last executing test programs: 6.09805269s ago: executing program 2 (id=1275): syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x6) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x9, 0x4) syz_emit_ethernet(0xae, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd602a84350078060020010000000000000000000000000002fe8000000000", @ANYRES32=0x41424344, @ANYBLOB="58c20001b568"], 0x0) 5.851168051s ago: executing program 2 (id=1277): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x24008040}, 0x0) bind$inet(r2, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x17}}, 0x10) connect$inet(r2, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) 5.505901803s ago: executing program 0 (id=1281): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002025252700000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000840)={r0, 0x70000000, 0x0, 0x1c, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x41c0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) setsockopt$llc_int(r2, 0x10c, 0x2, &(0x7f0000000080)=0xfff, 0x4) connect$llc(r2, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="48bd00"}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10) sendmmsg$inet(r3, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x64, 0x30, 0xc4b, 0x0, 0x25dfdbfb, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) 4.407228079s ago: executing program 0 (id=1283): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = dup(r0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000040)=[@in6={0xa, 0x4e24, 0x6, @loopback, 0x3}], 0x1c) sendmsg$inet6(r0, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) r2 = dup(r0) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000000)='ip6gretap0\x00', 0x10) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r1, 0x84, 0xa, &(0x7f0000000180)={0x0, 0x7ff, 0x2, 0xfffffffc, 0x7, 0x5, 0xb9, 0x8}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000002c0)={0x0, 0x18, 0xfa00, {0x1, 0x0, 0x2, 0xa}}, 0x20) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f0000000400)={0x0, @in={{0x2, 0x4e22, @empty}}, 0x8003, 0xbffc, 0xe652, 0x2, 0x4, 0x8, 0xff}, 0x9c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000200)={0x0, @in6={{0xa, 0xce20, 0x6, @empty, 0x2d}}, 0x7, 0x1, 0xf06, 0x3, 0xb4, 0x7f, 0x9}, 0x9c) pipe2$9p(&(0x7f0000000080)={0xffffffffffffffff}, 0x0) splice(r3, 0x0, r0, 0x0, 0x20000000000002, 0x2) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r2, 0x84, 0x9, &(0x7f00000001c0)={0x0, @in6={{0xa, 0x4e60, 0xeffffff2, @empty, 0x5}}, 0x10001fc, 0x806, 0xffff1896, 0x3, 0x26, 0xffffffb9, 0x1a}, 0x9c) 4.18141422s ago: executing program 0 (id=1285): syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x6) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x9, 0x4) syz_emit_ethernet(0xae, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd602a84350078060020010000000000000000000000000002fe8000"/51, @ANYRES32=0x41424344, @ANYBLOB="58c20001b568"], 0x0) 3.914104101s ago: executing program 0 (id=1288): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 3.669997622s ago: executing program 0 (id=1291): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002025252700000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000840)={r0, 0x70000000, 0x0, 0x1c, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x41c0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) setsockopt$llc_int(r2, 0x10c, 0x2, &(0x7f0000000080)=0xfff, 0x4) connect$llc(r2, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="48bd00"}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10) sendmmsg$inet(r3, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x64, 0x30, 0xc4b, 0x0, 0x25dfdbfb, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) 2.683374057s ago: executing program 3 (id=1293): r0 = socket$inet6(0xa, 0x3, 0x5) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x6, 0xfa11, 0xffffffff}, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) syz_open_dev$sndctrl(0x0, 0x0, 0x0) r3 = syz_open_dev$radio(&(0x7f0000000100), 0x3, 0x2) ioctl$VIDIOC_SUBSCRIBE_EVENT(r3, 0x4020565a, &(0x7f0000000140)={0x3, 0x98f90f, 0x1}) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/stat\x00', 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x627, 0x4c1, 0x43, 0x0, 0x30) r4 = socket$nl_generic(0x10, 0x3, 0x10) request_key(&(0x7f0000000480)='asymmetric\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f0000000500)='abcdefghijklmnop', 0x0) request_key(&(0x7f0000001d40)='asymmetric\x00', &(0x7f0000000080)={'syz', 0x0}, 0x0, 0xfffffffffffffffe) sendmsg$nl_generic(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="1c783c6e61c777e0dd6365210bfd0000003e000701"], 0x1c}, 0x1, 0x0, 0x0, 0x4000c000}, 0xc000) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000680)=ANY=[], 0x1c}], 0x1}, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={0x0}, 0x1, 0x0, 0x0, 0x42804}, 0x84) sendmmsg(r0, 0x0, 0x0, 0x4000000) r7 = socket$inet(0x2, 0x1, 0x100) getsockopt$MRT(r7, 0x0, 0xd0, 0x0, 0x0) 2.456825108s ago: executing program 0 (id=1294): syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000100)={0x1f, 0xffff}, 0x6) setsockopt$bt_hci_HCI_FILTER(r0, 0x0, 0x2, &(0x7f0000000000)={0x79, [0x4, 0x5], 0x1}, 0x10) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f00000000c0)=0xf) ioctl$TCFLSH(r1, 0x400455c8, 0x0) 2.08989347s ago: executing program 2 (id=1295): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r0, 0x0, 0xca, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x28}}, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x12) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) syz_emit_ethernet(0x3e, &(0x7f00000002c0)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x20, 0xfc, 0x2, 0x0, @rand_addr=0x1c, @multicast1=0xe0000300}, @dest_unreach={0x3, 0x6, 0x0, 0x0, 0xfa, 0x9, {0x5, 0x4, 0x0, 0x1c, 0xfff6, 0x65, 0x5, 0x1, 0x4, 0x3, @private=0xa010102, @local}}}}}}, 0x0) 2.08940354s ago: executing program 1 (id=1296): syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x6) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x9, 0x4) syz_emit_ethernet(0xae, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd602a84350078060020010000000000000000000000000002fe8000"/51, @ANYRES32=0x41424344, @ANYBLOB="58c20001b568"], 0x0) 1.806272622s ago: executing program 2 (id=1297): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x80) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000340)=[@text32={0x20, &(0x7f00000002c0)="b8000001000f23c00f21f835020008000f23f866b8d0000f00d80f01cb0f2158363e670fc7a703003e83d7000f00d6b8050000000f23d80f21f835400000700f23f86467260f792c66ba210066ed", 0x4e}], 0x1, 0x10, &(0x7f0000000380)=[@cr0={0x0, 0x20000020}], 0x1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r5, 0x300000b, 0x11, r3, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000000c0)={0x4, 0x0, [{0x6, 0x4, 0x8000, 0xc7da, 0x9}, {0x40000000, 0x8, 0x4772, 0x7, 0x4}, {0x0, 0xa, 0x3ff, 0xc0000000, 0x5}, {0xc0000000, 0x6, 0x3, 0x9, 0x3}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x28, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a, 0x0, 0x0, r6, 0x0, 0x10140}, [@IFLA_NET_NS_FD={0x8, 0x1c, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000840}, 0x44014) socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0xf0b, 0x70bd2b, 0x1, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x5}}}}]}, 0x40}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000140)={0x2, 0x0, [{0xb, 0x3d5, 0x6, 0x5f71, 0x2}, {0x80000000, 0xffffffff, 0x4, 0x200, 0x9}]}) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) ioctl$sock_SIOCBRDELBR(r10, 0x89a2, &(0x7f0000000000)='bridge0\x00') 1.775501632s ago: executing program 1 (id=1298): syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000000)='./file0\x00', 0x2000844, &(0x7f0000000580)={[{@fat=@allow_utime={'allow_utime', 0x3d, 0x80}}, {@fat=@umask={'umask', 0x3d, 0x7}}, {@fat=@quiet}, {@fat=@allow_utime={'allow_utime', 0x3d, 0x1}}, {@fat=@discard}, {@fat=@umask={'umask', 0x3d, 0x87}}, {@dots}, {@fat=@nfs_stale_rw}, {@nodots}, {@nodots}, {@dots}, {@fat=@errors_continue}, {@fat=@time_offset={'time_offset', 0x3d, 0x2d5}}], [{@smackfstransmute={'smackfstransmute', 0x3d, '-'}}, {@smackfshat={'smackfshat', 0x3d, '^,/\xf8\x12\xe1\xc0\xac\xac|\xd6\x11\xfev\x93\xb8F\xd7\x13\xa9\xcf\x1cD/\x7f:\b-^|\xf6\x05\x00\x00\x00\xf6Fd\xf5\xe7 \xd7\xa35\xef\xfdP'}}]}, 0x1, 0x262, &(0x7f0000000040)="$eJzs3UFr02AYB/BnW9dmA3Fn8RDw4mmo36BIBTEgVHrQk4XpZRMhu1RP/Rh+Bj+SH2On3SouoZ1ZFTvTpprfD0oe8s9b3uTQt4fnbd/e/3B68vH8/ezbl0iSNDoR07iMOIrd2IvCTnncvaq7cd00/tydFa4FANZnOBz3m54DNdq5eSrP++P9iOjdSEZfNzMpAAAAAAAAAAAA6ra0/7/SQ1ZX/z8AsB30////8rw/Piy/v/1M/z8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQnMvZ7O7sN6+m5wcA1M/6DwDtY/0HgPax/gNA+7x6/eZFP8sGwzRNIi6mk9FkVByL/NnzbPAovXK0GHUxmYz2yzobPC7ytJofluOfLM278fBBkf/Inr7MKnkvTtZ98wAAAAAAAAAAAAAAAAAAALAljtO5yv7+vSI//lVeVNd+H6Cyf78T9zobuw0AAAAAAAAAAAAAAAAAAAD4p51/+nw6Pjt7lysU8+IgbjEqifmZ2wxfrehGxKqjerElj3d9RVLfk2/6kwkAAAAAAAAAAAAAAAAAANpnsem36ZkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQHMW////N8VB+W7Lr2n4FgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICW+B4AAP//C6SJig==") r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x541b, 0x0) 1.446052603s ago: executing program 1 (id=1299): r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) fchown(r0, 0x0, 0x0) 1.400914604s ago: executing program 2 (id=1300): openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x802, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x2000, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x82200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB], 0x50) getpid() bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000008000", @ANYRESDEC=r0, @ANYRESDEC], 0x0, 0x0, 0x0, 0x0, 0x41100}, 0x94) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) membarrier(0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18) ioctl$sock_inet_udp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000340)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000000f000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, 0x0}], 0x1, 0x3b, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r2 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r2, &(0x7f00000002c0)={0x1, 0x5}, 0x2) write$USERIO_CMD_REGISTER(r2, 0x0, 0x0) read(r2, &(0x7f00000001c0)=""/93, 0x5d) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) 1.293472894s ago: executing program 3 (id=1301): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x2010042, &(0x7f00000001c0)=ANY=[@ANYBLOB="63727566742c6d61703c61636f726e2c73686f776173736f632c757466382c636865636b3d72656c617865642c6e6f726f636b2c6e6f726f636b2c6f76657272696465726f636b7065726d2c636865636b3d73747269637464c3a5ce636b3d7374726963742c6769643d", @ANYRESHEX, @ANYBLOB=',uid=', @ANYRESHEX=0xee01, @ANYBLOB="2c756e686964652c686964652c73657373696f6e3d3078303030303030303030303030303034392c6f76657272696465726f636b7065726d2c6e6f726f636b2c636865636b3d72656c617865642c6f626a5f757365723d6769642c6d6561737572652c646f6e745f686173682c736d61636b6673726f6f743d6835737369896e0dc6f356a059e0ddf8bb3aa3c1477b07c746e3d0b318a278e2c9d2514fa91c557a2c6673757569643d62653362363136342d006462322d303838312d663330332d2b326366646234372c00"], 0x1, 0x943, &(0x7f00000009c0)="$eJzs3c1vHGcZAPBnNl7iuFWakrRx3ENXTYxMBM7uRkmIcsHxrp0tthfZjtSKi4G4KIqhiIIUKg5BQpyI4IA4wC1HThG99ITyV3Dgkj+AS8TJN1fv7PojzX44luN13d9Pmp2dmWfe55l9Z+eVP3Yn+Crb2NjIpz0u3/7nQRbL4XOz9vTR44dp+v1afCOOxZXs84jhiChFDEXEaERxurbYnO/T0L2IlYh4EpFFxPFozXdlJbI/x+vby08i+0fK29uum6eHDb7WBn3+AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAYZRN18rlShZzjYXbH5S6y28B3mP7ZnvNQnosNPvmjcjSFMPDm7f6Hj29vfmt9PBenG0tnc1vSB7D8elrb5+6cXqosLl/j4IOxCe//fTej9fWVn816EIGZLa+0FhqNuanZuulxlKzdP3q1fKlWzNLpZnGXH3pw6Xl+nxperE+tdxcLE1Mf7tUuX79cqk++WHz9sJsbWquvrny2ner5fLV0vuTP6xPLS41Fy69P7k0fasxN9dYmM1j0uYUcy2diD9oLJeW61PzpdJHd9dWL/crMgVVdhNU7RdULVerlUq1Wrl65fqVa+Xy0Asryl8SL0QM/qRlsPb9Gg57tdEe/wEAAICjK8t/x55+/i/mv4fPYqYxVy8PuiwAAABgH+V/+T+bZsWIONFe6+d/AAAAOEr6f8aub0T2nTjXijh3pzW/04741/E8YmSmMVefnG7O3ajEt7Y+7de5tWL+7wcXY6wVNTbSmo+0o9qfHBxOUZXJG5W4GO+0It6ZOJ9m5yd2RGYR+b8zVFuR7U/elDYji1uvwlabl1MkABx17/UZj3cz/l+M8VbE+FgadmNorMNoXTayAsBhsfUNNq/wyaCPEQB4nlEaAAAAAAAAAAAAAAAAAAAAAAAAAAAA9t9BfP+/J5548lV7MugrEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA11MWcazT+kLE8YgoR8Slg6/q1Xkw6AIGLFuP9bgfJwddBwAAAAAAAAAAAAAAAAAAAAAAAAAAAADAUdP+/v9CtOavtVbFUCFiPCJWIuJHg65xTzre1SBi/aDrOGR2fP9/6vPYyGKo1e2RFadri8351P35vR8KTx89fpim9q4/f5k8qYGU4bluaGfovteb+V4jtdVP7v3641+WajfzIm8uz8zV5mcXv78d+Hb2WUQpWtOmE+16fzf+7790OPLP0pHuLu9Mnrf2Yt6znfZ+2jNvL3fXVqsp03L9g+Xf/OLu/R2bvhljEecnIiaez/SzNHXJNBbFXtmyZ9kfs5Pxt1jJ+z+9GtlGlrrojfz4T3x0d2118qcfr93pUtOpGI2IOxHDu69pNL+edJSfdYViylrOg9LDmT7t9bSjxUqXY3gzzkXEyEsdw7nux5Dr87q3K7rcpaLT8e5L9/S7fTJ2lD3L/pvdiv/EH3bc/6OQ+n88dvPuTDF55I4zpWtkoRWZH3m1Z5td35XsTaHXxj/FT+J7W/1f2HH9b/fVwVyPdmR89e+L7UHozJdGpPbVp1uV7TrPtKK61PlWXIgYGnupK8qFPleUF/cv7uI4+8ieZX/PJuL/8cD9fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMMvizjWaX0hYjwiTkXEG2m5FLGxH/kKI1n87+R+tLQ3DwaX+lDI1mM97scAewAAAAAAAACA/XSz9vTR44dpytLisbiQfR4x3PpL/1BEnMr+WpyuLTbn+zRUjFiJiCd7qCHtF69vLz9JS6N7aAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCPriwAAAP//hO21Ig==") mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = syz_init_net_socket$ax25(0x3, 0x5, 0x6) getsockopt$ax25_int(r0, 0x101, 0x19, 0x0, &(0x7f0000000040)) 1.238051434s ago: executing program 1 (id=1302): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002025252700000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000840)={r0, 0x70000000, 0x0, 0x1c, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) openat$rtc(0xffffffffffffff9c, &(0x7f0000000240), 0x41c0, 0x0) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) setsockopt$llc_int(r2, 0x10c, 0x2, &(0x7f0000000080)=0xfff, 0x4) connect$llc(r2, &(0x7f0000000340)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, @random="48bd00"}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[], 0x7c}}, 0x0) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) setsockopt$SO_BINDTODEVICE(r3, 0x1, 0x19, &(0x7f0000000000)='nr0\x00', 0x10) sendmmsg$inet(r3, &(0x7f00000020c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f00000004c0)='\f', 0x1}], 0x1, 0x0, 0x0, 0x2000000}}], 0xfdef, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=@newtaction={0x64, 0x30, 0xc4b, 0x0, 0x25dfdbfb, {}, [{0x50, 0x1, [@m_ct={0x4c, 0x1, 0x0, 0x0, {{0x7}, {0x24, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}, @TCA_CT_ACTION={0x6, 0x3, 0x9}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x64}}, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(0xffffffffffffffff, 0x84, 0x9, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) 332.841479ms ago: executing program 3 (id=1303): socket$inet_mptcp(0x2, 0x1, 0x106) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000100)=@newqdisc={0xdc, 0x24, 0xf0b, 0x70bd2b, 0x0, {0x0, 0x0, 0x12, 0x0, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x88, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x19, 0x0, 0x8, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x8001]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x24, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0x14, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0x9}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x2c2a1f44}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x4, 0x6, 0x100, 0x5d, 0x0, 0x7ff, 0x1fe}}, {0x4}}]}]}, 0xdc}}, 0x0) 323.240928ms ago: executing program 2 (id=1304): ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x5, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x10, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x30000c6, &(0x7f0000000080), 0x1, 0x561, &(0x7f0000000f80)="$eJzs3U1rG0cfAPD/ylbenycOhNCWUgw9NCWNHNt9SaGH9NyGBtp7KuyNCZajYMkhdgNNDs25hF5KA6X30nOPoV+gh36GQBsIJZj20IvLyivFL5ItJ7KtVL8frJnZXWl2NPsfz2gkFMDAGs3+FCJejoivk4jjEZHkx4YjPzi6et7yk1tT2ZbEysqnfyaN87J887majzuaZ16KiF++ijhT2FxubXFptlyppPN5fqw+d32strh09upceSadSa9NTE6ef2dy4v333u1ZXd+89Pe3nzwYynMn7iVxIY7lubX1eA6312ZGYzR/TYpxYcOJ4z0orJ8kbff+tOfXwc4M5XFejKwPOB5DedQD/31fRsQKMKCSHcf/b8XduRJgbzXHAc25fY/mwS+Mxx+uToA213949b2RONSYGx1ZTtbNjLL57kgPys/K+PmP+/eyLXr3PgTAtm7fiYhzw8Ob+78k7/+e3bkuztlYhv4P9s6DbPzzVrvxT6E1/ok245+jbWL3WWwf/4VHPSimo2z890Hb8W9r0WpkKM/9rzHmKyZXrlbSrG/7f0ScjuLBLL/Ves755YcrnY6tHf9lW1Z+cyyYX8ej4YPrHzNdrpefp85rPb4T8Urb8W/Sav+kTftnr8elLss4ld5/rdOx7eu/u1Z+iHijbfs/XdFKtl6fHGvcD2PNu2Kzv+6e+rVT+ftd/6z9j2xd/5Fk7XptbedlfH/onzRa68nrrat/dH//H0g+a6QP5Ptuluv1+fGIA8nHrf2F5v6Jp49t5pvnZ/U//frW/V+7+/9wRHzeZf3vnvzx1U7H+qH9p9u2f2t2u6H9d554+NEX33Uqv7v+7+1G6nS+p5v+r9sLfJ7XDgAAAAAAAPpNISKORVIotdKFQqm0+vmOk3GkUKnW6meuVBeuTUfju7IjUSw0V7qPr/k8xHi+YtjMT2zIT0bEiYj4ZuhwI1+aqlam97vyAAAAAAAAAAAAAAAAAAAA0CeOdvj+f+b3of2+OmDX+clvGFzbxn8vfukJ6Ev+/8PgEv8wuMQ/DC7xD4NL/MPgEv8wuMQ/DC7xDwAAAAAAAAAAAAAAAAAAAAAAAAAAAD116eLFbFtZfnJrKstP31hcmK3eODud1mZLcwtTpanq/PXSTLU6U0lLU9W57Z6vUq1eH5+IhZtj9bRWH6stLl2eqy5cq1++OleeSS+nxT2pFQAAAAAAAAAAAAAAAAAAALxYaotLs+VKJZ2XkHimxHB/XIZEjxP73TMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFP/BgAA//9q6zMB") setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), &(0x7f00000002c0)="30573472b621739991c336124406e8a5c812ca847e3bf9b837c91d46ab", 0x1d, 0x1) lsetxattr$trusted_overlay_upper(&(0x7f0000000540)='./file1\x00', &(0x7f0000000180), &(0x7f0000000500)=ANY=[], 0x361, 0x0) lsetxattr$trusted_overlay_upper(&(0x7f00000001c0)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000300)=ANY=[], 0xfe37, 0x0) 269.412169ms ago: executing program 1 (id=1305): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x0) 213.645459ms ago: executing program 3 (id=1306): syz_emit_ethernet(0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x6) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000000)=0x9, 0x4) syz_emit_ethernet(0xae, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c200000086dd602a84350078060020010000000000000000000000000002fe8000"/51, @ANYRES32=0x41424344, @ANYBLOB="58c20001b568"], 0x0) 90.11208ms ago: executing program 3 (id=1307): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000140)=0x1, 0x4) connect$inet(r0, &(0x7f00000017c0)={0x2, 0x0, @remote}, 0x10) sendto$inet(r0, &(0x7f0000000480)='\v', 0x1, 0x0, 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) recvmmsg(r0, &(0x7f0000009940)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000009dc0)=[{&(0x7f0000000700)=""/118, 0x76}], 0x1}}], 0x2, 0x42, 0x0) 74.18221ms ago: executing program 1 (id=1308): ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) mkdirat(0xffffffffffffffff, &(0x7f0000000240)='./file0\x00', 0x80) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000340)=[@text32={0x20, &(0x7f00000002c0)="b8000001000f23c00f21f835020008000f23f866b8d0000f00d80f01cb0f2158363e670fc7a703003e83d7000f00d6b8050000000f23d80f21f835400000700f23f86467260f792c66ba210066ed", 0x4e}], 0x1, 0x10, &(0x7f0000000380)=[@cr0={0x0, 0x20000020}], 0x1) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r5 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r4, 0xae04) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, r5, 0x300000b, 0x11, r3, 0x0) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f00000000c0)={0x4, 0x0, [{0x6, 0x4, 0x8000, 0xc7da, 0x9}, {0x40000000, 0x8, 0x4772, 0x7, 0x4}, {0x0, 0xa, 0x3ff, 0xc0000000, 0x5}, {0xc0000000, 0x6, 0x3, 0x9, 0x3}]}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=@newlink={0x28, 0x10, 0x44b, 0x0, 0x25dfdbfc, {0x7a, 0x0, 0x0, r6, 0x0, 0x10140}, [@IFLA_NET_NS_FD={0x8, 0x1c, r3}]}, 0x28}, 0x1, 0x0, 0x0, 0x4000840}, 0x44014) socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000180)={'veth1_macvtap\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x40, 0x24, 0xf0b, 0x70bd2b, 0x1, {0x0, 0x0, 0x0, r9, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x10, 0x1, {0x0, 0xb, 0x5}}}}]}, 0x40}}, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'bridge0\x00'}) ioctl$KVM_SET_CPUID(r3, 0x4008ae8a, &(0x7f0000000140)={0x2, 0x0, [{0xb, 0x3d5, 0x6, 0x5f71, 0x2}, {0x80000000, 0xffffffff, 0x4, 0x200, 0x9}]}) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_NEW_KEY(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000000)={0x1c, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000004) ioctl$sock_SIOCBRDELBR(r10, 0x89a2, &(0x7f0000000000)='bridge0\x00') 0s ago: executing program 3 (id=1309): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8082, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CLEAR_DIRTY_LOG(r1, 0xc018aec0, &(0x7f0000000040)={0x4, 0x240, 0x9, 0x0}) kernel console output (not intermixed with test programs): e string! [ 120.391960][ T6146] [ 120.402562][ T6146] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 121.307511][ T6147] loop1: detected capacity change from 0 to 32768 [ 121.407219][ T6147] XFS (loop1): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 121.441386][ T6147] XFS (loop1): null uuid in log - IRIX style log [ 121.448965][ T6147] XFS (loop1): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x41. [ 121.467796][ T6147] XFS (loop1): failed to locate log tail [ 121.470381][ T6168] tipc: Started in network mode [ 121.473546][ T6147] XFS (loop1): log mount/recovery failed: error -5 [ 121.478738][ T6168] tipc: Node identity 640101, cluster identity 4711 [ 121.503032][ T6147] XFS (loop1): log mount failed [ 121.510190][ T6168] tipc: Enabling of bearer rejected, failed to enable media [ 123.413223][ T5891] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 123.670637][ T5891] usb 3-1: Using ep0 maxpacket: 16 [ 123.693481][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 123.709720][ T5891] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 123.722876][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.736628][ T5891] usb 3-1: config 0 descriptor?? [ 125.086880][ T5891] usbhid 3-1:0.0: can't add hid device: -71 [ 125.104999][ T5891] usbhid: probe of 3-1:0.0 failed with error -71 [ 125.160623][ T5891] usb 3-1: USB disconnect, device number 2 [ 125.171562][ T6191] netlink: 36 bytes leftover after parsing attributes in process `syz.3.72'. [ 125.615926][ T6199] loop2: detected capacity change from 0 to 16 [ 125.870222][ T6199] erofs: (device loop2): mounted with root inode @ nid 36. [ 126.114940][ T6201] veth2: entered promiscuous mode [ 126.121396][ T6201] veth2: entered allmulticast mode [ 127.787455][ T6213] loop1: detected capacity change from 0 to 32768 [ 129.413666][ T6213] XFS (loop1): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 129.466500][ T6213] XFS (loop1): null uuid in log - IRIX style log [ 129.481384][ T6213] XFS (loop1): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x41. [ 129.493850][ T6213] XFS (loop1): failed to locate log tail [ 129.500064][ T6213] XFS (loop1): log mount/recovery failed: error -5 [ 129.671255][ T6213] XFS (loop1): log mount failed [ 130.979693][ T5850] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 131.185894][ T5850] usb 3-1: Using ep0 maxpacket: 16 [ 131.205181][ T5850] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 131.230046][ T5850] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 131.250619][ T5850] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.265399][ T5850] usb 3-1: config 0 descriptor?? [ 131.326320][ T6240] loop0: detected capacity change from 0 to 2048 [ 131.398188][ T6241] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 131.716232][ T5850] usbhid 3-1:0.0: can't add hid device: -71 [ 131.729733][ T5850] usbhid: probe of 3-1:0.0 failed with error -71 [ 131.743019][ T5850] usb 3-1: USB disconnect, device number 3 [ 134.309810][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.316638][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.525178][ T6260] loop2: detected capacity change from 0 to 32768 [ 134.706115][ T6260] XFS (loop2): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 134.899101][ T6260] XFS (loop2): null uuid in log - IRIX style log [ 134.918850][ T6260] XFS (loop2): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x41. [ 134.931098][ T6260] XFS (loop2): failed to locate log tail [ 134.938359][ T6260] XFS (loop2): log mount/recovery failed: error -5 [ 134.978366][ T6260] XFS (loop2): log mount failed [ 137.291327][ T6286] loop2: detected capacity change from 0 to 8192 [ 137.337308][ T6286] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 137.369956][ T6286] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 137.540677][ T6286] REISERFS (device loop2): using ordered data mode [ 137.547266][ T6286] reiserfs: using flush barriers [ 137.690171][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 138.369697][ T6286] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7 [ 138.369825][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 138.386371][ T6286] REISERFS (device loop2): checking transaction log (loop2) [ 138.417088][ T6286] REISERFS (device loop2): Using r5 hash to sort names [ 138.444031][ T6286] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 138.484963][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 138.506817][ T9] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 138.525004][ T6297] loop1: detected capacity change from 0 to 512 [ 138.531751][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.550548][ T6286] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 138.566617][ T6297] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 138.581565][ T9] usb 1-1: config 0 descriptor?? [ 138.678205][ T6297] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 138.748199][ T6297] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.97: bg 0: block 248: padding at end of block bitmap is not set [ 138.778941][ T6297] Quota error (device loop1): write_blk: dquota write failed [ 138.833277][ T6297] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 138.892849][ T6297] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.97: Failed to acquire dquot type 1 [ 138.991325][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 139.005697][ T9] usbhid: probe of 1-1:0.0 failed with error -71 [ 139.150037][ T9] usb 1-1: USB disconnect, device number 4 [ 139.348948][ T6297] EXT4-fs (loop1): 1 truncate cleaned up [ 139.417910][ T6297] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 139.739533][ T5795] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 139.754059][ T2910] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 139.798670][ T2910] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u4:8: Failed to release dquot type 1 [ 139.926359][ T6304] loop2: detected capacity change from 0 to 2048 [ 141.209837][ T5797] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 141.249394][ T6312] loop0: detected capacity change from 0 to 32768 [ 141.327352][ T6312] XFS (loop0): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 141.364031][ T6312] XFS (loop0): null uuid in log - IRIX style log [ 141.371639][ T6312] XFS (loop0): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x41. [ 141.385643][ T6312] XFS (loop0): failed to locate log tail [ 141.393075][ T6312] XFS (loop0): log mount/recovery failed: error -5 [ 141.407302][ T6312] XFS (loop0): log mount failed [ 142.438347][ T6336] loop1: detected capacity change from 0 to 512 [ 142.526240][ T6336] EXT4-fs (loop1): filesystem is read-only [ 142.600188][ T6336] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 142.636699][ T6337] loop3: detected capacity change from 0 to 64 [ 142.676477][ T6336] EXT4-fs (loop1): can't mount with journal_async_commit, fs mounted w/o journal [ 143.389042][ T6339] loop2: detected capacity change from 0 to 4096 [ 143.452061][ T6339] EXT4-fs: Ignoring removed mblk_io_submit option [ 143.747873][ T6339] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 143.770236][ T6339] EXT4-fs (loop2): Test dummy encryption mode enabled [ 143.792156][ T6339] EXT4-fs (loop2): can't mount with data_err=abort, fs mounted w/o journal [ 143.969779][ T5850] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 145.338350][ T6354] loop3: detected capacity change from 0 to 32768 [ 147.065444][ T5850] usb 1-1: Using ep0 maxpacket: 16 [ 147.274349][ T6354] workqueue: Failed to create a rescuer kthread for wq "ocfs2_wq": -EINTR [ 147.283601][ T6354] (syz.3.110,6354,0):ocfs2_initialize_super:2285 ERROR: status = -12 [ 147.359141][ T5850] usb 1-1: device descriptor read/all, error -71 [ 147.383203][ T6354] (syz.3.110,6354,0):ocfs2_fill_super:1178 ERROR: status = -12 [ 148.613567][ T6367] loop1: detected capacity change from 0 to 32768 [ 148.714665][ T6367] XFS (loop1): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 148.801289][ T6367] XFS (loop1): null uuid in log - IRIX style log [ 148.829328][ T6367] XFS (loop1): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x41. [ 148.845677][ T6367] XFS (loop1): failed to locate log tail [ 148.851499][ T6367] XFS (loop1): log mount/recovery failed: error -5 [ 148.870140][ T6367] XFS (loop1): log mount failed [ 149.031891][ T6369] loop0: detected capacity change from 0 to 4096 [ 151.008562][ T6405] loop1: detected capacity change from 0 to 64 [ 152.929965][ T6402] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 152.936459][ T6402] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 152.969840][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 153.028561][ T6402] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 153.068323][ T6402] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 153.132774][ T6402] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 153.156496][ T6402] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 153.178777][ T6402] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 153.197366][ T6402] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 153.217923][ T6402] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 153.247769][ T6402] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 153.266073][ T6402] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 153.289042][ T6402] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 153.661332][ T6418] misc userio: Invalid payload size [ 153.809659][ T8] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 154.743677][ T6431] netlink: 48 bytes leftover after parsing attributes in process `syz.2.129'. [ 154.752848][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 154.762533][ T8] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 155.165619][ T6426] loop1: detected capacity change from 0 to 32768 [ 155.174472][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 155.180510][ T5802] Bluetooth: hci1: command 0x0c1a tx timeout [ 155.186976][ T8] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 155.203159][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.211797][ T5793] Bluetooth: hci2: command 0x0c1a tx timeout [ 155.245657][ T6431] loop2: detected capacity change from 0 to 764 [ 155.250162][ T6426] XFS (loop1): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 155.255994][ T8] usb 1-1: config 0 descriptor?? [ 155.286656][ T6426] XFS (loop1): null uuid in log - IRIX style log [ 155.289723][ T5793] Bluetooth: hci3: command 0x0c1a tx timeout [ 155.298032][ T6431] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 155.334085][ T6426] XFS (loop1): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x41. [ 155.348695][ T6426] XFS (loop1): failed to locate log tail [ 155.354963][ T6426] XFS (loop1): log mount/recovery failed: error -5 [ 155.376039][ T6426] XFS (loop1): log mount failed [ 155.728970][ T8] usbhid 1-1:0.0: can't add hid device: -71 [ 155.756017][ T8] usbhid: probe of 1-1:0.0 failed with error -71 [ 155.782448][ T8] usb 1-1: USB disconnect, device number 7 [ 156.991564][ T6458] syz.0.136 uses obsolete (PF_INET,SOCK_PACKET) [ 157.212023][ T5793] Bluetooth: hci0: command 0x0c1a tx timeout [ 157.217045][ T5802] Bluetooth: hci1: command 0x0c1a tx timeout [ 157.290914][ T5802] Bluetooth: hci2: command 0x0c1a tx timeout [ 157.370166][ T5802] Bluetooth: hci3: command 0x0c1a tx timeout [ 158.482181][ T6468] loop1: detected capacity change from 0 to 64 [ 158.543102][ T6457] loop2: detected capacity change from 0 to 32768 [ 158.733552][ T6452] loop3: detected capacity change from 0 to 32768 [ 158.805970][ T6457] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 158.914322][ T6479] netlink: 'syz.1.141': attribute type 3 has an invalid length. [ 158.922183][ T6479] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.141'. [ 159.289994][ T5802] Bluetooth: hci1: command 0x0c1a tx timeout [ 159.370044][ T5802] Bluetooth: hci2: command 0x0c1a tx timeout [ 159.550643][ T5802] Bluetooth: hci3: command 0x0c1a tx timeout [ 160.132452][ T6457] XFS (loop2): Ending clean mount [ 160.189682][ T5836] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 160.242326][ T5791] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 160.379738][ T5836] usb 2-1: Using ep0 maxpacket: 16 [ 160.392487][ T5836] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 160.413048][ T5836] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 160.443914][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.507699][ T5836] usb 2-1: config 0 descriptor?? [ 163.049889][ T5836] usbhid 2-1:0.0: can't add hid device: -71 [ 163.056035][ T5836] usbhid: probe of 2-1:0.0 failed with error -71 [ 163.094335][ T5836] usb 2-1: USB disconnect, device number 2 [ 164.383663][ T6506] netlink: 12 bytes leftover after parsing attributes in process `syz.1.151'. [ 167.310357][ T6524] binder: 6520:6524 ioctl 40182103 0 returned -22 [ 167.615461][ T6530] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 167.759845][ T5891] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 167.788904][ T6533] netlink: 12 bytes leftover after parsing attributes in process `syz.1.161'. [ 167.962931][ T5891] usb 4-1: Using ep0 maxpacket: 8 [ 168.002652][ T5891] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 168.650710][ T5891] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 168.687149][ T5891] usb 4-1: config 0 has no interface number 0 [ 168.705808][ T5891] usb 4-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 168.717004][ T5891] usb 4-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 168.749634][ T5891] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 168.776283][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.790385][ T5891] usb 4-1: config 0 descriptor?? [ 168.813677][ T5891] ldusb 4-1:0.55: Interrupt in endpoint not found [ 170.850246][ T23] usb 4-1: USB disconnect, device number 3 [ 172.170201][ T6554] netlink: 12 bytes leftover after parsing attributes in process `syz.0.165'. [ 172.833483][ T6560] netlink: 12 bytes leftover after parsing attributes in process `syz.3.171'. [ 175.102190][ T6562] loop0: detected capacity change from 0 to 32768 [ 175.972621][ T6584] syzkaller0: entered promiscuous mode [ 175.978188][ T6584] syzkaller0: entered allmulticast mode [ 176.039042][ T6585] netlink: 12 bytes leftover after parsing attributes in process `syz.1.178'. [ 178.124461][ T6595] loop1: detected capacity change from 0 to 512 [ 178.131917][ T6595] EXT4-fs: Ignoring removed i_version option [ 178.138005][ T6595] EXT4-fs: Ignoring removed bh option [ 178.271563][ T6595] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.318234][ T6595] ext4 filesystem being mounted at /60/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 178.413231][ T6601] netlink: 12 bytes leftover after parsing attributes in process `syz.3.181'. [ 179.750533][ T6605] misc userio: Invalid payload size [ 180.838193][ T5795] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.015303][ T6607] loop3: detected capacity change from 0 to 736 [ 181.719960][ T6613] warning: `syz.3.185' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 182.688079][ T6622] netlink: 12 bytes leftover after parsing attributes in process `syz.2.187'. [ 184.978396][ T6641] misc userio: Invalid payload size [ 185.296570][ T6642] loop0: detected capacity change from 0 to 128 [ 186.052943][ T6644] loop1: detected capacity change from 0 to 32768 [ 186.497796][ T27] audit: type=1800 audit(1761729809.934:2): pid=6650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.196" name="file1" dev="loop1" ino=7 res=0 errno=0 [ 187.115863][ T6651] netlink: 12 bytes leftover after parsing attributes in process `syz.2.197'. [ 187.255583][ T27] audit: type=1804 audit(1761729809.964:3): pid=6650 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.196" name="/newroot/63/file0/file1" dev="loop1" ino=7 res=1 errno=0 [ 187.496401][ T6654] loop2: detected capacity change from 0 to 512 [ 187.541184][ T6654] EXT4-fs: Ignoring removed orlov option [ 187.577633][ T6654] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 187.654397][ T6654] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2249: inode #15: comm syz.2.199: corrupted in-inode xattr: e_value size too large [ 188.770216][ T6654] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.199: couldn't read orphan inode 15 (err -117) [ 190.153901][ T6654] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.418771][ T5791] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.599999][ T6674] misc userio: Invalid payload size [ 190.871892][ T6678] loop2: detected capacity change from 0 to 128 [ 190.893684][ T6678] EXT4-fs: Ignoring removed nobh option [ 190.947583][ T6678] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 190.975155][ T6678] ext4 filesystem being mounted at /51/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 191.757716][ T5791] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 191.927255][ T6684] netlink: 12 bytes leftover after parsing attributes in process `syz.0.207'. [ 192.842276][ T6690] netlink: 12 bytes leftover after parsing attributes in process `syz.3.209'. [ 195.490704][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.497130][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.507889][ T6696] loop1: detected capacity change from 0 to 512 [ 195.539785][ T6696] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 195.608006][ T6696] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 195.886046][ T6696] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2872: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 195.904534][ T6696] EXT4-fs (loop1): 1 truncate cleaned up [ 196.453498][ T6696] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 196.606500][ T6709] loop2: detected capacity change from 0 to 1024 [ 196.911230][ T27] audit: type=1800 audit(1761729820.334:4): pid=6709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.214" name="file2" dev="loop2" ino=22 res=0 errno=0 [ 196.996264][ T27] audit: type=1326 audit(1761729820.404:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.329611][ T27] audit: type=1326 audit(1761729820.404:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.389259][ T5795] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 199.420881][ T27] audit: type=1326 audit(1761729820.404:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.453824][ T1003] hfsplus: b-tree write err: -5, ino 4 [ 199.510884][ T27] audit: type=1326 audit(1761729820.404:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=155 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.613708][ T27] audit: type=1326 audit(1761729820.404:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.663895][ T27] audit: type=1326 audit(1761729820.404:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.708788][ T27] audit: type=1326 audit(1761729820.414:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.760000][ T27] audit: type=1326 audit(1761729820.414:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6708 comm="syz.2.214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 199.795441][ T6721] ntfs: (device nullb0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 199.982266][ T6726] netlink: 12 bytes leftover after parsing attributes in process `syz.0.219'. [ 203.133653][ T6743] loop2: detected capacity change from 0 to 40427 [ 205.783718][ T6743] F2FS-fs (loop2): invalid crc value [ 205.791596][ T6743] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-4) [ 206.423402][ T6757] netlink: 12 bytes leftover after parsing attributes in process `syz.3.228'. [ 207.280609][ T6761] syz_tun: entered allmulticast mode [ 209.028314][ T6781] loop3: detected capacity change from 0 to 40427 [ 209.128645][ T6781] F2FS-fs (loop3): invalid crc value [ 209.168858][ T6781] F2FS-fs (loop3): Found nat_bits in checkpoint [ 209.238879][ T6781] F2FS-fs (loop3): Start checkpoint disabled! [ 209.341664][ T6781] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 210.022236][ T6781] syz.3.235: attempt to access beyond end of device [ 210.022236][ T6781] loop3: rw=2049, sector=77824, nr_sectors = 3712 limit=40427 [ 210.042567][ T6781] syz.3.235: attempt to access beyond end of device [ 210.042567][ T6781] loop3: rw=2049, sector=81536, nr_sectors = 384 limit=40427 [ 210.073515][ T6781] syz.3.235: attempt to access beyond end of device [ 210.073515][ T6781] loop3: rw=2049, sector=49152, nr_sectors = 4088 limit=40427 [ 210.091175][ T6781] syz.3.235: attempt to access beyond end of device [ 210.091175][ T6781] loop3: rw=2049, sector=53240, nr_sectors = 8 limit=40427 [ 210.127709][ T6781] syz.3.235: attempt to access beyond end of device [ 210.127709][ T6781] loop3: rw=2049, sector=57344, nr_sectors = 4088 limit=40427 [ 210.162029][ T6781] syz.3.235: attempt to access beyond end of device [ 210.162029][ T6781] loop3: rw=2049, sector=61432, nr_sectors = 4088 limit=40427 [ 210.196293][ T6781] syz.3.235: attempt to access beyond end of device [ 210.196293][ T6781] loop3: rw=2049, sector=65520, nr_sectors = 4112 limit=40427 [ 210.215588][ T6781] syz.3.235: attempt to access beyond end of device [ 210.215588][ T6781] loop3: rw=2049, sector=69632, nr_sectors = 8 limit=40427 [ 210.229734][ T6781] syz.3.235: attempt to access beyond end of device [ 210.229734][ T6781] loop3: rw=2049, sector=69640, nr_sectors = 8 limit=40427 [ 210.243728][ T6781] syz.3.235: attempt to access beyond end of device [ 210.243728][ T6781] loop3: rw=2049, sector=69648, nr_sectors = 8 limit=40427 [ 210.441126][ T6789] netlink: 12 bytes leftover after parsing attributes in process `syz.2.237'. [ 211.177087][ T6791] loop2: detected capacity change from 0 to 32768 [ 211.228278][ T6791] XFS (loop2): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415 [ 211.251080][ T6791] XFS (loop2): null uuid in log - IRIX style log [ 211.305795][ T6791] XFS (loop2): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x41. [ 211.320861][ T6791] XFS (loop2): failed to locate log tail [ 211.327895][ T6791] XFS (loop2): log mount/recovery failed: error -5 [ 211.340508][ T6791] XFS (loop2): log mount failed [ 211.553260][ T3498] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 211.974009][ T6806] loop2: detected capacity change from 0 to 1024 [ 212.323494][ T27] kauditd_printk_skb: 26 callbacks suppressed [ 212.323509][ T27] audit: type=1326 audit(1761729835.794:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6807 comm="syz.1.243" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x0 [ 212.897169][ T6820] netlink: 12 bytes leftover after parsing attributes in process `syz.2.246'. [ 213.952581][ T6831] misc userio: Invalid payload size [ 214.994778][ T6845] netlink: 28 bytes leftover after parsing attributes in process `syz.0.251'. [ 215.249093][ T6848] loop2: detected capacity change from 0 to 1024 [ 215.963920][ T5836] IPVS: starting estimator thread 0... [ 216.002412][ T6851] netlink: 68 bytes leftover after parsing attributes in process `syz.0.254'. [ 216.089898][ T6858] IPVS: using max 27 ests per chain, 64800 per kthread [ 216.107539][ T27] audit: type=1326 audit(1761729839.574:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6856 comm="syz.2.256" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x0 [ 216.469165][ T6863] netlink: 12 bytes leftover after parsing attributes in process `syz.3.257'. [ 217.403320][ T6870] misc userio: Invalid payload size [ 218.518913][ T6878] loop3: detected capacity change from 0 to 1024 [ 219.085156][ T6885] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 219.568169][ T6897] overlayfs: missing 'lowerdir' [ 219.710304][ T6900] misc userio: Invalid payload size [ 220.785748][ T6904] loop0: detected capacity change from 0 to 128 [ 220.893732][ T6904] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 220.911243][ T6904] ext4 filesystem being mounted at /64/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 222.222694][ T5790] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 223.996812][ T6929] netlink: 64 bytes leftover after parsing attributes in process `syz.0.279'. [ 224.182700][ T6933] misc userio: Invalid payload size [ 224.965570][ T6936] loop2: detected capacity change from 0 to 128 [ 225.032818][ T6936] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 225.070081][ T6936] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 226.391326][ T6943] netlink: 8 bytes leftover after parsing attributes in process `syz.0.284'. [ 226.533367][ T5791] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 229.526066][ T6975] overlayfs: missing 'lowerdir' [ 229.732352][ T6985] only policy match revision 0 supported [ 229.732376][ T6985] unable to load match [ 229.911673][ T6989] autofs4:pid:6989:autofs_fill_super: called with bogus options [ 230.590812][ T8] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 230.619720][ T9] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 230.792832][ T8] usb 2-1: config 7 has an invalid interface number: 106 but max is 0 [ 230.805044][ T8] usb 2-1: config 7 has no interface number 0 [ 230.827748][ T8] usb 2-1: New USB device found, idVendor=04e2, idProduct=1402, bcdDevice=37.2c [ 230.848847][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 230.928102][ T8] usb 2-1: Product: syz [ 230.932975][ T8] usb 2-1: Manufacturer: syz [ 230.944373][ T8] usb 2-1: SerialNumber: syz [ 231.030852][ T9] usb 4-1: config 4 has 1 interface, different from the descriptor's value: 2 [ 231.056435][ T9] usb 4-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30 [ 231.120386][ T9] usb 4-1: config 4 interface 0 altsetting 0 has an invalid endpoint with address 0x31, skipping [ 231.160297][ T9] usb 4-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101 [ 231.323799][ T9] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 231.488221][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 231.628464][ T7007] misc userio: Invalid payload size [ 232.532694][ T7002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.301'. [ 232.580571][ T9] ath6kl: Failed to submit usb control message: -110 [ 232.602302][ T9] ath6kl: unable to send the bmi data to the device: -110 [ 232.627878][ T9] ath6kl: Unable to send get target info: -110 [ 232.676938][ T9] ath6kl: Failed to init ath6kl core: -110 [ 232.696912][ T9] ath6kl_usb: probe of 4-1:4.0 failed with error -110 [ 233.423594][ T7018] netlink: 32 bytes leftover after parsing attributes in process `syz.2.307'. [ 233.579768][ T23] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 233.813690][ T23] usb 1-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 233.830253][ T23] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.850251][ T23] usb 1-1: Product: syz [ 233.863693][ T23] usb 1-1: Manufacturer: syz [ 233.876380][ T23] usb 1-1: SerialNumber: syz [ 233.895481][ T23] usb 1-1: config 0 descriptor?? [ 234.278145][ T5864] usb 1-1: USB disconnect, device number 8 [ 234.340779][ T8] usb 2-1: USB disconnect, device number 3 [ 234.373264][ T7028] autofs4:pid:7028:autofs_fill_super: called with bogus options [ 235.726893][ T7033] overlayfs: missing 'lowerdir' [ 235.783401][ T23] usb 4-1: USB disconnect, device number 4 [ 236.140483][ T7041] netlink: 192 bytes leftover after parsing attributes in process `syz.0.314'. [ 236.707273][ T7056] loop1: detected capacity change from 0 to 16 [ 236.735709][ T7056] erofs: (device loop1): mounted with root inode @ nid 36. [ 237.481089][ T7062] autofs4:pid:7062:autofs_fill_super: called with bogus options [ 239.175972][ T7085] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 239.252201][ T7086] overlayfs: missing 'workdir' [ 243.877164][ T7123] netlink: 40 bytes leftover after parsing attributes in process `syz.3.340'. [ 243.919482][ T7123] netlink: 40 bytes leftover after parsing attributes in process `syz.3.340'. [ 245.961394][ T7131] overlayfs: missing 'workdir' [ 248.148489][ T7156] tipc: Started in network mode [ 248.157141][ T7156] tipc: Node identity 7f000001, cluster identity 4711 [ 248.184145][ T7156] tipc: Enabled bearer , priority 10 [ 248.221417][ T7157] netlink: 8 bytes leftover after parsing attributes in process `syz.1.349'. [ 248.290447][ T7165] tipc: Enabled bearer , priority 0 [ 248.791357][ T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 249.382741][ T9] tipc: Node number set to 2130706433 [ 249.593329][ T8] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 249.618811][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.409965][ T8] usb 2-1: Product: syz [ 250.414219][ T8] usb 2-1: Manufacturer: syz [ 250.418989][ T8] usb 2-1: SerialNumber: syz [ 250.429237][ T8] usb 2-1: config 0 descriptor?? [ 251.780256][ T8] usb 2-1: Firmware: major: 130, minor: 102, hardware type: HULUSB (4) [ 251.907661][ T7190] overlayfs: missing 'workdir' [ 251.990733][ T8] usb 2-1: failed to fetch extended address, random address set [ 252.272616][ T8] usb 2-1: USB disconnect, device number 4 [ 254.144578][ T7220] loop2: detected capacity change from 0 to 16 [ 254.360379][ T7220] erofs: (device loop2): mounted with root inode @ nid 36. [ 256.030730][ T7236] loop3: detected capacity change from 0 to 64 [ 256.182958][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.189730][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.423583][ T7248] netlink: 'syz.3.366': attribute type 3 has an invalid length. [ 256.431413][ T7248] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.366'. [ 256.970989][ T8] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 257.169609][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 257.289621][ T968] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 257.376376][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 257.390248][ T8] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 257.404358][ T8] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 257.468028][ T7260] loop3: detected capacity change from 0 to 16 [ 258.165745][ T7260] erofs: (device loop3): mounted with root inode @ nid 36. [ 258.210051][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.218190][ T8] usb 3-1: Product: syz [ 258.223303][ T968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 258.409869][ T968] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 258.420322][ T8] usb 3-1: Manufacturer: syz [ 258.424972][ T8] usb 3-1: SerialNumber: syz [ 258.441108][ T968] usb 2-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 258.470523][ T8] usb 3-1: config 0 descriptor?? [ 258.504612][ T968] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 258.532873][ T968] usb 2-1: config 0 descriptor?? [ 258.755778][ T7251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 258.790222][ T7251] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 258.869305][ T7251] team_slave_0: entered promiscuous mode [ 258.875379][ T7251] team_slave_1: entered promiscuous mode [ 258.912175][ T7251] vlan2: entered promiscuous mode [ 258.917413][ T7251] team0: entered promiscuous mode [ 259.096210][ T968] usbhid 2-1:0.0: can't add hid device: -71 [ 259.114207][ T968] usbhid: probe of 2-1:0.0 failed with error -71 [ 259.142564][ T968] usb 2-1: USB disconnect, device number 5 [ 261.089597][ T8] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 261.259719][ T8] usb 2-1: device descriptor read/64, error -71 [ 261.273186][ T968] usb 3-1: USB disconnect, device number 4 [ 261.569830][ T8] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 261.782319][ T7288] loop3: detected capacity change from 0 to 128 [ 261.839908][ T8] usb 2-1: device descriptor read/64, error -71 [ 262.003584][ T7288] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 262.016661][ T8] usb usb2-port1: attempt power cycle [ 262.022813][ T7288] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 262.849642][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 262.880600][ T8] usb 2-1: device descriptor read/8, error -71 [ 262.903061][ T5796] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 263.171800][ T8] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 263.274053][ T8] usb 2-1: device descriptor read/8, error -71 [ 263.406228][ T8] usb usb2-port1: unable to enumerate USB device [ 265.374051][ T27] audit: type=1326 audit(1761729888.844:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7307 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 265.452213][ T27] audit: type=1326 audit(1761729888.884:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7307 comm="syz.2.384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 265.853782][ T7322] loop3: detected capacity change from 0 to 128 [ 265.912944][ T7322] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 265.938025][ T7322] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 267.002264][ T5796] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 267.230027][ T27] audit: type=1326 audit(1761729890.694:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 267.309756][ T27] audit: type=1326 audit(1761729890.694:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 267.448880][ T27] audit: type=1326 audit(1761729890.694:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 267.501567][ T27] audit: type=1326 audit(1761729890.724:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 267.540088][ T27] audit: type=1326 audit(1761729890.724:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 267.569698][ T27] audit: type=1326 audit(1761729890.724:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 267.602194][ T27] audit: type=1326 audit(1761729890.724:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 267.646048][ T27] audit: type=1326 audit(1761729890.734:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7330 comm="syz.1.389" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 268.928695][ T7346] netlink: 67 bytes leftover after parsing attributes in process `syz.2.393'. [ 269.412598][ T7352] loop3: detected capacity change from 0 to 128 [ 269.557868][ T7352] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 269.590110][ T7352] ext4 filesystem being mounted at /84/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 270.686585][ T5796] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 271.012191][ T7376] netlink: 12 bytes leftover after parsing attributes in process `syz.1.403'. [ 271.171664][ T7381] netlink: 64 bytes leftover after parsing attributes in process `syz.3.405'. [ 271.432555][ T7390] EXT4-fs: Conflicting test_dummy_encryption options [ 273.399390][ T7399] ieee802154 phy0 wpan0: encryption failed: -22 [ 273.424143][ T7399] ieee802154 phy0 wpan0: encryption failed: -22 [ 274.850586][ T7417] misc userio: Invalid payload size [ 276.895681][ T7434] loop8: detected capacity change from 0 to 7 [ 276.969917][ T7434] Dev loop8: unable to read RDB block 7 [ 276.975868][ T7434] loop8: AHDI p1 p2 p3 [ 276.980584][ T7434] loop8: partition table partially beyond EOD, truncated [ 276.987744][ T7434] loop8: p1 start 1601398130 is beyond EOD, truncated [ 276.995140][ T7434] loop8: p2 start 1702059890 is beyond EOD, truncated [ 277.057298][ T7441] Dev loop8: unable to read RDB block 7 [ 277.063266][ T7441] loop8: AHDI p1 p2 p3 [ 277.070214][ T7441] loop8: partition table partially beyond EOD, truncated [ 277.077814][ T7441] loop8: p1 start 1601398130 is beyond EOD, truncated [ 277.085625][ T7441] loop8: p2 start 1702059890 is beyond EOD, truncated [ 278.894718][ T7459] misc userio: Invalid payload size [ 281.341618][ T7497] misc userio: Invalid payload size [ 282.457307][ T7501] ieee802154 phy0 wpan0: encryption failed: -22 [ 282.482259][ T7501] ieee802154 phy0 wpan0: encryption failed: -22 [ 284.611792][ T7527] misc userio: Invalid payload size [ 288.040710][ C0] vcan0: j1939_tp_rxtimer: 0xffff8880186c3000: rx timeout, send abort [ 288.051667][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805f2dd800: rx timeout, send abort [ 288.069722][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff8880186c3000: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 288.085818][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805f2dd800: 0x00000: (3) A timeout occurred and this is the connection abort to close the session. [ 290.899157][ T7563] misc userio: Invalid payload size [ 294.009327][ T7589] syzkaller0: entered promiscuous mode [ 294.029453][ T7589] syzkaller0: entered allmulticast mode [ 294.086611][ T7593] misc userio: Invalid payload size [ 295.509669][ T9] usb 3-1: new low-speed USB device number 5 using dummy_hcd [ 295.729615][ T9] usb 3-1: device descriptor read/64, error -71 [ 296.759705][ T9] usb 3-1: new low-speed USB device number 6 using dummy_hcd [ 297.040277][ T9] usb 3-1: device descriptor read/64, error -71 [ 297.229865][ T9] usb usb3-port1: attempt power cycle [ 297.263750][ T7623] misc userio: Invalid payload size [ 298.376840][ T27] kauditd_printk_skb: 7 callbacks suppressed [ 298.376855][ T27] audit: type=1326 audit(1761729921.844:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 298.490191][ T9] usb 3-1: new low-speed USB device number 7 using dummy_hcd [ 298.519257][ T27] audit: type=1326 audit(1761729921.844:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 298.580705][ T27] audit: type=1326 audit(1761729921.844:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 298.709601][ T27] audit: type=1326 audit(1761729921.844:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9bb012b099 code=0x7ffc0000 [ 298.842681][ T27] audit: type=1326 audit(1761729921.844:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 298.947566][ T27] audit: type=1326 audit(1761729921.844:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 299.082035][ T27] audit: type=1326 audit(1761729921.844:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 299.261977][ T27] audit: type=1326 audit(1761729921.844:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9bb012b099 code=0x7ffc0000 [ 299.388713][ T27] audit: type=1326 audit(1761729921.844:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 299.410873][ C0] vkms_vblank_simulate: vblank timer overrun [ 299.479924][ T27] audit: type=1326 audit(1761729921.844:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7626 comm="syz.0.478" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9bb012b099 code=0x7ffc0000 [ 299.754741][ T9] usb 3-1: device descriptor read/8, error -71 [ 301.208973][ T7648] netlink: 276 bytes leftover after parsing attributes in process `syz.3.481'. [ 301.311338][ T7655] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 301.330401][ T7655] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 302.298331][ T7678] netlink: 8 bytes leftover after parsing attributes in process `syz.1.490'. [ 302.325068][ T7678] netlink: 68 bytes leftover after parsing attributes in process `syz.1.490'. [ 303.393344][ T7683] loop3: detected capacity change from 0 to 128 [ 304.466102][ T7683] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 304.612183][ T7683] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 304.877280][ T7698] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 304.963948][ T7698] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 305.020429][ T7692] bridge0: port 3(syz_tun) entered blocking state [ 305.028788][ T7692] bridge0: port 3(syz_tun) entered disabled state [ 305.042969][ T7692] syz_tun: entered promiscuous mode [ 305.050202][ T7692] bridge0: port 3(syz_tun) entered blocking state [ 305.057542][ T7692] bridge0: port 3(syz_tun) entered forwarding state [ 305.301825][ T5796] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 307.929676][ T8] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 308.119624][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 308.154746][ T8] usb 1-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.06 [ 308.183332][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.192103][ T8] usb 1-1: Product: syz [ 308.196387][ T8] usb 1-1: Manufacturer: syz [ 308.214979][ T8] usb 1-1: SerialNumber: syz [ 308.224535][ T8] usb 1-1: config 0 descriptor?? [ 308.245405][ T8] ums_eneub6250 1-1:0.0: USB Mass Storage device detected [ 308.295083][ T7746] loop1: detected capacity change from 0 to 128 [ 308.417685][ T7746] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 308.480604][ T7746] ext4 filesystem being mounted at /130/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 308.966788][ T8] usb 1-1: USB disconnect, device number 9 [ 309.159849][ T7758] netlink: 76 bytes leftover after parsing attributes in process `syz.2.511'. [ 309.215013][ T5795] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 311.913040][ T7791] loop3: detected capacity change from 0 to 128 [ 311.970073][ T7791] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 312.088412][ T7791] ext4 filesystem being mounted at /116/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.950146][ T5796] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 313.601399][ T7822] netlink: 4 bytes leftover after parsing attributes in process `syz.3.527'. [ 313.935796][ T7831] TCP: TCP_TX_DELAY enabled [ 313.985977][ T7812] mmap: syz.2.526 (7812) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 314.552359][ T7844] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 314.960118][ T7849] loop1: detected capacity change from 0 to 128 [ 315.119819][ T7849] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 315.134017][ T7849] ext4 filesystem being mounted at /142/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 316.080258][ T5795] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 317.179964][ T786] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 317.493437][ T786] usb 2-1: config index 0 descriptor too short (expected 23569, got 27) [ 317.602027][ T786] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.624108][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.690113][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.745347][ T786] usb 2-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 317.862502][ T786] usb 2-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 317.981609][ T786] usb 2-1: Manufacturer: syz [ 318.042474][ T786] usb 2-1: config 0 descriptor?? [ 318.239497][ T786] rc_core: IR keymap rc-hauppauge not found [ 318.245522][ T786] Registered IR keymap rc-empty [ 318.295896][ T786] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 318.314126][ T786] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input6 [ 318.367064][ T786] usb 2-1: USB disconnect, device number 10 [ 319.000057][ T7925] netlink: 56 bytes leftover after parsing attributes in process `syz.3.556'. [ 322.795411][ T7993] binder: BINDER_SET_CONTEXT_MGR already set [ 322.829938][ T7993] binder: 7992:7993 ioctl 4018620d 200000004a80 returned -16 [ 323.259348][ T7997] bridge0: port 3(syz_tun) entered blocking state [ 323.286639][ T7997] bridge0: port 3(syz_tun) entered disabled state [ 323.326807][ T7997] syz_tun: entered allmulticast mode [ 323.360665][ T7997] syz_tun: entered promiscuous mode [ 323.379436][ T7997] bridge0: port 3(syz_tun) entered blocking state [ 323.386165][ T7997] bridge0: port 3(syz_tun) entered forwarding state [ 323.863576][ T8031] binder: BINDER_SET_CONTEXT_MGR already set [ 323.946869][ T8031] binder: 8030:8031 ioctl 4018620d 200000004a80 returned -16 [ 324.263852][ T8044] netlink: 'syz.0.585': attribute type 29 has an invalid length. [ 324.284392][ T8044] netlink: 44 bytes leftover after parsing attributes in process `syz.0.585'. [ 324.304399][ T8044] netlink: 'syz.0.585': attribute type 29 has an invalid length. [ 324.315052][ T8044] netlink: 44 bytes leftover after parsing attributes in process `syz.0.585'. [ 324.325393][ T8042] netlink: 'syz.0.585': attribute type 29 has an invalid length. [ 324.378295][ T8042] netlink: 44 bytes leftover after parsing attributes in process `syz.0.585'. [ 324.489629][ T23] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 324.682062][ T23] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 324.696922][ T23] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 324.779688][ T23] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 324.822491][ T23] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 324.869540][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.905392][ T27] kauditd_printk_skb: 158 callbacks suppressed [ 324.905415][ T27] audit: type=1326 audit(1761729948.374:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8035 comm="syz.0.585" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x0 [ 324.906729][ T23] usb 4-1: config 0 descriptor?? [ 325.056636][ T8041] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 325.110219][ T23] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 326.119894][ T8] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 326.320039][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 326.337875][ T8] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 326.355410][ T8] usb 2-1: config 0 has no interface number 0 [ 326.371273][ T8] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping [ 326.424154][ T8] usb 2-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping [ 326.466793][ T8] usb 2-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 326.503967][ T8] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 326.727574][ T8076] loop2: detected capacity change from 0 to 32768 [ 326.759714][ T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.774851][ T8076] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.588 (8076) [ 326.806767][ T8076] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 326.818438][ T8076] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 326.827305][ T8076] BTRFS info (device loop2): setting nodatacow, compression disabled [ 326.835435][ T8076] BTRFS info (device loop2): turning on flush-on-commit [ 326.842490][ T8076] BTRFS info (device loop2): enabling auto defrag [ 326.848969][ T8076] BTRFS info (device loop2): trying to use backup root at mount time [ 326.857264][ T8076] BTRFS info (device loop2): turning on async discard [ 326.864158][ T8076] BTRFS info (device loop2): using free space tree [ 326.876020][ T8] usb 2-1: config 0 descriptor?? [ 326.884414][ T8] ldusb 2-1:0.55: Interrupt in endpoint not found [ 327.032506][ T2921] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 327.178615][ T8076] BTRFS error (device loop2): failed to load root extent [ 327.185881][ T8076] BTRFS warning (device loop2): try to load backup roots slot 1 [ 327.194376][ T2921] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 327.211478][ T8076] BTRFS warning (device loop2): couldn't read tree root [ 327.218514][ T8076] BTRFS warning (device loop2): try to load backup roots slot 2 [ 327.227288][ T2921] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 327.249963][ T8076] BTRFS warning (device loop2): couldn't read tree root [ 327.257043][ T8076] BTRFS warning (device loop2): try to load backup roots slot 3 [ 327.268183][ T786] usb 2-1: USB disconnect, device number 11 [ 327.308215][ T5864] usb 4-1: USB disconnect, device number 5 [ 327.466809][ T8076] BTRFS info (device loop2): enabling ssd optimizations [ 327.477666][ T8076] BTRFS info (device loop2): rebuilding free space tree [ 327.571509][ T8076] BTRFS info (device loop2): checking UUID tree [ 328.534096][ T5791] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 328.597870][ T8121] netlink: 6 bytes leftover after parsing attributes in process `syz.3.595'. [ 328.702505][ T8121] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 329.050773][ T8136] binder: BINDER_SET_CONTEXT_MGR already set [ 329.056939][ T8136] binder: 8135:8136 ioctl 4018620d 200000004a80 returned -16 [ 330.025488][ T8149] loop2: detected capacity change from 0 to 32768 [ 330.037746][ T8149] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.603 (8149) [ 330.059269][ T8149] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 330.069612][ T8149] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 330.078372][ T8149] BTRFS info (device loop2): setting nodatacow, compression disabled [ 330.086599][ T8149] BTRFS info (device loop2): turning on flush-on-commit [ 330.093667][ T8149] BTRFS info (device loop2): enabling auto defrag [ 330.100243][ T8149] BTRFS info (device loop2): trying to use backup root at mount time [ 330.108387][ T8149] BTRFS info (device loop2): turning on async discard [ 330.115284][ T8149] BTRFS info (device loop2): using free space tree [ 330.171228][ T42] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 330.185990][ T8149] BTRFS error (device loop2): failed to load root extent [ 330.193193][ T8149] BTRFS warning (device loop2): try to load backup roots slot 1 [ 330.201446][ T2921] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 330.265906][ T8149] BTRFS warning (device loop2): couldn't read tree root [ 330.272996][ T8149] BTRFS warning (device loop2): try to load backup roots slot 2 [ 330.284145][ T2993] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 330.323828][ T8149] BTRFS warning (device loop2): couldn't read tree root [ 330.331035][ T8149] BTRFS warning (device loop2): try to load backup roots slot 3 [ 330.372915][ T8149] BTRFS info (device loop2): enabling ssd optimizations [ 330.382627][ T8149] BTRFS info (device loop2): rebuilding free space tree [ 330.399467][ T8149] BTRFS info (device loop2): checking UUID tree [ 331.255468][ T5791] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 332.579707][ T28] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 332.721914][ T8215] loop2: detected capacity change from 0 to 32768 [ 332.748083][ T8215] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.620 (8215) [ 332.785241][ T8215] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 332.795728][ T8215] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 332.804817][ T8215] BTRFS info (device loop2): setting nodatacow, compression disabled [ 332.813064][ T8215] BTRFS info (device loop2): turning on flush-on-commit [ 332.820134][ T8215] BTRFS info (device loop2): enabling auto defrag [ 332.826678][ T8215] BTRFS info (device loop2): trying to use backup root at mount time [ 332.834912][ T8215] BTRFS info (device loop2): turning on async discard [ 332.841848][ T8215] BTRFS info (device loop2): using free space tree [ 332.955561][ T2921] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 332.989979][ T28] usb 1-1: Using ep0 maxpacket: 16 [ 333.052229][ T28] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 333.071761][ T28] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.109596][ T8215] BTRFS error (device loop2): failed to load root extent [ 333.116792][ T8215] BTRFS warning (device loop2): try to load backup roots slot 1 [ 333.116840][ T28] usb 1-1: Product: syz [ 333.129129][ T3498] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 333.179649][ T28] usb 1-1: Manufacturer: syz [ 333.189932][ T8215] BTRFS warning (device loop2): couldn't read tree root [ 333.197005][ T8215] BTRFS warning (device loop2): try to load backup roots slot 2 [ 333.199734][ T28] usb 1-1: SerialNumber: syz [ 333.213866][ T3498] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 333.252797][ T28] usb 1-1: config 0 descriptor?? [ 333.279946][ T8215] BTRFS warning (device loop2): couldn't read tree root [ 333.287059][ T8215] BTRFS warning (device loop2): try to load backup roots slot 3 [ 333.297903][ T28] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 333.336062][ T8215] BTRFS info (device loop2): enabling ssd optimizations [ 333.347301][ T8215] BTRFS info (device loop2): rebuilding free space tree [ 333.376093][ T8215] BTRFS info (device loop2): checking UUID tree [ 333.750143][ T28] usb 1-1: clie_3_5_startup: get config number bad return length: 0 [ 333.772670][ T28] visor: probe of 1-1:0.0 failed with error -5 [ 334.008090][ T5791] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 334.048586][ T27] audit: type=1326 audit(1761729957.514:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8210 comm="syz.0.619" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x0 [ 334.456118][ T8240] pim6reg1: entered promiscuous mode [ 334.475554][ T8240] pim6reg1: entered allmulticast mode [ 334.607980][ T8240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.630590][ T8240] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.883423][ T8260] loop2: detected capacity change from 0 to 32768 [ 335.896098][ T8260] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.630 (8260) [ 335.914508][ T8260] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 335.924967][ T8260] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 335.933771][ T8260] BTRFS info (device loop2): setting nodatacow, compression disabled [ 335.942041][ T8260] BTRFS info (device loop2): turning on flush-on-commit [ 335.949033][ T8260] BTRFS info (device loop2): enabling auto defrag [ 335.955574][ T8260] BTRFS info (device loop2): trying to use backup root at mount time [ 335.963813][ T8260] BTRFS info (device loop2): turning on async discard [ 335.970708][ T8260] BTRFS info (device loop2): using free space tree [ 336.034927][ T42] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0 [ 336.065439][ T8260] BTRFS error (device loop2): failed to load root extent [ 336.074832][ T8260] BTRFS warning (device loop2): try to load backup roots slot 1 [ 336.084448][ T42] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0 [ 336.099988][ T8260] BTRFS warning (device loop2): couldn't read tree root [ 336.107004][ T8260] BTRFS warning (device loop2): try to load backup roots slot 2 [ 336.119716][ T59] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1 [ 336.136903][ T8260] BTRFS warning (device loop2): couldn't read tree root [ 336.144460][ T8260] BTRFS warning (device loop2): try to load backup roots slot 3 [ 336.179931][ T8260] BTRFS info (device loop2): enabling ssd optimizations [ 336.189669][ T8260] BTRFS info (device loop2): rebuilding free space tree [ 336.215434][ T8260] BTRFS info (device loop2): checking UUID tree [ 336.575012][ T8] usb 1-1: USB disconnect, device number 10 [ 336.781409][ T5791] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 337.039041][ T5797] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop2 scanned by udevd (5797) [ 338.119593][ T8314] loop3: detected capacity change from 0 to 32768 [ 338.138857][ T8314] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 338.339661][ T6170] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 340.533511][ T8344] loop0: detected capacity change from 0 to 32768 [ 340.551668][ T8344] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9 [ 340.574565][ T8348] delete_channel: no stack [ 340.611861][ T5797] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 342.108319][ T8369] netlink: 'syz.2.662': attribute type 10 has an invalid length. [ 342.169435][ T8369] bridge0: port 3(syz_tun) entered disabled state [ 342.253305][ T8369] syz_tun: left promiscuous mode [ 342.260094][ T8369] bridge0: port 3(syz_tun) entered disabled state [ 342.295985][ T8369] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 342.369125][ T8372] 8021q: adding VLAN 0 to HW filter on device bond1 [ 342.870271][ T8383] loop3: detected capacity change from 0 to 32768 [ 342.896159][ T8383] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 344.220369][ T6170] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 345.399658][ T786] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 345.679684][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 345.713171][ T786] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.743047][ T786] usb 3-1: config 0 interface 0 has no altsetting 0 [ 345.753348][ T786] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 345.765326][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.784364][ T786] usb 3-1: config 0 descriptor?? [ 346.142640][ T8406] tipc: Enabled bearer , priority 10 [ 346.230642][ T786] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 346.244803][ T8407] tipc: Enabling of bearer rejected, max 3 bearers permitted [ 346.276439][ T786] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 346.322347][ T786] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 346.350248][ T786] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 346.375661][ T786] nzxt-smart2 0003:1E71:2009.0001: unknown main item tag 0x0 [ 346.512159][ T786] nzxt-smart2 0003:1E71:2009.0001: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0 [ 347.622392][ T8399] netlink: 'syz.2.669': attribute type 3 has an invalid length. [ 347.896706][ T8429] loop3: detected capacity change from 0 to 32768 [ 347.949828][ T8429] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 347.972684][ C0] usb 3-1: input irq status -75 received [ 348.286762][ T5797] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9 [ 349.371684][ T5850] usb 3-1: USB disconnect, device number 9 [ 353.649531][ T8486] bridge0: port 2(bridge_slave_1) entered disabled state [ 353.657071][ T8486] bridge0: port 1(bridge_slave_0) entered disabled state [ 353.676860][ T8496] sg_write: process 547 (syz.1.698) changed security contexts after opening file descriptor, this is not allowed. [ 355.501240][ T8510] misc userio: Invalid payload size [ 357.545025][ T8544] netlink: 12 bytes leftover after parsing attributes in process `syz.3.712'. [ 357.591416][ T8544] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:1) [ 357.604463][ T8544] syz.3.712 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 357.631647][ T8544] random: crng reseeded on system resumption [ 359.619374][ T8558] misc userio: Invalid payload size [ 361.392253][ T8591] misc userio: Invalid payload size [ 362.146907][ T8594] loop1: detected capacity change from 0 to 128 [ 362.218529][ T8594] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 362.239076][ T8594] ext4 filesystem being mounted at /196/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 363.967828][ T8617] binder: 8616:8617 ioctl c0306201 0 returned -14 [ 364.093669][ T5795] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 365.306396][ T8630] misc userio: Invalid payload size [ 365.432961][ T8637] netlink: 12 bytes leftover after parsing attributes in process `syz.0.744'. [ 365.449692][ T8637] netlink: 'syz.0.744': attribute type 15 has an invalid length. [ 365.519758][ T8637] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 65279 - 0 [ 365.529098][ T8637] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 65279 - 0 [ 365.538287][ T8637] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 65279 - 0 [ 365.547256][ T8637] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 65279 - 0 [ 365.601505][ T8637] vxlan0: entered promiscuous mode [ 365.763510][ T8641] loop1: detected capacity change from 0 to 128 [ 365.801525][ T8641] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 365.841043][ T8641] ext4 filesystem being mounted at /200/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 366.296403][ T8648] binder: 8646:8648 ioctl c0306201 0 returned -14 [ 367.565753][ T27] audit: type=1326 audit(1761729991.034:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 367.592100][ T27] audit: type=1326 audit(1761729991.064:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 367.689910][ T27] audit: type=1326 audit(1761729991.064:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 367.748506][ T27] audit: type=1326 audit(1761729991.064:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 367.815509][ T27] audit: type=1326 audit(1761729991.064:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 367.872206][ T27] audit: type=1326 audit(1761729991.094:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 367.937948][ T27] audit: type=1326 audit(1761729991.094:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 367.998171][ T27] audit: type=1326 audit(1761729991.094:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 368.059227][ T27] audit: type=1326 audit(1761729991.094:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 368.113627][ T27] audit: type=1326 audit(1761729991.094:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8663 comm="syz.2.756" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 368.518780][ T8680] tap0: tun_chr_ioctl cmd 1074025677 [ 368.524688][ T8680] tap0: linktype set to 270 [ 368.566429][ T5795] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 369.564294][ T8696] misc userio: Invalid payload size [ 371.821347][ T8735] misc userio: Invalid payload size [ 371.949630][ T28] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 372.992614][ T28] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 373.013414][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.036923][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.077527][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.110237][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.119214][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.135845][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.165495][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.189633][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.216077][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.232993][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.251474][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.275282][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.294516][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.319585][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.345085][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.359398][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.373420][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.384972][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.402410][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.402658][ T8765] loop3: detected capacity change from 0 to 128 [ 373.425333][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.451033][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.464547][ T8765] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 373.485704][ T28] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 373.501120][ T8765] ext4 filesystem being mounted at /188/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 373.522027][ T28] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 373.550181][ T28] usb 1-1: config 0 interface 0 has no altsetting 0 [ 373.803913][ T28] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 373.817190][ T28] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 373.827043][ T28] usb 1-1: Product: syz [ 374.997050][ T5796] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 375.179576][ T28] usb 1-1: Manufacturer: syz [ 375.184310][ T28] usb 1-1: SerialNumber: syz [ 375.196645][ T28] usb 1-1: config 0 descriptor?? [ 375.202488][ T28] usb 1-1: can't set config #0, error -71 [ 375.219980][ T28] usb 1-1: USB disconnect, device number 11 [ 375.622566][ T8796] loop2: detected capacity change from 0 to 128 [ 375.661849][ T8796] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 375.700093][ T8796] ext4 filesystem being mounted at /208/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 376.694285][ T5791] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 378.139856][ T28] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 378.152092][ T8824] tipc: Started in network mode [ 378.157136][ T8824] tipc: Node identity ac1414aa, cluster identity 4711 [ 378.173384][ T8824] tipc: Enabled bearer , priority 10 [ 378.181440][ T8824] tipc: Enabled bearer , priority 0 [ 378.393206][ T28] usb 4-1: Using ep0 maxpacket: 16 [ 378.488557][ T28] usb 4-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=4f.75 [ 378.538960][ T28] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.602068][ T27] kauditd_printk_skb: 30 callbacks suppressed [ 378.602080][ T27] audit: type=1326 audit(1761730002.074:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 378.639613][ T28] usb 4-1: Product: syz [ 378.644058][ T28] usb 4-1: Manufacturer: syz [ 378.648710][ T28] usb 4-1: SerialNumber: syz [ 378.720934][ T28] usb 4-1: config 0 descriptor?? [ 378.736734][ T28] usb 4-1: bad CDC descriptors [ 378.762086][ T27] audit: type=1326 audit(1761730002.074:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 378.879265][ T27] audit: type=1326 audit(1761730002.074:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 378.978966][ T8815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.990699][ T8815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.998606][ T27] audit: type=1326 audit(1761730002.074:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 379.054631][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.061085][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.070348][ T27] audit: type=1326 audit(1761730002.074:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 379.093020][ T27] audit: type=1326 audit(1761730002.114:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 379.129346][ T27] audit: type=1326 audit(1761730002.114:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 379.181589][ T5881] tipc: Node number set to 2886997162 [ 379.207083][ T8815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.219632][ T8815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.323348][ T27] audit: type=1326 audit(1761730002.114:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 379.400985][ T27] audit: type=1326 audit(1761730002.114:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 379.423854][ T27] audit: type=1326 audit(1761730002.144:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8828 comm="syz.2.812" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 379.808460][ T8837] loop1: detected capacity change from 0 to 128 [ 379.921128][ T8837] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 380.052319][ T8837] ext4 filesystem being mounted at /215/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 381.041921][ T5795] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 382.072951][ T8] usb 4-1: USB disconnect, device number 6 [ 382.425981][ T8869] tipc: Failed to obtain node identity [ 382.432316][ T8869] tipc: Enabling of bearer rejected, failed to enable media [ 385.598133][ T8898] fuse: Bad value for 'rootmode' [ 385.642137][ T27] kauditd_printk_skb: 60 callbacks suppressed [ 385.642152][ T27] audit: type=1804 audit(1761730009.114:336): pid=8894 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.3.836" name="/newroot/197/file1" dev="fuse" ino=1 res=1 errno=0 [ 386.536240][ T27] audit: type=1326 audit(1761730010.004:337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 386.614168][ T27] audit: type=1326 audit(1761730010.004:338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 386.636382][ C1] vkms_vblank_simulate: vblank timer overrun [ 386.664420][ T27] audit: type=1326 audit(1761730010.004:339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 386.682256][ T8913] loop2: detected capacity change from 0 to 64 [ 386.711193][ T27] audit: type=1326 audit(1761730010.004:340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 386.733428][ C1] vkms_vblank_simulate: vblank timer overrun [ 386.752973][ T27] audit: type=1326 audit(1761730010.004:341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 386.797317][ T27] audit: type=1326 audit(1761730010.004:342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 386.819511][ C1] vkms_vblank_simulate: vblank timer overrun [ 386.827275][ T27] audit: type=1326 audit(1761730010.004:343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 386.849483][ C1] vkms_vblank_simulate: vblank timer overrun [ 386.886233][ T27] audit: type=1326 audit(1761730010.004:344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 387.162046][ T27] audit: type=1326 audit(1761730010.004:345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8910 comm="syz.1.841" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f94c2b8efc9 code=0x7ffc0000 [ 387.184264][ C1] vkms_vblank_simulate: vblank timer overrun [ 387.256946][ T8918] netlink: 'syz.2.840': attribute type 3 has an invalid length. [ 387.264843][ T8918] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.840'. [ 387.849156][ T8922] tipc: Enabled bearer , priority 0 [ 388.969946][ T28] tipc: Node number set to 1677787392 [ 389.251743][ T8936] binder: BINDER_SET_CONTEXT_MGR already set [ 389.271444][ T8936] binder: 8935:8936 ioctl 4018620d 200000004a80 returned -16 [ 389.290954][ T8936] binder: 8935:8936 ioctl c0306201 0 returned -14 [ 389.313549][ T8937] bridge0: port 3(syz_tun) entered blocking state [ 389.330277][ T8937] bridge0: port 3(syz_tun) entered disabled state [ 389.347256][ T8937] syz_tun: entered allmulticast mode [ 389.361220][ T8937] syz_tun: entered promiscuous mode [ 389.450154][ T786] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 389.649587][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 389.663342][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 389.683866][ T786] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 389.704410][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 389.729049][ T786] usb 3-1: config 0 descriptor?? [ 390.021150][ T786] usbhid 3-1:0.0: can't add hid device: -71 [ 390.037478][ T786] usbhid: probe of 3-1:0.0 failed with error -71 [ 390.056080][ T786] usb 3-1: USB disconnect, device number 10 [ 390.431148][ T8952] loop0: detected capacity change from 0 to 64 [ 390.927987][ T8965] netlink: 'syz.0.856': attribute type 3 has an invalid length. [ 390.936097][ T8965] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.856'. [ 391.004266][ T8958] tipc: Enabling of bearer rejected, already enabled [ 393.509594][ T8] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 393.676867][ T8999] bridge0: port 3(syz_tun) entered blocking state [ 393.700235][ T8999] bridge0: port 3(syz_tun) entered disabled state [ 393.714786][ T8999] syz_tun: entered allmulticast mode [ 393.720709][ T8] usb 3-1: Using ep0 maxpacket: 16 [ 393.731775][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 393.745852][ T8999] syz_tun: entered promiscuous mode [ 393.756603][ T8999] bridge0: port 3(syz_tun) entered blocking state [ 393.763984][ T8999] bridge0: port 3(syz_tun) entered forwarding state [ 393.775409][ T8] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 393.799074][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 393.831006][ T8] usb 3-1: config 0 descriptor?? [ 394.120539][ T8] usbhid 3-1:0.0: can't add hid device: -71 [ 394.126708][ T8] usbhid: probe of 3-1:0.0 failed with error -71 [ 394.155614][ T8] usb 3-1: USB disconnect, device number 11 [ 394.304165][ T9003] ptrace attach of "./syz-executor exec"[5796] was attempted by "./syz-executor exec"[9003] [ 394.349621][ T5850] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 394.548739][ T5850] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 394.592516][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 394.619593][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 394.648095][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 394.671474][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 394.704417][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 394.726334][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 394.738520][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 394.750115][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 394.779521][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 394.966775][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 395.253574][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 395.389575][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 395.410313][ T9012] capability: warning: `syz.2.876' uses deprecated v2 capabilities in a way that may be insecure [ 395.436149][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 395.489941][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 395.521362][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 395.542085][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 395.552923][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 395.564558][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 395.573068][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 395.582619][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 395.593882][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 395.615621][ T5850] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 395.625761][ T5850] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 395.636153][ T9014] loop0: detected capacity change from 0 to 64 [ 395.674634][ T5850] usb 2-1: config 0 interface 0 has no altsetting 0 [ 395.703976][ T5850] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 395.713646][ T5850] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 395.724877][ T5850] usb 2-1: Product: syz [ 395.729115][ T5850] usb 2-1: Manufacturer: syz [ 395.736774][ T5850] usb 2-1: SerialNumber: syz [ 395.751072][ T5850] usb 2-1: config 0 descriptor?? [ 395.778512][ T5850] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 396.051729][ T5850] usb 2-1: USB disconnect, device number 12 [ 396.114189][ T5850] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 396.138268][ T9019] netlink: 4 bytes leftover after parsing attributes in process `syz.2.878'. [ 396.153970][ T9020] netlink: 'syz.0.877': attribute type 3 has an invalid length. [ 396.161814][ T9020] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.877'. [ 397.379747][ T9034] netlink: 'syz.1.880': attribute type 10 has an invalid length. [ 397.939647][ T786] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 398.139566][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 398.161468][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 398.173302][ T786] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 398.182900][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 398.200194][ T786] usb 3-1: config 0 descriptor?? [ 398.517334][ T786] usbhid 3-1:0.0: can't add hid device: -71 [ 398.532084][ T786] usbhid: probe of 3-1:0.0 failed with error -71 [ 398.551488][ T786] usb 3-1: USB disconnect, device number 12 [ 398.935217][ T9058] loop3: detected capacity change from 0 to 128 [ 398.972979][ T9059] misc userio: Invalid payload size [ 399.143976][ T9058] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 399.292246][ T9058] ext4 filesystem being mounted at /212/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 400.990123][ T5796] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 401.755452][ T9087] misc userio: Invalid payload size [ 401.889615][ T23] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 402.690413][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 402.703942][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 402.737085][ T23] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 402.756874][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 402.770279][ T23] usb 2-1: config 0 descriptor?? [ 402.804758][ T9103] loop2: detected capacity change from 0 to 128 [ 402.946964][ T9103] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 402.964886][ T9103] ext4 filesystem being mounted at /238/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 403.128696][ T23] usbhid 2-1:0.0: can't add hid device: -71 [ 403.139994][ T23] usbhid: probe of 2-1:0.0 failed with error -71 [ 403.158987][ T23] usb 2-1: USB disconnect, device number 13 [ 404.764797][ T9125] misc userio: Invalid payload size [ 406.966958][ T5791] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 407.427813][ T9156] misc userio: Invalid payload size [ 407.499713][ T5881] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 407.729879][ T5881] usb 1-1: Using ep0 maxpacket: 16 [ 407.831515][ T5881] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 407.962107][ T5881] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 408.075051][ T5881] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 408.180113][ T5881] usb 1-1: config 0 descriptor?? [ 408.467991][ T5881] usbhid 1-1:0.0: can't add hid device: -71 [ 408.489220][ T5881] usbhid: probe of 1-1:0.0 failed with error -71 [ 408.524633][ T5881] usb 1-1: USB disconnect, device number 12 [ 409.682816][ T9188] misc userio: Invalid payload size [ 410.032027][ T9191] syzkaller0: entered promiscuous mode [ 410.040721][ T9191] syzkaller0: entered allmulticast mode [ 410.143532][ T9201] netlink: 8 bytes leftover after parsing attributes in process `syz.1.941'. [ 411.660836][ T9221] misc userio: Invalid payload size [ 411.759924][ T28] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 411.979624][ T28] usb 2-1: Using ep0 maxpacket: 16 [ 412.031479][ T28] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 412.105034][ T28] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 412.166558][ T28] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 412.289755][ T5881] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 412.295141][ T28] usb 2-1: config 0 descriptor?? [ 412.589553][ T5881] usb 3-1: Using ep0 maxpacket: 32 [ 412.610580][ T5881] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 412.638375][ T5881] usb 3-1: config 0 has no interface number 0 [ 412.649749][ T5881] usb 3-1: config 0 interface 184 has no altsetting 0 [ 412.660015][ T28] usbhid 2-1:0.0: can't add hid device: -71 [ 412.678236][ T28] usbhid: probe of 2-1:0.0 failed with error -71 [ 412.686835][ T5881] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 412.697265][ T28] usb 2-1: USB disconnect, device number 14 [ 412.708609][ T27] kauditd_printk_skb: 21 callbacks suppressed [ 412.708625][ T27] audit: type=1326 audit(1761730036.174:367): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 412.737390][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.745523][ T5881] usb 3-1: Product: syz [ 412.761987][ T5881] usb 3-1: Manufacturer: syz [ 412.766749][ T5881] usb 3-1: SerialNumber: syz [ 412.789901][ T5881] usb 3-1: config 0 descriptor?? [ 412.794170][ T27] audit: type=1326 audit(1761730036.194:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 412.801365][ T5881] smsc75xx v1.0.0 [ 412.845355][ T27] audit: type=1326 audit(1761730036.194:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 412.868239][ T5881] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 412.876326][ T27] audit: type=1326 audit(1761730036.194:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 412.892444][ T5881] smsc75xx: probe of 3-1:0.184 failed with error -22 [ 412.918656][ T27] audit: type=1326 audit(1761730036.194:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=7 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 412.976578][ T27] audit: type=1326 audit(1761730036.204:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 412.980913][ T5881] usb 3-1: USB disconnect, device number 13 [ 413.043989][ T27] audit: type=1326 audit(1761730036.204:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 413.072648][ T27] audit: type=1326 audit(1761730036.204:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 413.109307][ T27] audit: type=1326 audit(1761730036.204:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 413.138828][ T27] audit: type=1326 audit(1761730036.204:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9231 comm="syz.0.953" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9bb018efc9 code=0x7ffc0000 [ 413.240039][ T786] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 413.459020][ T786] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 413.468021][ T786] usb 4-1: config 0 has no interface number 0 [ 413.477972][ T786] usb 4-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 413.494043][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.511730][ T786] usb 4-1: config 0 descriptor?? [ 413.524453][ T786] usb 4-1: selecting invalid altsetting 1 [ 413.538665][ T786] dvb_ttusb_budget: ttusb_init_controller: error [ 413.555865][ T786] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 413.779058][ T786] DVB: Unable to find symbol cx22700_attach() [ 413.877196][ T786] DVB: Unable to find symbol tda10046_attach() [ 413.886910][ T786] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 413.923201][ T786] usb 4-1: USB disconnect, device number 7 [ 414.291247][ T5881] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 414.313697][ T9271] loop0: detected capacity change from 0 to 16 [ 414.352888][ T9271] erofs: (device loop0): mounted with root inode @ nid 36. [ 414.659802][ T5881] usb 2-1: Using ep0 maxpacket: 16 [ 414.799933][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 414.902021][ T5881] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 414.959511][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 415.017463][ T5881] usb 2-1: config 0 descriptor?? [ 415.134107][ T9276] netlink: 24 bytes leftover after parsing attributes in process `syz.3.968'. [ 415.350527][ T5881] usbhid 2-1:0.0: can't add hid device: -71 [ 415.365618][ T5881] usbhid: probe of 2-1:0.0 failed with error -71 [ 415.384495][ T5881] usb 2-1: USB disconnect, device number 15 [ 415.879839][ T9298] 8021q: VLANs not supported on lo [ 416.511759][ T9325] netlink: 24 bytes leftover after parsing attributes in process `syz.1.988'. [ 416.668050][ T9331] loop0: detected capacity change from 0 to 64 [ 416.710107][ T786] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 417.432720][ T786] usb 4-1: Using ep0 maxpacket: 16 [ 417.588612][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 417.675185][ T786] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 417.737861][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 417.757937][ T786] usb 4-1: config 0 descriptor?? [ 418.089785][ T786] usbhid 4-1:0.0: can't add hid device: -71 [ 418.099562][ T786] usbhid: probe of 4-1:0.0 failed with error -71 [ 418.125273][ T786] usb 4-1: USB disconnect, device number 8 [ 418.380904][ T9352] netlink: 'syz.0.992': attribute type 3 has an invalid length. [ 418.404817][ T9352] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.992'. [ 418.841738][ T9365] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1002'. [ 419.367161][ T9367] loop1: detected capacity change from 0 to 16 [ 419.419201][ T9367] erofs: (device loop1): mounted with root inode @ nid 36. [ 419.748655][ T9373] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1004'. [ 421.152791][ T9395] loop3: detected capacity change from 0 to 64 [ 421.209630][ T5864] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 421.459773][ T5864] usb 3-1: Using ep0 maxpacket: 16 [ 421.510775][ T9397] netlink: 'syz.3.1012': attribute type 3 has an invalid length. [ 421.518825][ T9397] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.1012'. [ 421.572831][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 422.183899][ T5864] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 422.223026][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.246798][ T5864] usb 3-1: config 0 descriptor?? [ 422.262414][ T9400] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1013'. [ 423.278409][ T5864] usbhid 3-1:0.0: can't add hid device: -71 [ 423.296684][ T5864] usbhid: probe of 3-1:0.0 failed with error -71 [ 423.316927][ T5864] usb 3-1: USB disconnect, device number 14 [ 423.906098][ T9418] loop1: detected capacity change from 0 to 16 [ 423.968149][ T9418] erofs: (device loop1): mounted with root inode @ nid 36. [ 424.458345][ T9430] loop3: detected capacity change from 0 to 64 [ 424.850766][ T9432] netlink: 'syz.3.1022': attribute type 3 has an invalid length. [ 424.858654][ T9432] netlink: 201372 bytes leftover after parsing attributes in process `syz.3.1022'. [ 425.729880][ T9438] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1024'. [ 426.214906][ T9443] misc userio: Invalid payload size [ 426.509667][ T5864] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 426.719582][ T5864] usb 3-1: Using ep0 maxpacket: 16 [ 426.745078][ T5864] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 426.782991][ T5864] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 426.808746][ T5864] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.836110][ T5864] usb 3-1: config 0 descriptor?? [ 427.114224][ T5864] usbhid 3-1:0.0: can't add hid device: -71 [ 427.128170][ T5864] usbhid: probe of 3-1:0.0 failed with error -71 [ 427.160958][ T5864] usb 3-1: USB disconnect, device number 15 [ 427.380362][ T9461] loop1: detected capacity change from 0 to 64 [ 427.756542][ T9465] netlink: 'syz.1.1032': attribute type 3 has an invalid length. [ 427.764685][ T9465] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1032'. [ 428.681013][ T9473] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1036'. [ 428.902321][ T9478] loop3: detected capacity change from 0 to 16 [ 428.947860][ T9478] erofs: (device loop3): mounted with root inode @ nid 36. [ 429.060318][ T9479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1037'. [ 429.071456][ T9479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1037'. [ 429.080898][ T9479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1037'. [ 429.090286][ T9479] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1037'. [ 429.149698][ T9482] misc userio: Invalid payload size [ 430.610718][ T23] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 430.839596][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 430.846823][ T23] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 430.865558][ T23] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 430.875143][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 430.893774][ T23] usb 2-1: config 0 descriptor?? [ 430.932315][ T9505] misc userio: Invalid payload size [ 431.136630][ T23] usbhid 2-1:0.0: can't add hid device: -71 [ 431.144280][ T23] usbhid: probe of 2-1:0.0 failed with error -71 [ 431.155497][ T23] usb 2-1: USB disconnect, device number 16 [ 431.197223][ T9511] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1047'. [ 432.088963][ T9528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1053'. [ 433.582085][ T9549] misc userio: Invalid payload size [ 434.043343][ T9556] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1060'. [ 434.179536][ T5881] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 434.389544][ T5881] usb 2-1: Using ep0 maxpacket: 16 [ 434.410395][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 434.469816][ T5881] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 434.484978][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 434.515912][ T5881] usb 2-1: config 0 descriptor?? [ 434.840532][ T5881] usbhid 2-1:0.0: can't add hid device: -71 [ 434.853658][ T5881] usbhid: probe of 2-1:0.0 failed with error -71 [ 434.883911][ T5881] usb 2-1: USB disconnect, device number 17 [ 435.926120][ T9570] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1063'. [ 436.752303][ T9582] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1067'. [ 436.890211][ T9585] misc userio: Invalid payload size [ 436.969549][ T5881] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 437.179523][ T5881] usb 3-1: Using ep0 maxpacket: 8 [ 437.188532][ T5881] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 437.206465][ T5881] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 437.227423][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.238358][ T5881] usb 3-1: Product: syz [ 437.245261][ T5881] usb 3-1: Manufacturer: syz [ 437.252285][ T5881] usb 3-1: SerialNumber: syz [ 437.266468][ T5881] usb 3-1: config 0 descriptor?? [ 437.278579][ T5881] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 437.287044][ T5881] usb 3-1: setting power ON [ 437.296129][ T5881] dvb-usb: bulk message failed: -22 (2/0) [ 437.308307][ T5881] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 437.321980][ T5881] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 437.332840][ T5881] usb 3-1: media controller created [ 437.358559][ T5881] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 437.384323][ T5881] usb 3-1: selecting invalid altsetting 6 [ 437.391977][ T5881] usb 3-1: digital interface selection failed (-22) [ 437.398712][ T5881] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 437.402165][ T5891] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 437.409497][ T5881] usb 3-1: setting power OFF [ 437.425674][ T5881] dvb-usb: bulk message failed: -22 (2/0) [ 437.432273][ T5881] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 437.442058][ T5881] (NULL device *): no alternate interface [ 437.484440][ T5881] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 437.516419][ T5881] usb 3-1: USB disconnect, device number 16 [ 437.599531][ T5891] usb 1-1: Using ep0 maxpacket: 16 [ 437.608359][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 437.623884][ T5891] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 437.641757][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.665872][ T5891] usb 1-1: config 0 descriptor?? [ 437.816699][ T9596] lo: entered allmulticast mode [ 437.837448][ T9596] input: syz1 as /devices/virtual/input/input7 [ 437.943332][ T5891] usbhid 1-1:0.0: can't add hid device: -71 [ 437.950240][ T5891] usbhid: probe of 1-1:0.0 failed with error -71 [ 437.974427][ T5891] usb 1-1: USB disconnect, device number 13 [ 438.003501][ T9595] lo: left allmulticast mode [ 438.272186][ T9608] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1077'. [ 438.756423][ T9618] trusted_key: syz.0.1078 sent an empty control message without MSG_MORE. [ 439.085931][ T9622] misc userio: Invalid payload size [ 439.570619][ T9632] bridge1: entered promiscuous mode [ 440.132745][ T9646] input: syz1 as /devices/virtual/input/input8 [ 440.493499][ T1292] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.503090][ T1292] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.779526][ T23] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 441.688561][ T23] usb 4-1: Using ep0 maxpacket: 16 [ 441.944727][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 441.981804][ T23] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 442.008579][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 442.044831][ T23] usb 4-1: config 0 descriptor?? [ 443.574274][ T23] usbhid 4-1:0.0: can't add hid device: -71 [ 443.580859][ T23] usbhid: probe of 4-1:0.0 failed with error -71 [ 443.592901][ T23] usb 4-1: USB disconnect, device number 9 [ 443.777858][ T9663] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1090'. [ 444.692287][ T9670] misc userio: Invalid payload size [ 444.728362][ T9677] lo: entered allmulticast mode [ 444.741797][ T9677] input: syz1 as /devices/virtual/input/input9 [ 444.782542][ T9676] lo: left allmulticast mode [ 446.199608][ T786] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 446.281542][ T9698] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1102'. [ 446.396423][ T786] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 446.411431][ T786] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.426878][ T9702] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1104'. [ 446.437445][ T786] usb 3-1: Product: syz [ 446.459819][ T9702] bridge0: port 3(syz_tun) entered disabled state [ 446.472179][ T786] usb 3-1: Manufacturer: syz [ 446.489478][ T786] usb 3-1: SerialNumber: syz [ 446.512167][ T786] usb 3-1: config 0 descriptor?? [ 446.526084][ T786] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 446.538137][ T9702] syz_tun (unregistering): left allmulticast mode [ 446.551514][ T9702] syz_tun (unregistering): left promiscuous mode [ 446.566554][ T9702] bridge0: port 3(syz_tun) entered disabled state [ 446.568565][ T786] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 446.603500][ T786] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 446.623275][ T786] usb 3-1: media controller created [ 446.699208][ T786] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 446.730236][ T9687] digitv: more than 2 i2c messages at a time is not handled yet. TODO. [ 446.871124][ T786] DVB: Unable to find symbol mt352_attach() [ 447.013443][ T786] DVB: Unable to find symbol nxt6000_attach() [ 447.049643][ T786] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 447.074072][ T786] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10 [ 447.183045][ T786] dvb-usb: schedule remote query interval to 1000 msecs. [ 447.210815][ T786] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 447.221272][ T786] dvb-usb: bulk message failed: -22 (7/0) [ 447.227749][ T786] dvb-usb: bulk message failed: -22 (7/0) [ 447.256878][ T786] usb 3-1: USB disconnect, device number 17 [ 448.252791][ T5881] dvb-usb: bulk message failed: -22 (7/0) [ 448.252878][ T5881] dvb-usb: error while querying for an remote control event. [ 448.383781][ T9717] misc userio: Invalid payload size [ 448.596888][ T9695] iommufd_mock iommufd_mock1: Adding to iommu group 0 [ 448.640712][ T9718] ipvlan2: entered promiscuous mode [ 448.657774][ T9718] ipvlan2: entered allmulticast mode [ 448.677142][ T9718] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 448.702524][ T786] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 450.038696][ T27] kauditd_printk_skb: 80 callbacks suppressed [ 450.038713][ T27] audit: type=1326 audit(1761730073.504:457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.303367][ T27] audit: type=1326 audit(1761730073.544:458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.578369][ T27] audit: type=1326 audit(1761730073.544:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.872084][ T27] audit: type=1326 audit(1761730073.544:460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.894846][ T27] audit: type=1326 audit(1761730073.544:461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.917856][ T27] audit: type=1326 audit(1761730073.544:462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.940467][ T27] audit: type=1326 audit(1761730073.544:463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.963309][ T27] audit: type=1326 audit(1761730073.554:464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 450.986826][ T27] audit: type=1326 audit(1761730073.554:465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 451.009741][ T27] audit: type=1326 audit(1761730073.554:466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9745 comm="syz.2.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7ff430f8efc9 code=0x7ffc0000 [ 451.508925][ T9756] misc userio: Invalid payload size [ 451.713244][ T9742] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1114'. [ 455.678850][ T9796] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1130'. [ 455.727569][ T9796] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 455.778746][ T9796] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 456.036445][ T9812] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1135'. [ 456.180852][ T9814] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1136'. [ 456.819660][ T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 457.009534][ T23] usb 1-1: Using ep0 maxpacket: 16 [ 457.031677][ T23] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 457.053400][ T23] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 457.079285][ T23] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.115316][ T23] usb 1-1: config 0 descriptor?? [ 457.438736][ T23] usbhid 1-1:0.0: can't add hid device: -71 [ 457.501518][ T23] usbhid: probe of 1-1:0.0 failed with error -71 [ 457.553741][ T23] usb 1-1: USB disconnect, device number 14 [ 458.016283][ T9846] syzkaller0: entered promiscuous mode [ 458.022107][ T9846] syzkaller0: entered allmulticast mode [ 458.257433][ T9853] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1152'. [ 458.467547][ T9858] netlink: 'syz.2.1154': attribute type 63 has an invalid length. [ 458.499705][ T9858] netlink: 'syz.2.1154': attribute type 17 has an invalid length. [ 459.129750][ T23] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 459.362523][ T23] usb 3-1: Using ep0 maxpacket: 16 [ 459.376220][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 459.398343][ T23] usb 3-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 459.431466][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.433334][ T9878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1162'. [ 459.464788][ T23] usb 3-1: config 0 descriptor?? [ 459.615514][ T9878] syz_tun (unregistering): left allmulticast mode [ 459.639778][ T9878] syz_tun (unregistering): left promiscuous mode [ 459.678919][ T9878] bridge0: port 3(syz_tun) entered disabled state [ 459.775459][ T23] usbhid 3-1:0.0: can't add hid device: -71 [ 459.793167][ T23] usbhid: probe of 3-1:0.0 failed with error -71 [ 459.833544][ T23] usb 3-1: USB disconnect, device number 18 [ 459.987913][ T9880] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1163'. [ 460.576737][ T23] IPVS: starting estimator thread 0... [ 460.699647][ T9889] IPVS: using max 26 ests per chain, 62400 per kthread [ 462.628933][ T9906] lo: entered allmulticast mode [ 462.648204][ T9905] netlink: 100 bytes leftover after parsing attributes in process `syz.3.1170'. [ 462.661475][ T9908] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1172'. [ 462.680326][ T9903] lo: left allmulticast mode [ 463.119698][ T786] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 463.244951][ T9924] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1178'. [ 463.349962][ T786] usb 4-1: Using ep0 maxpacket: 16 [ 463.370860][ T786] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 463.407691][ T786] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1d00, bcdDevice= 0.00 [ 463.438115][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 463.510097][ T786] usb 4-1: config 0 descriptor?? [ 463.778095][ T786] usbhid 4-1:0.0: can't add hid device: -71 [ 463.806628][ T786] usbhid: probe of 4-1:0.0 failed with error -71 [ 463.832269][ T786] usb 4-1: USB disconnect, device number 10 [ 464.031799][ T9934] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1182'. [ 464.079376][ T9936] lo: entered allmulticast mode [ 464.097399][ T9935] lo: left allmulticast mode [ 465.185861][ T9964] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1192'. [ 465.189678][ T9962] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1188'. [ 465.423983][ T9966] lo: entered allmulticast mode [ 465.543535][ T9965] lo: left allmulticast mode [ 468.892227][T10000] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1201'. [ 470.724909][T10018] loop0: detected capacity change from 0 to 64 [ 470.979518][ T23] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 471.793697][ T23] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 471.834220][T10024] netlink: 'syz.0.1209': attribute type 3 has an invalid length. [ 471.842472][T10024] netlink: 201372 bytes leftover after parsing attributes in process `syz.0.1209'. [ 472.274050][ T23] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 472.284363][T10028] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1210'. [ 472.318410][ T23] usb 3-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 472.348906][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.364294][ T23] usb 3-1: Product: syz [ 472.368574][ T23] usb 3-1: Manufacturer: syz [ 472.375607][ T23] usb 3-1: SerialNumber: syz [ 472.410652][ T23] usb 3-1: config 0 descriptor?? [ 472.622914][T10015] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 472.650892][T10015] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 472.729545][ T23] usb 3-1: USB disconnect, device number 19 [ 473.707200][T10051] fuse: Bad value for 'fd' [ 473.757526][T10046] loop1: detected capacity change from 0 to 64 [ 473.885156][T10055] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(12) [ 473.892394][T10055] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 473.928785][T10055] vhci_hcd vhci_hcd.0: Device attached [ 474.054140][T10058] vhci_hcd vhci_hcd.0: pdev(2) rhport(3) sockfd(20) [ 474.060849][T10058] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 474.101571][T10058] vhci_hcd vhci_hcd.0: Device attached [ 474.107432][T10059] vhci_hcd vhci_hcd.0: pdev(2) rhport(2) sockfd(17) [ 474.114081][T10059] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 474.122750][T10059] vhci_hcd vhci_hcd.0: Device attached [ 474.128509][T10055] vhci_hcd vhci_hcd.0: pdev(2) rhport(1) sockfd(14) [ 474.135145][T10055] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 474.143061][T10055] vhci_hcd vhci_hcd.0: Device attached [ 474.159638][T10055] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 474.243280][T10067] netlink: 'syz.1.1220': attribute type 3 has an invalid length. [ 474.251271][T10067] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.1220'. [ 474.268359][ T8] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 474.581180][T10055] vhci_hcd vhci_hcd.0: pdev(2) rhport(5) sockfd(22) [ 474.587868][T10055] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 474.684808][T10055] vhci_hcd vhci_hcd.0: Device attached [ 474.751823][T10061] vhci_hcd: connection closed [ 474.766243][T10062] vhci_hcd: connection closed [ 474.773202][T10056] vhci_hcd: connection reset by peer [ 474.789793][ T59] vhci_hcd: stop threads [ 474.802225][T10060] vhci_hcd: connection closed [ 474.816027][ T59] vhci_hcd: release socket [ 474.826032][T10068] vhci_hcd: connection closed [ 474.848022][ T59] vhci_hcd: disconnect device [ 474.860600][ T59] vhci_hcd: stop threads [ 474.864914][ T59] vhci_hcd: release socket [ 474.866820][T10072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1224'. [ 474.873610][ T59] vhci_hcd: disconnect device [ 474.887888][ T59] vhci_hcd: stop threads [ 474.904053][ T59] vhci_hcd: release socket [ 474.909008][ T59] vhci_hcd: disconnect device [ 474.920558][ T59] vhci_hcd: stop threads [ 474.924879][ T59] vhci_hcd: release socket [ 474.933855][ T59] vhci_hcd: disconnect device [ 474.959881][ T59] vhci_hcd: stop threads [ 474.964216][ T59] vhci_hcd: release socket [ 474.985277][ T59] vhci_hcd: disconnect device [ 475.104348][T10048] syz.3.1218 (10048): drop_caches: 2 [ 475.140160][T10076] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1227'. [ 475.339086][T10084] fuse: Bad value for 'fd' [ 475.522857][T10089] lo: entered allmulticast mode [ 475.573955][T10087] lo: left allmulticast mode [ 475.690939][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 475.690955][ T27] audit: type=1326 audit(1761730099.164:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10096 comm="syz.2.1235" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff430f8efc9 code=0x0 [ 475.794381][T10104] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1237'. [ 476.038690][T10110] misc userio: Invalid payload size [ 476.173815][T10117] fuse: Bad value for 'fd' [ 476.569917][ T5881] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 476.718801][T10125] lo: entered allmulticast mode [ 476.730582][T10124] lo: left allmulticast mode [ 476.793709][ T5881] usb 1-1: Using ep0 maxpacket: 32 [ 476.819065][ T5881] usb 1-1: config 0 has no interfaces? [ 476.838747][ T5881] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 476.864964][ T5881] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.879177][ T5881] usb 1-1: Product: syz [ 476.884064][ T5881] usb 1-1: Manufacturer: syz [ 476.888905][ T5881] usb 1-1: SerialNumber: syz [ 476.901757][ T5881] usb 1-1: config 0 descriptor?? [ 477.013030][T10129] misc userio: Invalid payload size [ 477.116656][ T5881] usb 1-1: USB disconnect, device number 15 [ 477.469667][ T5891] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 477.675413][ T5891] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 477.785654][ T5891] usb 3-1: config 27 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 477.927890][ T5891] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 477.974914][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 478.045633][ T5891] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 478.074466][ T5891] usb 3-1: invalid MIDI out EP 0 [ 478.358519][ T5891] snd-usb-audio: probe of 3-1:27.0 failed with error -22 [ 479.492052][T10133] fuse: Unknown parameter 'fd0x000000000000000d' [ 479.569631][ T8] vhci_hcd: vhci_device speed not set [ 480.519926][T10169] misc userio: Invalid payload size [ 481.340127][ T5891] usb 3-1: USB disconnect, device number 20 [ 482.307283][T10196] lo: entered allmulticast mode [ 482.315163][T10195] lo: left allmulticast mode [ 482.689327][T10216] misc userio: Invalid payload size [ 485.714267][T10241] netlink: 320 bytes leftover after parsing attributes in process `syz.3.1276'. [ 485.994587][T10250] misc userio: Invalid payload size [ 487.879628][T10280] misc userio: Invalid payload size [ 489.406023][T10304] lo: entered allmulticast mode [ 489.470340][T10303] lo: left allmulticast mode [ 489.827096][T10312] loop1: detected capacity change from 0 to 512 [ 490.249359][T10316] misc userio: Invalid payload size [ 490.629055][T10320] loop3: detected capacity change from 0 to 2364 [ 491.375680][T10327] loop2: detected capacity change from 0 to 1024 [ 491.439679][T10327] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 491.530605][ T5802] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 491.537777][ T5793] Bluetooth: hci4: command 0x1003 tx timeout [ 491.562335][T10327] ================================================================== [ 491.570475][T10327] BUG: KASAN: out-of-bounds in ext4_xattr_set_entry+0x94b/0x1e90 [ 491.578273][T10327] Read of size 18446744073709551588 at addr ffff88807e8db840 by task syz.2.1304/10327 [ 491.587851][T10327] [ 491.590234][T10327] CPU: 0 PID: 10327 Comm: syz.2.1304 Not tainted syzkaller #0 [ 491.597741][T10327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 491.607858][T10327] Call Trace: [ 491.611190][T10327] [ 491.614181][T10327] dump_stack_lvl+0x16c/0x230 [ 491.618908][T10327] ? read_lock_is_recursive+0x20/0x20 [ 491.624326][T10327] ? show_regs_print_info+0x20/0x20 [ 491.629582][T10327] ? load_image+0x3b0/0x3b0 [ 491.634221][T10327] ? _raw_spin_lock_irqsave+0xb4/0xf0 [ 491.639662][T10327] ? __virt_addr_valid+0x18c/0x540 [ 491.644831][T10327] ? __virt_addr_valid+0x469/0x540 [ 491.650035][T10327] print_report+0xac/0x220 [ 491.654507][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 491.660023][T10327] kasan_report+0x117/0x150 [ 491.664584][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 491.670101][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 491.675612][T10327] kasan_check_range+0x288/0x290 [ 491.680595][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 491.686168][T10327] __asan_memmove+0x29/0x70 [ 491.690731][T10327] ext4_xattr_set_entry+0x94b/0x1e90 [ 491.696083][T10327] ext4_xattr_block_set+0xae3/0x32a0 [ 491.701421][T10327] ? ext4_destroy_inode+0x200/0x200 [ 491.706941][T10327] ? proc_nr_inodes+0x230/0x230 [ 491.711852][T10327] ? do_raw_spin_unlock+0x121/0x230 [ 491.717112][T10327] ? _raw_spin_unlock+0x28/0x40 [ 491.722015][T10327] ? ext4_xattr_block_find+0x350/0x350 [ 491.727576][T10327] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 491.733008][T10327] ext4_xattr_set_handle+0x10a1/0x1290 [ 491.738527][T10327] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 491.744562][T10327] ? __ext4_journal_start_sb+0x259/0x570 [ 491.750253][T10327] ext4_xattr_set+0x22d/0x320 [ 491.754992][T10327] ? end_current_label_crit_section+0x170/0x170 [ 491.761293][T10327] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 491.766905][T10327] ? posix_xattr_acl+0x93/0xb0 [ 491.771725][T10327] ? evm_protect_xattr+0x36d/0x7a0 [ 491.776897][T10327] ? ext4_xattr_trusted_get+0x40/0x40 [ 491.782349][T10327] __vfs_setxattr+0x431/0x470 [ 491.782389][T10327] __vfs_setxattr_noperm+0x12d/0x5e0 [ 491.782418][T10327] vfs_setxattr+0x16c/0x2f0 [ 491.782445][T10327] ? xattr_permission+0x470/0x470 [ 491.782467][T10327] ? __mnt_want_write+0x223/0x2a0 [ 491.782496][T10327] ? path_setxattr+0x314/0x550 [ 491.782522][T10327] path_setxattr+0x362/0x550 [ 491.782551][T10327] ? simple_xattrs_free+0x150/0x150 [ 491.782590][T10327] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 491.782614][T10327] ? lock_chain_count+0x20/0x20 [ 491.782637][T10327] __x64_sys_lsetxattr+0xb8/0xd0 [ 491.782663][T10327] do_syscall_64+0x55/0xb0 [ 491.782687][T10327] ? clear_bhb_loop+0x40/0x90 [ 491.782708][T10327] ? clear_bhb_loop+0x40/0x90 [ 491.782729][T10327] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 491.782750][T10327] RIP: 0033:0x7ff430f8efc9 [ 491.782779][T10327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.782797][T10327] RSP: 002b:00007ff431d8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 491.782818][T10327] RAX: ffffffffffffffda RBX: 00007ff4311e5fa0 RCX: 00007ff430f8efc9 [ 491.782834][T10327] RDX: 0000200000000500 RSI: 0000200000000180 RDI: 0000200000000540 [ 491.782848][T10327] RBP: 00007ff431011f91 R08: 0000000000000000 R09: 0000000000000000 [ 491.782867][T10327] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 491.782880][T10327] R13: 00007ff4311e6038 R14: 00007ff4311e5fa0 R15: 00007ffe4a6dac68 [ 491.782902][T10327] [ 491.782909][T10327] [ 491.782918][T10327] Allocated by task 10327: [ 491.782929][T10327] kasan_set_track+0x4e/0x70 [ 491.782949][T10327] __kasan_kmalloc+0x8f/0xa0 [ 491.782968][T10327] __kmalloc_node_track_caller+0xb2/0x230 [ 491.782993][T10327] kmemdup+0x2b/0x70 [ 491.783014][T10327] ext4_xattr_block_set+0x9e5/0x32a0 [ 491.783039][T10327] ext4_xattr_set_handle+0x10a1/0x1290 [ 491.783062][T10327] ext4_xattr_set+0x22d/0x320 [ 491.783085][T10327] __vfs_setxattr+0x431/0x470 [ 491.783104][T10327] __vfs_setxattr_noperm+0x12d/0x5e0 [ 491.783125][T10327] vfs_setxattr+0x16c/0x2f0 [ 491.783153][T10327] path_setxattr+0x362/0x550 [ 491.783176][T10327] __x64_sys_lsetxattr+0xb8/0xd0 [ 491.783197][T10327] do_syscall_64+0x55/0xb0 [ 491.783227][T10327] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 491.783245][T10327] [ 491.783250][T10327] Last potentially related work creation: [ 491.783256][T10327] kasan_save_stack+0x3e/0x60 [ 491.783274][T10327] __kasan_record_aux_stack+0xaf/0xc0 [ 491.783297][T10327] call_rcu+0x158/0x930 [ 491.783320][T10327] sctp_association_free+0x6a1/0x7f0 [ 491.783347][T10327] sctp_do_sm+0x3e64/0x59a0 [ 491.783370][T10327] sctp_endpoint_bh_rcv+0x592/0x7d0 [ 491.783397][T10327] sctp_rcv+0x114f/0x1790 [ 491.783418][T10327] ip_protocol_deliver_rcu+0x20e/0x3f0 [ 491.783442][T10327] ip_local_deliver_finish+0x2ca/0x510 [ 491.783465][T10327] NF_HOOK+0x303/0x390 [ 491.783487][T10327] NF_HOOK+0x303/0x390 [ 491.783507][T10327] __netif_receive_skb+0xcc/0x290 [ 491.783535][T10327] process_backlog+0x380/0x6e0 [ 491.783550][T10327] __napi_poll+0xc0/0x460 [ 491.783576][T10327] net_rx_action+0x5ea/0xbf0 [ 491.783590][T10327] handle_softirqs+0x280/0x820 [ 491.783607][T10327] do_softirq+0xed/0x180 [ 491.783621][T10327] __local_bh_enable_ip+0x178/0x1c0 [ 491.783638][T10327] __dev_queue_xmit+0x1449/0x35a0 [ 491.783658][T10327] ip_finish_output2+0xcd3/0x11d0 [ 491.783683][T10327] __ip_queue_xmit+0x10aa/0x1a10 [ 491.783708][T10327] sctp_packet_transmit+0x2488/0x2a30 [ 491.783730][T10327] sctp_packet_singleton+0x234/0x330 [ 491.783753][T10327] sctp_outq_flush+0x4f1/0x3100 [ 491.783775][T10327] sctp_do_sm+0x52d6/0x59a0 [ 491.783797][T10327] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 491.783819][T10327] sctp_sendmsg_to_asoc+0x101c/0x17f0 [ 491.783839][T10327] sctp_sendmsg+0x1941/0x27e0 [ 491.783873][T10327] __sys_sendto+0x46a/0x620 [ 491.783897][T10327] __x64_sys_sendto+0xde/0xf0 [ 491.783921][T10327] do_syscall_64+0x55/0xb0 [ 491.783944][T10327] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 491.783961][T10327] [ 491.783966][T10327] Second to last potentially related work creation: [ 491.783973][T10327] kasan_save_stack+0x3e/0x60 [ 491.783990][T10327] __kasan_record_aux_stack+0xaf/0xc0 [ 491.784013][T10327] call_rcu+0x158/0x930 [ 491.784035][T10327] sctp_association_free+0x6a1/0x7f0 [ 491.784061][T10327] sctp_do_sm+0x3e64/0x59a0 [ 491.784084][T10327] sctp_endpoint_bh_rcv+0x592/0x7d0 [ 491.784111][T10327] sctp_rcv+0x114f/0x1790 [ 491.784132][T10327] ip_protocol_deliver_rcu+0x20e/0x3f0 [ 491.784155][T10327] ip_local_deliver_finish+0x2ca/0x510 [ 491.784178][T10327] NF_HOOK+0x303/0x390 [ 491.784199][T10327] NF_HOOK+0x303/0x390 [ 491.784220][T10327] __netif_receive_skb+0xcc/0x290 [ 491.784246][T10327] process_backlog+0x380/0x6e0 [ 491.784261][T10327] __napi_poll+0xc0/0x460 [ 491.784285][T10327] net_rx_action+0x5ea/0xbf0 [ 491.784300][T10327] handle_softirqs+0x280/0x820 [ 491.784315][T10327] do_softirq+0xed/0x180 [ 491.784330][T10327] __local_bh_enable_ip+0x178/0x1c0 [ 491.784364][T10327] __dev_queue_xmit+0x1449/0x35a0 [ 491.784384][T10327] ip_finish_output2+0xcd3/0x11d0 [ 491.784410][T10327] __ip_queue_xmit+0x10aa/0x1a10 [ 491.784436][T10327] sctp_packet_transmit+0x2488/0x2a30 [ 491.784458][T10327] sctp_packet_singleton+0x234/0x330 [ 491.784481][T10327] sctp_outq_flush+0x4f1/0x3100 [ 491.784503][T10327] sctp_do_sm+0x52d6/0x59a0 [ 491.784525][T10327] sctp_assoc_bh_rcv+0x3f2/0x630 [ 491.784543][T10327] sctp_backlog_rcv+0x163/0x3e0 [ 491.784562][T10327] __release_sock+0x1bd/0x430 [ 492.317458][T10327] release_sock+0x5f/0x1c0 [ 492.321891][T10327] sctp_sendmsg+0x1b54/0x27e0 [ 492.326601][T10327] __sys_sendto+0x46a/0x620 [ 492.331128][T10327] __x64_sys_sendto+0xde/0xf0 [ 492.335818][T10327] do_syscall_64+0x55/0xb0 [ 492.340248][T10327] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 492.346143][T10327] [ 492.348464][T10327] The buggy address belongs to the object at ffff88807e8db800 [ 492.348464][T10327] which belongs to the cache kmalloc-1k of size 1024 [ 492.362521][T10327] The buggy address is located 64 bytes inside of [ 492.362521][T10327] 1024-byte region [ffff88807e8db800, ffff88807e8dbc00) [ 492.375829][T10327] [ 492.378161][T10327] The buggy address belongs to the physical page: [ 492.384590][T10327] page:ffffea0001fa3600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7e8d8 [ 492.394749][T10327] head:ffffea0001fa3600 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 492.403683][T10327] ksm flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 492.412040][T10327] page_type: 0xffffffff() [ 492.416371][T10327] raw: 00fff00000000840 ffff888017841dc0 ffffea00006dac00 dead000000000003 [ 492.424960][T10327] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 492.433548][T10327] page dumped because: kasan: bad access detected [ 492.440077][T10327] page_owner tracks the page as allocated [ 492.445794][T10327] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5507, tgid 5507 (dhcpcd), ts 55074827459, free_ts 54875001150 [ 492.466647][T10327] post_alloc_hook+0x1cd/0x210 [ 492.471427][T10327] get_page_from_freelist+0x195c/0x19f0 [ 492.476987][T10327] __alloc_pages+0x1e3/0x460 [ 492.481590][T10327] alloc_slab_page+0x5d/0x170 [ 492.486275][T10327] new_slab+0x87/0x2e0 [ 492.490351][T10327] ___slab_alloc+0xc6d/0x1300 [ 492.495036][T10327] __kmem_cache_alloc_node+0x1a2/0x260 [ 492.500503][T10327] __kmalloc+0xa4/0x240 [ 492.504665][T10327] load_elf_binary+0x2cd/0x2700 [ 492.509520][T10327] bprm_execve+0xaeb/0x16f0 [ 492.514023][T10327] do_execveat_common+0x51b/0x6c0 [ 492.519064][T10327] __x64_sys_execve+0x92/0xa0 [ 492.523745][T10327] do_syscall_64+0x55/0xb0 [ 492.528165][T10327] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 492.534061][T10327] page last free stack trace: [ 492.538731][T10327] free_unref_page_prepare+0x7ce/0x8e0 [ 492.544229][T10327] free_unref_page+0x32/0x2e0 [ 492.548914][T10327] __unfreeze_partials+0x1cf/0x210 [ 492.554049][T10327] put_cpu_partial+0x17c/0x250 [ 492.558840][T10327] __slab_free+0x31d/0x410 [ 492.563282][T10327] qlist_free_all+0x75/0xe0 [ 492.567811][T10327] kasan_quarantine_reduce+0x143/0x160 [ 492.573279][T10327] __kasan_slab_alloc+0x22/0x80 [ 492.578131][T10327] slab_post_alloc_hook+0x6e/0x4d0 [ 492.583253][T10327] kmem_cache_alloc+0x11e/0x2e0 [ 492.588115][T10327] vm_area_alloc+0x24/0x1d0 [ 492.592629][T10327] __install_special_mapping+0x2f/0x320 [ 492.598198][T10327] map_vdso+0x14d/0x3a0 [ 492.602388][T10327] load_elf_binary+0x1c30/0x2700 [ 492.607363][T10327] bprm_execve+0xaeb/0x16f0 [ 492.611891][T10327] do_execveat_common+0x51b/0x6c0 [ 492.616923][T10327] [ 492.619242][T10327] Memory state around the buggy address: [ 492.624885][T10327] ffff88807e8db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 492.633012][T10327] ffff88807e8db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 492.641080][T10327] >ffff88807e8db800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 492.649137][T10327] ^ [ 492.655291][T10327] ffff88807e8db880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 492.663358][T10327] ffff88807e8db900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 492.671417][T10327] ================================================================== [ 492.727928][T10327] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 492.735210][T10327] CPU: 1 PID: 10327 Comm: syz.2.1304 Not tainted syzkaller #0 [ 492.742710][T10327] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 492.752807][T10327] Call Trace: [ 492.756111][T10327] [ 492.759064][T10327] dump_stack_lvl+0x16c/0x230 [ 492.763790][T10327] ? show_regs_print_info+0x20/0x20 [ 492.769030][T10327] ? load_image+0x3b0/0x3b0 [ 492.773565][T10327] panic+0x2c0/0x710 [ 492.777469][T10327] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 492.783642][T10327] ? bpf_jit_dump+0xd0/0xd0 [ 492.788155][T10327] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 492.794073][T10327] ? _raw_spin_unlock+0x40/0x40 [ 492.798935][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 492.804410][T10327] check_panic_on_warn+0x84/0xa0 [ 492.809373][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 492.814864][T10327] end_report+0x6f/0x140 [ 492.819114][T10327] kasan_report+0x128/0x150 [ 492.823626][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 492.829098][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 492.834564][T10327] kasan_check_range+0x288/0x290 [ 492.839508][T10327] ? ext4_xattr_set_entry+0x94b/0x1e90 [ 492.844975][T10327] __asan_memmove+0x29/0x70 [ 492.849582][T10327] ext4_xattr_set_entry+0x94b/0x1e90 [ 492.854893][T10327] ext4_xattr_block_set+0xae3/0x32a0 [ 492.860191][T10327] ? ext4_destroy_inode+0x200/0x200 [ 492.865420][T10327] ? proc_nr_inodes+0x230/0x230 [ 492.870273][T10327] ? do_raw_spin_unlock+0x121/0x230 [ 492.875476][T10327] ? _raw_spin_unlock+0x28/0x40 [ 492.880331][T10327] ? ext4_xattr_block_find+0x350/0x350 [ 492.885800][T10327] ? ext4_xattr_ibody_set+0x50d/0x6a0 [ 492.891214][T10327] ext4_xattr_set_handle+0x10a1/0x1290 [ 492.896692][T10327] ? ext4_xattr_inode_free_quota+0x1b0/0x1b0 [ 492.902698][T10327] ? __ext4_journal_start_sb+0x259/0x570 [ 492.908704][T10327] ext4_xattr_set+0x22d/0x320 [ 492.913401][T10327] ? end_current_label_crit_section+0x170/0x170 [ 492.919675][T10327] ? ext4_xattr_set_credits+0x2f0/0x2f0 [ 492.925237][T10327] ? posix_xattr_acl+0x93/0xb0 [ 492.930019][T10327] ? evm_protect_xattr+0x36d/0x7a0 [ 492.935142][T10327] ? ext4_xattr_trusted_get+0x40/0x40 [ 492.940523][T10327] __vfs_setxattr+0x431/0x470 [ 492.945211][T10327] __vfs_setxattr_noperm+0x12d/0x5e0 [ 492.950509][T10327] vfs_setxattr+0x16c/0x2f0 [ 492.955033][T10327] ? xattr_permission+0x470/0x470 [ 492.960074][T10327] ? __mnt_want_write+0x223/0x2a0 [ 492.965150][T10327] ? path_setxattr+0x314/0x550 [ 492.970022][T10327] path_setxattr+0x362/0x550 [ 492.974635][T10327] ? simple_xattrs_free+0x150/0x150 [ 492.979857][T10327] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 492.985869][T10327] ? lock_chain_count+0x20/0x20 [ 492.990734][T10327] __x64_sys_lsetxattr+0xb8/0xd0 [ 492.995699][T10327] do_syscall_64+0x55/0xb0 [ 493.000131][T10327] ? clear_bhb_loop+0x40/0x90 [ 493.004845][T10327] ? clear_bhb_loop+0x40/0x90 [ 493.009540][T10327] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 493.015457][T10327] RIP: 0033:0x7ff430f8efc9 [ 493.019879][T10327] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 493.039501][T10327] RSP: 002b:00007ff431d8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 493.048010][T10327] RAX: ffffffffffffffda RBX: 00007ff4311e5fa0 RCX: 00007ff430f8efc9 [ 493.055987][T10327] RDX: 0000200000000500 RSI: 0000200000000180 RDI: 0000200000000540 [ 493.063975][T10327] RBP: 00007ff431011f91 R08: 0000000000000000 R09: 0000000000000000 [ 493.071970][T10327] R10: 0000000000000361 R11: 0000000000000246 R12: 0000000000000000 [ 493.079950][T10327] R13: 00007ff4311e6038 R14: 00007ff4311e5fa0 R15: 00007ffe4a6dac68 [ 493.087955][T10327] [ 493.091396][T10327] Kernel Offset: disabled [ 493.095728][T10327] Rebooting in 86400 seconds..