last executing test programs: 14.075367941s ago: executing program 1 (id=554): mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x36}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0) fanotify_init(0x40, 0x40000) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r4, 0x80083314, 0x0) 12.959024808s ago: executing program 1 (id=557): poll(0x0, 0x0, 0x1) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) syz_open_procfs(r0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) close_range(r2, 0xffffffffffffffff, 0x0) 11.492188897s ago: executing program 2 (id=559): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xe07e872420dfefca) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)}, 0x2400c000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000680)={'bridge0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000010400000000000700", @ANYRES32=r11, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r8, 0x0, 0x11203}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x20}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 11.163693769s ago: executing program 1 (id=560): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000140)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x237, &(0x7f0000000480)={0x0, 0x8901, 0x400, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) sendmsg$rds(0xffffffffffffffff, 0x0, 0x4000008) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_READV=@use_registered_buffer={0x1, 0x24, 0x2007, @fd, 0x800, 0x0, 0x0, 0x18, 0x0, {0x2}}) io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0) 10.998278281s ago: executing program 2 (id=562): socket$nl_generic(0x10, 0x3, 0x10) openat$vnet(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$I2C_SMBUS(0xffffffffffffffff, 0x720, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000000600)=""/102400, 0x19000) r1 = creat(&(0x7f0000000580)='./bus\x00', 0x0) r2 = fanotify_init(0xf00, 0x2) fanotify_mark(r2, 0x105, 0x8971, r1, 0x0) 8.934558923s ago: executing program 3 (id=565): mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x36}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0) fanotify_init(0x40, 0x40000) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r4, 0x80083314, 0x0) 7.407202473s ago: executing program 2 (id=566): bpf$PROG_LOAD(0x4, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) socket(0x40000000015, 0x5, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80202, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x0, 0x3, 0x3}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$SIOCGSKNS(r2, 0x894c, &(0x7f0000000040)={'gretap0\x00', 0x200}) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x100000000, 0xfffffffffffffffd, 0x0, 0x0, 0x1000001000, 0x49}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0xffffffffffffffff, 0x9, 0x0, 0xf, 0x80000006}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) munlockall() bpf$PROG_LOAD(0x2, &(0x7f0000000680)={0x3, 0x3, &(0x7f0000000740)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x1, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_AUTHENTICATE(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16, @ANYBLOB="110000000000000000002500000008000300", @ANYRES32, @ANYBLOB="0a003400020202020202000018005080040080000500020043000000080007000200000008003500000000000a000600ffffff"], 0x5c}}, 0x4) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/profiling', 0xa0042, 0x0) write$tcp_mem(r3, &(0x7f0000000280)={0x11, 0x2d, 0x0, 0x3a, 0xfffffffffffffffe, 0x2c}, 0x48) ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r3, 0x3ba0, &(0x7f00000000c0)={0x48, 0x1, r4, 0x0, 0x4, 0x79}) r5 = socket$inet6(0x10, 0x3, 0x0) r6 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet6(r6, &(0x7f00000031c0)=[{{&(0x7f0000000a80)={0xa, 0x4e20, 0x0, @private0={0xfc, 0x0, '\x00', 0x1}, 0x7}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=[@hopopts={{0x18, 0x29, 0x36, {0x2f}}}, @hopopts={{0x18, 0x29, 0x36, {0x1d}}}], 0x30}}], 0x1, 0x4000000) sendto$inet6(r5, &(0x7f0000000000), 0x0, 0x800, 0x0, 0x0) 7.390299823s ago: executing program 3 (id=567): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x80000, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) ioctl$BTRFS_IOC_RESIZE(r0, 0x50009403, &(0x7f00000000c0)={{r1}, {@void, @actul_num={@void, 0xfff, 0x45}}}) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) syz_emit_vhci(&(0x7f0000000000)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_status={{0xf, 0x4}, {0x1, 0x0, 0x428}}}, 0x7) keyctl$set_reqkey_keyring(0xf, 0xfffffffb) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_getaffinity(r2, 0x8, &(0x7f0000000180)) bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71036000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 7.285057524s ago: executing program 0 (id=568): poll(0x0, 0x0, 0x1) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) syz_open_procfs(r0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xc3490000) r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]}) close_range(r2, 0xffffffffffffffff, 0x0) 7.155817585s ago: executing program 1 (id=569): mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_io_uring_setup(0x110, &(0x7f0000000380)={0x0, 0x10, 0x0, 0x5, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x200) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)=[r4], 0x1}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 6.392874629s ago: executing program 2 (id=570): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x20000011) sendmsg$kcm(0xffffffffffffffff, 0x0, 0xe07e872420dfefca) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)}, 0x2400c000) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, 0x0) sendmsg$nl_route(r2, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x200000000000011, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000680)={'bridge0\x00', 0x0}) sendmsg$nl_route(r9, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="480000001000010400000000000700", @ANYRES32=r11, @ANYBLOB="3f00000006020400280012800b0001006272696467650000180002800c002e0003000000030000000500070008"], 0x48}, 0x1, 0x0, 0x0, 0x44000}, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x74, r8, 0x0, 0x11203}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_VLAN_DEFAULT_PVID={0x6, 0x27, 0x20}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 5.591884264s ago: executing program 1 (id=571): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3) openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)) read$dsp(r1, &(0x7f0000000300)=""/79, 0x4f) socket$rxrpc(0x21, 0x2, 0xa) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)) pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0) 5.493401665s ago: executing program 2 (id=572): socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) arch_prctl$ARCH_SHSTK_ENABLE(0x5001, 0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='gid_map\x00') prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket(0x22, 0x2, 0x3) sendto$inet6(r2, &(0x7f0000847fff), 0x0, 0x8800, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x3, 0x5, 0xf, 0x0, 0x2, 0x8, 0x8, 0xfffffffa, 0x3}, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_MD5SIG(r4, 0x6, 0xe, 0x0, 0x0) connect$inet6(r4, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000000c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x1, &(0x7f00000001c0)=@ccm_128={{0x303}, "3d186e85f3a07d09", "a373047e6878fdb57fc2596912f8bdfd", "27edd157", "3684fa3381fd0182"}, 0x28) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000040)=0x2, 0x4) ioctl$int_in(r4, 0x5421, &(0x7f0000000140)=0x1) writev(r4, &(0x7f0000000080)=[{&(0x7f00000002c0)="ec", 0xfdef}], 0x1) close(r4) socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, 0x0, 0x0) socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000400)={0x46, 0x4}, 0x10) socket$tipc(0x1e, 0x5, 0x0) 4.972131538s ago: executing program 0 (id=573): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x0, 'queue1\x00', 0x8001}) writev(r4, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2) 3.976850364s ago: executing program 0 (id=574): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x101}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000100)=0x5) sched_setaffinity(0x0, 0xff43, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000007c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0xfffffffc) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) fcntl$lock(0xffffffffffffffff, 0x25, &(0x7f00000000c0)={0x2, 0x0, 0x6, 0x4000007fffffff}) socket$inet6(0xa, 0x2, 0x0) syz_clone(0x40202980, &(0x7f00000004c0), 0x0, 0x0, &(0x7f0000000180), &(0x7f00000001c0)="7433bb02") r3 = gettid() tkill(r3, 0x12) tkill(r3, 0x14) ioctl$BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0xffffffffffffffff, &(0x7f0000000380)={0xffffffffffffffff}, 0x2, 0x4}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r0, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffe, 0x0, @empty, 0x4}, {0xa, 0x0, 0x0, @loopback, 0xfffffffc}, r4, 0x400}}, 0x48) 3.816916365s ago: executing program 1 (id=575): mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0, 0x0, 0x36}, 0x18) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0xc9, 0x0, 0x0) fanotify_init(0x40, 0x40000) ioctl$BTRFS_IOC_QUOTA_CTL(0xffffffffffffffff, 0xc0109428, 0x0) r4 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SNAPSHOT_ALLOC_SWAP_PAGE(r4, 0x80083314, 0x0) 3.188830209s ago: executing program 0 (id=576): syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000540)={0x44, &(0x7f0000000280)={0x20, 0x0, 0x1, "9d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f00000017c0)={0x84, &(0x7f00000012c0)={0x40, 0xa, 0x2, "1fef"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) 3.020972721s ago: executing program 3 (id=577): socket$nl_route(0x10, 0x3, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) sched_setaffinity(0x0, 0xfffffffffffffdc5, &(0x7f00000002c0)=0x800002) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) pipe2$watch_queue(0x0, 0x80) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0) r1 = gettid() rt_sigaction(0x16, &(0x7f0000000080)={0x0, 0x90000000, 0x0, {[0x6]}}, 0x0, 0x8, &(0x7f0000000200)) tkill(r1, 0x16) 2.341132715s ago: executing program 0 (id=578): sched_setscheduler(0x0, 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0xe, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000020000000bca30000000000002403000040feffff720a00fe0000000071a4f0ff000000001f030000000000002e0a0200000000002600000000ff000e61141800000000001d430000000000007a0a00fe00581c1f61147c0000000000b503f7fff80000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f30002af51efd601b6bf01c8e8b1fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af25b845b9f7d08d123deda88c658d42ecbf28bf7076c15b463bebc72f526dd70252e79166d858fcd0e06dd31af9612fa402d0b11008e59a5923906f88b53987ad1714e72ba7d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d643649393bf52d2105bd901128c7e0ec82701c8204a1deeed4155617572652d950ad31928b0b036dc2869f478341d02d0f5ad94b081fcd507acb4b9c67382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d355d84ce97bb0c6b6a595e487a2cc47c0efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599dd273863be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d91c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566de74e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48b936e6f9e0fcda88fe4413537528fdb6153baae244e7bf573eac34b781337ad5901a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afcc829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0b4a26b602396df7e0c1e02b88c114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba3401e6a52acb1188883ad2a3b1832371fe5bc621426d1ed01b389708165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae2f5c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d648532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54dd84323afc4c10eff46248843187f1dd48ef0900000000000000ff0f4000000000f00700003c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c1011e32f808890205f0e6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96635600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15edb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a794963442aece449a0d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2869291b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e16e637d4219ef7ec61261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ecab5d232f89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a05e41f6016ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addbc4b3093c91b8068c5adfcb0d7fd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a41b9b9a7c2bca311a28ee4952f2d325a56397c78f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf699b3746979f99f6a1527f004f37e84fb478199dc1020f4beb98b8074bf7df8b5e783637daf121f175a81cffff4ac55a4385e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae543d44086b3f03b20d546fa66a72e38207c9d20035abc46271a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80aba439772bf60a1db18c472dafc5569adc2c406f39f82928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a4a274000000000000000000000000000000000000000000000009dd14b38f2f5426d7cf5075047c31f6ce6adddfe3ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd030000006d291ebcef893e1b9ccb6797d0646fe0e7274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10b0a1fcbfc309381aeba191950bae71f37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1eebf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cff5d6b6898335792749df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d94362200000000000000000000f296b0c1484e5f781ad26bff696b05ff0a5e2270e07e18b04273bd4075ea38ab463bfa6a38e7c537498ba3e4df8dfc9e8c0a0d213c3ffad44d2a376def42e41e9fc3167a257e040fa7cf32c221aaac6cfdeb33c27500001a0000000000000000000017350000c11ae694b0c69c2c03f6790044a357e785af6e153d5f1ea460af92c7cbbd6295afe740f5e154346d483e0d10522a7a945b93fb705b95b6aae27a8fab1e6984c8bdc12360627137ab6737b68ab08a1a4b94cb29a74dc36b51209cfbc87f61182bbeb2772e9d5a1ffc477179be481ffe46a4ce86be0b1f8eee42a611a3d44ca450b14586ed63dd92005c79e4a8ab8a94f0b74903580ac98708007c80d6c7d0de4614195e40d797c0348dd70f36a220e8b3710fb5358c27e90793bcb9ee6319342c4b239ca8cbc6fc83d32e6eb62ad92e43991f2447be9c2a1ae1119eafb901a43d57e885116d19aa152bfb89f8d0b2516f80120a1cddff771657f3d0288ec3899f1e3ba0151c4037148fb479de703fc52b6573349c28d1b107d859b4961324c17756dde99de1924a1d2b7095d34a55060f47f4407d89acf9f1d2156befec432e8e993c79027b7ef285b20c2e6b3d0491d0d3591b0d94713332b6b79c8297117b0d14eff64e0aca8a4b4aa773d8fba1217e9519952419bb9dd998d0ec870ff00b6d556018602738fbc6cec89d6dd13cf55b96f6fe9a137d2d6a56ad78e52c23ed080000000000002bc261a781fd14126c146a0aac4221839a4b9bbf61e4bba695a41e2109eba8e40c370267cc51ffadbd15cafc97a4d3edfdcb9b5729307c6bdaf7b69325fb05fa8a9869de0600ee477d71bf3e36d1d9019edfa27aae24b632f251df210c86a18fae731ecb8b0d48357378caf2b6789509b1bacfd4fa812dc341875cfa5e798bbf59770000000000000000c8a594ea3c3347962d9113b1fecdfad5a8da641053f02e49456f5d21674521e67a5b18ea451eccf69dd6af928d2d68da9304a296c22fdc0500000000000000b1aade386b113045033a6188d56e675564d8cb8d5b40114b0f5bf15dd64c9ece60b8588ee8777d0ea8f4713b258427c7d90f9e93348e17723ba9ab8ae790f74cc41ae5795835f3cec40dff485d2802c08611454d9ea784a205bcc07ec26f906f3cf45bb37014ab6f22af6213618e242b283ea9d3f0677ee598072ec06f7170009d92bb87d9d12c378dfd3e74ec056ee83eef666423d934fc5908c9ff98715218a5964f1e00000000426ac9588e27aefe307f49662990ee823568bbc2f89596ced7c6c52d76b8096f1848410843b93fd404f535be474f456778b5ef85abb8fc2336abd5ea64a6efea8a5aca0015499b88ae780a7bae4df603bd3c72808cf300440b1b638a6640f7de8d0d82f359ca2f779cd48cd8d3603f4f69e47f386988c9b7b5d6dd3d48a1fdca780049d7c87bea42161a4c0d7cf0125b43dc9d8845f3c05a08acda647e7143d0e0aee2949a45e28488b0522c2288072467d2afe269f589fb7e034b92d3ca245b16b71998711bfe206c9690b6d0eebb06a29349229eb45ff15c63aa2c82c56d7420738cd1b04eb16e87cb524315d7361ea3635d3799bb7fcc56aa5e1dbe031a7a12554dee6754b72f43a6fddf427f32ec3df274a88097725679769beebf1aa6eb09d5154e4900000000000d0f7160a05911d969879953d3d4702b2676c07bb0fd14020a66718378825d5ed789711b77d40dc31e0b8fc651b45559da463f0000000000000000000000000052d42124e9c26aba885015e69d42ecd710342ac597ebea576ae15fdf611356f622e831741ab15549e0d7a2bd0324e2b3b48a10551607492c19eaf58485feb4cab19c303b30ba2ddea0d792d77724c9fa4ed58b93668fc20484f141ee2b6a0029e88fdc853189b4dafd36ff23b11967090e508f45e3f10857038a52ef275cf9e3e4b5d30b12d138dfa70930c603b5e3f4b7be67be3dba3cbd8d4d143195af0697d779445d67dcfbd922d12a8b49f93eac7a72faacf80346b3b669615f2710eb8df39fc8c04d2c9c196fa6facfea613569a35cde6451f2edf55ce25c7d72ec7ea85a92458c0559ca3a94727d495bd4671a55a70bc544d71d8e0257707a31936f1adf224077310a86bf447ec92c650acca8c6b0721020894b06178c32f4472d17174d6eb2b067030c5d2c12583f46d2da7fba42d4083259c7cdc8bf1f4299c248865d3c809356c3ed"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffff97, 0x10, &(0x7f00000000c0), 0xffffffffffffffc2}, 0x48) 1.664992709s ago: executing program 3 (id=579): mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_io_uring_setup(0x110, &(0x7f0000000380)={0x0, 0x10, 0x0, 0x5, 0x80}, &(0x7f0000000180)=0x0, &(0x7f0000000280)=0x0) r3 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0x200) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1) r4 = socket$nl_route(0x10, 0x3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0xffffffffffffffff, &(0x7f0000000000)=[r4], 0x1}) io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0) 1.029426013s ago: executing program 0 (id=580): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x569, &(0x7f00000002c0)="$eJzs3U1rXFUfAPD/nWT6/jxNoRQVkYALK7WTJvGlgou61mJB93VIbkPJpFMyk9LEgu3CrqW4EQviXly7LH4BF36GghaKlKALN5E7uTOdJDPJtJ0mU+f3g1vOuS8598y5/9NzcmYyAQyt8eyfQsTLEfF1EnE0IpL82GjkB8fXz1t9dGMm25JYW/v0z6RxXpZv/qzmdYfzzEsR8ctXEacKW8utLa/MlyuVdDHPT9QXrk7UlldOX14oz6Vz6ZWp6emz70xPvf/eu32r65sX/v72k3sjee7YnSTOxZE8116PZ3CzPTMe4/lrUoxzm06c7ENhgyTpuPenXb8PnsxIHufFyPqAozGSRz3w3/dlRKwBQyp54vj/rfh87gTYXc1xQHNu36d58Avj4YfrE6Ct9R9d/91IHGjMjQ6tJhtmRtl8d6wP5Wdl/PzH3TvZFv37PQTAjm7eiogzo6Nb+78k7/+e3pkeztlchv4Pds+9bPzzVqfxT6E1/okO45/DHWL3aewc/4UHfSimq2z890HH8W9r0WpsJM/9rzHmKyaXLlfSrG/7f0ScjOL+LL/des7Z1ftr3Y61j/+yLSu/ORbM7+PB6P6N18yW6+VnqXO7h7ciXuk4/k1a7Z90aP/s9bjQYxkn0ruvdTu2c/2fr7UfIt7o2P6PV7SS7dcnJxrPw0Tzqdjqr9snfu1W/l7XP2v/Q9vXfyxpX6+ttV890lMZ3x/4J43WevJGG+ofvT//+5LPGul9+b7r5Xp9cTJiX/Jxa3+huX/q8bXNfPP8rP4nX9++/+v0/B+MiM97qn3E7eM/vtrt2CC0/2zH9m/Nbje1/5Mn7n/0xXfdyu+t/3u7kTqZ7+ml/+v1Bp/ltQMAAAAAAIBBU4iII5EUSq10oVAqrb+/43gcKlSqtfqpS9WlK7PR+KzsWBQLzZXuo23vh5jMVwyb+alN+emIOBYR34wcbORLM9XK7F5XHgAAAAAAAAAAAAAAAAAAAAbE4S6f/8/8vvXPux/Y/TsEnitf+Q3Da8f478c3PQEDyf//MLzEPwwv8Q/DS/zD8BL/MLzEPwwv8Q/DS/wDAAAAAAAAAAAAAAAAAAAAAAAAAABAX104fz7b1lYf3ZjJ8rPXlpfmq9dOz6a1+dLC0kxpprp4tTRXrc5V0tJMdWGnn1epVq9OTsXS9Yl6WqtP1JZXLi5Ul67UL15eKM+lF9PirtQKAAAAAAAAAAAAAAAAAAAAXiy15ZX5cqWSLkpIPFVidDBuQ6LPib3umQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgsX8DAAD//welMww=") lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f0000000180), &(0x7f0000000940)=ANY=[], 0x361, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1801000001ffffeb00000000eb658e0d850000007b00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000013c0)=ANY=[], 0x700, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) lsetxattr$trusted_overlay_upper(&(0x7f0000000280)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000100)=ANY=[@ANYRESHEX=r0, @ANYRESHEX], 0xfe37, 0x0) 960.984673ms ago: executing program 2 (id=581): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x800}, 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r4, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10) connect$inet(r4, 0x0, 0x0) sendfile(r4, r3, 0x0, 0x20000023893) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='illinois', 0x5f) 946.909453ms ago: executing program 3 (id=582): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000002100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000000c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x10) r4 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x20605) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, &(0x7f00000000c0)={0x0, 0xfffffffe, 0x0, 'queue1\x00', 0x8001}) writev(r4, &(0x7f0000000580)=[{&(0x7f0000000000)="218292", 0xfff6}], 0x2) 0s ago: executing program 3 (id=583): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3) openat$sndseq(0xffffff9c, &(0x7f0000001240), 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000000)) read$dsp(r1, &(0x7f0000000300)=""/79, 0x4f) socket$rxrpc(0x21, 0x2, 0xa) ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, &(0x7f0000000080)) pselect6(0x0, 0x0, 0x0, &(0x7f0000000680)={0x7ff, 0x7, 0x5, 0x7, 0xffffffffffffff22, 0x2, 0x5, 0x8}, 0x0, 0x0) kernel console output (not intermixed with test programs): batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 86.608244][ T5789] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 86.680506][ T5790] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 86.693679][ T5790] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 86.702961][ T5794] chnl_net:caif_netlink_parms(): no params data found [ 86.772344][ T5790] team0: Port device team_slave_0 added [ 86.784052][ T5789] hsr_slave_0: entered promiscuous mode [ 86.794549][ T5789] hsr_slave_1: entered promiscuous mode [ 86.867979][ T5790] team0: Port device team_slave_1 added [ 86.912864][ T5799] bridge0: port 1(bridge_slave_0) entered blocking state [ 86.920089][ T5799] bridge0: port 1(bridge_slave_0) entered disabled state [ 86.927376][ T5799] bridge_slave_0: entered allmulticast mode [ 86.934534][ T5799] bridge_slave_0: entered promiscuous mode [ 86.966889][ T5799] bridge0: port 2(bridge_slave_1) entered blocking state [ 86.974454][ T5799] bridge0: port 2(bridge_slave_1) entered disabled state [ 86.982281][ T5799] bridge_slave_1: entered allmulticast mode [ 86.989295][ T5799] bridge_slave_1: entered promiscuous mode [ 87.001756][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.008761][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.035597][ T5790] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.087511][ T5790] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.095606][ T5790] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.121929][ T5790] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.176996][ T5799] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.215430][ T5799] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.240614][ T5794] bridge0: port 1(bridge_slave_0) entered blocking state [ 87.248200][ T5794] bridge0: port 1(bridge_slave_0) entered disabled state [ 87.255822][ T5794] bridge_slave_0: entered allmulticast mode [ 87.264018][ T5794] bridge_slave_0: entered promiscuous mode [ 87.320920][ T5794] bridge0: port 2(bridge_slave_1) entered blocking state [ 87.330447][ T5794] bridge0: port 2(bridge_slave_1) entered disabled state [ 87.338771][ T5794] bridge_slave_1: entered allmulticast mode [ 87.347130][ T5794] bridge_slave_1: entered promiscuous mode [ 87.394782][ T5790] hsr_slave_0: entered promiscuous mode [ 87.406685][ T5790] hsr_slave_1: entered promiscuous mode [ 87.413311][ T5790] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 87.421894][ T5790] Cannot create hsr debugfs directory [ 87.433462][ T5793] Bluetooth: hci0: command tx timeout [ 87.456709][ T5799] team0: Port device team_slave_0 added [ 87.493564][ T5799] team0: Port device team_slave_1 added [ 87.501312][ T5793] Bluetooth: hci1: command tx timeout [ 87.581841][ T5793] Bluetooth: hci2: command tx timeout [ 87.649361][ T5794] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 87.661329][ T5793] Bluetooth: hci3: command tx timeout [ 87.668458][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 87.678233][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.705279][ T5799] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 87.738549][ T5794] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 87.762618][ T5799] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 87.769611][ T5799] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 87.796364][ T5799] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 87.844237][ T5794] team0: Port device team_slave_0 added [ 87.892290][ T5794] team0: Port device team_slave_1 added [ 87.898591][ T5789] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 87.965345][ T5789] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 88.001519][ T5799] hsr_slave_0: entered promiscuous mode [ 88.008079][ T5799] hsr_slave_1: entered promiscuous mode [ 88.014716][ T5799] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.022442][ T5799] Cannot create hsr debugfs directory [ 88.028723][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 88.035897][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.062209][ T5794] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 88.075447][ T5794] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 88.082550][ T5794] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 88.108597][ T5794] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 88.120452][ T5789] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 88.157124][ T5789] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 88.275939][ T5794] hsr_slave_0: entered promiscuous mode [ 88.282733][ T5794] hsr_slave_1: entered promiscuous mode [ 88.288982][ T5794] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 88.297317][ T5794] Cannot create hsr debugfs directory [ 88.445464][ T5790] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 88.481457][ T5790] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 88.492815][ T5790] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 88.503915][ T5790] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 88.643194][ T5799] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 88.656241][ T5799] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 88.670259][ T5799] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 88.692399][ T5799] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 88.776448][ T5794] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 88.788302][ T5794] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 88.805882][ T5794] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 88.817378][ T5794] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 88.877597][ T5789] 8021q: adding VLAN 0 to HW filter on device bond0 [ 88.929238][ T5789] 8021q: adding VLAN 0 to HW filter on device team0 [ 88.958953][ T2980] bridge0: port 1(bridge_slave_0) entered blocking state [ 88.966374][ T2980] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.009720][ T2980] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.016955][ T2980] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.067772][ T5799] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.092900][ T5790] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.153129][ T5799] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.184462][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.191689][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.216876][ T5790] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.236657][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.243913][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.288471][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.295729][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.308352][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.315592][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.338087][ T5794] 8021q: adding VLAN 0 to HW filter on device bond0 [ 89.434991][ T5790] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.458698][ T5794] 8021q: adding VLAN 0 to HW filter on device team0 [ 89.487114][ T5799] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.501397][ T5793] Bluetooth: hci0: command tx timeout [ 89.530273][ T59] bridge0: port 1(bridge_slave_0) entered blocking state [ 89.537560][ T59] bridge0: port 1(bridge_slave_0) entered forwarding state [ 89.563668][ T59] bridge0: port 2(bridge_slave_1) entered blocking state [ 89.570871][ T59] bridge0: port 2(bridge_slave_1) entered forwarding state [ 89.582059][ T5793] Bluetooth: hci1: command tx timeout [ 89.661929][ T5793] Bluetooth: hci2: command tx timeout [ 89.730864][ T5789] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.741823][ T5793] Bluetooth: hci3: command tx timeout [ 89.769950][ T5794] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 89.904632][ T5789] veth0_vlan: entered promiscuous mode [ 89.914444][ T5790] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 89.939900][ T5789] veth1_vlan: entered promiscuous mode [ 90.044939][ T5789] veth0_macvtap: entered promiscuous mode [ 90.094884][ T5789] veth1_macvtap: entered promiscuous mode [ 90.129272][ T5790] veth0_vlan: entered promiscuous mode [ 90.179825][ T5799] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.193349][ T5790] veth1_vlan: entered promiscuous mode [ 90.203617][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.229347][ T5794] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 90.245651][ T5789] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.262527][ T5789] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.272572][ T5789] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.283101][ T5789] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.292011][ T5789] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.427551][ T5790] veth0_macvtap: entered promiscuous mode [ 90.444244][ T5799] veth0_vlan: entered promiscuous mode [ 90.468612][ T5790] veth1_macvtap: entered promiscuous mode [ 90.500455][ T5799] veth1_vlan: entered promiscuous mode [ 90.510152][ T5794] veth0_vlan: entered promiscuous mode [ 90.522031][ T2972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.538460][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.545012][ T2972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.552493][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.570336][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.590459][ T5790] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.601619][ T5790] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.613904][ T5790] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 90.637252][ T5794] veth1_vlan: entered promiscuous mode [ 90.657830][ T5790] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.666616][ T5790] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.676345][ T5790] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.685240][ T5790] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 90.750562][ T2980] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 90.757524][ T5799] veth0_macvtap: entered promiscuous mode [ 90.766351][ T2980] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 90.808124][ T5799] veth1_macvtap: entered promiscuous mode [ 90.850658][ T5799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.871642][ T5799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.882321][ T5799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 90.893388][ T5799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.905449][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 90.953669][ T5794] veth0_macvtap: entered promiscuous mode [ 90.961753][ T5799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.973174][ T5799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 90.983137][ T5799] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 90.993607][ T5799] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.005891][ T5799] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.022560][ T59] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.043373][ T59] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.053404][ T5794] veth1_macvtap: entered promiscuous mode [ 91.072898][ T5799] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.087091][ T5799] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.096074][ T5799] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.110267][ T5799] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.157499][ T5880] tipc: Started in network mode [ 91.163469][ T5880] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 91.177580][ T5880] tipc: Enabled bearer , priority 10 [ 91.224863][ T59] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.226898][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.252182][ T59] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.267235][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.288215][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.299910][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.310339][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 91.321636][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.333931][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 91.356966][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.370281][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.386679][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.400776][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.412487][ T5794] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 91.425327][ T5794] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 91.441636][ T5794] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 91.488776][ T5794] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.529750][ T5794] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.540230][ T5794] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.551874][ T5794] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 91.581523][ T5793] Bluetooth: hci0: command tx timeout [ 91.661715][ T5793] Bluetooth: hci1: command tx timeout [ 91.692341][ T60] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 91.740446][ T60] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 91.752478][ T5793] Bluetooth: hci2: command tx timeout [ 91.821476][ T5793] Bluetooth: hci3: command tx timeout [ 92.173875][ T5848] tipc: Node number set to 4269801488 [ 92.323159][ T788] cfg80211: failed to load regulatory.db [ 92.351515][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.360306][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.466660][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 92.477024][ T2972] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.595585][ T2972] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 92.641618][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.721893][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.731769][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 92.771962][ T2972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 92.830590][ T2972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.015577][ T5894] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7'. [ 93.028515][ T60] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 93.062845][ T60] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 93.149930][ T5895] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 93.157876][ T5895] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 93.165163][ T5895] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 93.172172][ T5895] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 93.179358][ T5895] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 93.186699][ T5895] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 93.193886][ T5895] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 93.200662][ T5895] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 93.207596][ T5895] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 93.215262][ T5895] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 93.222110][ T5895] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 93.228831][ T5895] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 93.235808][ T5895] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 93.244013][ T5895] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 93.388001][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.490423][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.695175][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 93.843218][ T5793] Bluetooth: hci0: command tx timeout [ 93.843234][ T5797] Bluetooth: hci1: command tx timeout [ 93.848658][ T5793] Bluetooth: hci2: command tx timeout [ 93.906240][ T5793] Bluetooth: hci3: command tx timeout [ 95.247087][ T5878] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 95.770523][ T5907] syz.0.10[5907]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set [ 95.796450][ T5907] loop0: detected capacity change from 0 to 128 [ 95.861581][ T5878] usb 2-1: Using ep0 maxpacket: 32 [ 95.876910][ T5878] usb 2-1: config 0 has an invalid interface number: 182 but max is 0 [ 95.931288][ T5878] usb 2-1: config 0 has no interface number 0 [ 95.944944][ T5878] usb 2-1: config 0 interface 182 has no altsetting 0 [ 95.982170][ T5878] usb 2-1: New USB device found, idVendor=05e9, idProduct=0009, bcdDevice=73.db [ 96.001893][ T5907] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 96.017370][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 96.026500][ T5878] usb 2-1: Product: syz [ 96.034899][ T5878] usb 2-1: Manufacturer: syz [ 96.036500][ T5907] ext4 filesystem being mounted at /1/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 96.039776][ T5878] usb 2-1: SerialNumber: syz [ 96.131512][ T5878] usb 2-1: config 0 descriptor?? [ 96.196057][ T5878] hub 2-1:0.182: bad descriptor, ignoring hub [ 96.241774][ T5878] hub: probe of 2-1:0.182 failed with error -5 [ 96.489816][ T5878] kaweth 2-1:0.182: Firmware present in device. [ 97.395635][ T5878] kaweth 2-1:0.182: Statistics collection: 0 [ 97.411611][ T5878] kaweth 2-1:0.182: Multicast filter limit: 0 [ 97.417800][ T5878] kaweth 2-1:0.182: MTU: 0 [ 97.428189][ T5878] kaweth 2-1:0.182: Read MAC address 00:00:00:00:00:00 [ 97.438328][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 97.475420][ T5918] loop3: detected capacity change from 0 to 512 [ 97.481126][ T5794] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 97.486855][ T5918] ======================================================= [ 97.486855][ T5918] WARNING: The mand mount option has been deprecated and [ 97.486855][ T5918] and is ignored by this kernel. Remove the mand [ 97.486855][ T5918] option from the mount to silence this warning. [ 97.486855][ T5918] ======================================================= [ 97.634446][ T5918] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 97.723388][ T5878] kaweth: probe of 2-1:0.182 failed with error -5 [ 97.836412][ T5878] usb 2-1: USB disconnect, device number 2 [ 97.844955][ T5920] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 98.560156][ T5793] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 98.572824][ T5793] Bluetooth: hci2: Injecting HCI hardware error event [ 98.584209][ T5793] Bluetooth: hci2: hardware error 0x00 [ 99.352809][ T27] audit: type=1326 audit(1762246785.042:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5919 comm="syz.0.13" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f222438f6c9 code=0x0 [ 101.351713][ T5793] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 101.866682][ T5942] batman_adv: batadv0: Adding interface: gretap1 [ 101.873313][ T5942] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 101.899062][ T5942] batman_adv: batadv0: Interface activated: gretap1 [ 103.725450][ T5951] random: crng reseeded on system resumption [ 104.491317][ T5793] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 104.500589][ T5793] Bluetooth: hci3: Injecting HCI hardware error event [ 104.508737][ T5797] Bluetooth: hci3: hardware error 0x00 [ 104.535578][ T5965] Driver unsupported XDP return value 0 on prog (id 6) dev N/A, expect packet loss! [ 104.922649][ T5971] overlayfs: missing 'lowerdir' [ 105.711260][ T5878] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 105.911288][ T5878] usb 4-1: Using ep0 maxpacket: 8 [ 105.934536][ T5878] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.961713][ T5878] usb 4-1: config 0 has no interfaces? [ 105.986529][ T5878] usb 4-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 106.015771][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.029213][ T5878] usb 4-1: Product: syz [ 106.062132][ T5878] usb 4-1: Manufacturer: syz [ 106.243099][ T5878] usb 4-1: SerialNumber: syz [ 106.415619][ T5878] usb 4-1: config 0 descriptor?? [ 106.621356][ T5797] Bluetooth: hci3: Opcode 0x0c03 failed: -110 [ 106.934121][ T5959] loop0: detected capacity change from 0 to 32768 [ 107.075820][ T5959] (syz.0.24,5959,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.212399][ T5959] (syz.0.24,5959,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 107.425659][ T5981] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 107.466265][ T5959] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR [ 107.466998][ T5959] (syz.0.24,5959,0):ocfs2_initialize_super:2285 ERROR: status = -12 [ 107.546848][ T5959] (syz.0.24,5959,0):ocfs2_fill_super:1178 ERROR: status = -12 [ 107.672788][ T5981] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.680646][ T5981] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.725161][ T5883] usb 4-1: USB disconnect, device number 2 [ 108.919761][ T5995] loop2: detected capacity change from 0 to 7 [ 108.937562][ T5998] netlink: 4 bytes leftover after parsing attributes in process `syz.0.35'. [ 108.958025][ T5998] bridge_slave_1: left allmulticast mode [ 108.964872][ T5995] Dev loop2: unable to read RDB block 7 [ 108.974377][ T5998] bridge_slave_1: left promiscuous mode [ 108.980237][ T5998] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.998508][ T5995] loop2: unable to read partition table [ 109.016828][ T5995] loop2: partition table beyond EOD, truncated [ 109.034868][ T5998] bridge_slave_0: left allmulticast mode [ 109.045709][ T5995] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 109.067259][ T5998] bridge_slave_0: left promiscuous mode [ 109.097043][ T5998] bridge0: port 1(bridge_slave_0) entered disabled state [ 109.216758][ T5987] loop2: detected capacity change from 0 to 32768 [ 109.254506][ T5999] vxcan3: entered promiscuous mode [ 109.260423][ T5999] vxcan3: entered allmulticast mode [ 109.269387][ T5987] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 109.549902][ T5987] XFS (loop2): Ending clean mount [ 109.644774][ T5987] XFS (loop2): Quotacheck needed: Please wait. [ 109.896473][ T5987] XFS (loop2): Quotacheck: Done. [ 110.386974][ T5789] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 111.918420][ T6041] loop2: detected capacity change from 0 to 8192 [ 111.944093][ T6054] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.951588][ T6054] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.979953][ T6041] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 112.380106][ T6063] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 112.701526][ T787] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 113.011683][ T787] usb 2-1: Using ep0 maxpacket: 16 [ 113.218073][ T787] usb 2-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 113.237795][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.255182][ T787] usb 2-1: Product: syz [ 113.270657][ T787] usb 2-1: Manufacturer: syz [ 113.292376][ T787] usb 2-1: SerialNumber: syz [ 113.318090][ T787] usb 2-1: config 0 descriptor?? [ 113.355085][ T787] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected. [ 114.384919][ T6081] process 'syz.2.48' launched './file0' with NULL argv: empty string added [ 114.924218][ T6070] loop3: detected capacity change from 0 to 32768 [ 115.054453][ T6070] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 115.260600][ T6070] XFS (loop3): Ending clean mount [ 115.314860][ T6070] XFS (loop3): Quotacheck needed: Please wait. [ 115.463378][ T6070] XFS (loop3): Quotacheck: Done. [ 115.867287][ T5799] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 115.982321][ T6074] loop0: detected capacity change from 0 to 32768 [ 116.076630][ T6074] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 116.686657][ T6074] XFS (loop0): Ending clean mount [ 116.711547][ T6074] XFS (loop0): Quotacheck needed: Please wait. [ 116.971374][ T787] pwc: Warning: more than 1 configuration available. [ 116.978737][ T787] pwc: Failed to set LED on/off time (-71) [ 117.053855][ T787] pwc: send_video_command error -71 [ 117.080800][ T787] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 117.106022][ T787] Philips webcam: probe of 2-1:0.0 failed with error -71 [ 117.158687][ T787] usb 2-1: USB disconnect, device number 3 [ 117.894379][ T6074] XFS (loop0): Quotacheck: Done. [ 118.052314][ T5794] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 119.812569][ T6142] loop2: detected capacity change from 0 to 7 [ 119.859002][ T6142] Dev loop2: unable to read RDB block 7 [ 119.887514][ T6142] loop2: unable to read partition table [ 119.910128][ T6142] loop2: partition table beyond EOD, truncated [ 119.955201][ T6142] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 120.001582][ T6145] syz.2.57 uses obsolete (PF_INET,SOCK_PACKET) [ 120.906962][ T6156] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.915224][ T6156] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.528561][ T6149] loop1: detected capacity change from 0 to 32768 [ 121.568249][ T6149] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.58 (6149) [ 121.648289][ T6149] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 121.667420][ T6149] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 121.705976][ T6149] BTRFS info (device loop1): enabling auto defrag [ 121.715747][ T6149] BTRFS info (device loop1): use no compression [ 121.733466][ T6149] BTRFS info (device loop1): force clearing of disk cache [ 121.758562][ T6149] BTRFS info (device loop1): max_inline at 4096 [ 121.779273][ T6149] BTRFS info (device loop1): disabling free space tree [ 121.795027][ T787] usb 3-1: new full-speed USB device number 2 using dummy_hcd [ 121.977563][ T6149] BTRFS info (device loop1): enabling ssd optimizations [ 122.009385][ T6149] BTRFS info (device loop1): auto enabling async discard [ 122.009894][ T787] usb 3-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 122.046663][ T787] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 122.050657][ T6149] BTRFS info (device loop1): rebuilding free space tree [ 122.071249][ T787] usb 3-1: Product: syz [ 122.085686][ T787] usb 3-1: Manufacturer: syz [ 122.090417][ T787] usb 3-1: SerialNumber: syz [ 122.122882][ T787] usb 3-1: config 0 descriptor?? [ 122.245463][ T6199] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 122.263365][ T6149] BTRFS info (device loop1): disabling free space tree [ 122.270447][ T6149] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 122.293214][ T6149] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 122.561417][ T28] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 122.575960][ T787] airspy 3-1:0.0: Board ID: 00 [ 122.584453][ T787] airspy 3-1:0.0: Firmware version: [ 122.787228][ T28] usb 1-1: Using ep0 maxpacket: 16 [ 122.868256][ T5790] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 123.179100][ T28] usb 1-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 123.191321][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.199522][ T28] usb 1-1: Product: syz [ 123.904335][ T787] airspy 3-1:0.0: usb_control_msg() failed -71 request 12 [ 123.912896][ T28] usb 1-1: Manufacturer: syz [ 123.921263][ T28] usb 1-1: SerialNumber: syz [ 123.928254][ T787] airspy 3-1:0.0: Registered as swradio24 [ 123.936969][ T28] usb 1-1: config 0 descriptor?? [ 123.942313][ T787] airspy 3-1:0.0: SDR API is still slightly experimental and functionality changes may follow [ 124.003054][ T28] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected. [ 124.033268][ T787] usb 3-1: USB disconnect, device number 2 [ 126.037427][ T6228] netlink: 'syz.3.69': attribute type 10 has an invalid length. [ 126.176703][ T6228] team0: Port device dummy0 added [ 126.611297][ T6239] random: crng reseeded on system resumption [ 127.396981][ T28] pwc: Warning: more than 1 configuration available. [ 127.827917][ T28] pwc: Failed to set LED on/off time (-71) [ 128.031707][ T28] pwc: send_video_command error -71 [ 128.042290][ T28] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 128.060128][ T28] Philips webcam: probe of 1-1:0.0 failed with error -71 [ 128.091102][ T28] usb 1-1: USB disconnect, device number 2 [ 129.991292][ T5781] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 130.289349][ T5781] usb 2-1: config 0 has an invalid interface number: 49 but max is 0 [ 130.374809][ T5781] usb 2-1: config 0 has no interface number 0 [ 130.418846][ T5781] usb 2-1: config 0 interface 49 altsetting 0 has an invalid endpoint with address 0xD9, skipping [ 130.553862][ T5781] usb 2-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=76.b7 [ 130.602063][ T5781] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.658843][ T5781] usb 2-1: Product: syz [ 130.675451][ T6282] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 130.681256][ T5781] usb 2-1: Manufacturer: syz [ 130.698403][ T5781] usb 2-1: SerialNumber: syz [ 130.730156][ T5781] usb 2-1: config 0 descriptor?? [ 131.127665][ T5781] qmi_wwan: probe of 2-1:0.49 failed with error -22 [ 131.601076][ T5781] usb 2-1: USB disconnect, device number 4 [ 131.651406][ T28] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 131.926518][ T28] usb 4-1: Using ep0 maxpacket: 16 [ 131.981586][ T28] usb 4-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 132.008638][ T28] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 132.061427][ T28] usb 4-1: Product: syz [ 132.065677][ T28] usb 4-1: Manufacturer: syz [ 132.081728][ T28] usb 4-1: SerialNumber: syz [ 132.106121][ T28] usb 4-1: config 0 descriptor?? [ 132.154701][ T28] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected. [ 132.163001][ T6301] loop2: detected capacity change from 0 to 512 [ 132.239537][ T6301] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.90: inode has both inline data and extents flags [ 132.273721][ T6301] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.90: couldn't read orphan inode 15 (err -117) [ 132.322984][ T6301] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 132.536350][ T6301] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 134.716035][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.723765][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.757439][ T6310] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 135.066894][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 136.355498][ T28] pwc: Warning: more than 1 configuration available. [ 136.373222][ T28] pwc: Failed to set LED on/off time (-71) [ 136.399901][ T28] pwc: send_video_command error -71 [ 136.418697][ T28] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 136.461359][ T28] Philips webcam: probe of 4-1:0.0 failed with error -71 [ 136.573768][ T28] usb 4-1: USB disconnect, device number 3 [ 136.684586][ T6321] xt_CT: No such helper "snmp_trap" [ 136.738340][ T6315] loop1: detected capacity change from 0 to 40427 [ 136.792397][ T6315] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 136.837289][ T6315] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 136.884883][ T6315] F2FS-fs (loop1): Found nat_bits in checkpoint [ 137.084420][ T6315] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 137.120093][ T6315] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 137.376222][ T5790] syz-executor: attempt to access beyond end of device [ 137.376222][ T5790] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 137.404992][ T5790] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 138.103264][ T6342] loop2: detected capacity change from 0 to 7 [ 138.125525][ T6342] Dev loop2: unable to read RDB block 7 [ 138.135848][ T6342] loop2: AHDI p1 p2 p3 [ 138.142543][ T6344] block device autoloading is deprecated and will be removed. [ 138.144579][ T6342] loop2: partition table partially beyond EOD, truncated [ 138.170205][ T6342] loop2: p1 start 1601398130 is beyond EOD, truncated [ 138.180804][ T6342] loop2: p2 start 1702059890 is beyond EOD, truncated [ 138.381529][ T5781] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 138.577915][ T5781] usb 1-1: Using ep0 maxpacket: 8 [ 138.687180][ T5781] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 138.816905][ T5781] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 138.877359][ T5781] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.995795][ T5781] usb 1-1: Product: syz [ 139.000046][ T5781] usb 1-1: Manufacturer: syz [ 139.021850][ T5781] usb 1-1: SerialNumber: syz [ 139.028809][ T5781] usb 1-1: config 0 descriptor?? [ 139.138005][ T6353] loop3: detected capacity change from 0 to 64 [ 139.274008][ T6355] vxcan3: entered promiscuous mode [ 139.279291][ T6355] vxcan3: entered allmulticast mode [ 139.400853][ T6356] hfs: request for non-existent node 327680 in B*Tree [ 139.408493][ T6356] hfs: request for non-existent node 327680 in B*Tree [ 141.887046][ T8] usb 1-1: USB disconnect, device number 3 [ 142.471745][ T6386] loop1: detected capacity change from 0 to 64 [ 142.650816][ T6391] vxcan5: entered promiscuous mode [ 142.664891][ T6391] vxcan5: entered allmulticast mode [ 142.953593][ T6394] hfs: request for non-existent node 327680 in B*Tree [ 142.954156][ T6394] hfs: request for non-existent node 327680 in B*Tree [ 147.080067][ T6427] vxcan7: entered promiscuous mode [ 147.089938][ T6427] vxcan7: entered allmulticast mode [ 147.522627][ T6429] loop2: detected capacity change from 0 to 64 [ 147.696759][ T6432] hfs: request for non-existent node 327680 in B*Tree [ 147.705245][ T6432] hfs: request for non-existent node 327680 in B*Tree [ 148.152159][ T6436] random: crng reseeded on system resumption [ 149.312702][ T6438] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 151.205279][ T27] audit: type=1326 audit(1762246836.892:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6437 comm="syz.0.131" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f222438f6c9 code=0x0 [ 151.541316][ T28] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 151.592039][ T6450] binder_alloc: 6449: binder_alloc_buf, no vma [ 151.745490][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.760968][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.778560][ T28] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 151.791235][ T28] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 151.799376][ T28] usb 4-1: Manufacturer: syz [ 151.813246][ T28] usb 4-1: config 0 descriptor?? [ 151.956820][ T6448] loop1: detected capacity change from 0 to 32768 [ 151.970459][ T6448] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.134 (6448) [ 151.995751][ T787] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 152.017326][ T6448] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 152.029149][ T6448] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 152.038523][ T6448] BTRFS info (device loop1): force clearing of disk cache [ 152.046491][ T6448] BTRFS info (device loop1): enabling auto defrag [ 152.053999][ T6448] BTRFS info (device loop1): enabling ssd optimizations [ 152.062054][ T6448] BTRFS info (device loop1): max_inline at 0 [ 152.068395][ T6448] BTRFS info (device loop1): enabling disk space caching [ 152.076303][ T6448] BTRFS info (device loop1): disk space caching is enabled [ 152.124785][ T6448] BTRFS info (device loop1): rebuilding free space tree [ 152.150438][ T6448] BTRFS info (device loop1): disabling free space tree [ 152.158111][ T6448] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 152.168777][ T6448] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 152.215075][ T787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.238169][ T787] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 152.248317][ T787] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 152.258301][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.301295][ T787] usb 1-1: config 0 descriptor?? [ 152.370008][ T11] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 152.518881][ T6472] netlink: 4 bytes leftover after parsing attributes in process `syz.2.137'. [ 152.531398][ T6472] bridge_slave_1: left allmulticast mode [ 152.537123][ T6472] bridge_slave_1: left promiscuous mode [ 152.549180][ T6472] bridge0: port 2(bridge_slave_1) entered disabled state [ 152.574736][ T787] usb 1-1: string descriptor 0 read error: -71 [ 152.588070][ T6472] bridge_slave_0: left allmulticast mode [ 152.597102][ T6472] bridge_slave_0: left promiscuous mode [ 152.609835][ T787] usb 1-1: USB disconnect, device number 4 [ 152.614686][ T6472] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.007851][ T28] input: syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0001/input/input6 [ 153.129369][ T28] uclogic 0003:256C:006D.0001: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0 [ 153.385785][ T5790] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 153.419810][ T8] usb 4-1: USB disconnect, device number 4 [ 153.488491][ T6481] random: crng reseeded on system resumption [ 154.556169][ T6480] fido_id[6480]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 154.638962][ T6485] loop2: detected capacity change from 0 to 64 [ 154.760866][ T6483] loop0: detected capacity change from 0 to 40427 [ 154.770975][ T6483] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 154.779762][ T6483] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 154.803097][ T6483] F2FS-fs (loop0): invalid crc value [ 154.857393][ T6483] F2FS-fs (loop0): Found nat_bits in checkpoint [ 154.926347][ T6483] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 154.933644][ T6483] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 155.334524][ T6494] loop3: detected capacity change from 0 to 64 [ 155.491267][ T6494] hfs: request for non-existent node 327680 in B*Tree [ 155.509455][ T6494] hfs: request for non-existent node 327680 in B*Tree [ 155.551617][ T5794] syz-executor: attempt to access beyond end of device [ 155.551617][ T5794] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 155.587986][ T5794] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 155.610361][ T6497] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 155.620212][ T1091] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 155.657130][ T1091] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 155.918239][ T27] audit: type=1326 audit(1762246841.602:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6495 comm="syz.2.144" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0e9958f6c9 code=0x0 [ 157.664472][ T6519] netlink: 16 bytes leftover after parsing attributes in process `syz.2.149'. [ 157.884312][ T6519] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 157.987120][ T6525] random: crng reseeded on system resumption [ 158.998000][ T6506] loop1: detected capacity change from 0 to 40427 [ 159.021782][ T6506] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 159.029587][ T6506] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 159.096808][ T6506] F2FS-fs (loop1): invalid crc value [ 159.310217][ T6506] F2FS-fs (loop1): Failed to initialize F2FS segment manager (-4) [ 159.430930][ T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 159.812729][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 159.858548][ T8] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 159.871243][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.883532][ T6538] netlink: 4 bytes leftover after parsing attributes in process `syz.3.154'. [ 159.891386][ T8] usb 3-1: Product: syz [ 159.907236][ T8] usb 3-1: Manufacturer: syz [ 159.925352][ T8] usb 3-1: SerialNumber: syz [ 160.272208][ T6545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.158'. [ 160.319021][ T6547] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 160.445334][ T8] r8152-cfgselector 3-1: Unknown version 0x0000 [ 160.460887][ T6549] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 160.467885][ T6549] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 160.475069][ T6549] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 160.482295][ T6549] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 160.489629][ T6549] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 160.496573][ T6549] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 160.504689][ T6549] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 160.511731][ T6549] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 160.518554][ T6549] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 160.525539][ T6549] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 160.532377][ T6549] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 160.539170][ T6549] comedi comedi3: 8255: I/O port conflict (0x3,4) [ 160.546079][ T6549] comedi comedi3: 8255: I/O port conflict (0xffffffff80000089,4) [ 160.554156][ T6549] comedi comedi3: 8255: I/O port conflict (0xfffffffffffffffd,4) [ 161.201869][ T8] r8152-cfgselector 3-1: bad CDC descriptors [ 161.222708][ T8] r8152-cfgselector 3-1: Unknown version 0x0000 [ 161.233492][ T8] r8152-cfgselector 3-1: USB disconnect, device number 3 [ 161.362869][ T27] audit: type=1326 audit(1762246847.032:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6546 comm="syz.0.157" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f222438f6c9 code=0x0 [ 161.966459][ T6560] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3) [ 161.973376][ T6560] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 162.037074][ T6560] vhci_hcd vhci_hcd.0: Device attached [ 162.281416][ T5878] usb 39-1: new low-speed USB device number 2 using vhci_hcd [ 162.302422][ T8] usb 4-1: new low-speed USB device number 5 using dummy_hcd [ 162.525453][ T8] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 162.573221][ T8] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 162.596896][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.637647][ T8] usb 4-1: config 0 descriptor?? [ 162.674271][ T6572] vxcan3: entered promiscuous mode [ 162.692069][ T6572] vxcan3: entered allmulticast mode [ 162.908344][ T8] usb 4-1: string descriptor 0 read error: -71 [ 162.925706][ T8] usb 4-1: USB disconnect, device number 5 [ 162.993469][ T6562] usb 39-1: recv xbuf, 0 [ 163.081318][ T49] vhci_hcd: stop threads [ 163.089417][ T49] vhci_hcd: release socket [ 163.090544][ T6561] loop2: detected capacity change from 0 to 40427 [ 163.102693][ T49] vhci_hcd: disconnect device [ 163.116749][ T6561] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 163.121414][ T5878] vhci_hcd: vhci_device speed not set [ 163.124762][ T6561] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 163.268923][ T6561] F2FS-fs (loop2): invalid crc value [ 163.454710][ T6561] F2FS-fs (loop2): Found nat_bits in checkpoint [ 163.968420][ T6561] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 163.981105][ T6561] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 164.397859][ T6597] loop3: detected capacity change from 0 to 1024 [ 164.590577][ T6597] hfsplus: xattr searching failed [ 164.617481][ T6597] hfsplus: xattr searching failed [ 164.637360][ T6597] hfsplus: xattr searching failed [ 164.935033][ T6599] ip6tnl1: entered promiscuous mode [ 164.966260][ T6599] ip6tnl1: entered allmulticast mode [ 164.994019][ T6599] team0: Device ip6tnl1 is of different type [ 165.911921][ T6601] loop3: detected capacity change from 0 to 32768 [ 165.928020][ T1091] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 165.938250][ T1091] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 165.998496][ T6601] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 166.264223][ T6601] XFS (loop3): Ending clean mount [ 166.286769][ T6613] vxcan3: entered promiscuous mode [ 166.309362][ T6601] XFS (loop3): Quotacheck needed: Please wait. [ 166.312109][ T6613] vxcan3: entered allmulticast mode [ 166.393857][ T6601] XFS (loop3): Quotacheck: Done. [ 166.507170][ T27] audit: type=1800 audit(1762246852.310:6): pid=6601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.173" name="bus" dev="loop3" ino=9291 res=0 errno=0 [ 166.527460][ C0] vkms_vblank_simulate: vblank timer overrun [ 167.157540][ T5799] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 169.776518][ T6124] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 170.416104][ T6124] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 170.443282][ T6124] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.524396][ T6124] usb 2-1: Product: syz [ 170.541917][ T6124] usb 2-1: Manufacturer: syz [ 170.546599][ T6124] usb 2-1: SerialNumber: syz [ 170.562298][ T6124] usb 2-1: config 0 descriptor?? [ 170.769551][ T6124] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 171.061359][ T787] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 171.256927][ T787] usb 1-1: Using ep0 maxpacket: 8 [ 171.278059][ T787] usb 1-1: config 0 has an invalid interface number: 31 but max is 0 [ 171.296198][ T787] usb 1-1: config 0 has no interface number 0 [ 171.323371][ T787] usb 1-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 171.337105][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.346734][ T787] usb 1-1: Product: syz [ 171.351143][ T787] usb 1-1: Manufacturer: syz [ 171.355880][ T787] usb 1-1: SerialNumber: syz [ 171.380977][ T787] usb 1-1: config 0 descriptor?? [ 171.606208][ T787] usb 1-1: Found UVC 0.04 device syz (046d:08c3) [ 171.627181][ T787] usb 1-1: No valid video chain found. [ 171.635406][ T6668] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 171.652768][ T787] usb 1-1: USB disconnect, device number 5 [ 172.072264][ T27] audit: type=1326 audit(1762246858.286:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6667 comm="syz.2.192" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0e9958f6c9 code=0x0 [ 172.148298][ T6671] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 172.277509][ T6675] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 172.284091][ T6675] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 172.301644][ T6675] vhci_hcd vhci_hcd.0: Device attached [ 172.308402][ T6124] dvb_usb_rtl28xxu: probe of 2-1:0.0 failed with error -71 [ 172.329329][ T6124] usb 2-1: USB disconnect, device number 5 [ 172.552976][ T5781] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 172.786407][ T5878] usb 1-1: new low-speed USB device number 6 using dummy_hcd [ 172.998202][ T5878] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 173.027461][ T5878] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 173.063951][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.196998][ T5878] usb 1-1: config 0 descriptor?? [ 173.394570][ T6676] usb 33-1: recv xbuf, 0 [ 173.402484][ T5878] usb 1-1: string descriptor 0 read error: -71 [ 173.429138][ T2980] vhci_hcd: stop threads [ 173.433468][ T2980] vhci_hcd: release socket [ 173.440928][ T5878] usb 1-1: USB disconnect, device number 6 [ 173.447938][ T2980] vhci_hcd: disconnect device [ 173.485070][ T5781] vhci_hcd: vhci_device speed not set [ 174.194720][ T6699] mmap: syz.3.199 (6699) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 174.213353][ T6698] loop2: detected capacity change from 0 to 256 [ 174.522546][ T6688] loop1: detected capacity change from 0 to 40427 [ 174.553706][ T6688] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 174.594242][ T6688] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 174.670494][ T6698] FAT-fs (loop2): Directory bread(block 64) failed [ 174.677105][ T6698] FAT-fs (loop2): Directory bread(block 65) failed [ 174.691468][ T6688] F2FS-fs (loop1): invalid crc value [ 174.702839][ T6698] FAT-fs (loop2): Directory bread(block 66) failed [ 174.721792][ T6698] FAT-fs (loop2): Directory bread(block 67) failed [ 174.744386][ T6688] F2FS-fs (loop1): Found nat_bits in checkpoint [ 174.819071][ T6698] FAT-fs (loop2): Directory bread(block 68) failed [ 174.847377][ T6698] FAT-fs (loop2): Directory bread(block 69) failed [ 174.883053][ T6698] FAT-fs (loop2): Directory bread(block 70) failed [ 174.936701][ T6698] FAT-fs (loop2): Directory bread(block 71) failed [ 174.968626][ T6698] FAT-fs (loop2): Directory bread(block 72) failed [ 175.023014][ T6698] FAT-fs (loop2): Directory bread(block 73) failed [ 175.051133][ T6688] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 175.058234][ T6688] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 176.142700][ T6710] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 176.387322][ T27] audit: type=1326 audit(1762246862.908:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6709 comm="syz.3.203" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f37b398f6c9 code=0x0 [ 177.332745][ T49] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 177.411693][ T49] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 178.047485][ T6724] overlayfs: overlapping lowerdir path [ 178.100680][ T6725] overlayfs: failed to verify upper (54/file0, ino=314, err=-116) [ 178.109241][ T6725] overlayfs: failed to verify index dir 'upper' xattr [ 178.116159][ T6725] overlayfs: try deleting index dir or mounting with '-o index=off' to disable inodes index. [ 183.142191][ T6760] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 183.448766][ T5883] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 183.812164][ T5883] usb 3-1: Using ep0 maxpacket: 16 [ 183.947227][ T5883] usb 3-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 183.968557][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.018274][ T5883] usb 3-1: Product: syz [ 184.026353][ T5883] usb 3-1: Manufacturer: syz [ 184.037771][ T5883] usb 3-1: SerialNumber: syz [ 184.075686][ T5883] usb 3-1: config 0 descriptor?? [ 184.158118][ T5883] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected. [ 184.341814][ T6773] vxcan1: entered promiscuous mode [ 184.361787][ T787] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 184.379782][ T6773] vxcan1: entered allmulticast mode [ 184.575932][ T787] usb 2-1: Using ep0 maxpacket: 8 [ 184.603170][ T787] usb 2-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 184.642321][ T787] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.669773][ T787] usb 2-1: Product: syz [ 184.674086][ T787] usb 2-1: Manufacturer: syz [ 184.924638][ T787] usb 2-1: SerialNumber: syz [ 185.185165][ T787] usb 2-1: config 0 descriptor?? [ 185.613360][ T787] gspca_main: sq905-2.14.0 probing 2770:9120 [ 185.876593][ T787] gspca_sq905: sq905_command: usb_control_msg failed 2 (-32) [ 185.909141][ T787] sq905: probe of 2-1:0.0 failed with error -32 [ 187.065498][ T787] usb 2-1: USB disconnect, device number 6 [ 187.466168][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 187.661142][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 187.669963][ T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 187.723678][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 187.870593][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 187.884569][ T5883] pwc: Warning: more than 1 configuration available. [ 187.920348][ T5883] pwc: Failed to set LED on/off time (-71) [ 187.930148][ T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 187.964136][ T5883] pwc: send_video_command error -71 [ 187.970272][ T8] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.976217][ T5883] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 188.035313][ T5883] Philips webcam: probe of 3-1:0.0 failed with error -71 [ 188.066677][ T5883] usb 3-1: USB disconnect, device number 4 [ 188.077142][ T8] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 188.099134][ T8] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 188.137316][ T8] usb 4-1: Manufacturer: syz [ 188.156275][ T8] usb 4-1: config 0 descriptor?? [ 188.472616][ T8] rc_core: IR keymap rc-hauppauge not found [ 188.478801][ T8] Registered IR keymap rc-empty [ 188.541036][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 188.634531][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 188.735804][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 188.911958][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input7 [ 189.106693][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 189.214875][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 189.327188][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 189.414890][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 189.767344][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 190.420124][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 190.447921][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 190.535961][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 190.653750][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 190.719284][ T8] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 190.761869][ T8] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 190.816085][ T6870] loop1: detected capacity change from 0 to 64 [ 190.816776][ T8] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 190.915405][ T6870] hfs: request for non-existent node 327680 in B*Tree [ 190.922220][ T6870] hfs: request for non-existent node 327680 in B*Tree [ 190.955527][ T8] usb 4-1: USB disconnect, device number 6 [ 191.817160][ T6884] loop0: detected capacity change from 0 to 128 [ 192.620536][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 192.626954][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 192.672212][ T6888] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 192.769159][ T6872] loop3: detected capacity change from 0 to 32768 [ 192.811516][ T6872] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.235 (6872) [ 192.848110][ T6872] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 192.877826][ T6872] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 192.907405][ T6872] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 192.942565][ T6872] BTRFS info (device loop3): use zstd compression, level 3 [ 192.955732][ T788] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 192.961286][ T6872] BTRFS info (device loop3): metadata ratio 8 [ 192.994611][ T6872] BTRFS info (device loop3): turning off barriers [ 193.020521][ T6872] BTRFS info (device loop3): using free space tree [ 193.561252][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR [ 193.575892][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR [ 193.607781][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR [ 193.636111][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR [ 193.670386][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR [ 193.721070][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR [ 193.738898][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR [ 193.765015][ T788] usb 2-1: Using ep0 maxpacket: 16 [ 193.780061][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR [ 193.780696][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR [ 194.027682][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR [ 194.074450][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR [ 194.213946][ T6872] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR [ 194.338974][ T788] usb 2-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 194.359447][ T788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.374047][ T788] usb 2-1: Product: syz [ 194.379412][ T788] usb 2-1: Manufacturer: syz [ 194.394408][ T788] usb 2-1: SerialNumber: syz [ 194.403374][ T6872] BTRFS error (device loop3): open_ctree failed: -12 [ 194.423068][ T788] usb 2-1: config 0 descriptor?? [ 194.560867][ T787] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 194.763662][ T787] usb 1-1: Using ep0 maxpacket: 16 [ 194.792996][ T787] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.814151][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 194.847248][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 194.875701][ T787] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 194.912404][ T787] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 194.964066][ T787] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 194.993060][ T787] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 195.024406][ T787] usb 1-1: Manufacturer: syz [ 195.043838][ T787] usb 1-1: config 0 descriptor?? [ 195.604649][ T6926] loop3: detected capacity change from 0 to 64 [ 195.752630][ T787] rc_core: IR keymap rc-hauppauge not found [ 195.758614][ T787] Registered IR keymap rc-empty [ 195.770147][ T6925] hfs: request for non-existent node 327680 in B*Tree [ 195.777070][ T6925] hfs: request for non-existent node 327680 in B*Tree [ 195.807683][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 195.838341][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 195.884180][ T787] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 195.949494][ T787] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input8 [ 196.037930][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.100404][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.146540][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.191490][ T6933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.248'. [ 196.208219][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.245403][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.253670][ T6933] netlink: 4 bytes leftover after parsing attributes in process `syz.3.248'. [ 196.292136][ T6933] bridge_slave_1: left allmulticast mode [ 196.292632][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.325256][ T6933] bridge_slave_1: left promiscuous mode [ 196.339682][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.350537][ T6933] bridge0: port 2(bridge_slave_1) entered disabled state [ 196.384381][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.401963][ T6933] bridge_slave_0: left allmulticast mode [ 196.413035][ T6933] bridge_slave_0: left promiscuous mode [ 196.428632][ T6933] bridge0: port 1(bridge_slave_0) entered disabled state [ 196.441228][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.479103][ T787] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 196.530905][ T787] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 196.550894][ T787] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 196.591229][ T787] usb 1-1: USB disconnect, device number 7 [ 197.052930][ T788] usb 2-1: can't set config #0, error -71 [ 197.066394][ T788] usb 2-1: USB disconnect, device number 7 [ 197.491631][ T6124] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 197.691829][ T6124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.704120][ T6124] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 197.722249][ T6124] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 197.758676][ T6124] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 197.785121][ T6124] usb 4-1: Manufacturer: syz [ 197.841173][ T6124] usb 4-1: config 0 descriptor?? [ 198.246868][ T6952] hub 2-0:1.0: USB hub found [ 198.260289][ T6952] hub 2-0:1.0: 1 port detected [ 199.503189][ T6124] uclogic 0003:256C:006D.0002: interface is invalid, ignoring [ 199.998768][ T6124] usb 4-1: USB disconnect, device number 7 [ 200.137959][ T6964] loop2: detected capacity change from 0 to 7 [ 200.189099][ T6964] Dev loop2: unable to read RDB block 7 [ 200.209534][ T6964] loop2: unable to read partition table [ 200.241757][ T6964] loop2: partition table beyond EOD, truncated [ 200.256880][ T6964] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 201.109689][ T6972] loop3: detected capacity change from 0 to 65536 [ 201.178567][ T6972] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 201.226625][ T6972] XFS (loop3): Ending clean mount [ 201.236134][ T6972] XFS (loop3): Quotacheck needed: Please wait. [ 201.330573][ T6972] XFS (loop3): Quotacheck: Done. [ 203.936908][ T5799] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 204.363120][ T7001] netlink: 8 bytes leftover after parsing attributes in process `syz.0.269'. [ 204.374870][ T7001] netlink: 4 bytes leftover after parsing attributes in process `syz.0.269'. [ 205.798980][ T788] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 205.966982][ T788] usb 3-1: Using ep0 maxpacket: 32 [ 205.983903][ T788] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 205.997817][ T788] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 206.031456][ T788] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 206.067108][ T788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 206.113621][ T788] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 206.128695][ T788] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 206.141010][ T788] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 206.151859][ T788] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 206.168590][ T788] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 206.666234][ T788] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.733243][ T788] usb 3-1: config 0 descriptor?? [ 206.747210][ T7008] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 206.952740][ T788] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 5 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 207.283671][ T788] usb 3-1: USB disconnect, device number 5 [ 207.308737][ T788] usblp0: removed [ 211.874687][ T7063] Zero length message leads to an empty skb [ 212.388306][ T788] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 212.594568][ T788] usb 2-1: Using ep0 maxpacket: 32 [ 212.612888][ T788] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 212.630987][ T788] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 212.648375][ T788] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 212.657971][ T788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 212.675861][ T788] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 212.685700][ T788] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 212.697143][ T788] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 212.707304][ T788] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 212.734017][ T788] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 212.752618][ T788] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.792178][ T788] usb 2-1: config 0 descriptor?? [ 212.799025][ T787] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 212.819457][ T7060] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 213.074707][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 213.106050][ T787] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 213.125172][ T788] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 8 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 213.457035][ T787] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 213.466431][ T787] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 213.475722][ T787] usb 1-1: Manufacturer: syz [ 213.524805][ T787] usb 1-1: config 0 descriptor?? [ 213.527409][ T788] usb 2-1: USB disconnect, device number 8 [ 213.570812][ T788] usblp0: removed [ 213.964743][ T5878] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 214.564038][ T5878] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.596282][ T5878] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 214.617448][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.687619][ T5878] usb 4-1: config 0 descriptor?? [ 214.707072][ T5878] pwc: Askey VC010 type 2 USB webcam detected. [ 214.786693][ T787] input: syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0003/input/input9 [ 214.959730][ T787] uclogic 0003:256C:006D.0003: input,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.0-1/input0 [ 214.994858][ T787] usb 1-1: USB disconnect, device number 8 [ 215.187334][ T5878] pwc: recv_control_msg error -32 req 02 val 2b00 [ 215.211254][ T7092] fido_id[7092]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 215.241710][ T5878] pwc: recv_control_msg error -32 req 02 val 2700 [ 215.259239][ T5878] pwc: recv_control_msg error -32 req 02 val 2c00 [ 215.273571][ T5878] pwc: recv_control_msg error -32 req 04 val 1000 [ 215.293767][ T5878] pwc: recv_control_msg error -32 req 04 val 1300 [ 215.314859][ T5878] pwc: recv_control_msg error -32 req 04 val 1400 [ 215.336461][ T5878] pwc: recv_control_msg error -32 req 02 val 2000 [ 215.432458][ T5878] pwc: recv_control_msg error -32 req 02 val 2100 [ 215.907488][ T5878] pwc: recv_control_msg error -71 req 02 val 2500 [ 215.923605][ T5878] pwc: recv_control_msg error -71 req 02 val 2400 [ 215.942380][ T5878] pwc: recv_control_msg error -71 req 02 val 2600 [ 215.951996][ T5878] pwc: recv_control_msg error -71 req 02 val 2900 [ 215.959152][ T5878] pwc: recv_control_msg error -71 req 02 val 2800 [ 216.005706][ T5878] pwc: recv_control_msg error -71 req 04 val 1100 [ 216.015243][ T5878] pwc: recv_control_msg error -71 req 04 val 1200 [ 216.060541][ T5878] pwc: Registered as video103. [ 216.082754][ T5878] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input10 [ 216.121405][ T5878] usb 4-1: USB disconnect, device number 8 [ 216.498752][ T5800] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 216.685739][ T5800] usb 3-1: Using ep0 maxpacket: 32 [ 216.697212][ T5800] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 216.728519][ T5800] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 216.743626][ T5800] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 216.763577][ T5800] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 216.784936][ T5800] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 216.799726][ T5800] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 216.993111][ T5800] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 217.009755][ T5800] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 217.747663][ T5800] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 217.766604][ T5800] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.824465][ T5800] usb 3-1: config 0 descriptor?? [ 217.831249][ T7105] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 218.040148][ T5800] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 6 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 218.242523][ C0] usblp0: nonzero read bulk status received: -71 [ 218.351078][ T5883] usb 3-1: USB disconnect, device number 6 [ 218.361109][ T5883] usblp0: removed [ 218.742566][ T7131] kernel profiling enabled (shift: 17) [ 220.711075][ T7148] netlink: 8 bytes leftover after parsing attributes in process `syz.1.314'. [ 221.050358][ T7159] xt_CT: You must specify a L4 protocol and not use inversions on it [ 222.269919][ T7170] netlink: 52 bytes leftover after parsing attributes in process `syz.1.320'. [ 222.846327][ T787] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 223.321682][ T787] usb 4-1: Using ep0 maxpacket: 32 [ 223.344828][ T787] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 223.354968][ T787] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 223.370854][ T787] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 223.383148][ T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 223.396671][ T787] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 223.409905][ T787] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 14385, setting to 1024 [ 223.430478][ T787] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 223.441208][ T787] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 223.457704][ T787] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 223.470016][ T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.517753][ T787] usb 4-1: config 0 descriptor?? [ 223.550896][ T7172] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 223.796393][ T787] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 224.028150][ C0] usblp0: nonzero read bulk status received: -71 [ 224.394391][ T5883] usb 4-1: USB disconnect, device number 9 [ 224.574764][ T5883] usblp0: removed [ 227.011827][ T7204] loop0: detected capacity change from 0 to 32768 [ 227.134254][ T7204] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 227.191506][ T7204] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 227.249510][ T7219] loop2: detected capacity change from 0 to 40427 [ 227.258615][ T7219] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 227.266553][ T7219] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 227.287360][ T7219] F2FS-fs (loop2): invalid crc value [ 227.309580][ T7219] F2FS-fs (loop2): Found nat_bits in checkpoint [ 227.353974][ T7204] XFS (loop0): Ending clean mount [ 227.379498][ T7219] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 227.387171][ T7219] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 227.387212][ T7204] XFS (loop0): Quotacheck needed: Please wait. [ 227.598282][ T7204] XFS (loop0): Quotacheck: Done. [ 228.113628][ T7233] ip6tnl1: entered promiscuous mode [ 228.151672][ T7233] ip6tnl1: entered allmulticast mode [ 228.189502][ T59] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 228.274869][ T59] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 228.613268][ T5794] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 229.633726][ T7243] loop2: detected capacity change from 0 to 7 [ 229.649776][ T5798] Dev loop2: unable to read RDB block 7 [ 229.675430][ T5798] loop2: unable to read partition table [ 229.739629][ T5798] loop2: partition table beyond EOD, truncated [ 230.190924][ T7246] batman_adv: batadv0: Adding interface: gretap1 [ 230.197800][ T7246] batman_adv: batadv0: The MTU of interface gretap1 is too small (1462) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 230.223709][ T7246] batman_adv: batadv0: Interface activated: gretap1 [ 230.254714][ T7243] Dev loop2: unable to read RDB block 7 [ 230.296237][ T7243] loop2: unable to read partition table [ 230.322017][ T7243] loop2: partition table beyond EOD, truncated [ 230.328387][ T7243] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 230.889806][ T788] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 231.090515][ T788] usb 2-1: unable to get BOS descriptor or descriptor too short [ 231.166685][ T788] usb 2-1: not running at top speed; connect to a high speed hub [ 231.278682][ T788] usb 2-1: config 1 has an invalid interface number: 23 but max is 0 [ 231.452384][ T788] usb 2-1: config 1 has no interface number 0 [ 231.459181][ T788] usb 2-1: config 1 interface 23 has no altsetting 0 [ 231.469483][ T788] usb 2-1: New USB device found, idVendor=9022, idProduct=d421, bcdDevice=52.80 [ 231.479006][ T788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.505810][ T788] usb 2-1: Product: syz [ 231.512447][ T788] usb 2-1: Manufacturer: syz [ 231.528646][ T788] usb 2-1: SerialNumber: syz [ 231.761904][ T788] dw2102: su3000_identify_state [ 231.785011][ T788] dvb-usb: found a 'TeVii S421 PCI' in warm state. [ 231.818461][ T788] dw2102: su3000_power_ctrl: 1, initialized 0 [ 231.836735][ T788] dvb-usb: bulk message failed: -22 (2/0) [ 231.870197][ T788] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 231.925291][ T788] dvb-usb: TeVii S421 PCI error while loading driver (-19) [ 231.991948][ T788] usb 2-1: USB disconnect, device number 9 [ 232.239594][ T7262] loop0: detected capacity change from 0 to 40427 [ 232.248131][ T7262] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 232.256005][ T7262] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 232.268849][ T7262] F2FS-fs (loop0): invalid crc value [ 232.317328][ T7262] F2FS-fs (loop0): Found nat_bits in checkpoint [ 232.382269][ T7262] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 232.389508][ T7262] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 233.365445][ T59] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 233.395752][ T59] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 234.144518][ T7286] ubi31: attaching mtd0 [ 234.413792][ T7286] ubi31: scanning is finished [ 234.418556][ T7286] ubi31: empty MTD device detected [ 234.673740][ T7286] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 234.681565][ T7286] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 234.717720][ T7286] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 234.725592][ T7286] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 234.733372][ T7286] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 234.746263][ T7286] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 234.754620][ T7286] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1152742400 [ 234.790797][ T7286] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 234.825596][ T7289] ubi31: background thread "ubi_bgt31d" started, PID 7289 [ 235.048749][ T7294] loop2: detected capacity change from 0 to 7 [ 235.100850][ T7294] Dev loop2: unable to read RDB block 7 [ 235.111299][ T7294] loop2: unable to read partition table [ 235.120245][ T7294] loop2: partition table beyond EOD, truncated [ 235.148935][ T7294] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 236.800435][ T7296] loop2: detected capacity change from 0 to 32768 [ 236.814616][ T7296] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.350 (7296) [ 236.837446][ T7296] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 236.864464][ T7296] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 236.938125][ T7296] BTRFS info (device loop2): force clearing of disk cache [ 236.966365][ T7296] BTRFS info (device loop2): enabling auto defrag [ 236.969775][ T7304] vxcan5: entered promiscuous mode [ 236.994812][ T7304] vxcan5: entered allmulticast mode [ 237.001386][ T7296] BTRFS info (device loop2): enabling ssd optimizations [ 237.033735][ T7296] BTRFS info (device loop2): max_inline at 0 [ 237.052347][ T7296] BTRFS info (device loop2): enabling disk space caching [ 237.062482][ T7296] BTRFS info (device loop2): disk space caching is enabled [ 237.280118][ T7296] BTRFS info (device loop2): rebuilding free space tree [ 237.399437][ T7296] BTRFS info (device loop2): disabling free space tree [ 237.409578][ T7296] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 237.437066][ T7324] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 237.443651][ T7324] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 237.460441][ T7296] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 237.535094][ T7324] vhci_hcd vhci_hcd.0: Device attached [ 237.565851][ T7326] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 0 [ 237.580101][ T12] vhci_hcd: stop threads [ 237.609070][ T12] vhci_hcd: release socket [ 237.796745][ T787] usb 35-1: new low-speed USB device number 2 using vhci_hcd [ 237.845756][ T12] vhci_hcd: disconnect device [ 237.984431][ T7333] netlink: 8 bytes leftover after parsing attributes in process `syz.0.356'. [ 238.135619][ T2972] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 238.387457][ T7341] loop1: detected capacity change from 0 to 2048 [ 238.442935][ T7341] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 238.524821][ T7339] ubi: mtd0 is already attached to ubi31 [ 238.579847][ T7341] EXT4-fs error (device loop1): ext4_find_extent:936: inode #2: comm syz.1.359: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 238.628769][ T7344] EXT4-fs error (device loop1): ext4_validate_block_bitmap:430: comm ext4lazyinit: bg 0: block 2: invalid block bitmap [ 238.905883][ T7341] EXT4-fs (loop1): Remounting filesystem read-only [ 239.078883][ T7344] EXT4-fs (loop1): Remounting filesystem read-only [ 239.424674][ T5789] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 239.455445][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.480793][ T7351] loop0: detected capacity change from 0 to 512 [ 239.564678][ T7351] EXT4-fs (loop0): orphan cleanup on readonly fs [ 239.651656][ T7351] EXT4-fs error (device loop0): ext4_orphan_get:1425: comm syz.0.360: bad orphan inode 13 [ 239.783560][ T7351] ext4_test_bit(bit=12, block=18) = 1 [ 239.789018][ T7351] is_bad_inode(inode)=0 [ 239.809832][ T7351] NEXT_ORPHAN(inode)=2130706432 [ 239.828849][ T7351] max_ino=32 [ 239.832130][ T7351] i_nlink=1 [ 239.848026][ T7351] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 240.066349][ T7351] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 240.219024][ T7351] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.360: bg 0: block 248: padding at end of block bitmap is not set [ 240.272787][ T7358] loop2: detected capacity change from 0 to 40427 [ 240.284877][ T7358] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 240.292817][ T7358] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 240.303858][ T7351] Quota error (device loop0): write_blk: dquota write failed [ 240.312048][ T7351] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 240.326323][ T7358] F2FS-fs (loop2): invalid crc value [ 240.333151][ T7351] EXT4-fs error (device loop0): ext4_acquire_dquot:6933: comm syz.0.360: Failed to acquire dquot type 1 [ 240.366538][ T7358] F2FS-fs (loop2): Found nat_bits in checkpoint [ 240.389405][ T7351] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 240.418579][ T7358] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 240.425739][ T7358] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 240.515938][ T5794] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 241.363435][ T7369] netlink: 40 bytes leftover after parsing attributes in process `syz.1.365'. [ 241.379547][ T7368] ip6tnl1: entered promiscuous mode [ 241.394664][ T7368] ip6tnl1: entered allmulticast mode [ 242.130283][ T7369] syz.1.365 (7369) used greatest stack depth: 17480 bytes left [ 242.367900][ T7374] bridge0: vlan filtering disabled, automatically disabling multicast vlan snooping [ 242.633384][ T7380] ubi: mtd0 is already attached to ubi31 [ 242.643722][ T787] vhci_hcd: vhci_device speed not set [ 242.680696][ T5878] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 242.879325][ T5878] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 242.911735][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 242.984262][ T5878] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 243.015547][ T5878] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 243.056859][ T5878] usb 1-1: Manufacturer: syz [ 243.877350][ T5878] usb 1-1: config 0 descriptor?? [ 243.998399][ T5878] rc_core: IR keymap rc-hauppauge not found [ 244.020060][ T5878] Registered IR keymap rc-empty [ 244.328060][ T5878] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 244.553406][ T7395] netlink: 8 bytes leftover after parsing attributes in process `syz.3.374'. [ 244.564967][ T5878] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input11 [ 244.611171][ C0] igorplugusb 1-1:0.0: Error: urb status = -32 [ 244.664293][ T8] usb 1-1: USB disconnect, device number 9 [ 245.057196][ T5878] usb 4-1: new low-speed USB device number 10 using dummy_hcd [ 245.278064][ T5878] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 245.366865][ T5878] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 245.402008][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.437065][ T5878] usb 4-1: config 0 descriptor?? [ 245.528831][ T7407] loop2: detected capacity change from 0 to 256 [ 245.605090][ T7407] FAT-fs (loop2): Directory bread(block 64) failed [ 245.612074][ T7410] ubi: mtd0 is already attached to ubi31 [ 245.621740][ T7407] FAT-fs (loop2): Directory bread(block 65) failed [ 245.642586][ T5878] usb 4-1: string descriptor 0 read error: -71 [ 245.645293][ T7407] FAT-fs (loop2): Directory bread(block 66) failed [ 245.666206][ T5878] usb 4-1: USB disconnect, device number 10 [ 245.681874][ T7407] FAT-fs (loop2): Directory bread(block 67) failed [ 245.689754][ T7407] FAT-fs (loop2): Directory bread(block 68) failed [ 245.698610][ T7407] FAT-fs (loop2): Directory bread(block 69) failed [ 245.706058][ T7407] FAT-fs (loop2): Directory bread(block 70) failed [ 245.714054][ T7407] FAT-fs (loop2): Directory bread(block 71) failed [ 245.721094][ T7407] FAT-fs (loop2): Directory bread(block 72) failed [ 245.762819][ T7407] FAT-fs (loop2): Directory bread(block 73) failed [ 248.013876][ T8] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 248.369622][ T8] usb 2-1: Using ep0 maxpacket: 32 [ 248.422451][ T8] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 248.430937][ T8] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 248.448660][ T8] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 248.464323][ T7443] loop0: detected capacity change from 0 to 256 [ 248.470533][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 248.505770][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 248.517659][ T7443] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 248.531528][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 248.553749][ T8] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 248.607368][ T8] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 248.608880][ T7443] exFAT-fs (loop0): error, invalid access to FAT (entry 0xffffffff) [ 248.639141][ T7443] exFAT-fs (loop0): Filesystem has been set read-only [ 248.657143][ T8] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 248.689862][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.721692][ T8] usb 2-1: config 0 descriptor?? [ 248.926119][ T8] usblp 2-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 248.946894][ T7449] loop0: detected capacity change from 0 to 256 [ 248.992364][ T7424] loop3: detected capacity change from 0 to 32768 [ 248.996200][ T7449] FAT-fs (loop0): Directory bread(block 64) failed [ 249.005546][ T7449] FAT-fs (loop0): Directory bread(block 65) failed [ 249.018926][ T7449] FAT-fs (loop0): Directory bread(block 66) failed [ 249.047052][ T7424] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.384 (7424) [ 249.051648][ T7449] FAT-fs (loop0): Directory bread(block 67) failed [ 249.114784][ T7424] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 249.130066][ T7449] FAT-fs (loop0): Directory bread(block 68) failed [ 249.134434][ T8] usb 2-1: USB disconnect, device number 10 [ 249.149652][ T7449] FAT-fs (loop0): Directory bread(block 69) failed [ 249.156365][ T7449] FAT-fs (loop0): Directory bread(block 70) failed [ 249.163979][ T7424] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 249.175490][ T7424] BTRFS info (device loop3): using free space tree [ 249.182535][ T7449] FAT-fs (loop0): Directory bread(block 71) failed [ 249.185450][ T8] usblp0: removed [ 249.206527][ T7449] FAT-fs (loop0): Directory bread(block 72) failed [ 249.232731][ T7449] FAT-fs (loop0): Directory bread(block 73) failed [ 249.439319][ T7424] BTRFS info (device loop3): enabling ssd optimizations [ 249.463070][ T7424] BTRFS info (device loop3): auto enabling async discard [ 249.522586][ T27] audit: type=1800 audit(1762246941.369:9): pid=7424 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.384" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 249.871853][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 249.878474][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 250.190293][ T8] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 250.515862][ T5799] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 250.526430][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 250.569907][ T8] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.608950][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 250.639113][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 250.859695][ T8] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 250.870008][ T8] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 250.888771][ T8] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 251.017541][ T8] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 251.026261][ T8] usb 1-1: Manufacturer: syz [ 251.092052][ T8] usb 1-1: config 0 descriptor?? [ 251.152346][ T7495] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 251.158947][ T7495] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 251.172352][ T7495] vhci_hcd vhci_hcd.0: Device attached [ 251.422892][ T23] usb 35-1: new low-speed USB device number 3 using vhci_hcd [ 251.432372][ T5883] usb 2-1: new low-speed USB device number 11 using dummy_hcd [ 251.507476][ T8] rc_core: IR keymap rc-hauppauge not found [ 251.525536][ T8] Registered IR keymap rc-empty [ 251.530598][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.563241][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.602380][ T5883] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 251.603599][ T8] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 251.619405][ T5883] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 251.627448][ T8] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input12 [ 251.653305][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.660990][ T5883] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.683924][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.687408][ T5883] usb 2-1: config 0 descriptor?? [ 251.754654][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.805364][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.851766][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.879728][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.898741][ T7496] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 251.906846][ T5883] usb 2-1: string descriptor 0 read error: -71 [ 251.917398][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.927347][ T49] vhci_hcd: stop threads [ 251.937006][ T5883] usb 2-1: USB disconnect, device number 11 [ 251.944969][ T49] vhci_hcd: release socket [ 251.950185][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 251.957354][ T49] vhci_hcd: disconnect device [ 252.011107][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 252.038818][ T8] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 252.087524][ T8] mceusb 1-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 252.122250][ T8] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 252.150544][ T8] usb 1-1: USB disconnect, device number 10 [ 252.457658][ T5781] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 252.757858][ T5781] usb 3-1: Using ep0 maxpacket: 32 [ 252.851415][ T5781] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 252.959096][ T5781] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 252.981729][ T5781] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 253.062006][ T5781] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 253.110012][ T5781] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 253.150953][ T5781] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 253.172056][ T5781] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 253.185281][ T5781] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 253.204068][ T5781] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 253.226729][ T5781] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.239879][ T5781] usb 3-1: config 0 descriptor?? [ 253.501720][ T5781] usblp 3-1:0.0: usblp0: USB Bidirectional printer dev 7 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 253.677562][ T5781] usb 3-1: USB disconnect, device number 7 [ 253.703670][ T5781] usblp0: removed [ 254.272359][ T7539] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 254.278963][ T7539] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 254.290102][ T7539] vhci_hcd vhci_hcd.0: Device attached [ 254.535866][ T5781] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 254.545372][ T8] usb 3-1: new low-speed USB device number 8 using dummy_hcd [ 254.734954][ T8] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 254.762609][ T8] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 254.787680][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.809390][ T8] usb 3-1: config 0 descriptor?? [ 255.008455][ T7540] usb 37-1: recv xbuf, 0 [ 255.025490][ T8] usb 3-1: string descriptor 0 read error: -71 [ 255.036292][ T12] vhci_hcd: stop threads [ 255.045678][ T8] usb 3-1: USB disconnect, device number 8 [ 255.059164][ T12] vhci_hcd: release socket [ 255.065719][ T12] vhci_hcd: disconnect device [ 255.104955][ T6124] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 255.112760][ T5781] vhci_hcd: vhci_device speed not set [ 255.440637][ T6124] usb 2-1: Using ep0 maxpacket: 16 [ 255.453649][ T6124] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 255.475497][ T6124] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 255.491155][ T6124] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 255.501554][ T6124] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 255.513712][ T6124] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 255.538278][ T6124] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 255.552083][ T6124] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 255.560938][ T6124] usb 2-1: Manufacturer: syz [ 255.575100][ T6124] usb 2-1: config 0 descriptor?? [ 255.980864][ T6124] rc_core: IR keymap rc-hauppauge not found [ 255.987636][ T6124] Registered IR keymap rc-empty [ 256.042187][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.101840][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.209847][ T6124] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 256.223076][ T23] vhci_hcd: vhci_device speed not set [ 256.319986][ T6124] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input13 [ 256.450817][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.546887][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.623843][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.670470][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.711726][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.763935][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 256.807504][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 257.240269][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 257.296158][ T7571] loop2: detected capacity change from 0 to 40427 [ 257.304677][ T7571] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 257.304896][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 257.312436][ T7571] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 257.338929][ T7571] F2FS-fs (loop2): invalid crc value [ 257.367143][ T7571] F2FS-fs (loop2): Found nat_bits in checkpoint [ 257.401061][ T6124] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 257.428973][ T7571] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 257.436176][ T7571] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 257.467160][ T6124] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 257.517144][ T6124] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 257.546505][ T6124] usb 2-1: USB disconnect, device number 12 [ 258.490211][ T5789] syz-executor: attempt to access beyond end of device [ 258.490211][ T5789] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427 [ 258.534901][ T5789] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 258.559581][ T49] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 258.586993][ T49] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 258.598349][ T7568] loop0: detected capacity change from 0 to 32768 [ 258.613758][ T7568] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.427 (7568) [ 258.656519][ T7568] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 258.673679][ T7568] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 258.686096][ T7568] BTRFS info (device loop0): force clearing of disk cache [ 258.694666][ T7568] BTRFS info (device loop0): enabling auto defrag [ 258.701976][ T7568] BTRFS info (device loop0): enabling ssd optimizations [ 258.709222][ T7568] BTRFS info (device loop0): max_inline at 0 [ 258.716302][ T7568] BTRFS info (device loop0): enabling disk space caching [ 258.724491][ T7568] BTRFS info (device loop0): disk space caching is enabled [ 258.856506][ T7568] BTRFS info (device loop0): rebuilding free space tree [ 258.919754][ T7568] BTRFS info (device loop0): disabling free space tree [ 258.935775][ T7568] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 258.977439][ T7568] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 259.193465][ T6124] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 259.305132][ T49] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 259.441080][ T6124] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.474333][ T6124] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 259.499579][ T6124] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 259.522597][ T6124] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 259.538711][ T6124] usb 2-1: Manufacturer: syz [ 259.576330][ T6124] usb 2-1: config 0 descriptor?? [ 259.709852][ T5794] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 260.819120][ T7615] netlink: 8 bytes leftover after parsing attributes in process `syz.2.436'. [ 260.852265][ T7615] netlink: 12 bytes leftover after parsing attributes in process `syz.2.436'. [ 260.864494][ T7615] netlink: 'syz.2.436': attribute type 20 has an invalid length. [ 260.995443][ T6124] uclogic 0003:256C:006D.0004: interface is invalid, ignoring [ 261.180397][ T788] usb 2-1: USB disconnect, device number 13 [ 262.414886][ T27] audit: type=1326 audit(1762246955.209:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7620 comm="syz.0.434" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f222438f6c9 code=0x0 [ 262.551862][ T787] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 262.720467][ T787] usb 3-1: device descriptor read/64, error -71 [ 262.909761][ T7636] loop1: detected capacity change from 0 to 32768 [ 262.935864][ T7636] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.443 (7636) [ 262.982625][ T787] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 263.014787][ T7636] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 263.058199][ T7636] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 263.088914][ T7636] BTRFS info (device loop1): force clearing of disk cache [ 263.117893][ T7636] BTRFS info (device loop1): enabling auto defrag [ 263.177704][ T7636] BTRFS info (device loop1): enabling ssd optimizations [ 263.184811][ T7636] BTRFS info (device loop1): max_inline at 0 [ 263.195684][ T7636] BTRFS info (device loop1): enabling disk space caching [ 263.202967][ T7636] BTRFS info (device loop1): disk space caching is enabled [ 263.212609][ T787] usb 3-1: device descriptor read/64, error -71 [ 263.363117][ T787] usb usb3-port1: attempt power cycle [ 263.395868][ T7636] BTRFS info (device loop1): rebuilding free space tree [ 263.741953][ T7636] BTRFS info (device loop1): disabling free space tree [ 263.808087][ T7636] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 263.922724][ T7636] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 264.480956][ T787] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 264.608306][ T787] usb 3-1: device descriptor read/8, error -71 [ 265.114976][ T787] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 265.228051][ T787] usb 3-1: device descriptor read/8, error -71 [ 265.348541][ T787] usb usb3-port1: unable to enumerate USB device [ 265.359842][ T7671] netlink: 48 bytes leftover after parsing attributes in process `syz.3.449'. [ 265.384908][ T5790] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 265.404934][ T7671] netlink: 4 bytes leftover after parsing attributes in process `syz.3.449'. [ 265.862321][ T7683] sg_write: data in/out 768/168 bytes for SCSI command 0x96-- guessing data in; [ 265.862321][ T7683] program syz.2.452 not setting count and/or reply_len properly [ 266.737554][ T7686] netlink: 40 bytes leftover after parsing attributes in process `syz.1.451'. [ 269.100361][ T7712] netlink: 4 bytes leftover after parsing attributes in process `syz.0.461'. [ 270.560166][ T7730] binder: 7729:7730 ioctl c0306201 0 returned -14 [ 271.270556][ T7735] vxcan5: entered promiscuous mode [ 271.275858][ T7735] vxcan5: entered allmulticast mode [ 274.016985][ T7767] tmpfs: Unknown parameter 'quo' [ 276.515541][ T7794] netlink: 48 bytes leftover after parsing attributes in process `syz.3.487'. [ 276.533945][ T7794] netlink: 4 bytes leftover after parsing attributes in process `syz.3.487'. [ 277.499481][ T7778] loop0: detected capacity change from 0 to 40427 [ 277.528482][ T7778] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 277.561680][ T7778] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 277.674996][ T7778] F2FS-fs (loop0): invalid crc value [ 277.751329][ T7778] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-4) [ 278.431823][ T7808] vxcan7: entered promiscuous mode [ 278.481072][ T7808] vxcan7: entered allmulticast mode [ 278.895941][ T7818] loop3: detected capacity change from 0 to 256 [ 278.988541][ T7818] FAT-fs (loop3): Directory bread(block 64) failed [ 279.011976][ T7818] FAT-fs (loop3): Directory bread(block 65) failed [ 279.039217][ T7818] FAT-fs (loop3): Directory bread(block 66) failed [ 279.067790][ T7818] FAT-fs (loop3): Directory bread(block 67) failed [ 279.095330][ T7818] FAT-fs (loop3): Directory bread(block 68) failed [ 279.102016][ T7818] FAT-fs (loop3): Directory bread(block 69) failed [ 279.118782][ T7806] loop2: detected capacity change from 0 to 32768 [ 279.135627][ T7818] FAT-fs (loop3): Directory bread(block 70) failed [ 279.142246][ T7818] FAT-fs (loop3): Directory bread(block 71) failed [ 279.176889][ T7806] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.491 (7806) [ 279.194859][ T7818] FAT-fs (loop3): Directory bread(block 72) failed [ 279.211610][ T7818] FAT-fs (loop3): Directory bread(block 73) failed [ 279.241665][ T7806] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 279.267560][ T7806] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 279.310299][ T7806] BTRFS info (device loop2): using free space tree [ 279.488583][ T7806] BTRFS info (device loop2): enabling ssd optimizations [ 279.538105][ T7806] BTRFS info (device loop2): auto enabling async discard [ 279.636203][ T27] audit: type=1800 audit(1762246973.685:11): pid=7806 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.491" name="bus" dev="loop2" ino=263 res=0 errno=0 [ 279.813977][ T7811] loop0: detected capacity change from 0 to 32768 [ 279.927331][ T5789] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 280.337180][ T7842] netlink: 40 bytes leftover after parsing attributes in process `syz.2.499'. [ 280.777076][ T7830] loop1: detected capacity change from 0 to 32768 [ 280.833617][ T7830] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.498 (7830) [ 280.917182][ T7830] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 280.932172][ T5781] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 280.971014][ T7830] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 280.997309][ T7830] BTRFS info (device loop1): force clearing of disk cache [ 281.005097][ T7830] BTRFS info (device loop1): enabling auto defrag [ 281.021035][ T7830] BTRFS info (device loop1): enabling ssd optimizations [ 281.040506][ T7830] BTRFS info (device loop1): max_inline at 0 [ 281.062329][ T7830] BTRFS info (device loop1): enabling disk space caching [ 281.078810][ T7830] BTRFS info (device loop1): disk space caching is enabled [ 281.108865][ T5781] usb 3-1: device descriptor read/64, error -71 [ 281.190391][ T7830] BTRFS info (device loop1): rebuilding free space tree [ 281.269547][ T7830] BTRFS info (device loop1): disabling free space tree [ 281.324447][ T7830] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 281.360515][ T7830] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 281.379577][ T5781] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 281.538457][ T5781] usb 3-1: device descriptor read/64, error -71 [ 281.607072][ T6848] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared) [ 281.650286][ T5781] usb usb3-port1: attempt power cycle [ 282.606771][ T5790] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 282.614274][ T7848] loop0: detected capacity change from 0 to 40427 [ 282.680343][ T7848] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 282.693091][ T7848] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 282.725718][ T7848] F2FS-fs (loop0): invalid crc value [ 283.083716][ T7848] F2FS-fs (loop0): Found nat_bits in checkpoint [ 283.358467][ T5798] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 14 /dev/loop1 scanned by udevd (5798) [ 284.467863][ T7888] loop2: detected capacity change from 0 to 512 [ 284.525647][ T7888] EXT4-fs: Ignoring removed i_version option [ 284.713590][ T5781] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 284.721625][ T7888] EXT4-fs: Ignoring removed bh option [ 284.930763][ T5781] usb 3-1: device not accepting address 15, error -71 [ 285.369833][ T7888] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.464041][ T7888] ext4 filesystem being mounted at /126/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 285.489305][ T7899] loop3: detected capacity change from 0 to 256 [ 285.740633][ T7899] FAT-fs (loop3): Directory bread(block 64) failed [ 285.818121][ T7899] FAT-fs (loop3): Directory bread(block 65) failed [ 285.928280][ T7899] FAT-fs (loop3): Directory bread(block 66) failed [ 286.030454][ T7899] FAT-fs (loop3): Directory bread(block 67) failed [ 286.037517][ T7899] FAT-fs (loop3): Directory bread(block 68) failed [ 286.212825][ T7899] FAT-fs (loop3): Directory bread(block 69) failed [ 286.263848][ T7899] FAT-fs (loop3): Directory bread(block 70) failed [ 286.274785][ T7899] FAT-fs (loop3): Directory bread(block 71) failed [ 286.291775][ T7899] FAT-fs (loop3): Directory bread(block 72) failed [ 286.304646][ T7899] FAT-fs (loop3): Directory bread(block 73) failed [ 286.335665][ T5789] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.370423][ T7915] loop0: detected capacity change from 0 to 512 [ 287.472723][ T7915] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 288.977538][ T7915] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.990421][ T7915] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 289.293696][ T5794] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.855526][ T5878] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 292.074024][ T5878] usb 4-1: device descriptor read/64, error -71 [ 292.355040][ T7929] loop1: detected capacity change from 0 to 40427 [ 292.383219][ T5878] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 292.391185][ T7929] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 292.399762][ T7929] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 292.440115][ T7929] F2FS-fs (loop1): invalid crc value [ 292.636476][ T7929] F2FS-fs (loop1): Found nat_bits in checkpoint [ 292.666349][ T5878] usb 4-1: device descriptor read/64, error -71 [ 293.509785][ T5878] usb usb4-port1: attempt power cycle [ 293.829213][ T7957] pim6reg0: tun_chr_ioctl cmd 1074812118 [ 293.971564][ T5878] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 294.058956][ T5878] usb 4-1: device descriptor read/8, error -71 [ 294.167525][ T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 294.418646][ T5878] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 294.447212][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 294.707852][ T5878] usb 4-1: device not accepting address 14, error -71 [ 294.726553][ T8] usb 3-1: New USB device found, idVendor=046d, idProduct=08b5, bcdDevice=d7.01 [ 294.786853][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.810881][ T5878] usb usb4-port1: unable to enumerate USB device [ 295.164147][ T8] usb 3-1: Product: syz [ 295.183216][ T8] usb 3-1: Manufacturer: syz [ 295.196758][ T8] usb 3-1: SerialNumber: syz [ 295.207285][ T8] usb 3-1: config 0 descriptor?? [ 295.219768][ T8] pwc: Logitech QuickCam Orbit/Sphere USB webcam detected. [ 295.601881][ T8] pwc: Warning: more than 1 configuration available. [ 295.920527][ T8] pwc: Failed to set LED on/off time (-71) [ 295.962137][ T8] pwc: send_video_command error -71 [ 295.970730][ T8] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 295.997615][ T8] Philips webcam: probe of 3-1:0.0 failed with error -71 [ 296.018580][ T8] usb 3-1: USB disconnect, device number 17 [ 296.228533][ T7976] loop0: detected capacity change from 0 to 4096 [ 296.695702][ T7979] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 296.781775][ T7971] loop3: detected capacity change from 0 to 32768 [ 296.805561][ T7971] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 14 [ 297.247309][ T7982] loop1: detected capacity change from 0 to 40427 [ 297.255231][ T7982] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 297.263111][ T7982] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 297.287029][ T7982] F2FS-fs (loop1): invalid crc value [ 297.298449][ T7982] F2FS-fs (loop1): Found nat_bits in checkpoint [ 297.318126][ T5803] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 14 [ 297.795599][ T7982] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 297.802796][ T7982] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 299.186207][ T6848] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 299.221894][ T6848] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 299.847969][ T7999] vxcan5: entered promiscuous mode [ 299.861491][ T7999] vxcan5: entered allmulticast mode [ 301.161943][ T8022] random: crng reseeded on system resumption [ 301.726296][ T8024] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 301.732886][ T8024] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 301.763907][ T27] audit: type=1326 audit(1762246997.396:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8015 comm="syz.3.544" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f37b398f6c9 code=0x0 [ 301.821644][ T8024] vhci_hcd vhci_hcd.0: Device attached [ 302.005675][ T6124] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 302.099458][ T23] usb 33-1: new low-speed USB device number 3 using vhci_hcd [ 302.204112][ T6124] usb 1-1: config 0 has no interfaces? [ 302.210089][ T6124] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 302.226245][ T6124] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.296244][ T6124] usb 1-1: config 0 descriptor?? [ 302.448899][ T8034] netlink: 40 bytes leftover after parsing attributes in process `syz.2.547'. [ 302.496932][ T8025] vhci_hcd: cannot find a urb of seqnum 1 max seqnum 2 [ 302.503328][ T5781] usb 1-1: USB disconnect, device number 11 [ 302.668248][ T6852] vhci_hcd: stop threads [ 302.741895][ T6852] vhci_hcd: release socket [ 302.751241][ T6852] vhci_hcd: disconnect device [ 304.354077][ T5781] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 304.520682][ T8066] random: crng reseeded on system resumption [ 304.820266][ T5781] usb 4-1: Using ep0 maxpacket: 16 [ 304.846642][ T5781] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 304.867272][ T5781] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 304.894114][ T5781] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 304.927552][ T5781] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 304.950998][ T5781] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 305.039445][ T5781] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 305.068327][ T5781] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 305.106475][ T5781] usb 4-1: Manufacturer: syz [ 305.132309][ T5781] usb 4-1: config 0 descriptor?? [ 305.575601][ T5781] rc_core: IR keymap rc-hauppauge not found [ 305.600223][ T5781] Registered IR keymap rc-empty [ 305.613192][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 305.653895][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 305.690213][ T5781] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 305.758423][ T5781] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input14 [ 305.787443][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 305.839484][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 305.893461][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 305.967221][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 306.007841][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 306.023820][ T27] audit: type=1326 audit(1762247001.999:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8067 comm="syz.1.557" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f239e98f6c9 code=0x0 [ 306.041335][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 306.106443][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 306.144188][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 306.181057][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 306.218428][ T5781] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 306.291346][ T5781] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 306.347490][ T5781] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 306.438606][ T5781] usb 4-1: USB disconnect, device number 15 [ 306.787902][ T8078] netlink: 40 bytes leftover after parsing attributes in process `syz.2.559'. [ 306.927423][ T23] vhci_hcd: vhci_device speed not set [ 307.145195][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 307.152139][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 309.029731][ T5781] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 309.217847][ T5781] usb 1-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 309.242823][ T5781] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.280488][ T5781] usb 1-1: Product: syz [ 309.301142][ T5781] usb 1-1: Manufacturer: syz [ 309.320072][ T5781] usb 1-1: SerialNumber: syz [ 309.361947][ T5781] usb 1-1: config 0 descriptor?? [ 309.558763][ T5781] usb 1-1: f81604_read: reg: 105 failed: -EPIPE [ 309.589055][ T5781] f81604 1-1:0.0: Setting termination of CH#0 failed: -EPIPE [ 309.616312][ T5781] f81604: probe of 1-1:0.0 failed with error -32 [ 309.907149][ T8104] random: crng reseeded on system resumption [ 310.584922][ T5781] usb 1-1: USB disconnect, device number 12 [ 312.199601][ T8120] netlink: 40 bytes leftover after parsing attributes in process `syz.2.570'. [ 312.608835][ T27] audit: type=1326 audit(1762247009.058:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8110 comm="syz.0.568" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f222438f6c9 code=0x0 [ 316.950994][ T8153] random: crng reseeded on system resumption [ 317.052637][ T8155] loop0: detected capacity change from 0 to 1024 [ 317.116081][ T8155] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 317.964951][ T8155] ================================================================== [ 317.973089][ T8155] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 317.980863][ T8155] Read of size 18446744073709551588 at addr ffff88805d507040 by task syz.0.580/8155 [ 317.990272][ T8155] [ 317.992648][ T8155] CPU: 0 PID: 8155 Comm: syz.0.580 Not tainted syzkaller #0 [ 317.999963][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 318.010068][ T8155] Call Trace: [ 318.013397][ T8155] [ 318.016372][ T8155] dump_stack_lvl+0x16c/0x230 [ 318.021369][ T8155] ? read_lock_is_recursive+0x20/0x20 [ 318.026794][ T8155] ? show_regs_print_info+0x20/0x20 [ 318.032043][ T8155] ? load_image+0x3b0/0x3b0 [ 318.036587][ T8155] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 318.042017][ T8155] ? __virt_addr_valid+0x18c/0x540 [ 318.047174][ T8155] ? __virt_addr_valid+0x469/0x540 [ 318.052332][ T8155] print_report+0xac/0x220 [ 318.056798][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.062312][ T8155] kasan_report+0x117/0x150 [ 318.067043][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.072543][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.078049][ T8155] kasan_check_range+0x288/0x290 [ 318.083099][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.088593][ T8155] __asan_memmove+0x29/0x70 [ 318.093115][ T8155] ext4_xattr_set_entry+0x94b/0x1e90 [ 318.098429][ T8155] ext4_xattr_block_set+0xae3/0x32a0 [ 318.103763][ T8155] ? ext4_destroy_inode+0x200/0x200 [ 318.108984][ T8155] ? proc_nr_inodes+0x230/0x230 [ 318.113848][ T8155] ? do_raw_spin_unlock+0x121/0x230 [ 318.119156][ T8155] ? _raw_spin_unlock+0x28/0x40 [ 318.124046][ T8155] ? ext4_xattr_block_find+0x350/0x350 [ 318.129545][ T8155] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 318.134946][ T8155] ext4_xattr_set_handle+0xbff/0x1290 [ 318.140343][ T8155] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 318.146347][ T8155] ? __ext4_journal_start_sb+0x259/0x570 [ 318.152024][ T8155] ext4_xattr_set+0x22d/0x320 [ 318.156745][ T8155] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 318.162322][ T8155] ? evm_protected_xattr_common+0x170/0x190 [ 318.168243][ T8155] ? evm_protect_xattr+0x534/0x7a0 [ 318.173377][ T8155] ? ext4_xattr_security_get+0x40/0x40 [ 318.178861][ T8155] __vfs_setxattr+0x431/0x470 [ 318.183564][ T8155] __vfs_setxattr_noperm+0x12d/0x5e0 [ 318.188869][ T8155] vfs_setxattr+0x16c/0x2f0 [ 318.193398][ T8155] ? xattr_permission+0x470/0x470 [ 318.198440][ T8155] ? __mnt_want_write+0x223/0x2a0 [ 318.203485][ T8155] ? path_setxattr+0x314/0x550 [ 318.208264][ T8155] path_setxattr+0x362/0x550 [ 318.212905][ T8155] ? simple_xattrs_free+0x150/0x150 [ 318.218131][ T8155] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 318.224130][ T8155] ? lock_chain_count+0x20/0x20 [ 318.228997][ T8155] __x64_sys_setxattr+0xbb/0xd0 [ 318.233870][ T8155] do_syscall_64+0x55/0xb0 [ 318.238308][ T8155] ? clear_bhb_loop+0x40/0x90 [ 318.243003][ T8155] ? clear_bhb_loop+0x40/0x90 [ 318.247711][ T8155] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 318.253631][ T8155] RIP: 0033:0x7f222438f6c9 [ 318.258082][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 318.277711][ T8155] RSP: 002b:00007f222525b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 318.286144][ T8155] RAX: ffffffffffffffda RBX: 00007f22245e5fa0 RCX: 00007f222438f6c9 [ 318.294130][ T8155] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 318.302127][ T8155] RBP: 00007f2224411f91 R08: 0000000000000000 R09: 0000000000000000 [ 318.310129][ T8155] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 318.318118][ T8155] R13: 00007f22245e6038 R14: 00007f22245e5fa0 R15: 00007fff604d7b88 [ 318.326118][ T8155] [ 318.329149][ T8155] [ 318.331488][ T8155] Allocated by task 8155: [ 318.335842][ T8155] kasan_set_track+0x4e/0x70 [ 318.340459][ T8155] __kasan_kmalloc+0x8f/0xa0 [ 318.345076][ T8155] __kmalloc_node_track_caller+0xb2/0x230 [ 318.350823][ T8155] kmemdup+0x2b/0x70 [ 318.354753][ T8155] ext4_xattr_block_set+0x9e5/0x32a0 [ 318.360071][ T8155] ext4_xattr_set_handle+0xbff/0x1290 [ 318.365471][ T8155] ext4_xattr_set+0x22d/0x320 [ 318.370168][ T8155] __vfs_setxattr+0x431/0x470 [ 318.374863][ T8155] __vfs_setxattr_noperm+0x12d/0x5e0 [ 318.380160][ T8155] vfs_setxattr+0x16c/0x2f0 [ 318.384679][ T8155] path_setxattr+0x362/0x550 [ 318.389285][ T8155] __x64_sys_setxattr+0xbb/0xd0 [ 318.394151][ T8155] do_syscall_64+0x55/0xb0 [ 318.398582][ T8155] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 318.404493][ T8155] [ 318.406824][ T8155] Last potentially related work creation: [ 318.412545][ T8155] kasan_save_stack+0x3e/0x60 [ 318.417236][ T8155] __kasan_record_aux_stack+0xaf/0xc0 [ 318.422623][ T8155] kvfree_call_rcu+0xee/0x780 [ 318.427314][ T8155] neigh_remove_one+0x5f1/0x700 [ 318.432179][ T8155] ___neigh_create+0x467/0x2440 [ 318.437068][ T8155] ip6_finish_output2+0x159e/0x1650 [ 318.442278][ T8155] ndisc_send_skb+0xbed/0x14b0 [ 318.447062][ T8155] addrconf_rs_timer+0x2bc/0x600 [ 318.452017][ T8155] call_timer_fn+0x16e/0x530 [ 318.456621][ T8155] __run_timers+0x52d/0x7d0 [ 318.461135][ T8155] run_timer_softirq+0x67/0xf0 [ 318.465914][ T8155] handle_softirqs+0x280/0x820 [ 318.470688][ T8155] __irq_exit_rcu+0xc7/0x190 [ 318.475291][ T8155] irq_exit_rcu+0x9/0x20 [ 318.479551][ T8155] sysvec_apic_timer_interrupt+0xa4/0xc0 [ 318.485211][ T8155] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 318.491214][ T8155] [ 318.493544][ T8155] The buggy address belongs to the object at ffff88805d507000 [ 318.493544][ T8155] which belongs to the cache kmalloc-1k of size 1024 [ 318.507614][ T8155] The buggy address is located 64 bytes inside of [ 318.507614][ T8155] 1024-byte region [ffff88805d507000, ffff88805d507400) [ 318.520904][ T8155] [ 318.523234][ T8155] The buggy address belongs to the physical page: [ 318.529664][ T8155] page:ffffea0001754000 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5d500 [ 318.539826][ T8155] head:ffffea0001754000 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 318.548871][ T8155] anon flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 318.557302][ T8155] page_type: 0xffffffff() [ 318.561644][ T8155] raw: 00fff00000000840 ffff888017841dc0 0000000000000000 dead000000000001 [ 318.570327][ T8155] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 318.578920][ T8155] page dumped because: kasan: bad access detected [ 318.585381][ T8155] page_owner tracks the page as allocated [ 318.591147][ T8155] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 996, tgid 996 (kworker/u4:6), ts 89087992216, free_ts 26664490299 [ 318.610273][ T8155] post_alloc_hook+0x1cd/0x210 [ 318.615066][ T8155] get_page_from_freelist+0x195c/0x19f0 [ 318.620639][ T8155] __alloc_pages+0x1e3/0x460 [ 318.625245][ T8155] alloc_slab_page+0x5d/0x170 [ 318.629953][ T8155] new_slab+0x87/0x2e0 [ 318.634053][ T8155] ___slab_alloc+0xc6d/0x1300 [ 318.638747][ T8155] __kmem_cache_alloc_node+0x1a2/0x260 [ 318.644232][ T8155] __kmalloc+0xa4/0x240 [ 318.648408][ T8155] neigh_hash_alloc+0xaa/0x2a0 [ 318.653198][ T8155] ___neigh_create+0x10a1/0x2440 [ 318.658149][ T8155] ip6_finish_output2+0x159e/0x1650 [ 318.663362][ T8155] ndisc_send_skb+0xbed/0x14b0 [ 318.668157][ T8155] ndisc_send_ns+0xcc/0x150 [ 318.672680][ T8155] addrconf_dad_work+0xa25/0x14e0 [ 318.677749][ T8155] process_scheduled_works+0xa45/0x15b0 [ 318.683315][ T8155] worker_thread+0xa55/0xfc0 [ 318.687917][ T8155] page last free stack trace: [ 318.692647][ T8155] free_unref_page_prepare+0x7ce/0x8e0 [ 318.698126][ T8155] free_unref_page+0x32/0x2e0 [ 318.702826][ T8155] free_contig_range+0xa1/0x160 [ 318.707688][ T8155] destroy_args+0x80/0x850 [ 318.712117][ T8155] debug_vm_pgtable+0x3cc/0x410 [ 318.716997][ T8155] do_one_initcall+0x1fd/0x750 [ 318.721796][ T8155] do_initcall_level+0x137/0x1f0 [ 318.726764][ T8155] do_initcalls+0x69/0xd0 [ 318.731112][ T8155] kernel_init_freeable+0x3d2/0x570 [ 318.736333][ T8155] kernel_init+0x1d/0x1c0 [ 318.740673][ T8155] ret_from_fork+0x48/0x80 [ 318.745105][ T8155] ret_from_fork_asm+0x11/0x20 [ 318.749886][ T8155] [ 318.752220][ T8155] Memory state around the buggy address: [ 318.757854][ T8155] ffff88805d506f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 318.765926][ T8155] ffff88805d506f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 318.773996][ T8155] >ffff88805d507000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 318.782063][ T8155] ^ [ 318.788226][ T8155] ffff88805d507080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 318.796293][ T8155] ffff88805d507100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 318.804364][ T8155] ================================================================== [ 318.812524][ C0] vkms_vblank_simulate: vblank timer overrun [ 318.869490][ T8155] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 318.876751][ T8155] CPU: 1 PID: 8155 Comm: syz.0.580 Not tainted syzkaller #0 [ 318.884062][ T8155] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 318.894231][ T8155] Call Trace: [ 318.897545][ T8155] [ 318.900506][ T8155] dump_stack_lvl+0x16c/0x230 [ 318.905235][ T8155] ? show_regs_print_info+0x20/0x20 [ 318.910475][ T8155] ? load_image+0x3b0/0x3b0 [ 318.915030][ T8155] panic+0x2c0/0x710 [ 318.918968][ T8155] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 318.925175][ T8155] ? bpf_jit_dump+0xd0/0xd0 [ 318.929738][ T8155] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 318.935660][ T8155] ? _raw_spin_unlock+0x40/0x40 [ 318.940538][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.946027][ T8155] check_panic_on_warn+0x84/0xa0 [ 318.950981][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.956458][ T8155] end_report+0x6f/0x140 [ 318.960735][ T8155] kasan_report+0x128/0x150 [ 318.965268][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.970759][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.976243][ T8155] kasan_check_range+0x288/0x290 [ 318.981219][ T8155] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 318.986720][ T8155] __asan_memmove+0x29/0x70 [ 318.991269][ T8155] ext4_xattr_set_entry+0x94b/0x1e90 [ 318.996589][ T8155] ext4_xattr_block_set+0xae3/0x32a0 [ 319.001924][ T8155] ? ext4_destroy_inode+0x200/0x200 [ 319.007146][ T8155] ? proc_nr_inodes+0x230/0x230 [ 319.012024][ T8155] ? do_raw_spin_unlock+0x121/0x230 [ 319.017264][ T8155] ? _raw_spin_unlock+0x28/0x40 [ 319.022153][ T8155] ? ext4_xattr_block_find+0x350/0x350 [ 319.027646][ T8155] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 319.033042][ T8155] ext4_xattr_set_handle+0xbff/0x1290 [ 319.038528][ T8155] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 319.044541][ T8155] ? __ext4_journal_start_sb+0x259/0x570 [ 319.050193][ T8155] ext4_xattr_set+0x22d/0x320 [ 319.054897][ T8155] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 319.060463][ T8155] ? evm_protected_xattr_common+0x170/0x190 [ 319.066379][ T8155] ? evm_protect_xattr+0x534/0x7a0 [ 319.071516][ T8155] ? ext4_xattr_security_get+0x40/0x40 [ 319.077009][ T8155] __vfs_setxattr+0x431/0x470 [ 319.081737][ T8155] __vfs_setxattr_noperm+0x12d/0x5e0 [ 319.087043][ T8155] vfs_setxattr+0x16c/0x2f0 [ 319.091578][ T8155] ? xattr_permission+0x470/0x470 [ 319.096620][ T8155] ? __mnt_want_write+0x223/0x2a0 [ 319.101666][ T8155] ? path_setxattr+0x314/0x550 [ 319.106448][ T8155] path_setxattr+0x362/0x550 [ 319.111089][ T8155] ? simple_xattrs_free+0x150/0x150 [ 319.116340][ T8155] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 319.122346][ T8155] ? lock_chain_count+0x20/0x20 [ 319.127214][ T8155] __x64_sys_setxattr+0xbb/0xd0 [ 319.132097][ T8155] do_syscall_64+0x55/0xb0 [ 319.136531][ T8155] ? clear_bhb_loop+0x40/0x90 [ 319.141228][ T8155] ? clear_bhb_loop+0x40/0x90 [ 319.145923][ T8155] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 319.151873][ T8155] RIP: 0033:0x7f222438f6c9 [ 319.156319][ T8155] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.176313][ T8155] RSP: 002b:00007f222525b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 319.184786][ T8155] RAX: ffffffffffffffda RBX: 00007f22245e5fa0 RCX: 00007f222438f6c9 [ 319.192777][ T8155] RDX: 00002000000013c0 RSI: 0000200000000140 RDI: 0000200000000100 [ 319.200778][ T8155] RBP: 00007f2224411f91 R08: 0000000000000000 R09: 0000000000000000 [ 319.208764][ T8155] R10: 0000000000000700 R11: 0000000000000246 R12: 0000000000000000 [ 319.216749][ T8155] R13: 00007f22245e6038 R14: 00007f22245e5fa0 R15: 00007fff604d7b88 [ 319.224750][ T8155] [ 319.228081][ T8155] Kernel Offset: disabled [ 319.232413][ T8155] Rebooting in 86400 seconds..