last executing test programs: 38.469793594s ago: executing program 1 (id=3399): r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000100)={{0x2, 0x4e1f, @remote}, {0x304, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xa}}, 0x7e, {0x2, 0x4e25, @empty}}) 38.345801024s ago: executing program 1 (id=3402): r0 = openat$damon_target_ids(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x100) write$damon_target_ids(r0, &(0x7f0000000140)=ANY=[], 0x3f) 38.240230372s ago: executing program 1 (id=3405): r0 = socket(0xa, 0x5, 0x0) sendmsg$inet_sctp(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[@authinfo={0x12, 0x84, 0x6, {0x3}}], 0x28, 0x4000000}, 0x8010) 38.169081804s ago: executing program 1 (id=3407): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000004c0)=ANY=[@ANYBLOB="020200090d0000000000000000000000030006000000000002000000ac1414bb000000000000000002000100000000000000000000000000030005000000000002000000ac1414aa000000000000000001001500000000000100140000000000010016"], 0x68}, 0x1, 0x7}, 0x0) 38.127747521s ago: executing program 1 (id=3408): r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000000), 0x101100, 0x0) ioctl$SOUND_MIXER_READ_VOLUME(r0, 0x80044d1f, 0x0) 37.981042886s ago: executing program 1 (id=3412): r0 = syz_open_dev$usbfs(&(0x7f0000000300), 0x203, 0x402) readv(r0, &(0x7f0000000240)=[{&(0x7f0000001500)=""/244, 0xf4}], 0x1) 22.897716159s ago: executing program 32 (id=3412): r0 = syz_open_dev$usbfs(&(0x7f0000000300), 0x203, 0x402) readv(r0, &(0x7f0000000240)=[{&(0x7f0000001500)=""/244, 0xf4}], 0x1) 1.087635599s ago: executing program 2 (id=4102): r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0) sendto$llc(r0, 0x0, 0x0, 0x4, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x1, 0xb1, 0x0, @broadcast}, 0x10) 1.08114312s ago: executing program 5 (id=4103): pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80080) fcntl$setpipe(r0, 0x407, 0x0) 1.01546256s ago: executing program 4 (id=4106): r0 = socket(0x18, 0x1, 0x1) getsockopt$inet_int(r0, 0x111, 0x3, 0x0, &(0x7f0000000380)=0xffffffffffffff89) 960.70619ms ago: executing program 2 (id=4107): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/pm_trace', 0x1a1002, 0x0) utimensat(r0, 0x0, &(0x7f0000000040)={{0x0, 0x3ffffffe}}, 0x0) 949.991472ms ago: executing program 5 (id=4108): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000002c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LIMIT_TYPE={0x8, 0x4, 0x1, 0x0, 0x1}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa0}}, 0x0) 906.124339ms ago: executing program 3 (id=4110): r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000004180)='/proc/mdstat\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f0000006200)={0x2020}, 0x2020) 873.637154ms ago: executing program 4 (id=4111): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001200)=@newtaction={0x7c, 0x30, 0xb, 0x0, 0x0, {}, [{0x68, 0x1, [@m_ct={0x64, 0x1, 0x0, 0x0, {{0x7}, {0x3c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x0, 0x0, 0x0, 0x0, 0x400}}, @TCA_CT_ACTION={0x6, 0x3, 0x19}, @TCA_CT_NAT_IPV4_MIN={0x8, 0x9, @remote}, @TCA_CT_NAT_PORT_MIN={0x6, 0xd, 0x4e22}, @TCA_CT_NAT_PORT_MAX={0x6, 0xe, 0x4e21}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8890}, 0x44804) 817.998374ms ago: executing program 2 (id=4112): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x9, 0x3d9}, 0x35) 812.605844ms ago: executing program 5 (id=4113): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000002c0)=@bridge_getlink={0x20, 0x12, 0x1, 0x0, 0x25dfdbfe}, 0x20}}, 0x0) 782.357739ms ago: executing program 3 (id=4114): r0 = socket(0x1d, 0x2, 0x6) recvmmsg(r0, &(0x7f0000001b00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002000, 0x0) 781.68149ms ago: executing program 0 (id=4115): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000370400"/20, @ANYRES32=0x0, @ANYBLOB="8b04040002040000240012800b0001006d616373656300001400028005000b000100000005000c007a"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x4048084) 686.481376ms ago: executing program 5 (id=4116): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_vlan={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0xfe0f}, @TCA_VLAN_PARMS={0x1c, 0x2, {{0x0, 0x0, 0xd}, 0x2}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 686.250306ms ago: executing program 3 (id=4117): r0 = socket(0x40000000015, 0x5, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xfffffffd, @loopback={0xffffffffffffff9d}, 0xa77}, 0x1c) 685.744876ms ago: executing program 4 (id=4118): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newsa={0xf0, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in=@multicast1, @in6=@mcast2, 0x4, 0xb6e, 0x4e21, 0x2, 0x0, 0x80, 0x0, 0x21, 0x0, 0xee00}, {@in6=@private1, 0x4d2, 0xff}, @in=@multicast2, {0x0, 0x0, 0x1, 0x8000000000000001, 0xffffffff00100001, 0x0, 0x80000001, 0x543}, {0x4, 0x7fffffffffffffff, 0xb, 0xfffffffbfffffffd}, {}, 0x70bd2c, 0x3500, 0x2, 0x0, 0x0, 0x50}}, 0xf0}, 0x1, 0x0, 0x0, 0x880}, 0x2014) 660.89614ms ago: executing program 0 (id=4119): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=@newlink={0x40, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x35a71, 0x51a23}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @rand_addr=0xc0000200}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x2b}]}}}]}, 0x40}, 0x1, 0x0, 0x0, 0x1}, 0x20040040) 642.262193ms ago: executing program 2 (id=4120): r0 = socket$kcm(0x29, 0x5, 0x0) sendmsg$rds(r0, &(0x7f0000002940)={0x0, 0x0, &(0x7f0000002800)=[{&(0x7f0000002980)=""/4112, 0xfffffe09}], 0x1}, 0x0) 576.725634ms ago: executing program 4 (id=4121): r0 = socket(0xa, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0xc08, 0x3, 0x440, 0x310, 0x5002004a, 0xb, 0x310, 0xea13, 0x3a8, 0x3c8, 0x3c8, 0x3a8, 0x3c8, 0x3, 0x0, {[{{@ip={@multicast2, @private=0xa010101, 0xff, 0xffffffff, 'bridge0\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x5c, 0x3, 0x2}, 0x0, 0x2c8, 0x310, 0x0, {}, [@common=@unspec=@bpf1={{0x230}, @bytecode={0x0, 0x2, 0x0, [{}, {0x16}, {0x4}, {}, {}, {0x0, 0x0, 0x5e}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x6}, {0x0, 0x0, 0x4}, {}, {0x4, 0x8}, {}, {}, {0x1}, {0x0, 0x0, 0x0, 0x7f}, {0x0, 0x4}, {}, {}, {}, {0xfffc}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {0x0, 0x0, 0x40}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x80}, {}, {}, {}, {}, {}, {0x0, 0x0, 0xfd}]}}, @common=@inet=@socket3={{0x28}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x4a0) 544.187259ms ago: executing program 3 (id=4122): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='oom_adj\x00') writev(r0, &(0x7f00000010c0)=[{&(0x7f0000000140)='1', 0x1}, {&(0x7f0000001080)="9c", 0x1}], 0x2) 516.014324ms ago: executing program 5 (id=4123): syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000300)='./file3\x00', 0x0, &(0x7f0000001040)=ANY=[], 0x1, 0xadc, &(0x7f0000001900)="$eJzs3V2IXFcBAOBzd3c2u2lrpjW1axrbpNW2/nTTbNb4EzQpCYKhKeJLofgS0rQGYwQrqKXQJE++2VJS8MkffOpLqSJYEAl98qVgA0XoUxX0oSFiwYcaTUayc87MnZOZzMxmd+7O7vfB3TPnnnPnnDt75879O+cEYMOaWPq7uDhXhHDujZcPvf/AP2avzdnfylFf+jtVitVCCEWMT2Xv995kM7zywfPHuoVFWFj6m+Lh8UutZW8JIZwOO8L5UA/bzl146a2Fx46cOXx259uv7ru4OmsPAAAbyzfO71u8869/vvv2y6/dcyBsas1Px+f1NGOmedx/IB74p+P/idAZL0pT2XSWbypOE7Od+Sa75CuXU8vyTfUofzorv9Yj36Zw4/InS/O6rTeMs7Qd10MxMR9C2NyKT0zMzzfPycPSef10MX/qxMmnn62oosCK+/e9IYQdpeng2c74Wpv2r4E6LHNqrIE6jOV0YHRlXW40Vb7OI5oaW6reAwE05fcLr3M6v7Jwc1rvNjVY+Zcenei+PKyAUW//Q5U/XXH5Qfm/PmOPw8pZr1tTWq/0Pbo1xvP7CPnzS6/8oXO5tvxOR+fc/H5EbcB69rqPMC73F3rVc3LE9ViuXvXPt4v16isxTJ/DVztS7+34/uT/03H5HwPdfZhf/zeZTGt7Ch3x2s28V6Pi/Q+wduXPzTXS/dEof64vT9/UJ32mT/psn/TNfdJv6ZMOG9lvf/DT8GLRvt6Vn9MPez08XWe7LYYfGbI++fXIYcvPn/sd1s2Wnz9PDGvZ748+cfyLTz15ofn8f9Ha/q/G7T2dbtTjd+t8zJCuF+bX1VvP/tc7y5noke+OrD63dcm/9HprZ75ia/t9Qmk/c1095jqX29Ir3/bOfPUs32ycZrL65scnm7Pl0vFH2q+mz2sqW99ath7TWT3SfuX2GOb1gOVI22N6/r/dHqD5/H/aPudCrXj6xMnjj8R42k7/NFnbdG3+7hHXG1g5vb7/6fdrLnS2/7m1Nb82Ud4vbGnPL5r7hdfj+3XOX2iVU5pf+lFLv3Pfnpxdyj9/7Hsnn1qF9YaN7NkfP/edoydPHv++F8t+8bW1UY1hXqTTlrVSHy+GfbFjtYuoeMcErLpdLzQPAh4+8d2jzxx/5vipPXv37llY2PulPYu7lo7rd5WP7stOV1BbYCW1f/SrrgkAAAAAAAAAAAAwqB8ePnThnTe/8G6z/X+7/V9q/5+e/E3t/3+Stf/P28mndvCpHeDtXdKX8mQdrE5n+Wpx+mhW39QNQPFCM7wzW+5jMWyN4xfb/6fi8n5dU33uyubXekSz7gSu6y9lOuuDJB8v8L4Yno3hrwJUqJjtPjuGN+jfuviwtK2n/ilKTXgb+gceH+n/lvdflNp/d+3XqUt7bcbLKFosVr2OQHf/3FD9f/+rveKV18XUe5oabXk/27jbRKPnUfqgI9gArIyqx//8e2iWm65/nvrj12euTSnbpUc795d5/6UwjL+80xlf6+NPrnb5+bh9oy6/6vUf9fifrfHv4v4v7fd67/+yEfPqyyv3Pz+/+G6p2LBt0PLz9U/9QG8drvzLsfy0Ng+Gwcpv/DIrP78hNKD/ZuVvHrD869Z/+/LK/18sP31sD90/aPnNGhcTnfWYzdYj3f/LrxsnV7L1T3173qD8bz7Xbf2XOVDj1Vg+bGTjMs7ssLLjiNZBe7/xf4f9/b/Z8X9blc12a/lzGJ+P8bQjTs855OOdDFv/9HxF+h24M3v/os/vm/F/x9uXY9jv+5DG/03bYz3+5JfiS59lite6fLbrdV8D4+q9DXX/b1TTxeZp0PKWn6m+/qYhpsbkMpZrPWdVcf0bjcbqXtDqo9LCqfzzr/ruc9XnKfdVXH4/+fi/+TF8Pv5vnp6P/5un5+P/5umz8T/0fo/0fPzffHvOx//N0+/K3jcfH3iuT/rHu6QXoZ2+rfvyrdP2u/u8//Y+6Z/ok76zlb6/I0dKv+eGy7fz9Xr/O/qk398n/ZN90j/VJ/2BPukPldLLY0Cn9E9nyxdZ+nqX9j+9Pj9g/crb5/n+w8aR7v/0+v5vbadPl7OMtpbAanjltd0Hn/zNt+rN9v/Tresh6T7egRivxXOjH8V4ft87lOLX0t6M8b9l6VVfbwLa8v4z8t//B/ukA+MrPefl+w0bUDHTfXYM+/Vb1es4n/HymRh+Noafi+HDMZyP4a4Y7o7hwojqx+o4+Prv9r1YtM/3t2Tpgz5PnrcH6ugnKoSwZ8D65NcHhn2ePe/Hb1g3W/4ym4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABUZmLp7+LiXBHCuTdePvTEkRO7rs3Z38pRX/o7VYrVWsuF8EgMJ2P4i/jiygfPHyuHV2NYhIVQhKI1Pzx+qVXSLSGE02FHOB/qYdu5Cy+9tfDYkTOHz+58+9V9F1fvEwAAAID17/8BAAD//092Bzk=") open(&(0x7f00000003c0)='./file2\x00', 0x430dc882a8a7f17, 0xc) 499.233007ms ago: executing program 0 (id=4124): r0 = socket$inet(0x2, 0x1, 0x0) getsockopt$inet_mreqn(r0, 0x0, 0x6c, 0x0, &(0x7f0000000200)) 343.967173ms ago: executing program 0 (id=4125): r0 = socket$nl_generic(0x10, 0x3, 0x10) tee(r0, 0xffffffffffffffff, 0x9, 0x9) 305.96836ms ago: executing program 3 (id=4126): capset(&(0x7f00000001c0)={0x20080522}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1}) setuid(0xee01) 305.18278ms ago: executing program 4 (id=4127): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f00000025c0)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000065040200000000ff2d400500000000003400000001ed00007b030000000000001d440000000000007a0a00fe00ffffffdb030000a1000000b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a0deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a4dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db1829f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda1f904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06aaaf9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737371cdf8f681dd7a2685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed4a4af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc52d9870cdfb950b139625fa88f5c9088fc9032a5ea07415029c74354f54e37427a4b26e559cd240b7950630d7d4da9cb8d256356bee8c827db43313e75da9c36d0f7bef4fcf23469d8c9104a917959c3bc791a54d1882f532d2597ff50d4a10fe3b80a3d67d3c3dca0dfe0e4eb039df7480542f841313ad2ec26fe7d03829f80c6f3e028d2f4495c3c523929b203048ac9ba20b012c005e36b93eb5a02768503c6c41f50d2a04999bba560f86c7c9a78e4b337983cbdb5d71be3090208a1f7eaa3edc840ea0da5f4cc01f3e87c7566176981a738bcd4dd8b8a137e7a15e57054ebf1d9ba227361be11a7d155054e154364041468e6268ea23e74eacbb5200e2d8f8919402ca20794a29dd986c6593d47b47d5cd70153908a77039a995a44e960ad037f4d2569751eea3ae70fc49f32c30d6be0594bfda189f0be84d1eaf70e0e90223a3c97ade9973e9219c5a2e1c68efe6adf744710eb0ad8e555be26855496bc6b5e13078380230728b1862f0d93397b88ebf5197b61d27b6c555502aed27d2f2b127aeeae41dd4324fad2e7a962"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 166.513663ms ago: executing program 2 (id=4128): r0 = syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2) ioctl$NBD_DO_IT(r0, 0xab03) 131.847208ms ago: executing program 0 (id=4129): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff807000000b800000000000000080008001d000000", 0x24) 115.833001ms ago: executing program 4 (id=4130): r0 = syz_open_dev$loop(&(0x7f00000026c0), 0x7, 0x20001) ioctl$IOC_PR_RELEASE(r0, 0x401070ca, 0x0) 100.391174ms ago: executing program 3 (id=4131): r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000440)={0x8, 0xd, 0x4, 0x0, 0xf8}) 428.61µs ago: executing program 2 (id=4132): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newsa={0xf0, 0x1a, 0x713, 0x0, 0x25dfdbfc, {{@in6=@mcast2, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4e24, 0x0, 0x4e23, 0x2, 0xa, 0xa0, 0x0, 0x3b, 0x0, 0xee00}, {@in=@local, 0xfe, 0x32}, @in6=@private2={0xfc, 0x2, '\x00', 0x1}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x543}, {0x4, 0x7fffffffffffffff, 0xfffffffffffffffd}, {}, 0x70bd28, 0x3100, 0xa, 0x2}}, 0xf0}, 0x1, 0x0, 0x0, 0x880}, 0x4040814) 241.661µs ago: executing program 5 (id=4133): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x11}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0x28, 0xe80, &(0x7f00000002c0)="0000ffffffffa000", &(0x7f0000000300)=""/8, 0x2f, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 0s ago: executing program 0 (id=4134): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@setlink={0x30, 0x13, 0x1, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x40, 0x80}, [@IFLA_TARGET_NETNSID={0x8, 0x2e, 0x2}, @IFLA_NET_NS_FD={0x8, 0x1c, r0}]}, 0x30}, 0x1, 0x0, 0x0, 0x8010}, 0x8000) kernel console output (not intermixed with test programs): 35-36 [ 193.170151][ T8658] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1919'. [ 193.201057][ T8650] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,,errors=continue. Quota mode: none. [ 193.226044][ T8658] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1919'. [ 193.236450][ T8663] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1921'. [ 193.247456][ T8663] netlink: 196 bytes leftover after parsing attributes in process `syz.2.1921'. [ 193.257041][ T8663] netlink: 19 bytes leftover after parsing attributes in process `syz.2.1921'. [ 193.262291][ T8650] ext4 filesystem being mounted at /375/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 194.092218][ T8705] rdma_rxe: rxe_register_device failed with error -23 [ 194.128979][ T8705] rdma_rxe: failed to add lo [ 194.257624][ T8717] loop3: detected capacity change from 0 to 128 [ 194.349734][ T8723] loop1: detected capacity change from 0 to 64 [ 194.382177][ T26] audit: type=1800 audit(1776209178.201:13): pid=8717 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1945" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 194.398829][ T4910] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 194.528818][ T4231] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 194.823548][ T4231] usb 5-1: Using ep0 maxpacket: 16 [ 194.824065][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.835514][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.918917][ T4910] usb 1-1: unable to get BOS descriptor or descriptor too short [ 194.979146][ T4231] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.009010][ T4910] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 195.011925][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 195.055649][ T4910] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 50, changing to 7 [ 195.067253][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 195.103149][ T4910] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 195.118771][ T4231] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 195.151420][ T4231] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 195.299053][ T4231] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 195.318645][ T4231] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 195.337388][ T4231] usb 5-1: Manufacturer: syz [ 195.339971][ T4910] usb 1-1: New USB device found, idVendor=2b53, idProduct=0024, bcdDevice= 0.40 [ 195.352173][ T4231] usb 5-1: config 0 descriptor?? [ 195.372012][ T4910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.398719][ T4910] usb 1-1: Product: syz [ 195.413411][ T4910] usb 1-1: Manufacturer: syz [ 195.418112][ T4910] usb 1-1: SerialNumber: syz [ 195.514392][ T8729] loop3: detected capacity change from 0 to 32768 [ 195.538842][ T4495] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 195.552533][ T8729] [ 195.552533][ T8729] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.552533][ T8729] [ 195.585630][ T8731] loop1: detected capacity change from 0 to 32768 [ 195.605013][ T8731] XFS: attr2 mount option is deprecated. [ 195.632087][ T8729] ERROR: (device loop3): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 195.632087][ T8729] [ 195.646584][ T4231] usb 5-1: USB disconnect, device number 13 [ 195.686557][ T8729] ERROR: (device loop3): jfs_unlink: [ 195.686557][ T8729] [ 195.724990][ T8731] XFS (loop1): Mounting V5 Filesystem [ 195.731331][ T4479] ERROR: (device loop3): xtTruncate: XT_GETPAGE: xtree page corrupt [ 195.731331][ T4479] [ 195.747500][ T154] ERROR: (device loop3): diWrite: ixpxd invalid [ 195.747500][ T154] [ 195.775745][ T154] ERROR: (device loop3): txCommit: [ 195.775745][ T154] [ 195.785394][ T154] jfs_write_inode: jfs_commit_inode failed! [ 195.794113][ T4479] [ 195.794113][ T4479] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.794113][ T4479] [ 195.807090][ T4479] [ 195.807090][ T4479] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 195.807090][ T4479] [ 195.815330][ T4910] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 195.839116][ T8731] XFS (loop1): Ending clean mount [ 195.919774][ T4910] snd-usb-audio: probe of 1-1:1.1 failed with error -22 [ 195.942156][ T4187] XFS (loop1): Unmounting Filesystem [ 196.003380][ T4495] usb 3-1: unable to get BOS descriptor or descriptor too short [ 196.099292][ T4495] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 37, changing to 7 [ 196.121699][ T4495] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 119, changing to 7 [ 196.149422][ T4910] snd-usb-audio: probe of 1-1:1.2 failed with error -22 [ 196.160378][ T4910] usb 1-1: USB disconnect, device number 10 [ 196.399004][ T4495] usb 3-1: string descriptor 0 read error: -22 [ 196.407555][ T4495] usb 3-1: New USB device found, idVendor=21b4, idProduct=0081, bcdDevice= 0.40 [ 196.471295][ T4495] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.495189][ T4410] udevd[4410]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 196.589200][ T8759] loop4: detected capacity change from 0 to 64 [ 196.909381][ T8765] block device autoloading is deprecated and will be removed. [ 196.922046][ T8773] IPv6: sit1: Disabled Multicast RS [ 197.058902][ T4495] usb 3-1: Can't set UAC3 power state to 1 for id 10 [ 197.149107][ T4495] usb 3-1: cannot get ctl value: req = 0x83, wValue = 0x201, wIndex = 0x200, type = 4 [ 197.181527][ T4495] usb 3-1: 2:0: cannot get min/max values for control 2 (id 2) [ 197.248959][ T4495] usb 3-1: cannot get ctl value: req = 0x83, wValue = 0x201, wIndex = 0x200, type = 4 [ 197.278949][ T4495] usb 3-1: 2:0: cannot get min/max values for control 2 (id 2) [ 197.339310][ T4495] usb 3-1: cannot get ctl value: req = 0x83, wValue = 0x201, wIndex = 0x200, type = 4 [ 197.373067][ T4495] usb 3-1: 2:0: cannot get min/max values for control 2 (id 2) [ 197.379265][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 197.424101][ T8797] raw_sendmsg: syz.0.1984 forgot to set AF_INET. Fix it! [ 197.459848][ T4495] usb 3-1: USB disconnect, device number 10 [ 197.470166][ T8795] device vti0 entered promiscuous mode [ 197.675274][ T8810] device sit0 entered promiscuous mode [ 197.708124][ T8810] netlink: 'syz.4.1989': attribute type 1 has an invalid length. [ 197.735175][ T8810] netlink: 1 bytes leftover after parsing attributes in process `syz.4.1989'. [ 197.790316][ T4409] udevd[4409]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 198.018713][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 198.174236][ T8834] lo speed is unknown, defaulting to 1000 [ 198.345760][ T8839] loop2: detected capacity change from 0 to 2048 [ 198.388989][ T4277] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 198.580251][ T8848] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2008'. [ 198.669091][ T4277] usb 1-1: Using ep0 maxpacket: 16 [ 198.818631][ T4277] usb 1-1: config 1 has an invalid interface number: 105 but max is 0 [ 198.826999][ T4277] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 198.851539][ T4277] usb 1-1: config 1 has no interface number 0 [ 198.868213][ T4277] usb 1-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 198.888664][ T4277] usb 1-1: config 1 interface 105 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 198.922515][ T4277] usb 1-1: config 1 interface 105 has no altsetting 0 [ 198.931790][ C1] vkms_vblank_simulate: vblank timer overrun [ 199.093352][ T8866] loop2: detected capacity change from 0 to 4096 [ 199.118978][ T4277] usb 1-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 199.136342][ T4277] usb 1-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 199.175553][ T4277] usb 1-1: Product: syz [ 199.212854][ T4277] usb 1-1: Manufacturer: syz [ 199.217549][ T4277] usb 1-1: SerialNumber: syz [ 199.227331][ T8872] device vti0 entered promiscuous mode [ 199.249919][ T8873] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 199.289184][ T8833] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 199.453557][ T8880] netlink: 11 bytes leftover after parsing attributes in process `syz.1.2024'. [ 199.519593][ T8881] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2022'. [ 199.529894][ T4277] aqc111: probe of 1-1:1.105 failed with error -22 [ 199.779554][ T4493] usb 1-1: USB disconnect, device number 11 [ 199.995914][ T8905] netlink: 'syz.2.2036': attribute type 1 has an invalid length. [ 200.543468][ T8932] netlink: 748 bytes leftover after parsing attributes in process `syz.0.2049'. [ 201.078823][ T8907] loop4: detected capacity change from 0 to 32768 [ 201.217278][ T8907] [ 201.217278][ T8907] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.217278][ T8907] [ 201.308709][ T4493] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 201.329479][ T8907] ERROR: (device loop4): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 201.329479][ T8907] [ 201.369059][ T8907] ERROR: (device loop4): jfs_unlink: [ 201.369059][ T8907] [ 201.388653][ T4910] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 201.457492][ T4185] ERROR: (device loop4): xtTruncate: XT_GETPAGE: xtree page corrupt [ 201.457492][ T4185] [ 201.485896][ T154] ERROR: (device loop4): diWrite: ixpxd invalid [ 201.485896][ T154] [ 201.505115][ T154] ERROR: (device loop4): txCommit: [ 201.505115][ T154] [ 201.552427][ T154] jfs_write_inode: jfs_commit_inode failed! [ 201.577464][ T4185] [ 201.577464][ T4185] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.577464][ T4185] [ 201.608872][ T4493] usb 2-1: Using ep0 maxpacket: 16 [ 201.617299][ T8970] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 201.648039][ T4185] [ 201.648039][ T4185] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 201.648039][ T4185] [ 201.748927][ T4493] usb 2-1: config index 0 descriptor too short (expected 4495, got 71) [ 201.749093][ T4910] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 201.767637][ T4493] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 201.827536][ T4493] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 201.838383][ T4910] usb 1-1: config 0 has no interface number 0 [ 201.868754][ T4910] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 201.888954][ T4493] usb 2-1: config 0 has no interface number 0 [ 201.900935][ T4910] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 201.948681][ T4910] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 201.985688][ T4910] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.022002][ T4910] usb 1-1: config 0 descriptor?? [ 202.062422][ T4910] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 202.099277][ T4493] usb 2-1: New USB device found, idVendor=046c, idProduct=14e0, bcdDevice= 0.01 [ 202.129100][ T4493] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.137379][ T4493] usb 2-1: Product: syz [ 202.192778][ T4493] usb 2-1: Manufacturer: syz [ 202.198168][ T4493] usb 2-1: SerialNumber: syz [ 202.248413][ T4493] usb 2-1: config 0 descriptor?? [ 202.311400][ T8959] iowarrior 1-1:0.1: Error -90 while submitting URB [ 202.331315][ T4493] usb 2-1: Found UVC 0.00 device syz (046c:14e0) [ 202.354064][ T4910] usb 1-1: USB disconnect, device number 12 [ 202.369517][ T4493] usb 2-1: No valid video chain found. [ 202.476179][ T8993] netlink: 748 bytes leftover after parsing attributes in process `syz.3.2079'. [ 202.575254][ T4230] usb 2-1: USB disconnect, device number 12 [ 202.666720][ T8999] tmpfs: Bad value for 'mpol' [ 202.772507][ T9001] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2083'. [ 202.810359][ T9001] netlink: 51 bytes leftover after parsing attributes in process `syz.4.2083'. [ 202.876107][ T9001] netlink: 'syz.4.2083': attribute type 4 has an invalid length. [ 203.660816][ T8995] loop2: detected capacity change from 0 to 32768 [ 203.694486][ T9036] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2099'. [ 203.732428][ T9036] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 203.760400][ T8995] [ 203.760400][ T8995] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 203.760400][ T8995] [ 203.844342][ T8995] ERROR: (device loop2): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt [ 203.844342][ T8995] [ 203.889495][ T8995] ERROR: (device loop2): jfs_unlink: [ 203.889495][ T8995] [ 203.984074][ T4186] ERROR: (device loop2): xtTruncate: XT_GETPAGE: xtree page corrupt [ 203.984074][ T4186] [ 204.059358][ T154] ERROR: (device loop2): diWrite: ixpxd invalid [ 204.059358][ T154] [ 204.067873][ T154] ERROR: (device loop2): txCommit: [ 204.067873][ T154] [ 204.138016][ T154] jfs_write_inode: jfs_commit_inode failed! [ 204.166905][ T4186] [ 204.166905][ T4186] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.166905][ T4186] [ 204.194234][ T4186] [ 204.194234][ T4186] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 204.194234][ T4186] [ 204.962666][ T9104] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2133'. [ 204.999775][ T9104] openvswitch: netlink: Key 29 has unexpected len 3064 expected 0 [ 205.019227][ T9107] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 205.027557][ T9107] overlayfs: missing 'lowerdir' [ 205.144054][ T9118] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2138'. [ 205.416004][ T9130] tmpfs: Bad value for 'mpol' [ 205.432072][ T9127] loop4: detected capacity change from 0 to 1024 [ 205.668716][ T4493] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 205.970126][ T3064] hfsplus: b-tree write err: -5, ino 25 [ 205.976008][ T3064] hfsplus: b-tree write err: -5, ino 4 [ 206.002927][ T3064] hfsplus: b-tree write err: -5, ino 2 [ 206.088929][ T4493] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 206.253894][ T9157] netlink: 'syz.1.2160': attribute type 2 has an invalid length. [ 206.288975][ T4493] usb 4-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 206.304134][ T4493] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.330136][ T9157] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 206.389286][ T4493] usb 4-1: Product: syz [ 206.403872][ T4493] usb 4-1: Manufacturer: syz [ 206.415189][ T4493] usb 4-1: SerialNumber: syz [ 206.429947][ T4493] usb 4-1: config 0 descriptor?? [ 206.480270][ T4493] asix: probe of 4-1:0.0 failed with error -22 [ 206.570600][ T9164] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2163'. [ 206.666951][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2163'. [ 206.712175][ T9164] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2163'. [ 206.759996][ T4493] usb 4-1: USB disconnect, device number 11 [ 206.843459][ T9172] loop2: detected capacity change from 0 to 1024 [ 207.129653][ T4663] hfsplus: b-tree write err: -5, ino 25 [ 207.135746][ T4663] hfsplus: b-tree write err: -5, ino 4 [ 207.141889][ T4230] Bluetooth: hci4: command 0x0406 tx timeout [ 207.171597][ T4663] hfsplus: b-tree write err: -5, ino 2 [ 207.797082][ T9226] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2193'. [ 208.088853][ T4910] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 208.442696][ T9269] loop3: detected capacity change from 0 to 256 [ 208.459029][ T4910] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 208.482438][ T4910] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 208.504294][ T4910] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 208.519569][ T9269] exfat: Deprecated parameter 'utf8' [ 208.525113][ T9269] exfat: Deprecated parameter 'namecase' [ 208.538741][ T9269] exfat: Deprecated parameter 'namecase' [ 208.544655][ T4910] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 208.616151][ T9269] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d) [ 208.670610][ T4910] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 208.688485][ T4910] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 208.697616][ T4910] usb 3-1: SerialNumber: syz [ 208.707228][ T26] audit: type=1800 audit(1776209192.521:14): pid=9269 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2215" name="file1" dev="loop3" ino=1048602 res=0 errno=0 [ 208.781550][ T4910] cdc_acm: probe of 3-1:1.0 failed with error -12 [ 208.994053][ T9295] sctp: [Deprecated]: syz.4.2226 (pid 9295) Use of int in max_burst socket option. [ 208.994053][ T9295] Use struct sctp_assoc_value instead [ 209.028354][ T9298] netlink: 'syz.0.2227': attribute type 12 has an invalid length. [ 209.047475][ T4277] usb 3-1: USB disconnect, device number 11 [ 210.085539][ T4910] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 210.238755][ T9355] netlink: 'syz.3.2253': attribute type 1 has an invalid length. [ 210.246606][ T9355] netlink: 'syz.3.2253': attribute type 3 has an invalid length. [ 210.288951][ T9355] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2253'. [ 210.338968][ T4910] usb 1-1: Using ep0 maxpacket: 8 [ 210.339062][ T9355] NCSI netlink: No device for ifindex 55159 [ 210.501185][ T4910] usb 1-1: unable to get BOS descriptor or descriptor too short [ 210.588968][ T4910] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 210.618620][ T4910] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 210.630511][ T9337] loop4: detected capacity change from 0 to 32768 [ 210.798805][ T4910] usb 1-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 210.828114][ T4910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.845521][ T4910] usb 1-1: Product: syz [ 210.856838][ T4910] usb 1-1: Manufacturer: syz [ 210.874956][ T4910] usb 1-1: SerialNumber: syz [ 210.922442][ T9376] device gretap1 entered promiscuous mode [ 211.449034][ T4910] usb 1-1: cannot find UAC_HEADER [ 211.507204][ T4910] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 211.536284][ T4910] usb 1-1: USB disconnect, device number 13 [ 211.756014][ T9420] CIFS mount error: No usable UNC path provided in device string! [ 211.756014][ T9420] [ 211.799157][ T9420] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 211.871164][ T4422] udevd[4422]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 211.901676][ T9424] loop4: detected capacity change from 0 to 1024 [ 212.168455][ T9424] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 212.339650][ T9448] IPv6: ADDRCONF(NETDEV_CHANGE): netdevsim0: link becomes ready [ 212.369131][ T9448] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 212.559158][ T9457] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2301'. [ 212.575003][ T9458] IPv6: sit1: Disabled Multicast RS [ 212.883078][ T9472] netlink: 'syz.2.2310': attribute type 9 has an invalid length. [ 212.900006][ T9472] netlink: 209836 bytes leftover after parsing attributes in process `syz.2.2310'. [ 213.006869][ T9464] loop1: detected capacity change from 0 to 4096 [ 213.101021][ T9464] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 213.314094][ T9464] ntfs3: loop1: failed to convert "c46c" to iso8859-14 [ 213.623705][ T9502] netlink: 'syz.4.2324': attribute type 1 has an invalid length. [ 214.231965][ T9528] loop2: detected capacity change from 0 to 4096 [ 214.274432][ T9541] netlink: 'syz.3.2342': attribute type 6 has an invalid length. [ 214.296009][ T9528] ntfs: (device loop2): check_mft_mirror(): Incomplete multi sector transfer detected in mft record 2. [ 214.347923][ T9528] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 214.456482][ T9545] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2343'. [ 214.474450][ T9528] ntfs: volume version 3.1. [ 214.496830][ T9528] ntfs: (device loop2): map_mft_record_page(): Mft record 0x2 is corrupt. Run chkdsk. [ 214.530841][ T9528] ntfs: (device loop2): map_mft_record(): Failed with error code 5. [ 214.543527][ T26] audit: type=1400 audit(1776209198.361:15): apparmor="DENIED" operation="setprocattr" info="fscreate" error=-22 profile="unconfined" pid=9546 comm="syz.1.2346" [ 214.578641][ T9528] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 214.606009][ T9545] unsupported nlmsg_type 40 [ 214.625866][ T9528] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 214.658837][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 214.708037][ T9528] ntfs: (device loop2): ntfs_read_locked_inode(): Index block size (0) < NTFS_BLOCK_SIZE (512) is not supported. Sorry. [ 214.821493][ T9528] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -95. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 215.033538][ T9564] netlink: 209820 bytes leftover after parsing attributes in process `syz.3.2352'. [ 215.301016][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 215.511540][ T9593] netlink: 'syz.1.2366': attribute type 12 has an invalid length. [ 215.548908][ T4231] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 215.558673][ T9593] netlink: 197276 bytes leftover after parsing attributes in process `syz.1.2366'. [ 215.858792][ T4231] usb 1-1: Using ep0 maxpacket: 16 [ 215.875678][ T9613] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2377'. [ 216.022684][ T9625] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 216.075436][ T9625] overlayfs: missing 'lowerdir' [ 216.188947][ T4231] usb 1-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 216.203312][ T4231] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.242275][ T4231] usb 1-1: Product: syz [ 216.265156][ T9638] netlink: 52 bytes leftover after parsing attributes in process `syz.2.2389'. [ 216.274416][ T4231] usb 1-1: Manufacturer: syz [ 216.288724][ T4231] usb 1-1: SerialNumber: syz [ 216.323525][ T4231] usb 1-1: config 0 descriptor?? [ 216.628920][ T4231] dvb_usb_dtv5100: probe of 1-1:0.0 failed with error -71 [ 216.661005][ T4231] usb 1-1: USB disconnect, device number 14 [ 216.791522][ T9665] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2403'. [ 216.863219][ T9670] QAT: failed to copy from user cfg_data. [ 216.927440][ T9675] loop1: detected capacity change from 0 to 64 [ 217.293389][ T9696] netlink: 144 bytes leftover after parsing attributes in process `syz.2.2418'. [ 217.325880][ T9700] loop3: detected capacity change from 0 to 256 [ 217.400894][ T9700] exfat: Deprecated parameter 'utf8' [ 217.406425][ T9700] exfat: Deprecated parameter 'namecase' [ 217.433124][ T9707] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2423'. [ 217.462898][ T9700] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001fe89, chksum : 0xf974f890, utbl_chksum : 0xe619d30d) [ 217.478821][ T9707] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2423'. [ 218.143306][ T9744] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 218.449765][ T4231] usb 1-1: new low-speed USB device number 15 using dummy_hcd [ 218.829117][ T4231] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.869374][ T4231] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 218.927845][ T4231] usb 1-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 219.010531][ T4231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.045258][ T4231] usb 1-1: config 0 descriptor?? [ 219.160337][ T4231] qmi_wwan: probe of 1-1:0.0 failed with error -22 [ 219.186096][ T9789] __nla_validate_parse: 1 callbacks suppressed [ 219.186118][ T9789] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2464'. [ 219.245535][ T9741] loop2: detected capacity change from 0 to 32768 [ 219.352341][ T9741] ea_get: invalid extended attribute [ 219.358353][ T9741] ffff888062a3a830: 04 00 00 00 .... [ 219.422922][ T4231] usb 1-1: USB disconnect, device number 15 [ 219.656494][ T9806] cifs: Unknown parameter 'no'aN[Gzob,er;%j [ 219.656494][ T9806] z,@qJ#"h/.W1ȱnNC"C׈E)8+' [ 220.078927][ T9824] delete_channel: no stack [ 220.341282][ T9843] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2491'. [ 220.749722][ T4231] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 220.966416][ T9880] netlink: 'syz.2.2507': attribute type 1 has an invalid length. [ 220.998219][ T9881] IPv6: ADDRCONF(NETDEV_CHANGE): dummy0: link becomes ready [ 221.038801][ T4231] usb 1-1: Using ep0 maxpacket: 16 [ 221.044829][ T9881] A link change request failed with some changes committed already. Interface dummy0 may have been left with an inconsistent configuration, please check. [ 221.089931][ T9883] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2509'. [ 221.173357][ T4231] usb 1-1: config 8 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 127, changing to 10 [ 221.208816][ T4231] usb 1-1: config 8 interface 0 has no altsetting 0 [ 221.298984][ T4231] usb 1-1: New USB device found, idVendor=046d, idProduct=c14f, bcdDevice=ff.ff [ 221.317191][ T4231] usb 1-1: New USB device strings: Mfr=230, Product=0, SerialNumber=0 [ 221.337430][ T9899] netlink: 'syz.4.2517': attribute type 32 has an invalid length. [ 221.351514][ T4231] usb 1-1: Manufacturer: syz [ 221.519176][ T4277] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 221.603108][ T4231] usb 1-1: USB disconnect, device number 16 [ 221.790595][ T4277] usb 4-1: Using ep0 maxpacket: 16 [ 221.949666][ T4277] usb 4-1: unable to get BOS descriptor or descriptor too short [ 222.059032][ T4277] usb 4-1: config 7 has an invalid interface number: 192 but max is 0 [ 222.078199][ T4277] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 222.106832][ T4277] usb 4-1: config 7 has no interface number 0 [ 222.136881][ T4277] usb 4-1: config 7 interface 192 has no altsetting 0 [ 222.325699][ T4231] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 222.333863][ T4277] usb 4-1: New USB device found, idVendor=0421, idProduct=0128, bcdDevice=a6.39 [ 222.344512][ T4277] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.363839][ T4277] usb 4-1: Product: syz [ 222.385928][ T4277] usb 4-1: Manufacturer: syz [ 222.404466][ T4277] usb 4-1: SerialNumber: syz [ 222.638428][ T9963] netlink: 'syz.2.2549': attribute type 12 has an invalid length. [ 222.669525][ T9965] netlink: 'syz.1.2551': attribute type 1 has an invalid length. [ 222.703692][ T9965] netlink: 'syz.1.2551': attribute type 3 has an invalid length. [ 222.715954][ T4277] usb 4-1: bad CDC descriptors [ 222.739280][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 222.755373][ T4277] usb 4-1: bad CDC descriptors [ 222.760540][ T9965] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2551'. [ 222.771820][ T4231] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 222.787748][ T4277] usb 4-1: USB disconnect, device number 12 [ 222.796915][ T9965] NCSI netlink: No device for ifindex 55159 [ 222.827142][ T4231] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 222.860663][ T4231] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 222.880403][ T4231] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.922442][ T4231] usb 5-1: config 0 descriptor?? [ 222.943306][ T9976] loop1: detected capacity change from 0 to 16 [ 222.991356][ T4231] hub 5-1:0.0: USB hub found [ 223.005557][ T9976] erofs: (device loop1): mounted with root inode @ nid 36. [ 223.027882][ T9976] erofs: (device loop1): find_target_block_classic: corrupted dir block 0 @ nid 36 [ 223.076377][ T9978] tmpfs: Bad value for 'mpol' [ 223.208662][ T4231] hub 5-1:0.0: 14 ports detected [ 223.232363][ T4231] hub 5-1:0.0: insufficient power available to use all downstream ports [ 223.419019][ T4231] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 223.425863][ T4231] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 223.519873][ T4231] usb 5-1: USB disconnect, device number 14 [ 224.175312][T10016] No such timeout policy "syz1" [ 224.636796][T10000] loop3: detected capacity change from 0 to 32768 [ 224.728699][ T4917] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 224.867077][T10000] (syz.3.2565,10000,1):ocfs2_journal_addressable:1995 ERROR: The journal cannot address the entire volume. Enable the 'block64' journal option with tunefs.ocfs2 [ 224.867125][T10000] (syz.3.2565,10000,1):ocfs2_check_volume:2493 ERROR: status = -27 [ 224.894724][T10000] (syz.3.2565,10000,1):ocfs2_mount_volume:1824 ERROR: status = -27 [ 224.942403][T10000] (syz.3.2565,10000,1):ocfs2_fill_super:1177 ERROR: status = -27 [ 224.970824][T10012] loop4: detected capacity change from 0 to 32768 [ 225.005111][T10000] NILFS (loop3): couldn't find nilfs on the device [ 225.039874][T10043] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2587'. [ 225.098894][ T4917] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 225.161716][ T4917] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 225.224131][ T4917] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 225.234363][ T4917] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 225.255041][T10012] XFS (loop4): Mounting V5 Filesystem [ 225.299867][T10039] loop1: detected capacity change from 0 to 32768 [ 225.319110][ T4917] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 225.328299][ T4917] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 225.337013][ T4917] usb 1-1: SerialNumber: syz [ 225.399974][ T4917] cdc_acm: probe of 1-1:1.0 failed with error -12 [ 225.454799][T10012] XFS (loop4): Ending clean mount [ 225.635162][ T4910] usb 1-1: USB disconnect, device number 17 [ 225.696200][ T4185] XFS (loop4): Unmounting Filesystem [ 225.732976][T10059] netlink: 'syz.1.2591': attribute type 9 has an invalid length. [ 225.776662][T10059] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.2591'. [ 225.788954][ T4917] usb 3-1: new full-speed USB device number 12 using dummy_hcd [ 225.925023][T10061] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2594'. [ 226.169466][ T4917] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 226.177635][ T4917] usb 3-1: config 0 has no interface number 0 [ 226.203920][T10067] xt_TPROXY: Can be used only with -p tcp or -p udp [ 226.219031][ T4917] usb 3-1: config 0 interface 41 has no altsetting 0 [ 226.386637][ T4917] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 226.419070][ T4917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.427279][ T4917] usb 3-1: Product: syz [ 226.480734][ T4917] usb 3-1: Manufacturer: syz [ 226.486527][ T4917] usb 3-1: SerialNumber: syz [ 226.505389][T10081] xt_CT: You must specify a L4 protocol and not use inversions on it [ 226.523016][ T4917] usb 3-1: config 0 descriptor?? [ 227.016790][ T4917] CoreChips 3-1:0.41 (unnamed net_device) (uninitialized): set LINK LED failed : -71 [ 227.049047][ T4917] CoreChips: probe of 3-1:0.41 failed with error -71 [ 227.099508][ T4917] usb 3-1: USB disconnect, device number 12 [ 227.217165][T10120] netlink: 'syz.0.2621': attribute type 1 has an invalid length. [ 227.267204][T10120] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2621'. [ 227.366626][T10117] loop1: detected capacity change from 0 to 4096 [ 227.381512][T10126] loop4: detected capacity change from 0 to 1024 [ 227.429380][T10117] ntfs: (device loop1): check_mft_mirror(): Incomplete multi sector transfer detected in mft record 2. [ 227.455534][T10117] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 227.538927][T10126] hfsplus: can't free extent [ 227.567259][T10117] ntfs: volume version 3.1. [ 227.582581][T10117] ntfs: (device loop1): map_mft_record_page(): Mft record 0x2 is corrupt. Run chkdsk. [ 227.594942][T10117] ntfs: (device loop1): map_mft_record(): Failed with error code 5. [ 227.603946][T10117] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x2 as bad. Run chkdsk. [ 227.618200][T10117] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 227.777021][T10117] ntfs: (device loop1): ntfs_read_locked_inode(): Index block size (0) < NTFS_BLOCK_SIZE (512) is not supported. Sorry. [ 227.867468][T10117] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -95. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 227.927210][T10143] netlink: 'syz.3.2634': attribute type 2 has an invalid length. [ 227.967981][T10143] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2634'. [ 228.067031][T10148] loop4: detected capacity change from 0 to 2048 [ 228.162489][T10156] loop3: detected capacity change from 0 to 1764 [ 228.180500][T10148] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 228.239858][ T26] audit: type=1800 audit(1776209212.061:16): pid=10148 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2635" name="bus" dev="loop4" ino=1367 res=0 errno=0 [ 228.378660][ T4910] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 228.739787][ T4910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 228.777422][ T4910] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7 [ 228.787853][T10183] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2653'. [ 228.849651][T10186] netlink: 84 bytes leftover after parsing attributes in process `syz.4.2651'. [ 228.978918][ T4910] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 228.988084][ T4910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.044497][ T4910] usb 1-1: Product: syz [ 229.049328][ T4910] usb 1-1: Manufacturer: syz [ 229.053980][ T4910] usb 1-1: SerialNumber: syz [ 229.079784][ T4910] usb 1-1: config 0 descriptor?? [ 229.136904][ T4910] usb 1-1: 0:0 : invalid sync pipe. is_playback 1, ep 0a, bSynchAddress 07 [ 229.234235][T10192] loop2: detected capacity change from 0 to 8192 [ 229.282583][T10206] netlink: 'syz.1.2663': attribute type 5 has an invalid length. [ 229.321849][T10206] device  entered promiscuous mode [ 229.339315][T10192] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 229.371427][T10192] REISERFS (device loop2): using ordered data mode [ 229.447968][T10192] reiserfs: using flush barriers [ 229.504748][T10192] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 229.621772][ T4495] usb 1-1: USB disconnect, device number 18 [ 229.629329][T10192] REISERFS (device loop2): checking transaction log (loop2) [ 229.647823][T10219] netlink: 'syz.3.2669': attribute type 9 has an invalid length. [ 229.670020][T10192] REISERFS (device loop2): Using tea hash to sort names [ 229.702014][T10192] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 229.748039][T10219] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.2669'. [ 229.997956][T10229] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 230.205664][T10237] x_tables: duplicate underflow at hook 4 [ 230.412033][T10252] loop4: detected capacity change from 0 to 256 [ 230.573384][T10261] ip6t_srh: unknown srh invflags 4000 [ 230.593297][T10263] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2691'. [ 230.629837][T10252] exfat: Deprecated parameter 'utf8' [ 230.683448][T10252] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe3908169, utbl_chksum : 0xe619d30d) [ 230.791777][T10270] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2694'. [ 230.930458][T10276] loop1: detected capacity change from 0 to 16 [ 231.029796][T10276] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 231.097539][T10284] netlink: 'syz.4.2698': attribute type 21 has an invalid length. [ 231.643226][T10306] xt_ipcomp: unknown flags 12 [ 231.921139][T10312] loop2: detected capacity change from 0 to 4096 [ 232.043953][T10312] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 232.184697][T10312] ntfs3: loop2: failed to convert "c46c" to ascii [ 232.310717][T10338] netlink: 'syz.4.2722': attribute type 9 has an invalid length. [ 232.394508][T10345] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2725'. [ 232.399937][T10338] netlink: 209836 bytes leftover after parsing attributes in process `syz.4.2722'. [ 232.468905][T10349] netlink: 244 bytes leftover after parsing attributes in process `syz.0.2728'. [ 232.644901][T10354] netlink: 'syz.3.2730': attribute type 1 has an invalid length. [ 232.718929][T10354] netlink: 'syz.3.2730': attribute type 3 has an invalid length. [ 232.768608][T10354] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2730'. [ 233.124549][T10372] x_tables: duplicate underflow at hook 2 [ 233.824222][T10362] loop1: detected capacity change from 0 to 32768 [ 233.952492][T10362] ea_get: invalid extended attribute [ 233.957974][T10362] ffff888062a3e8f0: 04 00 00 00 .... [ 234.005540][T10414] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2761'. [ 234.408738][ T4910] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 234.637400][T10447] loop3: detected capacity change from 0 to 16 [ 234.678662][ T4910] usb 5-1: Using ep0 maxpacket: 8 [ 234.758857][T10447] erofs: (device loop3): mounted with root inode @ nid 36. [ 234.796984][T10447] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 234.849038][ T4910] usb 5-1: unable to get BOS descriptor or descriptor too short [ 234.861834][T10447] erofs: (device loop3): z_erofs_readpage: failed to read, err [-117] [ 234.927828][T10453] device bridge_slave_1 left promiscuous mode [ 234.959146][ T4910] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 234.969652][T10453] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.989441][ T4910] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 249, changing to 7 [ 235.011121][ T4910] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 235.047552][T10453] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 235.134404][T10435] loop1: detected capacity change from 0 to 32768 [ 235.206501][T10435] (syz.1.2771,10435,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 235.245720][ T4910] usb 5-1: New USB device found, idVendor=2b53, idProduct=0031, bcdDevice= 0.40 [ 235.257248][T10435] (syz.1.2771,10435,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 235.287056][ T4910] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.300648][ T4910] usb 5-1: Product: syz [ 235.304879][ T4910] usb 5-1: Manufacturer: syz [ 235.353037][ T4910] usb 5-1: SerialNumber: syz [ 235.382142][T10435] JBD2: journal file too short [ 235.389090][T10435] (syz.1.2771,10435,1):ocfs2_journal_wipe:1154 ERROR: status = -22 [ 235.399883][T10435] (syz.1.2771,10435,0):ocfs2_check_volume:2424 ERROR: status = -22 [ 235.427857][T10435] (syz.1.2771,10435,0):ocfs2_check_volume:2493 ERROR: status = -22 [ 235.467382][T10435] (syz.1.2771,10435,1):ocfs2_mount_volume:1824 ERROR: status = -22 [ 235.517725][T10435] (syz.1.2771,10435,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 235.649614][ T4910] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 235.668993][T10435] blk_update_request: I/O error, dev loop1, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 235.709619][ T4910] snd-usb-audio: probe of 5-1:1.1 failed with error -22 [ 235.728810][T10435] qnx4: unable to read the superblock [ 235.871739][ T4910] snd-usb-audio: probe of 5-1:1.2 failed with error -22 [ 235.909416][ T4910] usb 5-1: USB disconnect, device number 15 [ 236.180365][ T4410] udevd[4410]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 236.604992][T10519] libceph: resolve '96.' (ret=-3): failed [ 236.911793][T10545] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2825'. [ 236.939563][T10540] loop4: detected capacity change from 0 to 4096 [ 237.077959][T10540] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 237.118156][T10540] ntfs3: loop4: Failed to load $Extend. [ 237.209028][T10540] ntfs3: loop4: ntfs_sync_fs r=9 failed, -22. [ 237.300915][ T4185] ntfs3: loop4: ntfs_sync_fs r=9 failed, -22. [ 237.310787][ T4185] ntfs3: loop4: ntfs_evict_inode r=9 failed, -22. [ 237.396042][T10574] loop3: detected capacity change from 0 to 128 [ 237.871565][T10596] loop3: detected capacity change from 0 to 2048 [ 238.025612][T10596] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 238.372590][T10622] netlink: 'syz.4.2859': attribute type 8 has an invalid length. [ 238.396732][T10622] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 238.757096][T10587] loop2: detected capacity change from 0 to 32768 [ 239.050865][T10587] XFS (loop2): Mounting V5 Filesystem [ 239.071310][T10663] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2874'. [ 239.134081][T10663] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2874'. [ 239.182614][T10587] XFS (loop2): Ending clean mount [ 239.220703][ T4186] XFS (loop2): Unmounting Filesystem [ 240.454581][T10700] loop2: detected capacity change from 0 to 8192 [ 240.619145][T10700] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 240.634217][T10700] REISERFS (device loop2): using ordered data mode [ 240.641379][T10700] reiserfs: using flush barriers [ 240.680291][T10700] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 240.697139][T10700] REISERFS (device loop2): checking transaction log (loop2) [ 240.752255][T10700] REISERFS (device loop2): Using r5 hash to sort names [ 240.780522][T10700] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 240.838036][T10733] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 241.358153][T10762] loop1: detected capacity change from 0 to 1024 [ 241.462598][T10772] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2928'. [ 241.508761][T10772] netlink: 76 bytes leftover after parsing attributes in process `syz.4.2928'. [ 241.710808][T10784] loop1: detected capacity change from 0 to 512 [ 241.837607][T10784] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 241.859005][T10784] ext4 filesystem being mounted at /594/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 242.018988][T10804] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2942'. [ 242.299102][T10817] netlink: 'syz.0.2949': attribute type 1 has an invalid length. [ 242.348737][ T4915] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 242.412069][T10824] x_tables: unsorted underflow at hook 3 [ 242.476876][T10826] 9pnet: Insufficient options for proto=fd [ 242.521552][T10819] xt_CT: No such helper "syz0" [ 242.588666][ T4915] usb 5-1: Using ep0 maxpacket: 8 [ 242.718162][ T4915] usb 5-1: config 0 has an invalid interface number: 33 but max is 1 [ 242.748644][ T4915] usb 5-1: config 0 has no interface number 1 [ 242.755074][ T4915] usb 5-1: config 0 interface 33 altsetting 0 endpoint 0x6 has an invalid bInterval 0, changing to 7 [ 242.782377][T10836] netlink: 'syz.2.2957': attribute type 2 has an invalid length. [ 242.819157][ T4915] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 247 [ 243.008946][ T4915] usb 5-1: New USB device found, idVendor=2040, idProduct=2950, bcdDevice=85.f1 [ 243.018413][ T4915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.055866][ T4915] usb 5-1: Product: syz [ 243.074401][ T4915] usb 5-1: Manufacturer: syz [ 243.082082][ T4915] usb 5-1: SerialNumber: syz [ 243.120796][ T4915] usb 5-1: config 0 descriptor?? [ 243.162165][ T4915] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 243.257521][T10858] netlink: 'syz.3.2970': attribute type 6 has an invalid length. [ 243.372051][ T2425] pvrusb2: Invalid read control endpoint [ 243.375470][ T4915] pvrusb2: Hardware description: WinTV PVR USB2 Model 29xxx [ 243.408410][ T2425] usb 5-1: Direct firmware load for v4l-pvrusb2-29xxx-01.fw failed with error -2 [ 243.462898][ T2425] usb 5-1: Falling back to sysfs fallback for: v4l-pvrusb2-29xxx-01.fw [ 243.489147][ T4915] usb 5-1: USB disconnect, device number 16 [ 243.587048][ T26] audit: type=1326 audit(1776209227.401:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10873 comm="syz.1.2977" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff3c2374819 code=0x0 [ 243.645766][T10877] CIFS: bad ip= option (.RHe'ˠ/1C~1WexEAeSb{~R) [ 244.245520][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.278900][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.308960][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.349769][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.376353][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.419371][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.445623][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.469494][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.498805][ T4493] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 244.508914][T10921] netlink: 192 bytes leftover after parsing attributes in process `syz.3.3001'. [ 244.526348][T10934] tmpfs: Unknown parameter 'noswap' [ 244.768836][ T4493] usb 1-1: Using ep0 maxpacket: 32 [ 244.899350][ T4493] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 244.920352][T10947] loop1: detected capacity change from 0 to 4096 [ 244.928099][ T4493] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 244.949636][T10947] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 244.961996][T10947] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 244.988624][ T4493] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 245.002612][T10947] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 245.038926][T10947] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 245.089272][T10947] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 245.140784][T10947] ntfs: volume version 3.1. [ 245.156780][T10947] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 245.202830][T10947] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 245.228413][T10947] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 245.231137][ T4493] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 245.258895][T10947] ntfs: (device loop1): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is corrupt. [ 245.289391][ T4493] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.316193][ T4493] usb 1-1: Product: syz [ 245.331714][ T4493] usb 1-1: Manufacturer: syz [ 245.336787][ T4493] usb 1-1: SerialNumber: syz [ 245.408495][ T4493] cdc_ncm 1-1:1.0: skipping garbage [ 245.413919][ T4493] cdc_ncm 1-1:1.0: CDC Union missing and no IAD found [ 245.431621][ T4493] cdc_ncm 1-1:1.0: bind() failure [ 245.509498][T10970] loop2: detected capacity change from 0 to 1024 [ 245.577759][T10970] hfsplus: invalid length 32517 has been corrected to 255 [ 245.633183][T10970] hfsplus: invalid length 32517 has been corrected to 255 [ 245.649212][ T4277] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 245.663886][ T4917] usb 1-1: USB disconnect, device number 19 [ 245.683808][T10970] hfsplus: invalid length 32517 has been corrected to 255 [ 245.801858][T10978] openvswitch: netlink: Missing key (keys=40, expected=200000) [ 245.873913][ T4663] hfsplus: invalid length 32517 has been corrected to 255 [ 245.883269][ T4663] hfsplus: b-tree write err: -5, ino 22 [ 245.915789][T10982] netlink: 'syz.1.3031': attribute type 3 has an invalid length. [ 245.925144][T10982] netlink: 'syz.1.3031': attribute type 3 has an invalid length. [ 245.929709][ T4277] usb 4-1: Using ep0 maxpacket: 32 [ 246.061597][T10988] binder: 10987:10988 ioctl c0046209 200000000000000 returned -22 [ 246.150174][ T4277] usb 4-1: unable to get BOS descriptor or descriptor too short [ 246.459117][ T4277] usb 4-1: New USB device found, idVendor=0b05, idProduct=17a0, bcdDevice= 0.40 [ 246.476837][ T4277] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.519308][ T4277] usb 4-1: Product: syz [ 246.523575][ T4277] usb 4-1: Manufacturer: syz [ 246.528222][ T4277] usb 4-1: SerialNumber: syz [ 246.658771][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 246.949092][ T4277] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 246.988788][ T4277] usb 4-1: 2:1 : no UAC_FORMAT_TYPE desc [ 247.058364][ T4277] usb 4-1: USB disconnect, device number 13 [ 247.350008][ T6560] udevd[6560]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 247.528305][T11053] loop1: detected capacity change from 0 to 64 [ 248.064513][T11033] loop2: detected capacity change from 0 to 40427 [ 248.145621][T11081] netlink: 'syz.4.3079': attribute type 3 has an invalid length. [ 248.197280][T11033] F2FS-fs (loop2): invalid crc value [ 248.230965][T11033] F2FS-fs (loop2): Found nat_bits in checkpoint [ 248.398408][T11033] F2FS-fs (loop2): Start checkpoint disabled! [ 248.450077][T11099] overlayfs: bad mount option "redirect_dir=on:/" [ 248.519598][T11033] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 248.558197][T11107] xt_connbytes: Forcing CT accounting to be enabled [ 248.722829][T11107] xt_CT: No such helper "netbios-ns" [ 249.043767][T11125] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղDvc֠6xc: (pid: 11125 comm: syz.2.3098) [ 249.084777][T11127] loop3: detected capacity change from 0 to 256 [ 249.176275][T11127] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012c80, chksum : 0x8ff561f5, utbl_chksum : 0xe619d30d) [ 249.226056][ T26] kauditd_printk_skb: 5 callbacks suppressed [ 249.226075][ T26] audit: type=1800 audit(1776209233.041:18): pid=11125 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.3098" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=54783 res=0 errno=0 [ 249.264459][ C1] vkms_vblank_simulate: vblank timer overrun [ 249.333340][T11137] __nla_validate_parse: 19 callbacks suppressed [ 249.333364][T11137] netlink: 328 bytes leftover after parsing attributes in process `syz.0.3104'. [ 249.709520][T11154] netlink: 'syz.3.3112': attribute type 3 has an invalid length. [ 249.757696][T11154] netlink: 'syz.3.3112': attribute type 1 has an invalid length. [ 250.095342][T11166] loop2: detected capacity change from 0 to 4096 [ 250.288158][T11184] SET target dimension over the limit! [ 250.455964][T11188] loop1: detected capacity change from 0 to 512 [ 250.585829][T11188] EXT4-fs (loop1): Ignoring removed nobh option [ 250.695312][T11188] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 250.751422][T11198] netlink: 'syz.3.3133': attribute type 1 has an invalid length. [ 250.760637][T11188] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -61 [ 250.783142][T11198] netlink: 'syz.3.3133': attribute type 9 has an invalid length. [ 250.801523][T11188] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #13: comm syz.1.3129: inode has both inline data and extents flags [ 250.856974][T11188] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.3129: couldn't read orphan inode 13 (err -117) [ 250.908979][T11188] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,nouid32,nobh,stripe=0x000000000000ffff,block_validity,grpjquota=",errors=continue. Quota mode: writeback. [ 250.995167][T11188] fscrypt (loop1, inode 2): Error -61 getting encryption context [ 251.059069][ T4277] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 251.098126][T11173] loop4: detected capacity change from 0 to 40427 [ 251.137199][T11173] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 251.166787][T11173] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 251.261559][T11173] F2FS-fs (loop4): invalid crc value [ 251.315814][T11173] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 9809626597) [ 251.368972][ T4277] usb 1-1: Using ep0 maxpacket: 16 [ 251.544896][T11173] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 251.560404][T11173] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 251.671148][T11173] fscrypt (loop4, inode 3): Error -61 getting encryption context [ 251.710037][ T4277] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 251.738599][ T4277] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.777234][ T4277] usb 1-1: Product: syz [ 251.779186][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 251.793598][ T4277] usb 1-1: Manufacturer: syz [ 251.799045][ T4495] usb 4-1: new low-speed USB device number 14 using dummy_hcd [ 251.807853][ T4277] usb 1-1: SerialNumber: syz [ 251.819146][ T4277] usb 1-1: config 0 descriptor?? [ 251.861130][ T4277] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 252.028354][T11246] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3156'. [ 252.110646][ T4231] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 252.208879][ T4495] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 252.218874][ T4495] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 252.229908][ T4495] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 252.239361][T11252] ksmbd: Unknown IPC event: 10, ignore. [ 252.246590][ T4495] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 252.260889][ T4495] usb 4-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 252.271059][ T4495] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.298881][ T4277] usb 1-1: clie_3_5_startup: get interface number failed: -71 [ 252.307394][ T4277] visor: probe of 1-1:0.0 failed with error -71 [ 252.325572][ T4277] usb 1-1: USB disconnect, device number 20 [ 252.333287][ T4495] hub 4-1:1.0: bad descriptor, ignoring hub [ 252.342088][ T4495] hub: probe of 4-1:1.0 failed with error -5 [ 252.362125][ T4495] cdc_wdm 4-1:1.0: skipping garbage [ 252.383978][ T4495] cdc_wdm 4-1:1.0: invalid descriptor buffer length [ 252.411784][ T4495] cdc_wdm: probe of 4-1:1.0 failed with error -22 [ 252.529319][ T4231] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 252.558636][ T4231] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 252.579340][ T4231] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 252.634646][T11263] loop2: detected capacity change from 0 to 256 [ 252.688816][ T4231] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 252.702953][ T4231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 252.721017][ T4231] usb 2-1: SerialNumber: syz [ 252.738926][ T4495] usb 4-1: USB disconnect, device number 14 [ 252.771961][T11263] exFAT-fs (loop2): failed to load upcase table (idx : 0x00012c80, chksum : 0x8ff561f5, utbl_chksum : 0xe619d30d) [ 253.002141][T11280] netlink: 'syz.0.3172': attribute type 1 has an invalid length. [ 253.020713][ T4231] usbtest 2-1:1.0: couldn't get endpoints, -22 [ 253.032725][T11280] netlink: 224 bytes leftover after parsing attributes in process `syz.0.3172'. [ 253.037992][ T4231] usbtest: probe of 2-1:1.0 failed with error -22 [ 253.077082][T11284] loop4: detected capacity change from 0 to 128 [ 253.108419][ T4231] usb 2-1: USB disconnect, device number 13 [ 253.319272][T11293] loop4: detected capacity change from 0 to 128 [ 253.530181][T11300] netlink: 134744 bytes leftover after parsing attributes in process `syz.4.3182'. [ 253.753266][T11315] blk_update_request: I/O error, dev loop1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 253.802711][T11315] FAT-fs (loop1): unable to read boot sector [ 254.020781][T11330] loop4: detected capacity change from 0 to 1024 [ 254.029670][T11332] loop2: detected capacity change from 0 to 8 [ 254.074661][T11330] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled [ 254.158151][T11330] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 254.225424][T11332] SQUASHFS error: Failed to read block 0x2d7: -5 [ 254.232282][T11330] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,quota,,errors=continue. Quota mode: writeback. [ 254.255475][T11330] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 254.264338][T11332] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 254.275562][T11346] No such timeout policy "syz1" [ 254.482995][T11356] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 254.752282][T11373] netlink: 264 bytes leftover after parsing attributes in process `syz.1.3216'. [ 254.801837][T11373] netlink: 264 bytes leftover after parsing attributes in process `syz.1.3216'. [ 254.832246][T11373] netlink: 175 bytes leftover after parsing attributes in process `syz.1.3216'. [ 254.861616][T11379] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 255.003768][T11387] loop4: detected capacity change from 0 to 256 [ 255.056401][T11391] xt_ecn: cannot match TCP bits for non-tcp packets [ 255.104340][T11387] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 255.264072][T11402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3231'. [ 255.318778][T11402] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3231'. [ 255.606741][T11423] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 255.798707][T11431] xt_CT: No such helper "snmp_trap" [ 255.949024][ T4231] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 256.125872][T11458] netlink: 124 bytes leftover after parsing attributes in process `syz.3.3257'. [ 256.218841][ T4231] usb 2-1: Using ep0 maxpacket: 16 [ 256.262041][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.268419][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.322108][T11467] netlink: 'syz.2.3262': attribute type 1 has an invalid length. [ 256.533569][T11474] netlink: 'syz.2.3264': attribute type 28 has an invalid length. [ 256.542074][ T4231] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 256.562231][ T4231] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.571119][T11474] netlink: 'syz.2.3264': attribute type 3 has an invalid length. [ 256.598776][ T4231] usb 2-1: Product: syz [ 256.603313][T11474] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3264'. [ 256.612853][ T4231] usb 2-1: Manufacturer: syz [ 256.638595][ T4231] usb 2-1: SerialNumber: syz [ 256.678649][ T4231] usb 2-1: config 0 descriptor?? [ 256.730892][ T4231] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 257.148867][ T4231] ssu100: probe of 2-1:0.0 failed with error -71 [ 257.172750][ T4231] usb 2-1: USB disconnect, device number 14 [ 257.742310][T11470] loop3: detected capacity change from 0 to 40427 [ 257.833018][T11513] loop4: detected capacity change from 0 to 512 [ 257.854402][T11470] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 257.872688][T11470] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 257.942746][T11470] F2FS-fs (loop3): invalid crc value [ 257.980445][T11513] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0022] [ 257.988902][T11513] System zones: 1-12 [ 258.006168][T11470] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 9809626597) [ 258.064300][T11513] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.3284: Directory hole found for htree index block 0 [ 258.094871][T11513] EXT4-fs (loop4): Remounting filesystem read-only [ 258.102980][T11513] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -117 [ 258.111732][T11513] EXT4-fs error (device loop4): dx_probe:823: inode #2: comm syz.4.3284: Directory hole found for htree index block 0 [ 258.128338][T11513] EXT4-fs (loop4): Remounting filesystem read-only [ 258.140606][T11513] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117 [ 258.174792][T11513] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=Jdebug,jqfmt=vfsold,dax=never,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 258.248687][T11513] EXT4-fs (loop4): re-mounted. Opts: grpjquota=Jdebug,jqfmt=vfsold,dax=never,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 258.401416][T11470] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 258.446589][T11470] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 258.561510][T11470] fscrypt (loop3, inode 3): Error -61 getting encryption context [ 258.628715][ T4917] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 258.703819][T11539] 8021q: adding VLAN 0 to HW filter on device bond1 [ 258.844777][T11542] loop4: detected capacity change from 0 to 512 [ 258.975782][T11542] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 259.041298][T11542] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13 [ 259.049397][ T4917] usb 1-1: unable to get BOS descriptor or descriptor too short [ 259.080798][T11542] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.3295: invalid indirect mapped block 2683928664 (level 1) [ 259.178677][T11542] EXT4-fs (loop4): Remounting filesystem read-only [ 259.185810][T11542] EXT4-fs (loop4): 1 truncate cleaned up [ 259.192285][ T4917] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 259.202614][T11542] EXT4-fs (loop4): mounted filesystem without journal. Opts: noblock_validity,dioread_nolock,errors=remount-ro,minixdf,jqfmt=vfsv0,usrjquota=.,. Quota mode: writeback. [ 259.238704][ T4917] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 259.307712][T11542] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 259.360445][T11542] EXT4-fs (loop4): re-mounted. Opts: . Quota mode: writeback. [ 259.418824][ T4917] usb 1-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 259.428001][ T4917] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.488816][ T4917] usb 1-1: Product: syz [ 259.493119][ T4917] usb 1-1: Manufacturer: syz [ 259.497922][ T4917] usb 1-1: SerialNumber: syz [ 259.714717][T11562] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3304'. [ 259.792528][T11564] loop3: detected capacity change from 0 to 512 [ 259.873168][T11566] loop2: detected capacity change from 0 to 64 [ 259.889798][ T4917] usb 1-1: failed waiting for Axe-Fx III to boot: -71 [ 259.896764][ T4917] snd-usb-audio: probe of 1-1:1.0 failed with error -71 [ 259.914600][T11564] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled [ 259.936041][T11564] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 259.964376][ T4917] usb 1-1: USB disconnect, device number 21 [ 260.008685][T11564] EXT4-fs (loop3): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 260.041222][T11564] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 260.076637][T11564] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 260.149036][T11564] EXT4-fs (loop3): orphan cleanup on readonly fs [ 260.217028][T11564] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present [ 260.275640][T11564] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 260.369949][T11564] EXT4-fs error (device loop3): ext4_acquire_dquot:6234: comm syz.3.3294: Failed to acquire dquot type 1 [ 260.405598][T11564] EXT4-fs (loop3): 1 truncate cleaned up [ 260.430395][T11564] EXT4-fs (loop3): mounted filesystem without journal. Opts: norecovery,bsddf,nodioread_nolock,acl,max_dir_size_kb=0x0000000000000001,noblock_validity,usrjquota=,jqfmt=vfsv0,inode_readahead_blks=0x0000000000001000,resgid=0x0000000000000000,sysvgroups,,errors=continue. Quota mode: writeback. [ 260.691377][T11597] netlink: 'syz.2.3320': attribute type 7 has an invalid length. [ 260.881186][T11607] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3324'. [ 261.091053][T11618] netlink: 132 bytes leftover after parsing attributes in process `syz.2.3330'. [ 261.203699][T11627] nfs4: Bad value for 'source' [ 261.999966][T11664] netlink: 'syz.2.3352': attribute type 27 has an invalid length. [ 262.056458][T11664] A link change request failed with some changes committed already. Interface team_slave_0 may have been left with an inconsistent configuration, please check. [ 262.096125][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.122324][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.159472][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.169453][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.214226][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.252147][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.267952][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.303199][T11663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 262.347716][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 262.387025][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 262.425984][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 262.533024][T11663] IPv6: ADDRCONF(NETDEV_CHANGE): netdevsim0: link becomes ready [ 262.610251][T11689] loop4: detected capacity change from 0 to 16 [ 262.675483][T11689] erofs: (device loop4): mounted with root inode @ nid 36. [ 262.757714][T11696] loop1: detected capacity change from 0 to 256 [ 262.918908][T11705] netlink: 'syz.2.3372': attribute type 11 has an invalid length. [ 262.933132][T11696] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 263.016801][T11696] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 263.048847][ T4190] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 263.070249][T11696] FAT-fs (loop1): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 263.076280][T11708] loop2: detected capacity change from 0 to 256 [ 263.098009][T11710] netlink: 'syz.4.3375': attribute type 15 has an invalid length. [ 263.109377][ T26] audit: type=1800 audit(1776209246.921:19): pid=11696 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3368" name="file1" dev="loop1" ino=1048608 res=0 errno=0 [ 263.148111][T11696] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001) [ 263.274656][T11708] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d) [ 263.432627][T11718] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 263.666740][T11726] netlink: 'syz.1.3383': attribute type 10 has an invalid length. [ 263.675291][ T4190] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 263.702823][ T4190] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.728952][T11726] netlink: 'syz.1.3383': attribute type 10 has an invalid length. [ 263.750056][ T4190] usb 4-1: Product: syz [ 263.754345][ T4190] usb 4-1: Manufacturer: syz [ 263.779303][ T4190] usb 4-1: SerialNumber: syz [ 263.833527][ T4190] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 263.838989][ T4917] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 264.013446][T11735] bond0: option ad_select: unable to set because the bond device is up [ 264.282908][T11744] dlm: no local IP address has been set [ 264.314449][T11744] dlm: cannot start dlm midcomms -107 [ 264.378992][ T4917] usb 3-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 264.388312][ T4917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.418806][ T4917] usb 3-1: Product: syz [ 264.423055][ T4917] usb 3-1: Manufacturer: syz [ 264.427963][ T4917] usb 3-1: SerialNumber: syz [ 264.462055][ T4917] usb 3-1: config 0 descriptor?? [ 264.538833][ T4190] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 264.708872][ T4917] peak_usb 3-1:0.0: PEAK-System PCAN-USB FD v67 fw v57.0.0 (1 channels) [ 264.929167][ T4917] peak_usb 3-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 264.937673][ T4917] peak_usb 3-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 265.001632][ T4231] usb 4-1: USB disconnect, device number 15 [ 265.113052][ T4917] peak_usb: probe of 3-1:0.0 failed with error -71 [ 265.156095][ T4917] usb 3-1: USB disconnect, device number 13 [ 265.433577][T11803] syz.0.3421: vmalloc error: size 9007199254740992, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz0,mems_allowed=0-1 [ 265.459467][T11803] CPU: 0 PID: 11803 Comm: syz.0.3421 Not tainted syzkaller #0 [ 265.467018][T11803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 265.477231][T11803] Call Trace: [ 265.480839][T11803] [ 265.483806][T11803] dump_stack_lvl+0x188/0x250 [ 265.488540][T11803] ? rcu_lock_release+0x5/0x20 [ 265.493353][T11803] ? show_regs_print_info+0x20/0x20 [ 265.498610][T11803] ? load_image+0x400/0x400 [ 265.503388][T11803] warn_alloc+0x243/0x320 [ 265.508010][T11803] ? rcu_lock_release+0x20/0x20 [ 265.512938][T11803] ? zone_watermark_ok_safe+0x240/0x240 [ 265.518673][T11803] ? dvb_demux_do_ioctl+0x313/0x530 [ 265.524155][T11803] ? kfree+0xef/0x2a0 [ 265.528213][T11803] __vmalloc_node_range+0x2b1/0x8b0 [ 265.533470][T11803] ? mutex_lock_io_nested+0x60/0x60 [ 265.538721][T11803] ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 265.544576][T11803] vmalloc+0x75/0x80 [ 265.548531][T11803] ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 265.554493][T11803] dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 265.560645][T11803] dvb_demux_do_ioctl+0x450/0x530 [ 265.565754][T11803] dvb_usercopy+0x191/0x2b0 [ 265.570494][T11803] ? dvb_dmxdev_buffer_read+0x4c0/0x4c0 [ 265.576114][T11803] ? dvb_generic_ioctl+0xb0/0xb0 [ 265.581183][T11803] ? dvb_demux_poll+0x210/0x210 [ 265.586096][T11803] dvb_demux_ioctl+0x25/0x30 [ 265.590753][T11803] __se_sys_ioctl+0xfa/0x170 [ 265.595409][T11803] do_syscall_64+0x4c/0xa0 [ 265.599874][T11803] ? clear_bhb_loop+0x30/0x80 [ 265.604629][T11803] ? clear_bhb_loop+0x30/0x80 [ 265.609412][T11803] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 265.615475][T11803] RIP: 0033:0x7fa3bff2c819 [ 265.620117][T11803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 265.640059][T11803] RSP: 002b:00007fa3be186028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 265.648554][T11803] RAX: ffffffffffffffda RBX: 00007fa3c01a5fa0 RCX: 00007fa3bff2c819 [ 265.656706][T11803] RDX: 0020000000000000 RSI: 0000000000006f2d RDI: 0000000000000003 [ 265.664870][T11803] RBP: 00007fa3bffc2c91 R08: 0000000000000000 R09: 0000000000000000 [ 265.673006][T11803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 265.681131][T11803] R13: 00007fa3c01a6038 R14: 00007fa3c01a5fa0 R15: 00007ffc898ec418 [ 265.689210][T11803] [ 265.692457][ C0] vkms_vblank_simulate: vblank timer overrun [ 265.712130][ T4190] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 265.736073][ T4190] ath9k_htc: Failed to initialize the device [ 265.766305][ T4231] usb 4-1: ath9k_htc: USB layer deinitialized [ 265.789308][T11808] loop2: detected capacity change from 0 to 512 [ 265.807583][T11810] loop3: detected capacity change from 0 to 512 [ 265.807888][T11803] Mem-Info: [ 265.807961][T11803] active_anon:322 inactive_anon:6518 isolated_anon:0 [ 265.807961][T11803] active_file:12907 inactive_file:42997 isolated_file:0 [ 265.807961][T11803] unevictable:768 dirty:345 writeback:0 [ 265.807961][T11803] slab_reclaimable:20950 slab_unreclaimable:97966 [ 265.807961][T11803] mapped:30180 shmem:1774 pagetables:709 bounce:0 [ 265.807961][T11803] kernel_misc_reclaimable:0 [ 265.807961][T11803] free:1362481 free_pcp:10328 free_cma:0 [ 265.808022][T11803] Node 0 active_anon:1256kB inactive_anon:25564kB active_file:51424kB inactive_file:171988kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120720kB dirty:1380kB writeback:0kB shmem:5020kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11372kB pagetables:2836kB all_unreclaimable? no [ 265.808084][T11803] Node 1 active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:2076kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB all_unreclaimable? no [ 265.808237][T11803] Node 0 DMA free:15360kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 265.808309][T11803] lowmem_reserve[]: 0 2539 2540 2540 2540 [ 265.808361][T11803] Node 0 DMA32 free:1513884kB min:34784kB low:43480kB high:52176kB reserved_highatomic:0KB active_anon:1256kB inactive_anon:25564kB active_file:51424kB inactive_file:171988kB unevictable:1536kB writepending:1380kB present:3129332kB managed:2606552kB mlocked:0kB bounce:0kB free_pcp:41312kB local_pcp:19684kB free_cma:0kB [ 265.860483][ C0] vkms_vblank_simulate: vblank timer overrun [ 265.921956][ C0] vkms_vblank_simulate: vblank timer overrun [ 265.948396][ C0] vkms_vblank_simulate: vblank timer overrun [ 265.984415][ C0] vkms_vblank_simulate: vblank timer overrun [ 266.009405][T11803] lowmem_reserve[]: 0 0 0 0 0 [ 266.014784][T11803] Node 0 Normal free:0kB min:8kB low:8kB high:8kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:660kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 266.057239][T11808] EXT4-fs (loop2): inline encryption not supported [ 266.127574][T11808] EXT4-fs (loop2): mounted filesystem without journal. Opts: inlinecrypt,errors=remount-ro,abort,. Quota mode: writeback. [ 266.158281][T11810] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,nobarrier,stripe=0x0000000000000042,,errors=continue. Quota mode: writeback. [ 266.169490][T11808] ext4 filesystem being mounted at /734/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 266.179248][T11810] ext4 filesystem being mounted at /650/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 266.258631][T11803] lowmem_reserve[]: 0 0 0 0 0 [ 266.263502][T11803] Node 1 Normal free:3920680kB min:55108kB low:68884kB high:82660kB reserved_highatomic:0KB active_anon:32kB inactive_anon:508kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB present:4194304kB managed:4119672kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 266.297173][T11819] loop4: detected capacity change from 0 to 256 [ 266.313439][T11808] EXT4-fs error (device loop2): ext4_empty_dir:3136: inode #12: comm syz.2.3423: invalid size [ 266.328640][T11803] lowmem_reserve[]: 0 0 0 0 0 [ 266.334216][T11803] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 266.373454][T11808] EXT4-fs (loop2): Remounting filesystem read-only [ 266.402944][T11803] Node 0 DMA32: 2682*4kB (UME) 1558*8kB (UME) 506*16kB (UME) 278*32kB (UME) 53*64kB (UME) 44*128kB (UME) 58*256kB (UM) 25*512kB (UM) 9*1024kB (M) 3*2048kB (UM) 347*4096kB (UM) = 1513528kB [ 266.461154][T11803] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 266.473574][T11803] Node 1 Normal: 206*4kB (UME) 38*8kB (UE) 26*16kB (UME) 171*32kB (UME) 69*64kB (UME) 23*128kB (UE) 11*256kB (UME) 8*512kB (U) 0*1024kB 2*2048kB (UM) 951*4096kB (M) = 3920680kB [ 266.525700][T11819] FAT-fs (loop4): Directory bread(block 64) failed [ 266.555669][T11819] FAT-fs (loop4): Directory bread(block 65) failed [ 266.567712][T11803] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 266.590781][T11819] FAT-fs (loop4): Directory bread(block 66) failed [ 266.604747][T11803] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 266.604807][T11823] __nla_validate_parse: 82 callbacks suppressed [ 266.604892][T11823] netlink: 256 bytes leftover after parsing attributes in process `syz.3.3428'. [ 266.619431][T11819] FAT-fs (loop4): Directory bread(block 67) failed [ 266.643719][T11803] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 266.657976][T11819] FAT-fs (loop4): Directory bread(block 68) failed [ 266.685965][T11803] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 266.689280][T11819] FAT-fs (loop4): Directory bread(block 69) failed [ 266.712801][T11803] 57585 total pagecache pages [ 266.723815][T11803] 0 pages in swap cache [ 266.728207][T11803] Swap cache stats: add 2, delete 2, find 0/0 [ 266.739130][T11819] FAT-fs (loop4): Directory bread(block 70) failed [ 266.756044][T11803] Free swap = 124984kB [ 266.760754][T11819] FAT-fs (loop4): Directory bread(block 71) failed [ 266.777561][T11803] Total swap = 124996kB [ 266.783533][T11819] FAT-fs (loop4): Directory bread(block 72) failed [ 266.798674][T11803] 2097051 pages RAM [ 266.813716][T11819] FAT-fs (loop4): Directory bread(block 73) failed [ 266.828334][T11803] 0 pages HighMem/MovableOnly [ 266.844012][T11803] 411490 pages reserved [ 266.866446][T11803] 0 pages cma reserved [ 267.117287][T11836] IPv6: Can't replace route, no match found [ 267.539458][ T4190] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 267.785041][T11868] IPv6: ADDRCONF(NETDEV_CHANGE): bridge3: link becomes ready [ 267.900186][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 267.938854][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 267.986571][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 268.018844][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 268.044756][T11841] loop2: detected capacity change from 0 to 32768 [ 268.055056][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 268.083376][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 268.110288][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 268.134301][T11841] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.3437 (11841) [ 268.147565][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 268.190957][T11841] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 268.207584][T11871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3452'. [ 268.232440][T11841] BTRFS info (device loop2): force zlib compression, level 3 [ 268.253483][T11841] BTRFS info (device loop2): force clearing of disk cache [ 268.278772][T11841] BTRFS info (device loop2): use zlib compression, level 3 [ 268.308838][T11841] BTRFS info (device loop2): allowing degraded mounts [ 268.318667][T11841] BTRFS info (device loop2): turning on sync discard [ 268.348804][T11841] BTRFS info (device loop2): using free space tree [ 268.355494][T11841] BTRFS info (device loop2): has skinny extents [ 268.429147][ T4190] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 268.571220][T11841] BTRFS info (device loop2): enabling ssd optimizations [ 268.627049][T11841] BTRFS info (device loop2): clearing free space tree [ 268.664519][T11841] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 268.745921][T11841] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 268.847286][T11923] usb usb7: usbfs: process 11923 (syz.3.3467) did not claim interface 0 before use [ 268.910063][T11841] BTRFS info (device loop2): creating free space tree [ 268.943131][T11841] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 268.997673][T11841] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 269.449117][ T4190] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 269.738661][ T4190] usb 1-1: Using ep0 maxpacket: 32 [ 269.792073][T11949] 8021q: adding VLAN 0 to HW filter on device bond1 [ 269.859141][ T4190] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.900550][ T4190] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 270.079139][ T4190] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 270.096599][ T4190] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 270.115737][ T4190] usb 1-1: Product: syz [ 270.134514][ T4190] usb 1-1: Manufacturer: syz [ 270.244559][ T4190] hub 1-1:4.0: USB hub found [ 270.261234][T11971] netlink: 'syz.2.3491': attribute type 21 has an invalid length. [ 270.362741][T11976] loop3: detected capacity change from 0 to 2048 [ 270.427850][T11976] NILFS (loop3): invalid segment: Inconsistency found [ 270.456496][T11976] NILFS (loop3): trying rollback from an earlier position [ 270.478969][ T4190] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 270.537888][T11976] NILFS (loop3): norecovery option specified, skipping roll-forward recovery [ 270.758757][ C0] vkms_vblank_simulate: vblank timer overrun [ 270.819997][ T4190] usb 1-1: USB disconnect, device number 22 [ 271.450027][T12031] netlink: 'syz.0.3514': attribute type 10 has an invalid length. [ 271.457961][T12031] device macvlan0 entered promiscuous mode [ 271.482799][T12031] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 271.761460][T12049] loop3: detected capacity change from 0 to 16 [ 271.847978][T12049] erofs: (device loop3): mounted with root inode @ nid 36. [ 272.351516][T12071] netlink: 'syz.3.3530': attribute type 1 has an invalid length. [ 272.543894][T12075] loop2: detected capacity change from 0 to 4096 [ 272.559328][T12079] futex_wake_op: syz.3.3536 tries to shift op by 32; fix this program [ 272.583526][T12081] __nla_validate_parse: 74 callbacks suppressed [ 272.583548][T12081] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3537'. [ 272.685715][T12075] ntfs3: loop2: ino=3, Correct links count -> 2. [ 273.507798][T12113] netlink: 'syz.2.3553': attribute type 1 has an invalid length. [ 273.719986][ T4905] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 273.747876][T12126] netlink: 'syz.2.3558': attribute type 4 has an invalid length. [ 273.765129][T12126] netlink: 152 bytes leftover after parsing attributes in process `syz.2.3558'. [ 273.787403][T12126] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 273.847300][T12130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3559'. [ 273.978785][ T4905] usb 1-1: Using ep0 maxpacket: 32 [ 274.099261][ T4905] usb 1-1: config 4 has an invalid interface number: 128 but max is 0 [ 274.117821][ T4905] usb 1-1: config 4 has no interface number 0 [ 274.148338][ T4905] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.188734][ T4905] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.208968][ T4905] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 274.246927][ T4905] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.299968][ T4905] hub 1-1:4.128: USB hub found [ 274.414372][T12155] loop3: detected capacity change from 0 to 4096 [ 274.437274][T12155] ntfs3: loop3: ino=3, Correct links count -> 2. [ 274.518913][ T4905] hub 1-1:4.128: 2 ports detected [ 274.524391][ T4905] hub 1-1:4.128: Using single TT (err -22) [ 274.749129][ T4905] hub 1-1:4.128: hub_hub_status failed (err = -71) [ 274.755924][ T4905] hub 1-1:4.128: config failed, can't get hub status (err -71) [ 274.799643][ T4905] usb 1-1: USB disconnect, device number 23 [ 276.070800][T12194] loop2: detected capacity change from 0 to 4096 [ 276.175809][T12204] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 276.509096][T12215] binder: binder_mmap: 12214 200000001000-20000000b000 bad vm_flags failed -1 [ 276.657770][T12227] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3602'. [ 276.816843][T12237] netlink: 'syz.4.3608': attribute type 29 has an invalid length. [ 276.836148][T12237] netlink: 'syz.4.3608': attribute type 3 has an invalid length. [ 276.865084][T12237] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3608'. [ 277.127362][T12257] netlink: 'syz.2.3618': attribute type 3 has an invalid length. [ 277.178925][ T4190] usb 4-1: new low-speed USB device number 16 using dummy_hcd [ 277.189643][T12259] SET target dimension over the limit! [ 277.364379][T12267] loop2: detected capacity change from 0 to 256 [ 277.549019][ T4190] usb 4-1: config index 0 descriptor too short (expected 1307, got 27) [ 277.581689][ T4190] usb 4-1: config 0 has an invalid interface number: 0 but max is -1 [ 277.626294][ T4190] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 277.645911][ T4190] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 277.666271][ T4190] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 12408, setting to 8 [ 277.673749][T12279] ip6t_srh: unknown srh match flags 4000 [ 277.688352][ T4190] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 277.775863][T12283] netlink: 'syz.0.3631': attribute type 5 has an invalid length. [ 277.813413][T12283] device ip6erspan1 entered promiscuous mode [ 277.838400][T12285] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3632'. [ 277.949018][ T4190] usb 4-1: string descriptor 0 read error: -22 [ 277.967106][ T4190] usb 4-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 277.996944][ T4190] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.007349][T12293] kAFS: unable to lookup cell '(/' [ 278.028909][ T4190] usb 4-1: config 0 descriptor?? [ 278.084693][ T4190] hub 4-1:0.0: bad descriptor, ignoring hub [ 278.099127][ T4190] hub: probe of 4-1:0.0 failed with error -5 [ 278.149264][T12296] loop2: detected capacity change from 0 to 2048 [ 278.263757][T12296] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 278.283013][T12296] NILFS (loop2): segment count 8142508126285856831 exceeds upper limit (1152921504606846975 segments) [ 278.409864][T12309] xt_TCPMSS: Only works on TCP SYN packets [ 278.509871][ T4190] usb 4-1: USB disconnect, device number 16 [ 279.592992][T12373] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3675'. [ 279.810130][T12387] xt_hashlimit: size too large, truncated to 1048576 [ 279.817439][T12387] xt_hashlimit: max too large, truncated to 1048576 [ 280.394110][T12414] netlink: 176 bytes leftover after parsing attributes in process `syz.3.3696'. [ 280.424173][T12414] IPv6: NLM_F_CREATE should be specified when creating new route [ 280.452458][T12414] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 280.459862][T12414] IPv6: NLM_F_CREATE should be set when creating new route [ 280.720579][T12423] lo speed is unknown, defaulting to 1000 [ 280.784733][T12432] device bridge3 entered promiscuous mode [ 281.211836][T12423] chnl_net:caif_netlink_parms(): no params data found [ 281.252673][T12461] netlink: 'syz.4.3717': attribute type 1 has an invalid length. [ 281.503114][T12423] bridge0: port 1(bridge_slave_0) entered blocking state [ 281.540993][T12483] loop3: detected capacity change from 0 to 64 [ 281.547718][T12423] bridge0: port 1(bridge_slave_0) entered disabled state [ 281.563673][T12423] device bridge_slave_0 entered promiscuous mode [ 281.641884][T12483] attempt to access beyond end of device [ 281.641884][T12483] loop3: rw=0, want=65536, limit=64 [ 281.674282][T12423] bridge0: port 2(bridge_slave_1) entered blocking state [ 281.696867][T12423] bridge0: port 2(bridge_slave_1) entered disabled state [ 281.729051][T12483] Buffer I/O error on dev loop3, logical block 32767, async page read [ 281.749561][T12423] device bridge_slave_1 entered promiscuous mode [ 281.761028][T12483] attempt to access beyond end of device [ 281.761028][T12483] loop3: rw=0, want=65536, limit=64 [ 281.803579][T12483] Buffer I/O error on dev loop3, logical block 32767, async page read [ 281.857189][T12423] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 281.911546][T12423] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 282.033870][T12423] team0: Port device team_slave_0 added [ 282.044295][T12493] xt_connbytes: Forcing CT accounting to be enabled [ 282.051461][T12495] netlink: 'syz.3.3731': attribute type 79 has an invalid length. [ 282.066472][T12423] team0: Port device team_slave_1 added [ 282.166120][T12423] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 282.211148][T12423] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.251863][T12505] netlink: 'syz.2.3737': attribute type 9 has an invalid length. [ 282.261844][T12505] netlink: 126588 bytes leftover after parsing attributes in process `syz.2.3737'. [ 282.272591][T12423] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 282.303378][T12423] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 282.328705][T12423] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 282.382732][T12423] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 282.458914][ T21] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 282.499223][T12423] device hsr_slave_0 entered promiscuous mode [ 282.534527][T12423] device hsr_slave_1 entered promiscuous mode [ 282.561032][T12423] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 282.576555][T12423] Cannot create hsr debugfs directory [ 282.669016][ T4905] Bluetooth: hci5: command 0x0409 tx timeout [ 282.810357][ T21] usb 1-1: not running at top speed; connect to a high speed hub [ 282.906520][ T21] usb 1-1: config 11 has an invalid interface number: 95 but max is 0 [ 282.927109][T12423] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 282.934602][ T21] usb 1-1: config 11 has an invalid descriptor of length 0, skipping remainder of the config [ 282.961243][ T21] usb 1-1: config 11 has no interface number 0 [ 282.968114][ T21] usb 1-1: config 11 interface 95 altsetting 64 endpoint 0xD has invalid maxpacket 512, setting to 64 [ 283.006918][ T21] usb 1-1: config 11 interface 95 altsetting 64 endpoint 0x8 has invalid wMaxPacketSize 0 [ 283.034631][ T21] usb 1-1: config 11 interface 95 altsetting 64 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 283.059194][ T21] usb 1-1: config 11 interface 95 has no altsetting 0 [ 283.080678][T12423] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 283.104050][T12423] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 283.116149][T12423] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 283.165544][T12532] loop3: detected capacity change from 0 to 2048 [ 283.180896][ T21] usb 1-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=b1.4d [ 283.209353][ T21] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 283.238346][ T21] usb 1-1: Manufacturer: syz [ 283.246808][T12532] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 283.269899][T12503] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 283.340151][T12423] 8021q: adding VLAN 0 to HW filter on device bond0 [ 283.370817][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 283.390038][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 283.403243][T12423] 8021q: adding VLAN 0 to HW filter on device team0 [ 283.464486][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 283.515547][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 283.543988][ T9] bridge0: port 1(bridge_slave_0) entered blocking state [ 283.551906][ T9] bridge0: port 1(bridge_slave_0) entered forwarding state [ 283.573372][ T21] usb 1-1: USB disconnect, device number 24 [ 283.581724][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 283.594114][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 283.612477][ T9] bridge0: port 2(bridge_slave_1) entered blocking state [ 283.619696][ T9] bridge0: port 2(bridge_slave_1) entered forwarding state [ 283.631634][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 283.649503][T12541] netlink: 'syz.2.3754': attribute type 10 has an invalid length. [ 283.659368][T12541] device syz_tun entered promiscuous mode [ 283.689392][T12541] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 283.697010][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 283.697781][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 283.699597][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 283.702381][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 283.703471][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 283.714141][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 283.729081][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 283.730084][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 283.734585][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 283.751645][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 283.842954][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 283.871957][T12423] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 284.044064][T12554] netlink: 48 bytes leftover after parsing attributes in process `syz.2.3759'. [ 284.074414][T12554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3759'. [ 284.098708][T12554] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3759'. [ 284.119159][T12554] netlink: 'syz.2.3759': attribute type 8 has an invalid length. [ 284.328744][T12568] netlink: 'syz.0.3765': attribute type 32 has an invalid length. [ 284.364699][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 284.382751][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 284.413142][T12570] device bridge3 entered promiscuous mode [ 284.442479][T12423] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 284.539080][T12577] netlink: 132 bytes leftover after parsing attributes in process `syz.4.3769'. [ 284.600220][T12580] loop2: detected capacity change from 0 to 256 [ 284.711573][T12589] netlink: 'syz.3.3774': attribute type 1 has an invalid length. [ 284.772188][ T21] Bluetooth: hci5: command 0x041b tx timeout [ 284.805523][T12580] FAT-fs (loop2): Directory bread(block 64) failed [ 284.820163][T12580] FAT-fs (loop2): Directory bread(block 65) failed [ 284.826874][T12580] FAT-fs (loop2): Directory bread(block 66) failed [ 284.868603][T12580] FAT-fs (loop2): Directory bread(block 67) failed [ 284.875309][T12580] FAT-fs (loop2): Directory bread(block 68) failed [ 284.924447][T12580] FAT-fs (loop2): Directory bread(block 69) failed [ 284.972087][T12580] FAT-fs (loop2): Directory bread(block 70) failed [ 285.018794][T12580] FAT-fs (loop2): Directory bread(block 71) failed [ 285.055731][T12580] FAT-fs (loop2): Directory bread(block 72) failed [ 285.131213][T12580] FAT-fs (loop2): Directory bread(block 73) failed [ 285.253007][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 285.282959][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 285.405550][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 285.424864][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 285.480524][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 285.510120][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 285.536450][T12423] device veth0_vlan entered promiscuous mode [ 285.592219][T12423] device veth1_vlan entered promiscuous mode [ 285.719092][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 285.729390][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 285.756937][T12624] loop2: detected capacity change from 0 to 64 [ 285.772686][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 285.791906][ T4250] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 285.805982][T12626] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 285.827738][T12423] device veth0_macvtap entered promiscuous mode [ 285.844279][T12626] blk_update_request: I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 285.871850][T12423] device veth1_macvtap entered promiscuous mode [ 285.968308][T12423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.000752][T12423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.060821][T12423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 286.086275][T12423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.090669][T12636] loop3: detected capacity change from 0 to 1024 [ 286.119005][T12423] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 286.149692][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 286.158216][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 286.266375][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 286.309844][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 286.325990][T12423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.357255][T12636] EXT4-fs (loop3): mounted filesystem without journal. Opts: barrier,nodioread_nolock,noquota,barrier,block_validity,nodioread_nolock,nodelalloc,resuid=0x0000000000000000,errors=remount-ro,. Quota mode: none. [ 286.378115][ C0] vkms_vblank_simulate: vblank timer overrun [ 286.384597][T12636] ext4 filesystem being mounted at /775/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.403033][T12636] EXT4-fs error (device loop3): ext4_free_blocks:6232: comm syz.3.3797: Freeing blocks not in datazone - block = 0, count = 16 [ 286.418870][T12423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.432615][T12636] EXT4-fs (loop3): Remounting filesystem read-only [ 286.439993][T12636] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.3797: bg 0: block 112: padding at end of block bitmap is not set [ 286.461525][T12423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.461579][T12636] EXT4-fs (loop3): Remounting filesystem read-only [ 286.479128][T12423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.481965][T12636] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 286.500123][T12636] EXT4-fs (loop3): Remounting filesystem read-only [ 286.541222][T12423] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 286.601598][T12423] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 286.689301][T12423] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 286.719092][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 286.728123][ T154] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 286.746812][ C0] vkms_vblank_simulate: vblank timer overrun [ 286.816678][T12423] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.829018][ T21] Bluetooth: hci5: command 0x040f tx timeout [ 286.846337][T12423] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.866681][T12423] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.878422][T12657] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3804'. [ 286.899450][T12423] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 286.938606][ T4231] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 287.110361][ T4280] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.142018][ T4280] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.163006][ T3064] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 287.224402][ T4280] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 287.240215][ T4280] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 287.271487][ T3064] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 287.285913][T12671] blk_update_request: I/O error, dev loop3, sector 128 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 287.308834][ T4231] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 287.329162][ T4231] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0xD has invalid maxpacket 0 [ 287.346856][ T4231] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 287.360469][T12671] gfs2: error 10 reading superblock [ 287.449290][ T4231] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 287.469088][T12677] dlm: plock device version mismatch: kernel (1.2.0), user (1.32.0) [ 287.477263][ T4231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 287.509853][ T4231] usb 1-1: SerialNumber: syz [ 287.810681][ T4231] usbtest 1-1:1.0: Linux user mode ISO test driver [ 287.830697][ T4231] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 287.852556][T12701] cgroup: name respecified [ 287.888889][ T4231] usb 1-1: USB disconnect, device number 25 [ 287.917884][T12705] loop2: detected capacity change from 0 to 8 [ 287.999830][T12705] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 288.099694][T12707] loop3: detected capacity change from 0 to 4096 [ 288.214791][T12707] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 288.259890][T12707] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 288.345913][T12726] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3837'. [ 288.358716][T12707] ntfs: volume version 3.1. [ 288.384743][T12707] ntfs: (device loop3): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 288.408901][T12726] netlink: 32 bytes leftover after parsing attributes in process `syz.5.3837'. [ 288.458139][T12707] ntfs: (device loop3): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 288.499750][T12731] loop2: detected capacity change from 0 to 128 [ 288.508855][T12707] ntfs: (device loop3): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 288.628661][T12731] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 288.699751][T12731] ext4 filesystem being mounted at /853/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 288.771178][T12731] EXT4-fs warning (device loop2): ext4_group_extend:1823: can't shrink FS - resize aborted [ 288.909593][ T4910] Bluetooth: hci5: command 0x0419 tx timeout [ 289.029931][T12762] netlink: 288 bytes leftover after parsing attributes in process `syz.5.3856'. [ 289.775422][T12820] netlink: 'syz.0.3884': attribute type 21 has an invalid length. [ 289.804397][T12820] IPv6: NLM_F_CREATE should be specified when creating new route [ 289.825721][T12820] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 289.833089][T12820] IPv6: NLM_F_CREATE should be set when creating new route [ 289.840556][T12820] IPv6: NLM_F_CREATE should be set when creating new route [ 289.847824][T12820] IPv6: NLM_F_CREATE should be set when creating new route [ 290.050108][T12832] netlink: 'syz.4.3890': attribute type 25 has an invalid length. [ 290.058319][T12832] netlink: 'syz.4.3890': attribute type 28 has an invalid length. [ 290.233729][T12838] loop3: detected capacity change from 0 to 4096 [ 290.308983][T12838] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 290.372541][T12838] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 290.804401][T12873] smb3: Bad value for 'uid' [ 290.819013][ T4493] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 291.059419][ T4493] usb 6-1: Using ep0 maxpacket: 16 [ 291.175324][T12891] loop4: detected capacity change from 0 to 1024 [ 291.317759][T12891] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 291.339836][ T4493] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 291.359569][ T4493] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.388638][ T4493] usb 6-1: Product: syz [ 291.403155][ T4493] usb 6-1: Manufacturer: syz [ 291.407841][ T4493] usb 6-1: SerialNumber: syz [ 291.431197][ T4493] r8152-cfgselector 6-1: config 0 descriptor?? [ 291.465435][T12891] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 2: comm syz.4.3920: lblock 2 mapped to illegal pblock 2 (length 1) [ 291.538695][T12891] Quota error (device loop4): qtree_write_dquot: dquota write failed [ 291.547088][T12891] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 48: comm syz.4.3920: lblock 0 mapped to illegal pblock 48 (length 1) [ 291.572370][T12891] Quota error (device loop4): v2_write_file_info: Can't write info structure [ 291.587997][T12891] EXT4-fs error (device loop4): ext4_acquire_dquot:6234: comm syz.4.3920: Failed to acquire dquot type 0 [ 291.599948][T12866] loop2: detected capacity change from 0 to 32768 [ 291.607932][T12891] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 291.645486][T12891] EXT4-fs error (device loop4): ext4_evict_inode:282: inode #11: comm syz.4.3920: mark_inode_dirty error [ 291.676554][T12891] EXT4-fs warning (device loop4): ext4_evict_inode:285: couldn't mark inode dirty (err -117) [ 291.714592][T12866] XFS (loop2): Mounting V5 Filesystem [ 291.719720][T12891] EXT4-fs (loop4): 1 orphan inode deleted [ 291.725841][T12891] EXT4-fs (loop4): mounted filesystem without journal. Opts: nomblk_io_submit,noblock_validity,delalloc,max_batch_time=0x00000000000008c9,nodiscard,stripe=0x0000000000000004,noauto_da_alloc,,errors=continue. Quota mode: none. [ 291.755081][ T4663] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 291.778811][ T4231] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 291.836777][ T4663] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 291.887548][ T4663] EXT4-fs error (device loop4): ext4_release_dquot:6270: comm kworker/u4:8: Failed to release dquot type 0 [ 291.923440][T12866] XFS (loop2): Ending clean mount [ 291.943657][ T4493] r8152-cfgselector 6-1: Unknown version 0x0000 [ 291.972042][ T4493] r8152-cfgselector 6-1: USB disconnect, device number 2 [ 292.019839][ T4186] XFS (loop2): Unmounting Filesystem [ 292.028778][ T4663] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 292.078665][ T4231] usb 4-1: Using ep0 maxpacket: 16 [ 292.099676][ T4663] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 292.139125][ T4663] EXT4-fs error (device loop4): ext4_release_dquot:6270: comm kworker/u4:8: Failed to release dquot type 0 [ 292.198963][ T4231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.213203][ T4185] EXT4-fs error (device loop4): __ext4_get_inode_loc:4327: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 292.249056][ T4231] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 292.308638][ T4231] usb 4-1: New USB device found, idVendor=17ef, idProduct=7309, bcdDevice= 0.00 [ 292.353107][ T4185] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5854: Corrupt filesystem [ 292.369886][ T4231] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.393793][ T4185] EXT4-fs error (device loop4): ext4_quota_off:6540: inode #3: comm syz-executor: mark_inode_dirty error [ 292.447658][ T4231] usb 4-1: config 0 descriptor?? [ 292.520932][ T4231] hub 4-1:0.0: USB hub found [ 292.739556][ T4231] hub 4-1:0.0: 7 ports detected [ 292.758761][ T4231] hub 4-1:0.0: insufficient power available to use all downstream ports [ 292.948737][ T4231] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 292.958750][ T4231] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 293.079713][ T4231] usb 4-1: USB disconnect, device number 17 [ 293.489094][T12946] loop2: detected capacity change from 0 to 2048 [ 293.601534][T12968] fuse: Invalid rootmode [ 293.617130][T12946] Dev loop2: RDB in block 1 has bad checksum [ 293.921352][T12984] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3957'. [ 293.971605][ T4493] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 294.244455][T12998] binder: 12997:12998 ioctl c0306201 2000000001c0 returned -14 [ 294.359317][ T4493] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 294.388907][ T4493] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 294.538841][ T4493] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 294.598620][ T4493] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 294.621569][ T4493] usb 4-1: SerialNumber: syz [ 294.710033][ T4493] usb 4-1: 0:2 : does not exist [ 294.779968][T13026] loop4: detected capacity change from 0 to 256 [ 294.822480][T13029] binder: 13028:13029 ioctl c0306201 2000000001c0 returned -14 [ 294.913462][T13026] FAT-fs (loop4): Directory bread(block 64) failed [ 294.964248][T13026] FAT-fs (loop4): Directory bread(block 65) failed [ 294.984701][T13026] FAT-fs (loop4): Directory bread(block 66) failed [ 295.006517][T13026] FAT-fs (loop4): Directory bread(block 67) failed [ 295.029603][T13026] FAT-fs (loop4): Directory bread(block 68) failed [ 295.046651][T13026] FAT-fs (loop4): Directory bread(block 69) failed [ 295.066429][T13026] FAT-fs (loop4): Directory bread(block 70) failed [ 295.085017][T13026] FAT-fs (loop4): Directory bread(block 71) failed [ 295.105293][T13026] FAT-fs (loop4): Directory bread(block 72) failed [ 295.120157][T13026] FAT-fs (loop4): Directory bread(block 73) failed [ 295.170040][ T4493] usb 4-1: USB disconnect, device number 18 [ 295.647582][T13063] usb usb1: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 295.736689][T13065] netlink: 14 bytes leftover after parsing attributes in process `syz.2.3990'. [ 296.028963][ T4910] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 296.289015][ T4910] usb 1-1: Using ep0 maxpacket: 16 [ 296.331133][ T4905] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 296.609106][ T4910] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 296.619005][ T4905] usb 6-1: Using ep0 maxpacket: 8 [ 296.629351][ T4910] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.647676][ T4910] usb 1-1: Product: syz [ 296.658576][ T4910] usb 1-1: Manufacturer: syz [ 296.669380][ T4910] usb 1-1: SerialNumber: syz [ 296.679444][ T4910] r8152-cfgselector 1-1: config 0 descriptor?? [ 296.781711][T13103] loop2: detected capacity change from 0 to 32768 [ 296.845957][T13103] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 296.888071][T13103] JBD2: Ignoring recovery information on journal [ 296.939434][T13103] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 296.959091][ T4905] usb 6-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 296.968738][ T4905] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.976814][ T4905] usb 6-1: Product: syz [ 296.984074][ T4905] usb 6-1: Manufacturer: syz [ 296.989282][ T4905] usb 6-1: SerialNumber: syz [ 297.011980][ T4905] usb 6-1: config 0 descriptor?? [ 297.123441][T13103] OCFS2: ERROR (device loop2): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #32 has an invalid fs_generation of #1 [ 297.162637][T13103] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 297.189093][T13103] OCFS2: File system is now read-only. [ 297.194878][T13103] (syz.2.4009,13103,1):ocfs2_search_chain:1761 ERROR: status = -30 [ 297.216043][T13103] (syz.2.4009,13103,1):ocfs2_search_chain:1871 ERROR: status = -30 [ 297.227633][ T4910] r8152-cfgselector 1-1: Unknown version 0x0000 [ 297.236060][T13103] (syz.2.4009,13103,1):ocfs2_claim_suballoc_bits:1950 ERROR: status = -30 [ 297.255434][ T4910] r8152-cfgselector 1-1: USB disconnect, device number 26 [ 297.262973][T13103] (syz.2.4009,13103,1):ocfs2_claim_suballoc_bits:1993 ERROR: status = -30 [ 297.277175][T13103] (syz.2.4009,13103,1):__ocfs2_claim_clusters:2365 ERROR: status = -30 [ 297.289442][T13103] (syz.2.4009,13103,1):__ocfs2_claim_clusters:2373 ERROR: status = -30 [ 297.298413][T13103] (syz.2.4009,13103,1):ocfs2_local_alloc_new_window:1203 ERROR: status = -30 [ 297.312079][ T4905] usb 6-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 297.334775][T13103] (syz.2.4009,13103,1):ocfs2_local_alloc_new_window:1228 ERROR: status = -30 [ 297.346241][T13103] (syz.2.4009,13103,1):ocfs2_local_alloc_slide_window:1302 ERROR: status = -30 [ 297.357146][T13103] (syz.2.4009,13103,1):ocfs2_local_alloc_slide_window:1321 ERROR: status = -30 [ 297.371001][T13103] (syz.2.4009,13103,1):ocfs2_reserve_local_alloc_bits:671 ERROR: status = -30 [ 297.383762][T13103] (syz.2.4009,13103,1):ocfs2_reserve_local_alloc_bits:709 ERROR: status = -30 [ 297.396612][T13103] (syz.2.4009,13103,1):ocfs2_reserve_clusters_with_limit:1166 ERROR: status = -30 [ 297.407617][T13103] (syz.2.4009,13103,1):ocfs2_reserve_clusters_with_limit:1215 ERROR: status = -30 [ 297.417797][T13103] (syz.2.4009,13103,1):ocfs2_mknod:357 ERROR: status = -30 [ 297.430404][T13103] (syz.2.4009,13103,1):ocfs2_mknod:502 ERROR: status = -30 [ 297.445660][T13103] (syz.2.4009,13103,1):ocfs2_mkdir:659 ERROR: status = -30 [ 297.466218][T13118] loop3: detected capacity change from 0 to 512 [ 297.518918][ T4905] usb write operation failed. (-71) [ 297.544874][ T4905] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 297.565372][ T4905] dvbdev: DVB: registering new adapter (Terratec H7) [ 297.573018][ T4905] usb 6-1: media controller created [ 297.584851][T13118] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 297.598874][ T4905] usb read operation failed. (-71) [ 297.612479][ T4186] ocfs2: Unmounting device (7,2) on (node local) [ 297.619804][T13118] ext4 filesystem being mounted at /814/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 297.629261][ T4905] usb write operation failed. (-71) [ 297.663738][ T4905] dvb_usb_az6007: probe of 6-1:0.0 failed with error -5 [ 297.690456][ T4905] usb 6-1: USB disconnect, device number 3 [ 298.131205][T13137] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 298.249917][T13143] netlink: 140 bytes leftover after parsing attributes in process `syz.3.4026'. [ 298.388891][ T4905] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 298.400059][T13149] netlink: 'syz.2.4029': attribute type 10 has an invalid length. [ 298.410388][T13149] netlink: 2 bytes leftover after parsing attributes in process `syz.2.4029'. [ 298.448754][T13149] device bond0 entered promiscuous mode [ 298.454396][T13149] device bond_slave_0 entered promiscuous mode [ 298.498283][T13149] device bond_slave_1 entered promiscuous mode [ 298.533263][T13149] bridge0: port 2(bond0) entered blocking state [ 298.547839][T13149] bridge0: port 2(bond0) entered disabled state [ 298.567685][T13149] bridge0: port 2(bond0) entered blocking state [ 298.574460][T13149] bridge0: port 2(bond0) entered forwarding state [ 298.599112][T13155] netlink: 'syz.0.4031': attribute type 2 has an invalid length. [ 298.618808][T13155] netlink: 12 bytes leftover after parsing attributes in process `syz.0.4031'. [ 298.648754][ T4905] usb 6-1: Using ep0 maxpacket: 8 [ 298.788938][ T4905] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 298.807445][ T4905] usb 6-1: config 0 has no interface number 0 [ 298.824960][ T4905] usb 6-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 298.863983][ T4905] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.908999][ T4905] usb 6-1: config 0 descriptor?? [ 298.945114][T13173] netlink: 209772 bytes leftover after parsing attributes in process `syz.3.4040'. [ 298.978920][T13173] openvswitch: netlink: Message has 80 unknown bytes. [ 299.066600][T13177] mip6: mip6_destopt_init_state: state's mode is not 2: 0 [ 299.173150][ T4910] usb 6-1: USB disconnect, device number 4 [ 299.515905][T13192] loop2: detected capacity change from 0 to 4096 [ 299.556144][T13192] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 299.647078][T13192] ntfs: (device loop2): ntfs_read_locked_inode(): Corrupt standard information attribute in inode. [ 299.674083][T13192] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 299.738680][T13192] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 299.779030][T13201] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 299.817501][T13192] ntfs: volume version 3.1. [ 299.861095][T13192] ntfs: (device loop2): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 299.968364][T13188] loop3: detected capacity change from 0 to 32768 [ 300.013685][T13209] netlink: 2 bytes leftover after parsing attributes in process `syz.4.4058'. [ 300.190433][T13188] XFS (loop3): Mounting V5 Filesystem [ 300.359108][T13188] XFS (loop3): Ending clean mount [ 300.415558][T13228] netlink: 'syz.5.4062': attribute type 1 has an invalid length. [ 300.463746][T13234] netlink: 56 bytes leftover after parsing attributes in process `syz.2.4065'. [ 300.469386][T13228] netlink: 'syz.5.4062': attribute type 3 has an invalid length. [ 300.496395][ T4479] XFS (loop3): Unmounting Filesystem [ 300.521482][T13228] netlink: 224 bytes leftover after parsing attributes in process `syz.5.4062'. [ 301.100024][T13259] xt_TCPMSS: Only works on TCP SYN packets [ 301.698790][T13292] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4092'. [ 301.726664][T13292] netlink: 40 bytes leftover after parsing attributes in process `syz.5.4092'. [ 302.419501][T13346] IPv6: sit2: Disabled Multicast RS [ 302.528843][T13353] syz.3.4122 (13353): /proc/13349/oom_adj is deprecated, please use /proc/13349/oom_score_adj instead. [ 302.580037][T13354] loop5: detected capacity change from 0 to 2048 [ 302.597523][T13350] xt_CT: No such helper "pptp" [ 302.674943][T13357] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 302.746314][ T26] audit: type=1800 audit(1776209286.561:20): pid=13354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.4123" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 302.852948][T13354] NILFS (loop5): error -2 truncating bmap (ino=16) [ 303.018034][T13357] ------------[ cut here ]------------ [ 303.024277][T13357] WARNING: CPU: 1 PID: 13357 at fs/nilfs2/dat.c:200 nilfs_dat_commit_end+0x5ac/0x6b0 [ 303.034044][T13357] Modules linked in: [ 303.038181][T13357] CPU: 1 PID: 13357 Comm: segctord Not tainted syzkaller #0 [ 303.045646][T13357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 303.055908][T13357] RIP: 0010:nilfs_dat_commit_end+0x5ac/0x6b0 [ 303.062040][T13357] Code: 8b 34 24 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b8 54 03 00 e8 73 5a 6a fe e8 7e b6 f1 fd e9 b8 fc ff ff e8 64 5a 6a fe <0f> 0b e9 16 fc ff ff e8 58 5a 6a fe e8 63 b6 f1 fd e9 74 fe ff ff [ 303.082109][T13357] RSP: 0018:ffffc9000326f390 EFLAGS: 00010293 [ 303.088254][T13357] RAX: ffffffff830ec6ac RBX: ffff888062e4d1a0 RCX: ffff88802a92bb80 [ 303.096465][T13357] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000003f0002 [ 303.104574][T13357] RBP: 0000000000000003 R08: ffff88805f455577 R09: 1ffff1100be8aaae [ 303.112678][T13357] R10: dffffc0000000000 R11: ffffed100be8aaaf R12: ffff88802a92d308 [ 303.120823][T13357] R13: ffff8880764fe9e0 R14: 00000000003f0002 R15: ffff888061ade9b0 [ 303.129238][T13357] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 303.138982][T13357] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 303.145638][T13357] CR2: 00007fa3c0cd56b8 CR3: 000000000c08e000 CR4: 00000000003506e0 [ 303.153737][T13357] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 303.161855][T13357] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 303.171368][T13357] Call Trace: [ 303.174873][T13357] [ 303.177952][T13357] nilfs_dat_commit_update+0x24/0x40 [ 303.183364][T13357] nilfs_btree_commit_update_v+0x93/0x410 [ 303.189188][T13357] nilfs_btree_propagate+0x95a/0xcf0 [ 303.194771][T13357] nilfs_bmap_propagate+0x70/0x120 [ 303.200083][T13357] nilfs_segctor_apply_buffers+0x15d/0x320 [ 303.205957][T13357] ? nilfs_collect_file_data+0xc0/0xc0 [ 303.211558][T13357] nilfs_segctor_scan_file+0x7af/0x9d0 [ 303.217083][T13357] ? trace_nilfs2_collection_stage_transition+0x1a0/0x1a0 [ 303.224491][T13357] ? nilfs_segbuf_extend_segsum+0x25d/0x360 [ 303.230574][T13357] ? rcu_is_watching+0x11/0xa0 [ 303.235402][T13357] nilfs_segctor_do_construct+0x1c26/0x6ca0 [ 303.241990][T13357] ? verify_lock_unused+0x140/0x140 [ 303.247278][T13357] ? nilfs_transaction_unlock+0x220/0x220 [ 303.253361][T13357] ? nilfs_bmap_test_and_clear_dirty+0x4c/0x70 [ 303.259655][T13357] ? clear_nonspinnable+0x60/0x60 [ 303.264746][T13357] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 303.270339][T13357] ? __lock_acquire+0x7d10/0x7d10 [ 303.275423][T13357] ? __rwlock_init+0x140/0x140 [ 303.280350][T13357] ? do_raw_spin_unlock+0x11d/0x230 [ 303.285727][T13357] ? _raw_spin_unlock+0x24/0x40 [ 303.290666][T13357] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 303.296274][T13357] nilfs_segctor_construct+0x17b/0x690 [ 303.302393][T13357] nilfs_segctor_thread+0x523/0x1180 [ 303.307816][T13357] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 303.313844][T13357] ? nilfs_iput_work_func+0x70/0x70 [ 303.319369][T13357] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 303.325324][T13357] ? _raw_spin_unlock+0x40/0x40 [ 303.330375][T13357] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 303.336461][T13357] ? init_wait_entry+0xd0/0xd0 [ 303.341501][T13357] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 303.347458][T13357] ? __kthread_parkme+0x157/0x1b0 [ 303.352634][T13357] kthread+0x436/0x520 [ 303.356770][T13357] ? nilfs_iput_work_func+0x70/0x70 [ 303.362073][T13357] ? kthread_blkcg+0xd0/0xd0 [ 303.366705][T13357] ret_from_fork+0x1f/0x30 [ 303.371260][T13357] [ 303.374330][T13357] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 303.381637][T13357] CPU: 1 PID: 13357 Comm: segctord Not tainted syzkaller #0 [ 303.388983][T13357] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 303.399097][T13357] Call Trace: [ 303.402433][T13357] [ 303.405407][T13357] dump_stack_lvl+0x188/0x250 [ 303.410311][T13357] ? show_regs_print_info+0x20/0x20 [ 303.415576][T13357] ? load_image+0x400/0x400 [ 303.420149][T13357] panic+0x2e5/0x810 [ 303.424115][T13357] ? bpf_jit_dump+0xd0/0xd0 [ 303.428689][T13357] ? ret_from_fork+0x1f/0x30 [ 303.433337][T13357] ? nilfs_dat_commit_end+0x5ac/0x6b0 [ 303.438844][T13357] __warn+0x248/0x2b0 [ 303.442885][T13357] ? nilfs_dat_commit_end+0x5ac/0x6b0 [ 303.448312][T13357] report_bug+0x1b7/0x2e0 [ 303.452740][T13357] handle_bug+0x3a/0x70 [ 303.456950][T13357] exc_invalid_op+0x16/0x40 [ 303.461505][T13357] asm_exc_invalid_op+0x16/0x20 [ 303.466826][T13357] RIP: 0010:nilfs_dat_commit_end+0x5ac/0x6b0 [ 303.472989][T13357] Code: 8b 34 24 48 83 c4 28 5b 41 5c 41 5d 41 5e 41 5f 5d e9 b8 54 03 00 e8 73 5a 6a fe e8 7e b6 f1 fd e9 b8 fc ff ff e8 64 5a 6a fe <0f> 0b e9 16 fc ff ff e8 58 5a 6a fe e8 63 b6 f1 fd e9 74 fe ff ff [ 303.493011][T13357] RSP: 0018:ffffc9000326f390 EFLAGS: 00010293 [ 303.499140][T13357] RAX: ffffffff830ec6ac RBX: ffff888062e4d1a0 RCX: ffff88802a92bb80 [ 303.507361][T13357] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 00000000003f0002 [ 303.515382][T13357] RBP: 0000000000000003 R08: ffff88805f455577 R09: 1ffff1100be8aaae [ 303.523578][T13357] R10: dffffc0000000000 R11: ffffed100be8aaaf R12: ffff88802a92d308 [ 303.531616][T13357] R13: ffff8880764fe9e0 R14: 00000000003f0002 R15: ffff888061ade9b0 [ 303.539977][T13357] ? nilfs_dat_commit_end+0x5ac/0x6b0 [ 303.545429][T13357] nilfs_dat_commit_update+0x24/0x40 [ 303.550816][T13357] nilfs_btree_commit_update_v+0x93/0x410 [ 303.556607][T13357] nilfs_btree_propagate+0x95a/0xcf0 [ 303.561958][T13357] nilfs_bmap_propagate+0x70/0x120 [ 303.567138][T13357] nilfs_segctor_apply_buffers+0x15d/0x320 [ 303.573009][T13357] ? nilfs_collect_file_data+0xc0/0xc0 [ 303.578532][T13357] nilfs_segctor_scan_file+0x7af/0x9d0 [ 303.584569][T13357] ? trace_nilfs2_collection_stage_transition+0x1a0/0x1a0 [ 303.591968][T13357] ? nilfs_segbuf_extend_segsum+0x25d/0x360 [ 303.597934][T13357] ? rcu_is_watching+0x11/0xa0 [ 303.602770][T13357] nilfs_segctor_do_construct+0x1c26/0x6ca0 [ 303.608909][T13357] ? verify_lock_unused+0x140/0x140 [ 303.614181][T13357] ? nilfs_transaction_unlock+0x220/0x220 [ 303.620585][T13357] ? nilfs_bmap_test_and_clear_dirty+0x4c/0x70 [ 303.626818][T13357] ? clear_nonspinnable+0x60/0x60 [ 303.631907][T13357] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 303.637418][T13357] ? __lock_acquire+0x7d10/0x7d10 [ 303.642498][T13357] ? __rwlock_init+0x140/0x140 [ 303.647313][T13357] ? do_raw_spin_unlock+0x11d/0x230 [ 303.652588][T13357] ? _raw_spin_unlock+0x24/0x40 [ 303.657594][T13357] ? nilfs_segctor_confirm+0x24d/0x2d0 [ 303.663311][T13357] nilfs_segctor_construct+0x17b/0x690 [ 303.669136][T13357] nilfs_segctor_thread+0x523/0x1180 [ 303.674516][T13357] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 303.680478][T13357] ? nilfs_iput_work_func+0x70/0x70 [ 303.685757][T13357] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 303.691711][T13357] ? _raw_spin_unlock+0x40/0x40 [ 303.696622][T13357] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 303.702984][T13357] ? init_wait_entry+0xd0/0xd0 [ 303.707931][T13357] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 303.714025][T13357] ? __kthread_parkme+0x157/0x1b0 [ 303.719111][T13357] kthread+0x436/0x520 [ 303.723238][T13357] ? nilfs_iput_work_func+0x70/0x70 [ 303.728483][T13357] ? kthread_blkcg+0xd0/0xd0 [ 303.733118][T13357] ret_from_fork+0x1f/0x30 [ 303.737589][T13357] [ 303.740903][T13357] Kernel Offset: disabled [ 303.745684][T13357] Rebooting in 86400 seconds..