insecure [ 445.568121][ T30] audit: type=1400 audit(1770498225.789:37): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name="#(%#{//&@\)//&" pid=8853 comm="syz.2.1347" [ 451.274174][ T8952] RDS: rds_bind could not find a transport for fc01::1, load rds_tcp or rds_rdma? [ 451.785954][ T8959] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1399'. [ 451.803195][ T8959] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1399'. [ 451.857180][ T8963] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1401'. [ 453.501221][ T5835] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 453.746010][ T5835] usb 2-1: config 160 has an invalid interface number: 200 but max is 0 [ 453.754795][ T5835] usb 2-1: config 160 has no interface number 0 [ 453.807152][ T5835] usb 2-1: config 160 interface 200 has no altsetting 0 [ 453.850377][ T5835] usb 2-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 453.863069][ T5835] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.871722][ T5835] usb 2-1: Product: syz [ 453.876103][ T5835] usb 2-1: Manufacturer: syz [ 453.881072][ T5835] usb 2-1: SerialNumber: syz [ 454.290297][ T5835] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 454.317229][ T5835] usb 2-1: MIDIStreaming interface descriptor not found [ 454.595367][ T5835] usb 2-1: USB disconnect, device number 6 [ 455.085812][ T9014] tipc: Can't bind to reserved service type 0 [ 455.202186][ T9016] RDS: rds_bind could not find a transport for ::ffff:172.30.1.3, load rds_tcp or rds_rdma? [ 456.207285][ T5835] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 456.452498][ T5835] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 456.466170][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 456.474676][ T5835] usb 5-1: Product: syz [ 456.479154][ T5835] usb 5-1: Manufacturer: syz [ 456.484081][ T5835] usb 5-1: SerialNumber: syz [ 456.614672][ T5835] usb 5-1: config 0 descriptor?? [ 456.784428][ T9045] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.1441'. [ 456.895982][ T5835] hso 5-1:0.0: Failed to find BULK IN ep [ 456.924215][ T5835] usb-storage 5-1:0.0: USB Mass Storage device detected [ 457.084738][ T5835] usb 5-1: USB disconnect, device number 8 [ 457.439217][ T9057] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1445'. [ 458.174076][ T9067] md: async del_gendisk mode will be removed in future, please upgrade to mdadm-4.5+ [ 458.195758][ T9067] block device autoloading is deprecated and will be removed. [ 458.292758][ T5835] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 458.477734][ T5835] usb 1-1: unable to get BOS descriptor or descriptor too short [ 458.499276][ T5835] usb 1-1: not running at top speed; connect to a high speed hub [ 458.522658][ T5835] usb 1-1: config 129 has an invalid interface number: 135 but max is 0 [ 458.531547][ T5835] usb 1-1: config 129 has an invalid interface number: 5 but max is 0 [ 458.540138][ T5835] usb 1-1: config 129 has 2 interfaces, different from the descriptor's value: 1 [ 458.556178][ T5835] usb 1-1: config 129 has no interface number 0 [ 458.564746][ T5835] usb 1-1: config 129 has no interface number 1 [ 458.640699][ T5835] usb 1-1: config 129 interface 135 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 458.661463][ T5835] usb 1-1: too many endpoints for config 129 interface 5 altsetting 7: 37, using maximum allowed: 30 [ 458.685886][ T5835] usb 1-1: config 129 interface 5 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 37 [ 458.699602][ T5835] usb 1-1: config 129 interface 135 has no altsetting 0 [ 458.707216][ T5835] usb 1-1: config 129 interface 5 has no altsetting 0 [ 458.765101][ T5835] usb 1-1: language id specifier not provided by device, defaulting to English [ 458.863695][ T5835] usb 1-1: New USB device found, idVendor=2040, idProduct=721f, bcdDevice=f2.00 [ 458.873282][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.882468][ T5835] usb 1-1: SerialNumber: syz [ 458.998208][ T9076] netlink: 'syz.4.1456': attribute type 4 has an invalid length. [ 459.280250][ T5835] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 459.307747][ T5835] usb 1-1: MIDIStreaming interface descriptor not found [ 459.319529][ T9079] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1457'. [ 459.589573][ T5835] usb 1-1: USB disconnect, device number 8 [ 460.046846][ T9088] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 460.304081][ C1] sd 0:0:1:0: [sda] tag#220 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 460.315163][ C1] sd 0:0:1:0: [sda] tag#220 CDB: Write(6) 0a 00 72 47 43 76 [ 460.559704][ T9096] binder: Bad value for 'stats' [ 460.879494][ T9102] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1467'. [ 460.889237][ T9102] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 461.393497][ T9108] loop2: detected capacity change from 0 to 256 [ 461.599461][ T9112] netlink: 4276 bytes leftover after parsing attributes in process `syz.3.1473'. [ 461.626827][ T9114] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1474'. [ 461.657882][ T9112] netlink: 4276 bytes leftover after parsing attributes in process `syz.3.1473'. [ 461.667816][ T9112] netlink: 396 bytes leftover after parsing attributes in process `syz.3.1473'. [ 461.695797][ T9114] gre0: entered promiscuous mode [ 462.562324][ T9122] netdevsim netdevsim4: Direct firmware load for / [ 462.562324][ T9122] failed with error -2 [ 462.573700][ T9122] netdevsim netdevsim4: Falling back to sysfs fallback for: / [ 462.573700][ T9122] [ 462.898189][ T5835] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 463.102705][ T5835] usb 2-1: Using ep0 maxpacket: 16 [ 463.171330][ T5835] usb 2-1: config 4 has an invalid interface number: 9 but max is 0 [ 463.179913][ T5835] usb 2-1: config 4 has no interface number 0 [ 463.214230][ T5835] usb 2-1: config 4 interface 9 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 463.224929][ T5835] usb 2-1: config 4 interface 9 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 463.239376][ T5835] usb 2-1: config 4 interface 9 has no altsetting 0 [ 463.318734][ T5835] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=76.fe [ 463.328346][ T5835] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.336676][ T5835] usb 2-1: Product: syz [ 463.341830][ T5835] usb 2-1: Manufacturer: syz [ 463.346671][ T5835] usb 2-1: SerialNumber: syz [ 463.517706][ T9125] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 463.587873][ T9125] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 463.624431][ T6014] udevd[6014]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 463.703248][ T5835] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 463.892552][ T5845] usb 2-1: USB disconnect, device number 7 [ 463.903032][ T3438] usb 2-1: Failed to submit usb control message: -71 [ 463.910418][ T3438] usb 2-1: unable to send the bmi data to the device: -71 [ 463.917970][ T3438] usb 2-1: unable to get target info from device [ 463.924556][ T3438] usb 2-1: could not get target info (-71) [ 464.091064][ T3438] usb 2-1: could not probe fw (-71) [ 465.054247][ T6014] udevd[6014]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:129.5/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 465.780468][ T9155] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1490'. [ 465.790446][ T9155] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1490'. [ 467.497177][ T5845] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 467.587768][ T9178] loop0: detected capacity change from 0 to 512 [ 467.755545][ T9178] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.1500: bad orphan inode 13 [ 467.846606][ T9178] ext4_test_bit(bit=12, block=4) = 1 [ 467.852878][ T9178] is_bad_inode(inode)=0 [ 467.857521][ T9178] NEXT_ORPHAN(inode)=0 [ 467.861788][ T9178] max_ino=32 [ 467.866124][ T9178] i_nlink=1 [ 467.912847][ T9178] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 468.018665][ T5845] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 468.029147][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.038171][ T5845] usb 3-1: Product: syz [ 468.042564][ T5845] usb 3-1: Manufacturer: syz [ 468.047583][ T5845] usb 3-1: SerialNumber: syz [ 468.109592][ T9178] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.1500: Unrecognised inode hash code 20 [ 468.121708][ T9178] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.1500: Corrupt directory, running e2fsck is recommended [ 468.170082][ T5845] r8152-cfgselector 3-1: Unknown version 0x0000 [ 468.178184][ T5845] r8152-cfgselector 3-1: config 0 descriptor?? [ 468.260537][ T9178] EXT4-fs warning (device loop0): dx_probe:801: inode #2: comm syz.0.1500: Unrecognised inode hash code 20 [ 468.272736][ T9178] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.1500: Corrupt directory, running e2fsck is recommended [ 468.429474][ T9178] EXT4-fs error (device loop0): ext4_find_dest_de:2050: inode #2: block 13: comm syz.0.1500: bad entry in directory: directory entry overrun - offset=108, inode=4294901777, rec_len=1024, size=1024 fake=0 [ 468.870416][ T5835] r8152-cfgselector 3-1: USB disconnect, device number 6 [ 469.157066][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 471.429067][ T9213] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1517'. [ 471.670842][ T9216] loop2: detected capacity change from 0 to 1024 [ 471.693379][ T9208] loop0: detected capacity change from 0 to 4096 [ 471.945808][ T9216] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 472.080446][ T9216] EXT4-fs error (device loop2): __ext4_new_inode:1073: comm syz.2.1518: reserved inode found cleared - inode=18 [ 472.136715][ T9224] netlink: 'syz.4.1521': attribute type 4 has an invalid length. [ 472.595065][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 472.818268][ T9230] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1524'. [ 473.156784][ T9237] netlink: 'syz.1.1527': attribute type 10 has an invalid length. [ 473.286232][ T9237] .`: (slave vlan1): Opening slave failed [ 473.962739][ T9241] loop0: detected capacity change from 0 to 512 [ 474.016532][ T9241] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 474.099573][ T9241] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 474.210805][ T9241] ext4 filesystem being mounted at /299/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 475.001708][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 475.573505][ T9264] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1540'. [ 477.048338][ T9287] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1550'. [ 477.061534][ T9287] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1550'. [ 477.774300][ T9301] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1557'. [ 479.451023][ T9328] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1570'. [ 480.087932][ T9339] netlink: 'syz.3.1575': attribute type 10 has an invalid length. [ 480.147968][ T9339] bridge0: port 2(bridge_slave_1) entered disabled state [ 480.157987][ T9339] bridge0: port 1(bridge_slave_0) entered disabled state [ 480.403618][ T9339] bridge0: port 2(bridge_slave_1) entered blocking state [ 480.411579][ T9339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 480.420427][ T9339] bridge0: port 1(bridge_slave_0) entered blocking state [ 480.428159][ T9339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 480.484617][ T9343] loop1: detected capacity change from 0 to 64 [ 480.495509][ T9339] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 480.619934][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 480.626630][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 480.708511][ T9343] Trying to free block not in datazone [ 480.714259][ T9343] Trying to free block not in datazone [ 480.720343][ T9343] Trying to free block not in datazone [ 480.725965][ T9343] Trying to free block not in datazone [ 480.731767][ T9343] minix_free_block (loop1:6): bit already cleared [ 480.738538][ T9343] Trying to free block not in datazone [ 480.744227][ T9343] Trying to free block not in datazone [ 481.598302][ T9354] loop3: detected capacity change from 0 to 1024 [ 482.231773][ T12] hfsplus: b-tree write err: -5, ino 4 [ 482.288989][ T9367] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1588'. [ 482.691012][ T9373] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1591'. [ 482.779823][ T9373] netlink: 312 bytes leftover after parsing attributes in process `syz.3.1591'. [ 483.243688][ T9381] loop0: detected capacity change from 0 to 1024 [ 483.688936][ T9388] openvswitch: netlink: Actions may not be safe on all matching packets [ 483.847773][ T2996] hfsplus: b-tree write err: -5, ino 4 [ 484.265292][ T9394] netlink: 'syz.3.1601': attribute type 16 has an invalid length. [ 484.379893][ T9397] usb usb7: usbfs: process 9397 (syz.0.1600) did not claim interface 0 before use [ 484.541947][ T5835] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 484.747384][ T5835] usb 3-1: Using ep0 maxpacket: 8 [ 484.817356][ T5835] usb 3-1: unable to get BOS descriptor or descriptor too short [ 484.870342][ T5835] usb 3-1: config 8 has an invalid interface number: 255 but max is 0 [ 484.878976][ T5835] usb 3-1: config 8 has no interface number 0 [ 484.927228][ T5835] usb 3-1: config 8 interface 255 has no altsetting 0 [ 484.985348][ T5835] usb 3-1: string descriptor 0 read error: -22 [ 484.998607][ T5835] usb 3-1: New USB device found, idVendor=0423, idProduct=000a, bcdDevice= 0.00 [ 485.008366][ T5835] usb 3-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 485.161745][ T9408] xt_addrtype: output interface limitation not valid in PREROUTING and INPUT [ 485.659240][ T5835] eth%d: CATC EL1210A NetMate USB Ethernet at usb-dummy_hcd.2-1, 30:0f:f6:4d:80:88. [ 485.925444][ T9416] loop0: detected capacity change from 0 to 1024 [ 485.937979][ T5835] usb 3-1: USB disconnect, device number 7 [ 486.471798][ T35] hfsplus: b-tree write err: -5, ino 4 [ 487.660761][ T9442] loop0: detected capacity change from 0 to 128 [ 487.726798][ T9445] loop3: detected capacity change from 0 to 64 [ 487.980834][ T9447] loop2: detected capacity change from 0 to 128 [ 488.101055][ T30] audit: type=1800 audit(1770498268.319:38): pid=9447 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1627" name="file0" dev="loop2" ino=1048622 res=0 errno=0 [ 488.497226][ T5835] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 488.710871][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 488.722489][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 488.732785][ T5835] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 488.742289][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 488.883444][ T5835] usb 5-1: config 0 descriptor?? [ 488.920512][ T5835] hub 5-1:0.0: USB hub found [ 489.109976][ T9455] loop3: detected capacity change from 0 to 4096 [ 489.157561][ T5835] hub 5-1:0.0: 3 ports detected [ 489.203522][ T9455] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 489.316168][ T9465] kernel profiling enabled (shift: 16) [ 489.362703][ T5835] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 489.379342][ T5835] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 489.526960][ T5835] usbhid 5-1:0.0: can't add hid device: -71 [ 489.533850][ T5835] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 489.545761][ T9467] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1637'. [ 489.637187][ T9467] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1637'. [ 489.667786][ T5835] usb 5-1: USB disconnect, device number 9 [ 489.691621][ T9455] ntfs3(loop3): ino=19, mi_enum_attr [ 489.727350][ T9455] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 490.751623][ T9481] loop3: detected capacity change from 0 to 512 [ 490.797642][ T9481] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 490.865550][ T9481] EXT4-fs error (device loop3): ext4_get_journal_inode:5849: comm syz.3.1641: inode #1792: comm syz.3.1641: iget: illegal inode # [ 490.940339][ T9481] EXT4-fs (loop3): Remounting filesystem read-only [ 490.947504][ T9481] EXT4-fs (loop3): no journal found [ 490.952957][ T9481] EXT4-fs (loop3): can't get journal size [ 491.057848][ T9481] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 491.180459][ T9481] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 491.289924][ T9481] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.403021][ T9481] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 491.887690][ T9494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1649'. [ 492.290044][ T9498] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1651'. [ 492.521409][ T9502] netlink: 'syz.3.1653': attribute type 7 has an invalid length. [ 492.530571][ T9502] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1653'. [ 493.818522][ T9519] xt_l2tp: invalid flags combination: 0 [ 495.228471][ T9534] tmpfs: Bad value for 'usrquota_inode_hardlimit' [ 496.520520][ T9549] netlink: 'syz.4.1677': attribute type 2 has an invalid length. [ 496.528731][ T9549] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1677'. [ 497.333750][ T9560] netlink: 'syz.3.1681': attribute type 10 has an invalid length. [ 498.104680][ T9572] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1688'. [ 498.116356][ T9572] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1688'. [ 500.416284][ T9603] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1703'. [ 500.779329][ T5845] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 500.968265][ T5845] usb 4-1: Using ep0 maxpacket: 16 [ 500.991204][ T9613] openvswitch: netlink: IP tunnel attribute has 1620 unknown bytes. [ 501.014167][ T5845] usb 4-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 501.024954][ T5845] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 501.126679][ T5845] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 501.136482][ T5845] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 501.145906][ T5845] usb 4-1: Product: syz [ 501.150824][ T5845] usb 4-1: Manufacturer: syz [ 501.155626][ T5845] usb 4-1: SerialNumber: syz [ 501.610734][ T5845] usb 4-1: 0:2 : does not exist [ 501.615967][ T5845] usb 4-1: unit 48 not found! [ 501.795626][ T5845] usb 4-1: USB disconnect, device number 5 [ 502.130679][ T7000] udevd[7000]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 502.522873][ T9631] netlink: 'syz.2.1717': attribute type 1 has an invalid length. [ 502.531734][ T9631] netlink: 224 bytes leftover after parsing attributes in process `syz.2.1717'. [ 505.421283][ T9671] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1737'. [ 505.644557][ T9675] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1739'. [ 506.064452][ T9679] loop0: detected capacity change from 0 to 64 [ 506.183813][ T9681] netlink: 96 bytes leftover after parsing attributes in process `syz.3.1742'. [ 506.587941][ T9685] sctp: [Deprecated]: syz.4.1744 (pid 9685) Use of int in maxseg socket option. [ 506.587941][ T9685] Use struct sctp_assoc_value instead [ 506.667450][ T10] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 506.858189][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 506.882656][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 506.893871][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 507.066018][ T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 507.075759][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 507.085090][ T10] usb 2-1: Product: syz [ 507.089892][ T10] usb 2-1: Manufacturer: syz [ 507.094694][ T10] usb 2-1: SerialNumber: syz [ 507.538011][ T10] usb 2-1: 0:2 : does not exist [ 507.565617][ T9699] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1751'. [ 507.575467][ T9699] netlink: 96 bytes leftover after parsing attributes in process `syz.0.1751'. [ 507.592395][ T10] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 507.792576][ T10] usb 2-1: USB disconnect, device number 8 [ 508.138009][ T7000] udevd[7000]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 510.607597][ T5845] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 510.807174][ T5845] usb 1-1: Using ep0 maxpacket: 16 [ 510.873504][ T5845] usb 1-1: config 0 has an invalid interface number: 34 but max is 0 [ 510.882156][ T5845] usb 1-1: config 0 has no interface number 0 [ 510.938016][ T5845] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 510.948557][ T5845] usb 1-1: config 0 interface 34 altsetting 0 endpoint 0x82 has invalid maxpacket 1104, setting to 1024 [ 510.960878][ T5845] usb 1-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 511.063926][ T5845] usb 1-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73 [ 511.073527][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.083064][ T5845] usb 1-1: Product: syz [ 511.087948][ T5845] usb 1-1: Manufacturer: syz [ 511.092751][ T5845] usb 1-1: SerialNumber: syz [ 511.180662][ T5845] usb 1-1: config 0 descriptor?? [ 511.189450][ T9737] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 511.208213][ T9737] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 511.242569][ T9750] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1777'. [ 511.499884][ T9737] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 511.578199][ T9737] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 511.822564][ T5845] asix 1-1:0.34 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 511.844823][ T5845] asix 1-1:0.34: probe with driver asix failed with error -71 [ 511.924168][ T5845] usb 1-1: USB disconnect, device number 9 [ 512.353043][ T9767] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1785'. [ 513.112000][ T9772] loop1: detected capacity change from 0 to 764 [ 513.181262][ T9777] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1789'. [ 513.211200][ T9772] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 513.843257][ T9785] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1794'. [ 513.865717][ T9787] loop1: detected capacity change from 0 to 136 [ 513.900457][ T9787] Attempt to read inode for relocated directory [ 514.316648][ T9790] macvlan1: mtu greater than device maximum [ 514.587290][ T5845] usb 3-1: new full-speed USB device number 8 using dummy_hcd [ 514.633714][ T10] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 514.812963][ T5845] usb 3-1: config 0 has an invalid interface number: 151 but max is 0 [ 514.821829][ T5845] usb 3-1: config 0 has no interface number 0 [ 514.841229][ T9799] loop4: detected capacity change from 0 to 64 [ 514.859607][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 514.897832][ T10] usb 1-1: config 0 has an invalid interface number: 191 but max is 0 [ 514.906397][ T10] usb 1-1: config 0 has no interface number 0 [ 514.960642][ T5845] usb 3-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 514.971102][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.980035][ T5845] usb 3-1: Product: syz [ 514.984463][ T5845] usb 3-1: Manufacturer: syz [ 514.989528][ T5845] usb 3-1: SerialNumber: syz [ 515.007283][ T10] usb 1-1: config 0 interface 191 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 24 [ 515.047779][ T10] usb 1-1: New USB device found, idVendor=0789, idProduct=0160, bcdDevice=2c.d1 [ 515.057866][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.066117][ T10] usb 1-1: Product: syz [ 515.072417][ T10] usb 1-1: Manufacturer: syz [ 515.077700][ T10] usb 1-1: SerialNumber: syz [ 515.104316][ T5845] usb 3-1: config 0 descriptor?? [ 515.201045][ T10] usb 1-1: config 0 descriptor?? [ 515.245608][ T9793] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 515.564879][ T9793] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 515.683340][ T5845] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 515.869084][ T10] asix 1-1:0.191 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 515.905613][ T10] asix 1-1:0.191: probe with driver asix failed with error -71 [ 516.011936][ T10] usb 1-1: USB disconnect, device number 10 [ 516.082284][ T5845] usb 3-1: USB disconnect, device number 8 [ 516.344984][ T6345] udevd[6345]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 517.216781][ T9818] loop2: detected capacity change from 0 to 1024 [ 517.322394][ T9818] EXT4-fs: inline encryption not supported [ 517.423478][ T9818] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 517.575515][ T9818] EXT4-fs error (device loop2): ext4_map_blocks:783: inode #3: block 2: comm syz.2.1810: lblock 2 mapped to illegal pblock 2 (length 1) [ 517.714012][ T9818] EXT4-fs (loop2): Remounting filesystem read-only [ 517.721093][ T9818] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 517.778990][ T9818] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 517.808831][ T9818] EXT4-fs (loop2): 1 orphan inode deleted [ 517.828738][ T9818] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 517.912500][ T9829] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1815'. [ 518.018314][ T9818] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 518.962972][ T9843] loop3: detected capacity change from 0 to 256 [ 518.987749][ T9843] exfat: Deprecated parameter 'namecase' [ 518.994166][ T5845] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 519.187181][ T5845] usb 1-1: Using ep0 maxpacket: 16 [ 519.193850][ T9843] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1cbb3694, utbl_chksum : 0xe619d30d) [ 519.233900][ T5845] usb 1-1: unable to get BOS descriptor or descriptor too short [ 519.277094][ T5845] usb 1-1: config 103 interface 0 has no altsetting 0 [ 519.393692][ T5845] usb 1-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice= c.85 [ 519.403528][ T5845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.404544][ T9849] netlink: 260 bytes leftover after parsing attributes in process `syz.2.1825'. [ 519.411995][ T5845] usb 1-1: SerialNumber: ꈠ䰥缎䜙덟㊴뺅眡얾䞮풥⛢稶붊㋮輁Ғ偧箁ኮ劲﬒妳㯩 [ 519.785465][ T5845] asix 1-1:103.0: probe with driver asix failed with error -22 [ 519.873648][ T5845] usb 1-1: USB disconnect, device number 11 [ 521.495058][ T9874] netlink: 'syz.3.1837': attribute type 1 has an invalid length. [ 521.637296][ T5835] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 521.838031][ T5835] usb 3-1: Using ep0 maxpacket: 8 [ 521.881952][ T5835] usb 3-1: unable to get BOS descriptor or descriptor too short [ 521.920671][ T5835] usb 3-1: config 9 has an invalid interface number: 210 but max is 1 [ 521.930631][ T5835] usb 3-1: config 9 has an invalid interface number: 28 but max is 1 [ 521.946031][ T5835] usb 3-1: config 9 has no interface number 0 [ 521.954497][ T5835] usb 3-1: config 9 has no interface number 1 [ 522.029547][ T5835] usb 3-1: config 9 interface 210 altsetting 14 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 522.048039][ T5835] usb 3-1: config 9 interface 210 altsetting 14 bulk endpoint 0xF has invalid maxpacket 1023 [ 522.060861][ T5835] usb 3-1: config 9 interface 210 has no altsetting 0 [ 522.068115][ T5835] usb 3-1: config 9 interface 28 has no altsetting 0 [ 522.206104][ T5835] usb 3-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=7a.93 [ 522.216779][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 522.225283][ T5835] usb 3-1: Product: syz [ 522.229944][ T5835] usb 3-1: Manufacturer: syz [ 522.234842][ T5835] usb 3-1: SerialNumber: syz [ 522.386542][ T9872] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 522.532501][ T5845] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 522.735396][ T5845] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 522.749019][ T5845] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 522.807621][ T5835] cdc_acm 3-1:9.28: More than one union descriptor, skipping ... [ 522.816248][ T5835] cdc_acm 3-1:9.28: skipping garbage [ 522.832291][ T5845] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 522.841790][ T5845] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 522.850485][ T5845] usb 5-1: SerialNumber: syz [ 522.924945][ T5835] usb 3-1: USB disconnect, device number 9 [ 523.034391][ T5845] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 523.071906][ T5845] usb-storage 5-1:1.0: USB Mass Storage device detected [ 523.167858][ T5845] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 523.237928][ T5845] scsi host1: usb-storage 5-1:1.0 [ 523.594756][ T9901] xt_policy: neither incoming nor outgoing policy selected [ 524.182682][ T9908] netlink: 'syz.3.1852': attribute type 1 has an invalid length. [ 524.308785][ T30] audit: type=1326 audit(1770498304.519:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9909 comm="syz.1.1853" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fba54d9aeb9 code=0x0 [ 524.521837][ T9906] loop0: detected capacity change from 0 to 4096 [ 525.439523][ T5835] usb 5-1: USB disconnect, device number 10 [ 525.931680][ T9929] netlink: 7 bytes leftover after parsing attributes in process `syz.4.1862'. [ 525.989727][ T9929] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1862'. [ 527.250544][ T9947] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 528.535601][ T9957] loop2: detected capacity change from 0 to 4096 [ 528.605420][ T9970] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1882'. [ 528.615285][ T9957] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 528.833958][ T9972] netlink: 'syz.3.1883': attribute type 1 has an invalid length. [ 528.842225][ T9972] netlink: 'syz.3.1883': attribute type 1 has an invalid length. [ 528.977877][ T9957] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 529.261573][ T9977] netlink: 'syz.0.1885': attribute type 21 has an invalid length. [ 529.270034][ T9977] netlink: 128 bytes leftover after parsing attributes in process `syz.0.1885'. [ 529.329942][ T9977] netlink: 'syz.0.1885': attribute type 4 has an invalid length. [ 529.338252][ T9977] netlink: 'syz.0.1885': attribute type 3 has an invalid length. [ 529.346181][ T9977] netlink: 3 bytes leftover after parsing attributes in process `syz.0.1885'. [ 531.262640][T10007] loop0: detected capacity change from 0 to 64 [ 531.498641][T10011] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1902'. [ 531.508344][T10011] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1902'. [ 532.324102][T10023] loop1: detected capacity change from 0 to 256 [ 532.715343][T10023] FAT-fs (loop1): Directory bread(block 64) failed [ 532.737639][T10023] FAT-fs (loop1): Directory bread(block 65) failed [ 532.744608][T10023] FAT-fs (loop1): Directory bread(block 66) failed [ 532.815142][T10023] FAT-fs (loop1): Directory bread(block 67) failed [ 532.855061][T10023] FAT-fs (loop1): Directory bread(block 68) failed [ 532.876749][T10023] FAT-fs (loop1): Directory bread(block 69) failed [ 532.884162][T10023] FAT-fs (loop1): Directory bread(block 70) failed [ 532.953273][T10023] FAT-fs (loop1): Directory bread(block 71) failed [ 533.008271][T10023] FAT-fs (loop1): Directory bread(block 72) failed [ 533.087221][T10023] FAT-fs (loop1): Directory bread(block 73) failed [ 533.419350][T10023] /dev/loop1: Can't open blockdev [ 533.685744][T10038] loop0: detected capacity change from 0 to 512 [ 533.820674][T10040] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1916'. [ 533.921308][T10038] EXT4-fs error (device loop0): ext4_orphan_get:1417: comm syz.0.1915: bad orphan inode 13 [ 533.933968][T10038] ext4_test_bit(bit=12, block=4) = 1 [ 533.941424][T10038] is_bad_inode(inode)=0 [ 533.946193][T10038] NEXT_ORPHAN(inode)=0 [ 533.950651][T10038] max_ino=32 [ 533.954015][T10038] i_nlink=1 [ 534.068577][T10038] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 534.184310][T10038] EXT4-fs warning (device loop0): dx_probe:813: inode #2: comm syz.0.1915: Hash code is SIPHASH, but hash not in dirent [ 534.197719][T10038] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.1915: Corrupt directory, running e2fsck is recommended [ 534.368202][T10038] EXT4-fs warning (device loop0): dx_probe:813: inode #2: comm syz.0.1915: Hash code is SIPHASH, but hash not in dirent [ 534.381404][T10038] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.1915: Corrupt directory, running e2fsck is recommended [ 534.467788][T10038] EXT4-fs error (device loop0): ext4_find_dest_de:2050: inode #2: block 13: comm syz.0.1915: bad entry in directory: directory entry overrun - offset=24, inode=0, rec_len=131076, size=1024 fake=0 [ 534.607984][T10052] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1921'. [ 534.952372][ T5786] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 535.197864][T10056] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1923'. [ 535.217847][T10056] netlink: 'syz.2.1923': attribute type 2 has an invalid length. [ 535.245550][T10061] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1924'. [ 535.786443][T10064] sctp: [Deprecated]: syz.2.1927 (pid 10064) Use of struct sctp_assoc_value in delayed_ack socket option. [ 535.786443][T10064] Use struct sctp_sack_info instead [ 536.468667][T10079] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1934'. [ 536.508426][T10079] veth1: entered promiscuous mode [ 536.639318][T10079] netlink: 'syz.1.1934': attribute type 8 has an invalid length. [ 536.647628][T10079] A link change request failed with some changes committed already. Interface veth1 may have been left with an inconsistent configuration, please check. [ 537.147621][ T10] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 537.360426][ T10] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 537.371203][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 537.418123][ T10] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 537.427910][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 537.436154][ T10] usb 5-1: SerialNumber: syz [ 537.806004][ T10] usb 5-1: 0:2 : does not exist [ 537.827759][ T10] usb 5-1: unit 5 not found! [ 537.880867][T10097] netlink: 'syz.3.1943': attribute type 11 has an invalid length. [ 538.004755][ T10] usb 5-1: USB disconnect, device number 11 [ 538.159193][T10099] loop1: detected capacity change from 0 to 512 [ 538.206635][T10099] EXT4-fs: Ignoring removed oldalloc option [ 538.259800][T10102] netlink: 'syz.0.1946': attribute type 3 has an invalid length. [ 538.271520][T10102] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 538.368900][T10099] EXT4-fs error (device loop1): ext4_xattr_inode_iget:437: comm syz.1.1944: Parent and EA inode have the same ino 15 [ 538.456808][T10099] EXT4-fs (loop1): 1 orphan inode deleted [ 538.509123][T10099] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 538.558688][ T10] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 538.659097][T10099] EXT4-fs error (device loop1): ext4_lookup:1789: inode #2: comm syz.1.1944: deleted inode referenced: 15 [ 538.683353][ T7000] udevd[7000]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 538.784946][ T10] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 538.793815][ T10] usb 3-1: config 220 has an invalid descriptor of length 251, skipping remainder of the config [ 538.804941][ T10] usb 3-1: config 220 has no interface number 2 [ 538.877227][ T10] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 538.891367][ T10] usb 3-1: config 220 interface 0 has no altsetting 0 [ 538.898630][ T10] usb 3-1: config 220 interface 76 has no altsetting 0 [ 538.905739][ T10] usb 3-1: config 220 interface 1 has no altsetting 0 [ 539.024919][ T10] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 539.035383][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 539.044256][ T10] usb 3-1: Product: syz [ 539.048765][ T10] usb 3-1: Manufacturer: syz [ 539.053570][ T10] usb 3-1: SerialNumber: syz [ 539.186123][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 539.548325][ T10] usb 3-1: selecting invalid altsetting 0 [ 539.592082][ T10] uvcvideo 3-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 539.600602][ T10] uvcvideo 3-1:220.0: No valid video chain found. [ 539.716598][ T10] usb 3-1: selecting invalid altsetting 0 [ 539.723110][ T10] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 539.800991][ T10] usb 3-1: USB disconnect, device number 10 [ 540.077363][ T5835] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 540.317381][ T5835] usb 5-1: Using ep0 maxpacket: 8 [ 540.348446][ T5835] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 540.357096][ T5835] usb 5-1: config 0 has no interface number 0 [ 540.447302][ T5835] usb 5-1: config 0 interface 1 has no altsetting 0 [ 540.517790][ T5835] usb 5-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 540.527288][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.535641][ T5835] usb 5-1: Product: syz [ 540.540241][ T5835] usb 5-1: Manufacturer: syz [ 540.545061][ T5835] usb 5-1: SerialNumber: syz [ 540.595398][T10127] netlink: 'syz.3.1957': attribute type 12 has an invalid length. [ 540.632508][ T5835] usb 5-1: config 0 descriptor?? [ 540.943641][ T5835] i2c-cp2615 5-1:0.1: probe with driver i2c-cp2615 failed with error -22 [ 541.163617][ T5835] usb 5-1: USB disconnect, device number 12 [ 541.795438][T10145] loop0: detected capacity change from 0 to 164 [ 541.997303][T10145] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 542.060013][ T1286] ieee802154 phy0 wpan0: encryption failed: -22 [ 542.066724][ T1286] ieee802154 phy1 wpan1: encryption failed: -22 [ 542.347954][T10153] xt_CT: You must specify a L4 protocol and not use inversions on it [ 543.528783][T10168] openvswitch: netlink: Key type 10502 is out of range max 32 [ 544.757999][T10188] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1986'. [ 544.847413][T10188] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1986'. [ 546.020179][T10209] netlink: 128124 bytes leftover after parsing attributes in process `syz.3.1996'. [ 546.038505][T10211] netlink: 'syz.2.1997': attribute type 16 has an invalid length. [ 546.046560][T10211] netlink: 64138 bytes leftover after parsing attributes in process `syz.2.1997'. [ 546.841511][T10223] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2001'. [ 546.867686][T10224] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 547.487211][T10236] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.2009'. [ 548.372279][T10251] sock: sock_timestamping_bind_phc: sock not bind to device [ 548.537404][ T10] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 548.734510][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 548.770912][ T10] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 548.836579][ T10] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 548.846319][ T10] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 548.854889][ T10] usb 4-1: Product: syz [ 548.859578][ T10] usb 4-1: Manufacturer: syz [ 548.865551][ T10] usb 4-1: SerialNumber: syz [ 548.891323][T10257] pimreg: entered allmulticast mode [ 549.187691][ T5835] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 549.258477][ T10] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 549.266771][ T10] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 549.278170][ T10] usb 4-1: Handspring Visor / Palm OS: Number of ports: 2 [ 549.449248][ T10] usb 4-1: palm_os_3_probe - error -71 getting bytes available request [ 549.467555][ T5835] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 549.480044][ T10] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 549.493453][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 549.501833][ T5835] usb 1-1: Product: syz [ 549.506233][ T5835] usb 1-1: Manufacturer: syz [ 549.511213][ T5835] usb 1-1: SerialNumber: syz [ 549.519775][ T10] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 549.581483][ T10] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 549.624506][ T5835] usb 1-1: config 0 descriptor?? [ 549.688269][ T10] usb 4-1: USB disconnect, device number 6 [ 549.739971][ T10] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 549.829776][ T10] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 549.925990][ T10] visor 4-1:1.0: device disconnected [ 549.941169][ T5835] hso 1-1:0.0: Failed to find BULK IN ep [ 550.025178][ T5835] usb-storage 1-1:0.0: USB Mass Storage device detected [ 550.323989][ T5835] usb 1-1: USB disconnect, device number 12 [ 552.666215][T10309] loop2: detected capacity change from 0 to 8 [ 553.889952][T10328] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 553.899177][T10328] ===================================================== [ 553.906433][T10328] BUG: KMSAN: uninit-value in dvbdmx_release_ts_feed+0x198/0x290 [ 553.914673][T10328] dvbdmx_release_ts_feed+0x198/0x290 [ 553.920614][T10328] dvb_dmxdev_filter_start+0x1187/0x1af0 [ 553.926512][T10328] dvb_dmxdev_pes_filter_set+0x810/0x860 [ 553.932881][T10328] dvb_demux_do_ioctl+0x9a3/0xc80 [ 553.938298][T10328] dvb_usercopy+0x263/0x500 [ 553.943031][T10328] dvb_demux_ioctl+0x46/0x70 [ 553.948108][T10328] __se_sys_ioctl+0x23c/0x400 [ 553.953039][T10328] __x64_sys_ioctl+0x97/0xe0 [ 553.958405][T10328] x64_sys_call+0x18a7/0x3e70 [ 553.963379][T10328] do_syscall_64+0xc9/0xf80 [ 553.968495][T10328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.974796][T10328] [ 553.978062][T10328] Uninit was created at: [ 553.990440][T10328] __alloc_frozen_pages_noprof+0x6df/0xf50 [ 553.996550][T10328] alloc_pages_mpol+0x328/0x860 [ 554.003898][T10328] alloc_pages_noprof+0x101/0x280 [ 554.009487][T10328] __vmalloc_node_range_noprof+0xa97/0x2d80 [ 554.016445][T10328] __vmalloc_noprof+0x128/0x1f0 [ 554.021837][T10328] vmalloc_array_noprof+0x48/0x80 [ 554.027336][T10328] dvb_dmx_init+0x121/0x930 [ 554.032085][T10328] vidtv_bridge_probe+0x1b1f/0x2690 [ 554.037696][T10328] platform_probe+0x213/0x370 [ 554.042683][T10328] really_probe+0x4d5/0xe40 [ 554.048041][T10328] __driver_probe_device+0x25e/0x370 [ 554.053708][T10328] driver_probe_device+0x70/0x8f0 [ 554.059237][T10328] __driver_attach+0x53e/0xaa0 [ 554.064434][T10328] bus_for_each_dev+0x33b/0x580 [ 554.070333][T10328] driver_attach+0x51/0x70 [ 554.075021][T10328] bus_add_driver+0x54f/0xdb0 [ 554.080123][T10328] driver_register+0x42e/0x6a0 [ 554.092804][T10328] __platform_driver_register+0x65/0x80 [ 554.101065][T10328] vidtv_bridge_init+0x73/0x100 [ 554.106197][T10328] do_one_initcall+0x22b/0xad0 [ 554.111386][T10328] do_initcall_level+0x157/0x2e0 [ 554.116732][T10328] do_initcalls+0x176/0x310 [ 554.121648][T10328] do_basic_setup+0x1d/0x30 [ 554.126424][T10328] kernel_init_freeable+0x213/0x430 [ 554.132210][T10328] kernel_init+0x2f/0x5e0 [ 554.136828][T10328] ret_from_fork+0x207/0x6f0 [ 554.142164][T10328] ret_from_fork_asm+0x1a/0x30 [ 554.147375][T10328] [ 554.149868][T10328] CPU: 1 UID: 0 PID: 10328 Comm: syz.4.2052 Tainted: G W syzkaller #0 PREEMPT(voluntary) [ 554.162451][T10328] Tainted: [W]=WARN [ 554.166396][T10328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 554.176814][T10328] ===================================================== [ 554.184106][T10328] Disabling lock debugging due to kernel taint [ 554.198211][T10328] Kernel panic - not syncing: kmsan.panic set ... [ 554.204845][T10328] CPU: 1 UID: 0 PID: 10328 Comm: syz.4.2052 Tainted: G B W syzkaller #0 PREEMPT(voluntary) [ 554.216478][T10328] Tainted: [B]=BAD_PAGE, [W]=WARN [ 554.221663][T10328] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 554.232193][T10328] Call Trace: [ 554.235865][T10328] [ 554.238926][T10328] __dump_stack+0x26/0x30 [ 554.243535][T10328] dump_stack_lvl+0x50/0x1c0 [ 554.249704][T10328] ? dump_stack+0x12/0x25 [ 554.254851][T10328] dump_stack+0x1e/0x25 [ 554.259265][T10328] vpanic+0x435/0xd40 [ 554.263722][T10328] panic+0x15d/0x160 [ 554.267949][T10328] kmsan_report+0x31a/0x320 [ 554.272764][T10328] ? __msan_warning+0x1b/0x30 [ 554.277702][T10328] ? dvbdmx_release_ts_feed+0x198/0x290 [ 554.283601][T10328] ? dvb_dmxdev_filter_start+0x1187/0x1af0 [ 554.289877][T10328] ? dvb_dmxdev_pes_filter_set+0x810/0x860 [ 554.295952][T10328] ? dvb_demux_do_ioctl+0x9a3/0xc80 [ 554.301582][T10328] ? dvb_usercopy+0x263/0x500 [ 554.306499][T10328] ? dvb_demux_ioctl+0x46/0x70 [ 554.311491][T10328] ? __se_sys_ioctl+0x23c/0x400 [ 554.316595][T10328] ? __x64_sys_ioctl+0x97/0xe0 [ 554.321694][T10328] ? x64_sys_call+0x18a7/0x3e70 [ 554.326821][T10328] ? do_syscall_64+0xc9/0xf80 [ 554.331756][T10328] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.338239][T10328] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 554.344883][T10328] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 554.351340][T10328] ? sysvec_apic_timer_interrupt+0x52/0x90 [ 554.357410][T10328] ? kmsan_get_metadata+0xf1/0x160 [ 554.362987][T10328] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 554.369716][T10328] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 554.376077][T10328] ? _raw_spin_unlock_irq+0x31/0x50 [ 554.381608][T10328] ? kmsan_get_metadata+0x146/0x160 [ 554.387137][T10328] __msan_warning+0x1b/0x30 [ 554.391920][T10328] dvbdmx_release_ts_feed+0x198/0x290 [ 554.397574][T10328] dvb_dmxdev_filter_start+0x1187/0x1af0 [ 554.403559][T10328] ? __pfx_dvbdmx_release_ts_feed+0x10/0x10 [ 554.409967][T10328] dvb_dmxdev_pes_filter_set+0x810/0x860 [ 554.415971][T10328] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 554.422363][T10328] dvb_demux_do_ioctl+0x9a3/0xc80 [ 554.427676][T10328] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 554.433505][T10328] dvb_usercopy+0x263/0x500 [ 554.438427][T10328] ? __pfx_dvb_demux_do_ioctl+0x10/0x10 [ 554.444422][T10328] ? kmsan_get_metadata+0xf1/0x160 [ 554.449887][T10328] dvb_demux_ioctl+0x46/0x70 [ 554.454748][T10328] ? __pfx_dvb_demux_ioctl+0x10/0x10 [ 554.460308][T10328] __se_sys_ioctl+0x23c/0x400 [ 554.465355][T10328] __x64_sys_ioctl+0x97/0xe0 [ 554.470338][T10328] x64_sys_call+0x18a7/0x3e70 [ 554.476072][T10328] do_syscall_64+0xc9/0xf80 [ 554.480845][T10328] ? clear_bhb_loop+0x40/0x90 [ 554.485854][T10328] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.492111][T10328] RIP: 0033:0x7fdd0239aeb9 [ 554.496792][T10328] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 554.517678][T10328] RSP: 002b:00007fdd031ca028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 554.527727][T10328] RAX: ffffffffffffffda RBX: 00007fdd02615fa0 RCX: 00007fdd0239aeb9 [ 554.535881][T10328] RDX: 00002000000000c0 RSI: 0000000040146f2c RDI: 0000000000000003 [ 554.544098][T10328] RBP: 00007fdd02408c1f R08: 0000000000000000 R09: 0000000000000000 [ 554.552343][T10328] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 554.560482][T10328] R13: 00007fdd02616038 R14: 00007fdd02615fa0 R15: 00007ffcd9422098 [ 554.568741][T10328] [ 554.572573][T10328] Kernel Offset: disabled [ 554.577192][T10328] Rebooting in 86400 seconds..