last executing test programs: 3.515215707s ago: executing program 1 (id=5730): r0 = syz_open_dev$I2C(&(0x7f0000000140), 0x0, 0x82600) ioctl$I2C_SLAVE_FORCE(r0, 0x706, 0x2c2) 3.306580867s ago: executing program 1 (id=5735): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @multicast2, @multicast1}}}, @ip_retopts={{0x10, 0x110, 0xd}}], 0x30}, 0x0) 3.125906646s ago: executing program 1 (id=5738): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$sock_buf(r0, 0x1, 0x3b, 0x0, &(0x7f0000000300)) 2.946057565s ago: executing program 1 (id=5740): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)={0x60, 0x2, 0x6, 0x801, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x15}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,mark\x00'}]}, 0x60}}, 0x44810) 2.798369253s ago: executing program 1 (id=5746): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000001180)=ANY=[@ANYBLOB="12010000090003206d0414c34000ffff000109022400010400a000090400000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, &(0x7f0000000000)=ANY=[@ANYBLOB], &(0x7f0000000000)=ANY=[@ANYBLOB="00000104"], 0x0, 0x0}, 0x0) 2.745202155s ago: executing program 2 (id=5748): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000001018610f4205ae06d6c010203010902240001010000000904690202ff5aa3000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 2.618538161s ago: executing program 4 (id=5750): mkdir(&(0x7f0000000540)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) unlink(&(0x7f0000000000)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00') 2.495991847s ago: executing program 4 (id=5754): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x1, 0x70bd2a, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2180}, [@IFLA_IFNAME={0x14, 0x3, 'team_slave_0\x00'}, @IFLA_MTU={0x8, 0x4, 0x40e}]}, 0x3c}}, 0x0) 2.350120774s ago: executing program 4 (id=5756): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004479bb10b10e07700002010203010902120001fd0090020904b80200ff00ff0041fa2f373ee0248c063609861e"], 0x0) syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x40, 0x258a, 0x6a88, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0xb, 0x0, 0x3}}]}}, &(0x7f0000000300)={0xa, &(0x7f00000000c0)={0xa, 0x6, 0x300, 0x6, 0x5, 0x2, 0xff, 0xb2}, 0x20, &(0x7f0000000100)={0x5, 0xf, 0x20, 0x2, [@ssp_cap={0x18, 0x10, 0xa, 0x40, 0x3, 0x34, 0xff00, 0x8000, [0xff0000, 0xff0030, 0xc0]}, @ptm_cap={0x3}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x409}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x2001}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x41d}}]}) 1.809369301s ago: executing program 3 (id=5761): r0 = socket(0x2a, 0x2, 0x0) ioctl$sock_inet_SIOCSIFBRDADDR(r0, 0x891a, 0x0) 1.688488327s ago: executing program 3 (id=5762): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newtaction={0x6c, 0x30, 0x1, 0x0, 0x0, {}, [{0x58, 0x1, [@m_mpls={0x54, 0x1, 0x0, 0x0, {{0x9}, {0x28, 0x2, 0x0, 0x1, [@TCA_MPLS_PARMS={0x1c, 0x2, {{0x0, 0x0, 0x30000001}, 0x1}}, @TCA_MPLS_PROTO={0x6, 0x4, 0x8847}]}, {0x4, 0x4}, {0xc}, {0xc}}}]}]}, 0x6c}}, 0x0) 1.602654961s ago: executing program 3 (id=5763): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r0, 0x29, 0x8, 0x0, 0x0) 1.405249681s ago: executing program 3 (id=5764): r0 = syz_open_procfs(0x0, &(0x7f0000000300)='net/tcp\x00') lseek(r0, 0x7ff, 0x1) 1.298876106s ago: executing program 3 (id=5765): r0 = syz_open_dev$dvb_frontend(&(0x7f0000000080), 0x0, 0x2) ioctl$FE_SET_PROPERTY(r0, 0x40106f52, &(0x7f0000000000)={0x1, &(0x7f00000007c0)=[{0x1d, '\x00', @st={0x4, [{0x0, @uvalue=0x1}, {0x2, @svalue=0xe}, {0x1, @svalue=0x1}, {0x0, @svalue}]}, 0x1}]}) 1.104671826s ago: executing program 3 (id=5767): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000980)=ANY=[]) 669.849787ms ago: executing program 1 (id=5775): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) write$UHID_INPUT(r0, &(0x7f0000000000)={0xfc, {"fce3ad0eed0d07f91b50091887f70706d038e7ff7fc6e5539b0d3c0a8b089b3f353163030890e0879b0a3cc6e70a9b334a959b669a240d0a0af3988f7ef319520100ffe8d178708c523c921b1b233107200773090acd3b78130daa61d8e8040040005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bde7095d6a345badc56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a91e0dad47f36fd9f73c152a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76ea0270e4c10d64cd5a62427264f2377fe763c434708337c8de98f371bb943a8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa7ea5677747430af4162b987b80c3e001cd34e1c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df11847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e30400f7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad046581927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fc83c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad83872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddba02635478d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f79400000000ddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df04b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e785419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02b7fa64b6de3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd502ac8044ae185d2ba300004e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f08df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88e4facfd4c735a20307c737afa2d60399473296b831dbd933d93990f00064279b10ea0c5833f41f157ea2302993dbe97fb1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea10c00a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeee964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac3fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2102596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e42df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed62480ec43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e069160f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df076f0ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f87296ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb90372927db6ff959c0837d2e7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef869c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d050000008926407a4eddd5d0fc5a752f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000023dd0000000400", 0x1000}}, 0x1006) 640.330819ms ago: executing program 0 (id=5776): r0 = syz_open_procfs(0x0, &(0x7f0000000380)='sessionid\x00') readv(r0, &(0x7f0000000540)=[{0x0}, {&(0x7f00000005c0)=""/113, 0x71}], 0x2) 597.0925ms ago: executing program 2 (id=5777): r0 = openat$sndseq(0xffffff9c, &(0x7f0000000200), 0x80080) ioctl$SNDRV_SEQ_IOCTL_PVERSION(r0, 0x80045300, &(0x7f0000002000)) 562.045572ms ago: executing program 0 (id=5778): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0) ioctl$TIOCGSERIAL(r0, 0x541e, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 555.181403ms ago: executing program 2 (id=5779): prctl$PR_SET_IO_FLUSHER(0x39, 0x1) bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xa, 0x101, 0x7fff, 0xcc}, 0x48) 437.258908ms ago: executing program 4 (id=5780): capset(&(0x7f0000000080)={0x20080522}, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000001fd8)=ANY=[@ANYBLOB="05ffffff80000000bc1000000000000007a00000000000009500eb0000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xff06, &(0x7f000000cf3d)=""/195}, 0x48) 425.429169ms ago: executing program 2 (id=5781): mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x3000001, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) futex(&(0x7f000000cffc), 0x1, 0x2, 0x0, 0x0, 0x0) 388.111521ms ago: executing program 0 (id=5782): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000040)={0xf0f026, 0x2}) 324.345694ms ago: executing program 4 (id=5783): socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$tipc(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000b40)="a2", 0xfffffd2a}], 0x1, 0x0, 0x0, 0x20000000}, 0x4000041) 275.689536ms ago: executing program 2 (id=5784): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)={0x68, 0x2, 0x6, 0x1, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @dev={0xfe, 0x80, '\x00', 0x5}}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x68}}, 0x0) 251.294798ms ago: executing program 0 (id=5785): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x701, 0x70bd25, 0x25dfdbfa, {0x0, 0x0, 0x0, 0x0, 0x0, 0x60181}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_FLAGS={0x6, 0x10, 0x40}, @IFLA_IPTUN_ENCAP_DPORT={0x6, 0x12, 0x4e20}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4044840}, 0x4000800) 149.121472ms ago: executing program 4 (id=5786): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(0x0, &(0x7f0000000040), 0x8, &(0x7f0000000340)) 95.884555ms ago: executing program 2 (id=5787): syz_mount_image$minix(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="000704a012704c6f011367acc6ae8fb462852ab71c7c6f55b1b4a47a69445efcc2e32c4d490fec2c09f2a282f690ad436cb19f682e0c5057a8335d1c7b4f56aff9319a78ec3079531468811b33b5d83aa6b2fb3e91d9c8446fa08b4e3b086fb3e4699b52c12cb5346981b1411dbe467f7613e498d4858ad51883225a1fc73ed7219ec2d34c4a94b4b673866ad068b3fce87bd0504e4c6b10c84bc9520eba51484a2e3bc36d461d72"], 0x1, 0x166, &(0x7f0000000480)="$eJzs281KOmEUx/Hf+Pr/2/vbplVQUJucNGhql5ciOpk0lmQbJYgupSvrBhTqBppglKkZgiZDH9LvB2TOEQ7nPItHjwsFYG6tSrJkKSvJ9/2Hyz1LO6aHAjAVvt58APMq/WJ6AgBmDCrpYA9oS3p+va/1R69swv1hUEkFz3NJ/U/1uaT1j1bw3M5E6/OS/iXZX56G9fux/v9/2L8Qqy8krh+e/2A3Wr8gaVHSkqRlSSuj31prkta/6F+P9d9K2B/4DUvFeB55I6WLpucehXk2yEthngvyciw/DvN8kBdrN159UkcAMKbUN/c/Hbv/mdj9B/B3dbq9q6rnubcEBAQEYWD6kwnApNl3rbbd6fYOm61qw22412XnzHFKp6UTxw42fzu6/wOYHR9f+qYnAQAAAAAAAAAAAAAA49qQtGl6CAAAAABTMY2/E5k+IwAAAAAAAAAAAAAAAAAAADAr3gMAAP//s9VQng==") statx(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x100, 0xb38dcf3f7bb4b8a7, 0x0) 95.118705ms ago: executing program 0 (id=5797): r0 = socket$rds(0x15, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2716, 0x0, &(0x7f0000000000)) 0s ago: executing program 0 (id=5788): r0 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x101140) ioctl$VIDIOC_G_PARM(r0, 0xc0cc5615, &(0x7f0000000080)={0x1, @output={0x0, 0x0, {0x7f, 0x80}, 0x400, 0x3}}) kernel console output (not intermixed with test programs): 12935,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 290.658109][T12956] netlink: 112860 bytes leftover after parsing attributes in process `syz.2.4086'. [ 290.682055][T12935] JBD2: Ignoring recovery information on journal [ 290.727718][ T4643] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected [ 290.741575][ T4643] snd_usb_toneport: probe of 5-1:0.0 failed with error -22 [ 290.785764][T12935] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 290.826228][ T4228] snd_usb_pod 4-1:1.1: cannot start listening: -90 [ 290.865407][ T4228] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 290.906483][ T4228] snd_usb_pod: probe of 4-1:1.1 failed with error -90 [ 290.963009][ T4228] usb 5-1: USB disconnect, device number 16 [ 291.027384][T12966] CIFS: VFS: Malformed UNC in devname [ 291.072516][ T4643] usb 4-1: USB disconnect, device number 20 [ 291.092996][ T4188] ocfs2: Unmounting device (7,0) on (node local) [ 291.353690][ T26] audit: type=1400 audit(1773734677.389:15): apparmor="DENIED" operation="change_hat" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=12979 comm="syz.1.4098" [ 291.581499][T12985] xt_CT: No such helper "snmp_trap" [ 291.744076][T13003] overlayfs: missing 'lowerdir' [ 291.824933][T13008] loop3: detected capacity change from 0 to 256 [ 292.514587][T13045] loop3: detected capacity change from 0 to 256 [ 292.592601][T13045] FAT-fs (loop3): Directory bread(block 64) failed [ 292.615027][T13048] ipt_CLUSTERIP: ipt_CLUSTERIP is deprecated and it will removed soon, use xt_cluster instead [ 292.637252][T13045] FAT-fs (loop3): Directory bread(block 65) failed [ 292.666340][T13048] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD [ 292.676364][T13045] FAT-fs (loop3): Directory bread(block 66) failed [ 292.757491][T13045] FAT-fs (loop3): Directory bread(block 67) failed [ 292.783236][T13045] FAT-fs (loop3): Directory bread(block 68) failed [ 292.798491][T13045] FAT-fs (loop3): Directory bread(block 69) failed [ 292.818882][T13045] FAT-fs (loop3): Directory bread(block 70) failed [ 292.849224][T13045] FAT-fs (loop3): Directory bread(block 71) failed [ 292.872767][T13045] FAT-fs (loop3): Directory bread(block 72) failed [ 292.891164][T13045] FAT-fs (loop3): Directory bread(block 73) failed [ 293.130251][T13076] openvswitch: netlink: Missing key (keys=40, expected=80) [ 293.154849][T13075] loop0: detected capacity change from 0 to 512 [ 293.228109][T13080] loop4: detected capacity change from 0 to 256 [ 293.282953][T13075] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 293.301862][T13075] ext4 filesystem being mounted at /841/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 293.359154][T13080] FAT-fs (loop4): Directory bread(block 64) failed [ 293.401610][T13080] FAT-fs (loop4): Directory bread(block 65) failed [ 293.439350][T13080] FAT-fs (loop4): Directory bread(block 66) failed [ 293.451194][T13089] netlink: 16036 bytes leftover after parsing attributes in process `syz.1.4149'. [ 293.477047][T13080] FAT-fs (loop4): Directory bread(block 67) failed [ 293.489054][T13080] FAT-fs (loop4): Directory bread(block 68) failed [ 293.504861][T13080] FAT-fs (loop4): Directory bread(block 69) failed [ 293.539999][T13080] FAT-fs (loop4): Directory bread(block 70) failed [ 293.578609][T13080] FAT-fs (loop4): Directory bread(block 71) failed [ 293.621227][T13080] FAT-fs (loop4): Directory bread(block 72) failed [ 293.640628][T13080] FAT-fs (loop4): Directory bread(block 73) failed [ 293.777440][T13083] loop3: detected capacity change from 0 to 32768 [ 293.863370][T13083] (syz.3.4146,13083,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 293.880839][T13095] loop1: detected capacity change from 0 to 8 [ 293.925870][T13083] (syz.3.4146,13083,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 294.022002][T13083] JBD2: Ignoring recovery information on journal [ 294.243609][T13083] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 294.501809][ T4194] ocfs2: Unmounting device (7,3) on (node local) [ 294.729059][ T4258] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 294.918538][T13097] loop0: detected capacity change from 0 to 32768 [ 294.995588][ T4258] usb 5-1: Using ep0 maxpacket: 8 [ 295.002513][T13097] XFS: attr2 mount option is deprecated. [ 295.198753][T13097] XFS (loop0): Mounting V5 Filesystem [ 295.268666][T13156] loop3: detected capacity change from 0 to 256 [ 295.277246][ T4258] usb 5-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 295.321696][ T4258] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.385416][ T4258] usb 5-1: Product: syz [ 295.389828][ T4258] usb 5-1: Manufacturer: syz [ 295.394851][ T4258] usb 5-1: SerialNumber: syz [ 295.450596][T13097] XFS (loop0): Ending clean mount [ 295.457621][ T4258] usb 5-1: config 0 descriptor?? [ 295.470432][T13097] XFS (loop0): Quotacheck needed: Please wait. [ 295.562323][T13160] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4178'. [ 295.573599][T13097] XFS (loop0): Quotacheck: Done. [ 295.725352][ T4258] usb 5-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 295.754062][ T4188] XFS (loop0): Unmounting Filesystem [ 295.919668][T13141] loop2: detected capacity change from 0 to 32768 [ 295.961000][ T4258] usb write operation failed. (-71) [ 295.973119][ T4258] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 295.997389][T13141] (syz.2.4171,13141,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 296.014260][ T4258] dvbdev: DVB: registering new adapter (Terratec H7) [ 296.030641][ T4258] usb 5-1: media controller created [ 296.059407][T13141] (syz.2.4171,13141,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 296.080246][ T4258] usb read operation failed. (-71) [ 296.105451][ T4258] usb write operation failed. (-71) [ 296.127829][ T4258] dvb_usb_az6007: probe of 5-1:0.0 failed with error -5 [ 296.175942][ T4258] usb 5-1: USB disconnect, device number 17 [ 296.182094][T13141] JBD2: Ignoring recovery information on journal [ 296.344695][T13141] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 296.671867][ T4185] ocfs2: Unmounting device (7,2) on (node local) [ 296.758494][T13156] FAT-fs (loop3): error, fat_get_cluster: detected the cluster chain loop (i_pos 194) [ 296.783178][T13156] FAT-fs (loop3): error, fat_get_cluster: invalid cluster chain (i_pos 194) [ 296.865450][ T4643] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 297.034549][T13191] netlink: 'syz.3.4192': attribute type 33 has an invalid length. [ 297.071097][T13191] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4192'. [ 297.189093][T13197] netlink: 'syz.2.4188': attribute type 2 has an invalid length. [ 297.223841][T13197] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4188'. [ 297.285702][ T4643] usb 2-1: config 15 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 297.385862][ T4643] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 297.406258][ T4643] usb 2-1: New USB device strings: Mfr=0, Product=7, SerialNumber=0 [ 297.435342][ T4643] usb 2-1: Product: syz [ 297.478431][T13174] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 297.508419][ T4643] usbhid 2-1:15.0: fixing wrong optional hid class descriptors count [ 297.522872][ T4643] usbhid 2-1:15.0: can't add hid device: -22 [ 297.533079][ T4643] usbhid: probe of 2-1:15.0 failed with error -22 [ 297.722905][ T4643] usb 2-1: USB disconnect, device number 18 [ 297.767903][T13230] loop4: detected capacity change from 0 to 512 [ 298.018011][T13243] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 4, id = 0 [ 298.168010][T13253] netlink: 'syz.0.4224': attribute type 10 has an invalid length. [ 298.203362][T13253] team0: Port device macvlan0 added [ 298.427585][T13273] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4234'. [ 298.525632][T13271] loop4: detected capacity change from 0 to 4096 [ 298.570363][T13283] loop3: detected capacity change from 0 to 256 [ 298.592359][T13271] ntfs: (device loop4): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 298.619916][T13271] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing. [ 298.671604][T13283] FAT-fs (loop3): Directory bread(block 64) failed [ 298.681112][T13271] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 298.715415][T13283] FAT-fs (loop3): Directory bread(block 65) failed [ 298.726860][T13283] FAT-fs (loop3): Directory bread(block 66) failed [ 298.744164][T13271] ntfs: (device loop4): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 298.759932][T13283] FAT-fs (loop3): Directory bread(block 67) failed [ 298.774069][T13283] FAT-fs (loop3): Directory bread(block 68) failed [ 298.794790][T13289] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4242'. [ 298.804389][T13283] FAT-fs (loop3): Directory bread(block 69) failed [ 298.823223][T13271] ntfs: volume version 3.1. [ 298.835469][T13283] FAT-fs (loop3): Directory bread(block 70) failed [ 298.842095][T13283] FAT-fs (loop3): Directory bread(block 71) failed [ 298.889258][T13283] FAT-fs (loop3): Directory bread(block 72) failed [ 298.908997][T13283] FAT-fs (loop3): Directory bread(block 73) failed [ 298.925866][T13271] ntfs: (device loop4): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 298.964379][T13271] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 299.695644][T13323] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 299.722382][T13277] loop1: detected capacity change from 0 to 32768 [ 299.784890][T13277] [ 299.784890][T13277] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.784890][T13277] [ 299.921116][ T4191] [ 299.921116][ T4191] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.921116][ T4191] [ 299.942374][ T4191] [ 299.942374][ T4191] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 299.942374][ T4191] [ 300.185566][ T4635] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 300.475415][ T4635] usb 4-1: Using ep0 maxpacket: 16 [ 300.501745][T13363] netlink: 'syz.0.4270': attribute type 8 has an invalid length. [ 300.530112][T13363] netlink: 161700 bytes leftover after parsing attributes in process `syz.0.4270'. [ 300.659513][ T4635] usb 4-1: unable to get BOS descriptor or descriptor too short [ 300.765752][ T4635] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 300.790973][ T4635] usb 4-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x7B, skipping [ 301.033554][ T4635] usb 4-1: New USB device found, idVendor=1235, idProduct=000e, bcdDevice= 0.40 [ 301.084482][ T4635] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.114951][ T4635] usb 4-1: Product: syz [ 301.125095][ T4635] usb 4-1: Manufacturer: syz [ 301.155766][ T4635] usb 4-1: SerialNumber: syz [ 301.632369][ T4635] snd-usb-audio: probe of 4-1:1.0 failed with error -2 [ 301.700871][ T4635] usb 4-1: USB disconnect, device number 21 [ 301.860908][T13435] netlink: 'syz.1.4304': attribute type 10 has an invalid length. [ 301.895115][T13435] team0: Device lo is loopback device. Loopback devices can't be added as a team port [ 301.932095][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 301.939194][T13435] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 302.099279][T13450] loop3: detected capacity change from 0 to 64 [ 302.132893][T13453] netlink: 'syz.1.4312': attribute type 1 has an invalid length. [ 302.161661][T13453] netlink: 'syz.1.4312': attribute type 3 has an invalid length. [ 302.210061][T13453] netlink: 224 bytes leftover after parsing attributes in process `syz.1.4312'. [ 302.253859][T13453] NCSI netlink: No device for ifindex 2986344450 [ 302.423961][T13469] netlink: 'syz.3.4317': attribute type 1 has an invalid length. [ 302.460986][T13469] netlink: 154788 bytes leftover after parsing attributes in process `syz.3.4317'. [ 302.631773][T13481] loop0: detected capacity change from 0 to 1024 [ 302.708781][T13490] netlink: 16 bytes leftover after parsing attributes in process `syz.2.4331'. [ 302.755507][T13481] EXT4-fs (loop0): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,jqfmt=vfsv1,dioread_lock,commit=0x0000000000000000,,errors=continue. Quota mode: none. [ 302.773506][ C0] vkms_vblank_simulate: vblank timer overrun [ 302.788496][T13481] ext4 filesystem being mounted at /883/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 302.914472][T13504] device gtp0 entered promiscuous mode [ 303.179884][T13517] loop4: detected capacity change from 0 to 256 [ 303.212011][T13521] netlink: 'syz.2.4344': attribute type 1 has an invalid length. [ 303.306018][T13525] netlink: 'syz.2.4346': attribute type 8 has an invalid length. [ 303.314887][T13525] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 303.485516][ T4228] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 303.495806][ T13] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 303.561533][T13496] loop3: detected capacity change from 0 to 32768 [ 303.617472][T13533] loop2: detected capacity change from 0 to 512 [ 303.626616][T13496] XFS: attr2 mount option is deprecated. [ 303.666294][ T26] audit: type=1400 audit(1773734689.699:16): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457C51CCA93031D371D06D2E59E880583300E11E8 pid=13536 comm="syz.4.4352" [ 303.687158][T13533] EXT4-fs (loop2): Mount option "noacl" will be removed by 3.5 [ 303.687158][T13533] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 303.687158][T13533] [ 303.690854][ C0] vkms_vblank_simulate: vblank timer overrun [ 303.715158][T13533] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 303.756039][T13533] EXT4-fs error (device loop2): ext4_fill_super:4866: inode #2: comm syz.2.4350: inode has both inline data and extents flags [ 303.773183][T13533] EXT4-fs (loop2): get root inode failed [ 303.775918][ T13] usb 1-1: Using ep0 maxpacket: 16 [ 303.784170][ T4228] usb 2-1: Using ep0 maxpacket: 8 [ 303.786677][T13533] EXT4-fs (loop2): mount failed [ 303.853598][T13496] XFS (loop3): Mounting V5 Filesystem [ 303.915557][ T4228] usb 2-1: config 0 interface 0 has no altsetting 0 [ 303.923928][T13547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4353'. [ 303.935427][ T13] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 303.958624][ T13] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 304.017933][T13547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4353'. [ 304.027906][T13547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4353'. [ 304.042837][T13547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4353'. [ 304.052754][T13547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4353'. [ 304.063500][T13547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4353'. [ 304.074823][T13547] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4353'. [ 304.095824][ T4228] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=d4.6e [ 304.115270][ T4228] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.128676][ T4228] usb 2-1: Product: syz [ 304.132914][ T4228] usb 2-1: Manufacturer: syz [ 304.151412][ T4228] usb 2-1: SerialNumber: syz [ 304.182077][ T4228] usb 2-1: config 0 descriptor?? [ 304.215672][ T13] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 304.225086][ T13] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 304.236539][T13496] XFS (loop3): Ending clean mount [ 304.263498][T13496] XFS (loop3): Quotacheck needed: Please wait. [ 304.273183][ T4228] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found [ 304.320832][ T13] usb 1-1: Product: syz [ 304.325074][ T13] usb 1-1: Manufacturer: syz [ 304.367761][ T13] usb 1-1: SerialNumber: syz [ 304.418786][T13496] XFS (loop3): Quotacheck: Done. [ 304.451612][T13556] loop4: detected capacity change from 0 to 512 [ 304.472354][ T4194] XFS (loop3): Unmounting Filesystem [ 304.534369][ T4228] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected [ 304.563766][ T4228] snd_usb_toneport: probe of 2-1:0.0 failed with error -22 [ 304.608100][T13556] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 304.626625][T13556] ext4 filesystem being mounted at /863/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 304.735721][ T13] usb 1-1: 0:2 : does not exist [ 304.745389][ T13] usb 1-1: unit 9 not found! [ 304.771727][ T4226] usb 2-1: USB disconnect, device number 19 [ 304.853230][ T13] usb 1-1: USB disconnect, device number 18 [ 305.098352][ T4178] udevd[4178]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 305.952010][T13613] xt_CT: You must specify a L4 protocol and not use inversions on it [ 306.278916][T13635] ipt_CLUSTERIP: no config found for 127.0.0.1, need 'new' [ 306.474277][T13645] loop2: detected capacity change from 0 to 64 [ 306.717948][T13662] loop3: detected capacity change from 0 to 1024 [ 306.885542][ T4228] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 307.475707][ T4228] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 307.484814][ T4228] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3 [ 307.493173][ T4228] usb 2-1: Product: syz [ 307.497533][ T4228] usb 2-1: Manufacturer: syz [ 307.502274][ T4228] usb 2-1: SerialNumber: syz [ 307.509481][ T4228] usb 2-1: config 0 descriptor?? [ 307.560159][ T4228] ch341 2-1:0.0: ch341-uart converter detected [ 307.985485][ T4228] usb 2-1: failed to send control message: -71 [ 307.991776][ T4228] ch341-uart: probe of ttyUSB0 failed with error -71 [ 308.001831][ T4228] usb 2-1: USB disconnect, device number 20 [ 308.009303][ T4228] ch341 2-1:0.0: device disconnected [ 308.525101][T13679] netlink: 'syz.2.4415': attribute type 1 has an invalid length. [ 308.550385][T13679] __nla_validate_parse: 16 callbacks suppressed [ 308.550471][T13679] netlink: 168864 bytes leftover after parsing attributes in process `syz.2.4415'. [ 308.629224][T13687] netlink: 36 bytes leftover after parsing attributes in process `syz.3.4419'. [ 308.835603][T13701] netlink: 'syz.4.4427': attribute type 1 has an invalid length. [ 308.875623][T13701] netlink: 'syz.4.4427': attribute type 3 has an invalid length. [ 308.883508][T13701] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4427'. [ 308.994751][T13709] netlink: 'syz.1.4432': attribute type 1 has an invalid length. [ 309.006800][ T4228] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 309.202469][T13723] loop4: detected capacity change from 0 to 1024 [ 309.303400][T13723] hfsplus: invalid file type 0174377 for inode 21 [ 309.312385][T13731] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.4442'. [ 309.345586][T13731] openvswitch: netlink: Flow key attribute not present in set flow. [ 309.389243][T13733] trusted_key: encrypted_key: master key parameter '' is invalid [ 309.412141][T13735] loop1: detected capacity change from 0 to 256 [ 309.528289][T13735] FAT-fs (loop1): Directory bread(block 64) failed [ 309.545502][ T4228] usb 3-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 309.565710][T13735] FAT-fs (loop1): Directory bread(block 65) failed [ 309.572495][T13735] FAT-fs (loop1): Directory bread(block 66) failed [ 309.589169][ T4228] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.614768][ T4228] usb 3-1: Product: syz [ 309.624244][ T4228] usb 3-1: Manufacturer: syz [ 309.634528][T13735] FAT-fs (loop1): Directory bread(block 67) failed [ 309.647792][ T4228] usb 3-1: SerialNumber: syz [ 309.654317][T13745] loop3: detected capacity change from 0 to 16 [ 309.664084][T13735] FAT-fs (loop1): Directory bread(block 68) failed [ 309.678893][ T4228] r8152-cfgselector 3-1: config 0 descriptor?? [ 309.686144][T13735] FAT-fs (loop1): Directory bread(block 69) failed [ 309.692912][T13735] FAT-fs (loop1): Directory bread(block 70) failed [ 309.702999][T13735] FAT-fs (loop1): Directory bread(block 71) failed [ 309.710202][T13735] FAT-fs (loop1): Directory bread(block 72) failed [ 309.720963][T13735] FAT-fs (loop1): Directory bread(block 73) failed [ 309.736150][T13745] erofs: (device loop3): mounted with root inode @ nid 36. [ 309.778283][T13745] erofs: (device loop3): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 309.812885][T13749] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 309.812887][T13745] erofs: (device loop3): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 309.837185][T13745] attempt to access beyond end of device [ 309.837185][T13745] loop3: rw=524288, want=32, limit=16 [ 309.876906][T13745] erofs: (device loop3): z_erofs_lz4_decompress: failed to decompress -6 in[63, 4033] out[4096] [ 309.955375][T13751] loop0: detected capacity change from 0 to 512 [ 309.962281][ T26] audit: type=1800 audit(1773734695.999:17): pid=13745 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.4449" name="file2" dev="loop3" ino=89 res=0 errno=0 [ 310.130455][T13751] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 310.157857][T13751] ext4 filesystem being mounted at /906/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 310.175456][ T4228] r8152-cfgselector 3-1: Unknown version 0x0000 [ 310.183259][ T4228] r8152-cfgselector 3-1: USB disconnect, device number 18 [ 310.281806][T13751] EXT4-fs error (device loop0): ext4_xattr_block_find:1855: inode #15: comm syz.0.4452: corrupted xattr block 33 [ 310.391330][T13768] netlink: 'syz.1.4458': attribute type 4 has an invalid length. [ 310.447738][T13768] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4458'. [ 310.700048][T13776] loop1: detected capacity change from 0 to 512 [ 310.780732][T13776] EXT4-fs (loop1): Test dummy encryption mode enabled [ 310.800366][T13776] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 310.813347][T13783] loop3: detected capacity change from 0 to 512 [ 310.869834][T13776] EXT4-fs error (device loop1): xattr_find_entry:297: inode #15: comm syz.1.4463: corrupted xattr entries [ 310.912942][T13776] EXT4-fs (loop1): Remounting filesystem read-only [ 310.920463][T13776] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 310.934464][T13776] EXT4-fs (loop1): 1 orphan inode deleted [ 310.940351][T13776] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,errors=remount-ro,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,test_dummy_encryption,. Quota mode: none. [ 311.189770][T13801] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4471'. [ 311.201358][T13800] netlink: 'syz.3.4474': attribute type 1 has an invalid length. [ 311.225829][T13800] netlink: 228 bytes leftover after parsing attributes in process `syz.3.4474'. [ 311.408520][T13810] loop1: detected capacity change from 0 to 2048 [ 311.542731][T13810] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 311.647431][T13827] loop0: detected capacity change from 0 to 764 [ 311.677582][T13810] ext4 filesystem being mounted at /911/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 311.758608][T13833] netlink: 420 bytes leftover after parsing attributes in process `syz.2.4490'. [ 311.847770][T13827] Symlink component flag not implemented [ 311.898345][T13827] Symlink component flag not implemented (105) [ 312.420463][T13851] No such timeout policy "syz1" [ 312.569201][T13858] [U] ^C [ 312.702926][T13868] loop0: detected capacity change from 0 to 256 [ 312.724277][T13867] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4507'. [ 312.768349][T13867] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4507'. [ 312.803472][T13829] loop4: detected capacity change from 0 to 32768 [ 312.874030][T13829] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.4489 (13829) [ 312.912268][T13868] FAT-fs (loop0): Directory bread(block 64) failed [ 312.945016][T13868] FAT-fs (loop0): Directory bread(block 65) failed [ 312.978653][T13829] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 312.981906][T13868] FAT-fs (loop0): Directory bread(block 66) failed [ 313.008930][T13868] FAT-fs (loop0): Directory bread(block 67) failed [ 313.023995][T13829] BTRFS info (device loop4): force clearing of disk cache [ 313.053607][T13868] FAT-fs (loop0): Directory bread(block 68) failed [ 313.062164][T13829] BTRFS info (device loop4): metadata ratio 0 [ 313.087696][T13868] FAT-fs (loop0): Directory bread(block 69) failed [ 313.096760][T13829] BTRFS info (device loop4): enabling ssd optimizations [ 313.107184][T13829] BTRFS info (device loop4): using spread ssd allocation scheme [ 313.119317][T13868] FAT-fs (loop0): Directory bread(block 70) failed [ 313.127424][T13873] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 313.148342][T13868] FAT-fs (loop0): Directory bread(block 71) failed [ 313.148708][T13868] FAT-fs (loop0): Directory bread(block 72) failed [ 313.175327][T13829] BTRFS info (device loop4): using free space tree [ 313.181918][T13829] BTRFS info (device loop4): has skinny extents [ 313.236832][T13868] FAT-fs (loop0): Directory bread(block 73) failed [ 313.345601][T13873] ntfs: volume version 3.1. [ 313.668579][T13829] BTRFS info (device loop4): clearing free space tree [ 313.685439][T13829] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 313.727661][T13829] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 313.794563][T13915] __nla_validate_parse: 1 callbacks suppressed [ 313.794587][T13915] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.4520'. [ 313.813550][T13915] openvswitch: netlink: IP tunnel attribute has 3064 unknown bytes. [ 313.880468][T13829] BTRFS info (device loop4): creating free space tree [ 313.918286][T13829] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 314.047008][T13829] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 314.575399][ T4175] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 11 /dev/loop4 scanned by udevd (4175) [ 314.962894][T13975] 9pnet: p9_fd_create_unix (13975): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 315.332853][T14000] dlm: no locking on control device [ 315.364302][T13999] netlink: 'syz.3.4556': attribute type 1 has an invalid length. [ 315.393395][T14005] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4558'. [ 315.434928][T13999] netlink: 56 bytes leftover after parsing attributes in process `syz.3.4556'. [ 315.515966][T14007] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4559'. [ 315.664363][T14012] set_capacity_and_notify: 1 callbacks suppressed [ 315.664383][T14012] loop1: detected capacity change from 0 to 512 [ 315.693157][T14014] binder: Bad value for 'max' [ 315.848966][T14012] EXT4-fs error (device loop1): ext4_iget_extra_inode:4566: inode #15: comm syz.1.4562: corrupted in-inode xattr [ 315.885014][T14030] loop2: detected capacity change from 0 to 256 [ 315.903018][T14020] loop4: detected capacity change from 0 to 4096 [ 315.922953][T14032] netlink: 260 bytes leftover after parsing attributes in process `syz.3.4566'. [ 315.937008][T14012] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.4562: couldn't read orphan inode 15 (err -117) [ 315.974538][T14020] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 315.995830][T14012] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 316.014832][T14036] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4570'. [ 316.026278][T14030] exfat: Deprecated parameter 'namecase' [ 316.033933][T14012] EXT4-fs error (device loop1): ext4_xattr_set_entry:1613: inode #2: comm syz.1.4562: corrupted xattr entries [ 316.034774][T14020] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 316.054682][T14030] exfat: Deprecated parameter 'namecase' [ 316.125524][T14030] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x7808ae6a, utbl_chksum : 0xe619d30d) [ 316.176606][T14020] ntfs: volume version 3.1. [ 316.219481][T14020] ntfs: (device loop4): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 316.337037][T14030] exFAT-fs (loop2): hint_cluster is invalid (4278190089) [ 316.351110][T14020] ntfs: (device loop4): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 316.370011][T14030] exFAT-fs (loop2): error, failed to bmap (inode : ffff88805fa9a1e0 iblock : 8, err : -5) [ 316.382450][T14020] ntfs: (device loop4): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 316.414475][T14030] exFAT-fs (loop2): error, invalid access to FAT (entry 0xff000008) [ 316.414571][T14030] exFAT-fs (loop2): error, invalid access to FAT (entry 0xff000008) [ 316.484815][T14046] netlink: 32 bytes leftover after parsing attributes in process `syz.0.4576'. [ 316.495067][T14020] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Found already allocated name in phase 2. Please run chkdsk and if that doesn't find any errors please report you saw this message to linux-ntfs-dev@lists.sourceforge.net. [ 316.495069][ T397] attempt to access beyond end of device [ 316.495069][ T397] loop2: rw=1, want=34225520826, limit=256 [ 316.495106][ T397] Buffer I/O error on dev loop2, logical block 34225520825, lost async page write [ 316.495150][T14020] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 316.495835][T14020] ntfs: (device loop4): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 316.507675][ T397] attempt to access beyond end of device [ 316.507675][ T397] loop2: rw=1, want=34225520827, limit=256 [ 316.507707][ T397] Buffer I/O error on dev loop2, logical block 34225520826, lost async page write [ 316.507764][ T397] attempt to access beyond end of device [ 316.507764][ T397] loop2: rw=1, want=34225520828, limit=256 [ 316.507785][ T397] Buffer I/O error on dev loop2, logical block 34225520827, lost async page write [ 316.507828][ T397] attempt to access beyond end of device [ 316.507828][ T397] loop2: rw=1, want=34225520829, limit=256 [ 316.507848][ T397] Buffer I/O error on dev loop2, logical block 34225520828, lost async page write [ 316.507891][ T397] attempt to access beyond end of device [ 316.507891][ T397] loop2: rw=1, want=34225520830, limit=256 [ 316.507912][ T397] Buffer I/O error on dev loop2, logical block 34225520829, lost async page write [ 316.507955][ T397] attempt to access beyond end of device [ 316.507955][ T397] loop2: rw=1, want=34225520831, limit=256 [ 316.507975][ T397] Buffer I/O error on dev loop2, logical block 34225520830, lost async page write [ 316.508017][ T397] attempt to access beyond end of device [ 316.508017][ T397] loop2: rw=1, want=34225520832, limit=256 [ 316.508038][ T397] Buffer I/O error on dev loop2, logical block 34225520831, lost async page write [ 316.712687][ C1] vkms_vblank_simulate: vblank timer overrun [ 316.813466][ C1] vkms_vblank_simulate: vblank timer overrun [ 317.134796][T14062] loop0: detected capacity change from 0 to 4096 [ 317.204665][T14062] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 317.286165][T14062] ntfs3: loop0: mft corrupted [ 317.290982][T14062] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 317.320604][T14062] ntfs3: loop0: Failed to load $BadClus. [ 317.669244][ T1423] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.677164][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.787979][T14110] netlink: 20 bytes leftover after parsing attributes in process `syz.2.4608'. [ 317.863800][T14110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4608'. [ 317.914989][T14118] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4612'. [ 318.373410][T14152] netlink: 'syz.3.4629': attribute type 3 has an invalid length. [ 318.685341][T13978] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 318.755624][ T4635] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 318.803279][T14179] (syz.4.4641,14179,1):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 318.826356][T14179] (syz.4.4641,14179,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 318.839583][T14181] autofs4:pid:14181:autofs_fill_super: called with bogus options [ 318.955948][T13978] usb 1-1: Using ep0 maxpacket: 32 [ 318.995746][ T4635] usb 4-1: Using ep0 maxpacket: 32 [ 319.115804][T13978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 319.134025][T13978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 319.156986][T13978] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 319.166288][ T4635] usb 4-1: unable to get BOS descriptor or descriptor too short [ 319.285574][ T4635] usb 4-1: config 1 has an invalid interface number: 255 but max is 2 [ 319.322971][ T4635] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 319.337897][ T4635] usb 4-1: config 1 has no interface number 2 [ 319.354567][ T4635] usb 4-1: config 1 interface 255 has no altsetting 0 [ 319.395689][T13978] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 319.435150][T13978] usb 1-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3 [ 319.493021][T13978] usb 1-1: Product: syz [ 319.506878][T13978] usb 1-1: Manufacturer: syz [ 319.515718][ T4635] usb 4-1: New USB device found, idVendor=0582, idProduct=0009, bcdDevice= 0.40 [ 319.524582][T13978] usb 1-1: SerialNumber: syz [ 319.524972][ T4635] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.559777][T14199] loop2: detected capacity change from 0 to 512 [ 319.573427][T13978] usb 1-1: config 0 descriptor?? [ 319.605007][ T4635] usb 4-1: Product: syz [ 319.611544][ T4635] usb 4-1: Manufacturer: syz [ 319.623805][ T4635] usb 4-1: SerialNumber: syz [ 319.678389][T14199] EXT4-fs error (device loop2): ext4_iget_extra_inode:4566: inode #15: comm syz.2.4651: corrupted in-inode xattr [ 319.760812][T14199] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.4651: couldn't read orphan inode 15 (err -117) [ 319.774243][T14199] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,,errors=continue. Quota mode: none. [ 319.802239][T14199] EXT4-fs error (device loop2): ext4_xattr_set_entry:1613: inode #2: comm syz.2.4651: corrupted xattr entries [ 319.814953][T14206] __nla_validate_parse: 1 callbacks suppressed [ 319.814974][T14206] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4655'. [ 319.831580][T14208] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4654'. [ 319.843604][T14206] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4655'. [ 319.853536][T14206] netlink: 20 bytes leftover after parsing attributes in process `syz.4.4655'. [ 319.884534][ T4638] usb 1-1: USB disconnect, device number 19 [ 319.971966][ T4635] usb 4-1: USB disconnect, device number 22 [ 320.208362][T14220] netlink: 'syz.1.4672': attribute type 10 has an invalid length. [ 320.267745][T14220] team0: Port device macvlan0 added [ 320.278141][ T9961] udevd[9961]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 320.375516][T13980] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 320.481846][T14224] loop2: detected capacity change from 0 to 8192 [ 320.581291][T14224] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 320.617474][T14224] REISERFS (device loop2): using ordered data mode [ 320.624416][T14224] reiserfs: using flush barriers [ 320.651849][T14224] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 320.671329][T14224] REISERFS (device loop2): checking transaction log (loop2) [ 320.745943][T14243] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4670'. [ 320.756430][T14224] REISERFS (device loop2): Using tea hash to sort names [ 320.764721][T14224] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 320.775634][T13980] usb 5-1: config 32 interface 0 altsetting 0 endpoint 0x85 is Bulk; changing to Interrupt [ 320.801604][T13980] usb 5-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 320.820987][T13980] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.894375][T14248] netlink: 72 bytes leftover after parsing attributes in process `syz.1.4676'. [ 320.896938][T14210] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 320.914670][T14250] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 4, id = 0 [ 321.176254][T14258] netlink: 'syz.3.4681': attribute type 10 has an invalid length. [ 321.215704][T13980] usb 5-1: string descriptor 0 read error: -71 [ 321.223346][T13980] hub 5-1:32.0: USB hub found [ 321.300676][T14258] team0: Port device macvlan0 added [ 321.306801][T13980] hub 5-1:32.0: config failed, can't read hub descriptor (err -22) [ 321.309799][ T4635] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 321.382222][T14260] loop0: detected capacity change from 0 to 4096 [ 321.461424][T13980] usb 5-1: USB disconnect, device number 18 [ 321.473882][T14260] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 0) do not match. Run ntfsfix or chkdsk. [ 321.501852][T14260] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 321.574637][T14260] ntfs: volume version 3.1. [ 321.585632][ T4635] usb 2-1: Using ep0 maxpacket: 8 [ 321.610419][T14260] ntfs: (device loop0): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 321.701848][T14260] ntfs: (device loop0): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 321.723420][T14260] ntfs: (device loop0): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 321.775840][ T9961] udevd[9961]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 321.865732][T14260] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Found already allocated name in phase 2. Please run chkdsk and if that doesn't find any errors please report you saw this message to linux-ntfs-dev@lists.sourceforge.net. [ 321.905744][ T4635] usb 2-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 321.933993][ T4635] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 321.962801][ T4635] usb 2-1: Product: syz [ 321.967408][ T4635] usb 2-1: Manufacturer: syz [ 321.972137][ T4635] usb 2-1: SerialNumber: syz [ 321.987258][T14260] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Corrupt directory. Aborting lookup. [ 322.016731][ T4635] usb 2-1: config 0 descriptor?? [ 322.042193][T14260] ntfs: (device loop0): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 322.135494][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 322.305534][ T4635] usb 2-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 322.515385][ T4635] usb write operation failed. (-71) [ 322.536480][ T4635] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 322.585753][ T4635] dvbdev: DVB: registering new adapter (Terratec H7) [ 322.610898][ T4635] usb 2-1: media controller created [ 322.619929][T14281] loop2: detected capacity change from 0 to 32768 [ 322.656247][ T4635] usb read operation failed. (-71) [ 322.675420][ T4635] usb write operation failed. (-71) [ 322.692984][ T4635] dvb_usb_az6007: probe of 2-1:0.0 failed with error -5 [ 322.703272][ T4635] usb 2-1: USB disconnect, device number 21 [ 322.716629][T14281] JBD2: Ignoring recovery information on journal [ 322.826518][T14289] loop4: detected capacity change from 0 to 32768 [ 322.849727][T14281] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 322.880938][T14289] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop4 scanned by syz.4.4693 (14289) [ 322.895345][T14281] (syz.2.4689,14281,1):ocfs2_find_entry:1086 ERROR: status = -117 [ 322.912960][T14281] (syz.2.4689,14281,1):ocfs2_find_entry:1086 ERROR: status = -117 [ 322.925895][T14281] (syz.2.4689,14281,1):ocfs2_mknod:502 ERROR: status = -117 [ 322.933270][T14281] (syz.2.4689,14281,1):ocfs2_mkdir:659 ERROR: status = -117 [ 322.961178][T14289] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 323.001403][T14289] BTRFS info (device loop4): force zlib compression, level 3 [ 323.019560][T14289] BTRFS info (device loop4): force clearing of disk cache [ 323.035785][T14289] BTRFS info (device loop4): setting nodatasum [ 323.055660][T14289] BTRFS info (device loop4): allowing degraded mounts [ 323.062674][T14289] BTRFS info (device loop4): enabling disk space caching [ 323.096382][T14289] BTRFS info (device loop4): disk space caching is enabled [ 323.096637][ T4185] ocfs2: Unmounting device (7,2) on (node local) [ 323.103746][T14289] BTRFS info (device loop4): has skinny extents [ 323.395403][ T4635] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 323.502934][T14350] device geneve3 entered promiscuous mode [ 323.571756][T14289] BTRFS info (device loop4): clearing free space tree [ 323.590878][T14289] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 323.591154][T14356] netlink: 'syz.3.4713': attribute type 8 has an invalid length. [ 323.628334][T14289] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 323.680145][T14356] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 323.755524][ T4635] usb 1-1: config 0 has an invalid interface number: 107 but max is 0 [ 323.763938][ T4635] usb 1-1: config 0 has no interface number 0 [ 323.808417][T14363] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 323.815340][ T4635] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 323.815377][ T4635] usb 1-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 323.863567][T14365] loop1: detected capacity change from 0 to 64 [ 323.925002][T14363] VFS: Can't find a romfs filesystem on dev nullb0. [ 323.925002][T14363] [ 323.973084][T14289] BTRFS info (device loop4): balance: start -susage=11,limit=1 [ 323.985624][ T4635] usb 1-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 324.014821][ T4635] usb 1-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 324.031250][ T26] audit: type=1400 audit(1773734710.049:18): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457C51CCA93031D371D06D2E59E880583300E11E8 pid=14368 comm="syz.3.4720" [ 324.097443][ T4635] usb 1-1: Product: syz [ 324.101834][ T4635] usb 1-1: Manufacturer: syz [ 324.145279][ T4635] usb 1-1: SerialNumber: syz [ 324.175943][T14289] BTRFS info (device loop4): relocating block group 1048576 flags system [ 324.206460][ T4635] usb 1-1: config 0 descriptor?? [ 324.246941][ T4635] keyspan 1-1:0.107: Keyspan 4 port adapter converter detected [ 324.254997][ T4635] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 81 [ 324.318919][T14376] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4721'. [ 324.341483][ T4635] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 1 [ 324.392265][ T4635] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 324.435165][T14289] BTRFS info (device loop4): balance: ended with status: 0 [ 324.468568][ T4635] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 2 [ 324.543053][ T4635] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 324.614897][ T4635] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 4 [ 324.652851][ T4635] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 324.683648][ T4635] keyspan 1-1:0.107: found no endpoint descriptor for endpoint 6 [ 324.723831][ T4635] usb 1-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 324.781481][ T4635] usb 1-1: USB disconnect, device number 20 [ 324.905920][ T4635] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 324.956324][ T4635] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 325.043344][ T4635] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 325.066693][T14400] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4735'. [ 325.092042][ T4635] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 325.133370][T14400] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4735'. [ 325.182622][ T4635] keyspan 1-1:0.107: device disconnected [ 325.228329][ C0] vkms_vblank_simulate: vblank timer overrun [ 325.804200][T14426] netlink: 'syz.2.4745': attribute type 49 has an invalid length. [ 326.071792][T14440] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4754'. [ 326.273852][T14406] loop0: detected capacity change from 0 to 32768 [ 326.286643][T14452] loop4: detected capacity change from 0 to 16 [ 326.372878][T14452] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 326.380063][T14406] XFS (loop0): sunit and swidth must be specified together [ 326.404990][T14458] netlink: 'syz.1.4763': attribute type 21 has an invalid length. [ 326.451446][T14458] netlink: 4 bytes leftover after parsing attributes in process `syz.1.4763'. [ 326.752943][T14476] loop4: detected capacity change from 0 to 164 [ 327.071868][T14489] loop2: detected capacity change from 0 to 1024 [ 327.183955][T14489] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 327.213180][T14489] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 327.285498][T14489] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 327.294270][T14489] System zones: 0-1, 3-36 [ 327.340944][T14489] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 327.361488][ C0] vkms_vblank_simulate: vblank timer overrun [ 327.672911][T14527] netlink: 24 bytes leftover after parsing attributes in process `syz.0.4795'. [ 327.718277][T14528] netlink: 'syz.1.4796': attribute type 1 has an invalid length. [ 327.730880][T14528] netlink: 212908 bytes leftover after parsing attributes in process `syz.1.4796'. [ 328.152759][T14549] device wlan0 entered promiscuous mode [ 328.172826][T14549] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 328.191104][T14556] trusted_key: encrypted_key: master key parameter '' is invalid [ 328.641854][T14575] loop0: detected capacity change from 0 to 512 [ 328.792970][T14575] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 328.876003][T14575] ext4 filesystem being mounted at /963/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 328.921732][T14575] EXT4-fs error (device loop0): ext4_xattr_block_get:543: inode #15: comm syz.0.4818: corrupted xattr block 32 [ 329.169592][T14606] loop0: detected capacity change from 0 to 64 [ 329.477542][T14625] netlink: 209820 bytes leftover after parsing attributes in process `syz.0.4851'. [ 329.710006][T14640] ipt_CLUSTERIP: no config found for 127.0.0.1, need 'new' [ 329.730409][T14645] loop2: detected capacity change from 0 to 16 [ 329.832461][T14645] erofs: (device loop2): mounted with root inode @ nid 36. [ 329.859236][T14650] loop3: detected capacity change from 0 to 512 [ 329.878444][T14654] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4855'. [ 329.892335][T14645] erofs: (device loop2): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 329.940328][T14645] erofs: (device loop2): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 329.987371][T14645] attempt to access beyond end of device [ 329.987371][T14645] loop2: rw=524288, want=32, limit=16 [ 330.021484][T14650] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 330.037677][T14645] erofs: (device loop2): z_erofs_lz4_decompress: failed to decompress -6 in[63, 4033] out[4096] [ 330.065584][ T26] audit: type=1800 audit(1773734716.109:19): pid=14645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.4852" name="file2" dev="loop2" ino=89 res=0 errno=0 [ 330.115862][T14650] ext4 filesystem being mounted at /951/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 330.230175][T14670] loop1: detected capacity change from 0 to 512 [ 330.246310][T14650] EXT4-fs error (device loop3): ext4_xattr_block_find:1855: inode #15: comm syz.3.4857: corrupted xattr block 33 [ 330.293616][T14676] netlink: 264 bytes leftover after parsing attributes in process `syz.4.4867'. [ 330.310316][T14676] netlink: 264 bytes leftover after parsing attributes in process `syz.4.4867'. [ 330.330497][T14670] EXT4-fs (loop1): Ignoring removed oldalloc option [ 330.367267][T14676] netlink: 175 bytes leftover after parsing attributes in process `syz.4.4867'. [ 330.476562][T14670] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,block_validity,grpid,oldalloc,,errors=continue. Quota mode: writeback. [ 330.549390][T14670] ext4 filesystem being mounted at /998/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 330.625805][T14683] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 217: padding at end of block bitmap is not set [ 330.793751][T14696] netlink: 'syz.2.4876': attribute type 1 has an invalid length. [ 330.882192][T14696] netlink: 228 bytes leftover after parsing attributes in process `syz.2.4876'. [ 331.082600][T14707] loop1: detected capacity change from 0 to 64 [ 331.273158][T14721] netlink: 'syz.4.4887': attribute type 21 has an invalid length. [ 331.301750][T14721] netlink: 128 bytes leftover after parsing attributes in process `syz.4.4887'. [ 331.328087][T14721] netlink: 'syz.4.4887': attribute type 4 has an invalid length. [ 331.347961][T14721] netlink: 'syz.4.4887': attribute type 5 has an invalid length. [ 331.357075][T14721] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4887'. [ 331.396941][ T4643] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 331.504605][T14727] loop0: detected capacity change from 0 to 2048 [ 331.655455][ T4643] usb 4-1: Using ep0 maxpacket: 16 [ 331.686778][T14727] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 331.733816][T14727] ext4 filesystem being mounted at /978/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 331.775755][ T4643] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 331.811280][ T4643] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 331.868589][T14754] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4904'. [ 332.035645][ T4643] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 332.050781][T14763] loop0: detected capacity change from 0 to 16 [ 332.057150][ T4643] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 332.057219][ T4643] usb 4-1: Product: syz [ 332.057237][ T4643] usb 4-1: Manufacturer: syz [ 332.057253][ T4643] usb 4-1: SerialNumber: syz [ 332.066837][T14762] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4906'. [ 332.157497][T14763] erofs: (device loop0): mounted with root inode @ nid 36. [ 332.177262][T14767] loop4: detected capacity change from 0 to 16 [ 332.217671][T14763] erofs: (device loop0): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 332.238520][T14767] erofs: (device loop4): mounted with root inode @ nid 36. [ 332.246226][T14763] erofs: (device loop0): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 332.276559][T14767] erofs: (device loop4): z_erofs_fill_inode_lazy: per-inode big pcluster without sb feature for nid 83 [ 332.295960][T14763] attempt to access beyond end of device [ 332.295960][T14763] loop0: rw=524288, want=32, limit=16 [ 332.325512][T14767] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117] [ 332.340715][T14763] erofs: (device loop0): z_erofs_lz4_decompress: failed to decompress -6 in[63, 4033] out[4096] [ 332.405664][ T4643] usb 4-1: 0:2 : does not exist [ 332.411015][ T4643] usb 4-1: unit 9 not found! [ 332.419253][T14771] loop2: detected capacity change from 0 to 764 [ 332.455160][ T26] audit: type=1800 audit(1773734718.489:20): pid=14763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.4903" name="file2" dev="loop0" ino=89 res=0 errno=0 [ 332.514870][ T4643] usb 4-1: USB disconnect, device number 23 [ 332.557195][T14771] Symlink component flag not implemented [ 332.563192][T14771] Symlink component flag not implemented (105) [ 332.786417][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 332.857728][T14785] dlm: no locking on control device [ 332.973596][T14791] loop1: detected capacity change from 0 to 256 [ 333.190594][T14791] FAT-fs (loop1): Directory bread(block 64) failed [ 333.205573][T14791] FAT-fs (loop1): Directory bread(block 65) failed [ 333.232788][T14791] FAT-fs (loop1): Directory bread(block 66) failed [ 333.261098][T14791] FAT-fs (loop1): Directory bread(block 67) failed [ 333.285529][T14791] FAT-fs (loop1): Directory bread(block 68) failed [ 333.302535][T14791] FAT-fs (loop1): Directory bread(block 69) failed [ 333.322880][T14791] FAT-fs (loop1): Directory bread(block 70) failed [ 333.343049][T14791] FAT-fs (loop1): Directory bread(block 71) failed [ 333.350379][ T13] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 333.388096][T14791] FAT-fs (loop1): Directory bread(block 72) failed [ 333.406654][T14791] FAT-fs (loop1): Directory bread(block 73) failed [ 333.666751][ T13] usb 5-1: Using ep0 maxpacket: 16 [ 333.679149][T14811] loop0: detected capacity change from 0 to 512 [ 333.688329][T14813] loop1: detected capacity change from 0 to 16 [ 333.738754][T14815] bridge4: the hash_elasticity option has been deprecated and is always 16 [ 333.751998][T14813] erofs: (device loop1): mounted with root inode @ nid 36. [ 333.766088][T14811] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 333.801271][T14813] erofs: (device loop1): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 333.826931][ T13] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 333.852696][T14811] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1062: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 333.863606][T14813] erofs: (device loop1): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 333.877648][T14813] attempt to access beyond end of device [ 333.877648][T14813] loop1: rw=524288, want=32, limit=16 [ 333.895263][T14813] erofs: (device loop1): z_erofs_lz4_decompress: failed to decompress -6 in[63, 4033] out[4096] [ 333.913299][ T26] audit: type=1800 audit(1773734719.949:21): pid=14813 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.4927" name="file2" dev="loop1" ino=89 res=0 errno=0 [ 334.045582][ T13] usb 5-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 334.073372][T14811] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.4930: bg 0: block 248: padding at end of block bitmap is not set [ 334.075345][ T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.153973][T14811] Quota error (device loop0): write_blk: dquota write failed [ 334.162185][ T13] usb 5-1: Product: syz [ 334.176708][ T13] usb 5-1: Manufacturer: syz [ 334.191817][ T13] usb 5-1: SerialNumber: syz [ 334.192784][T14811] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 334.221571][ T13] usb 5-1: config 0 descriptor?? [ 334.268907][T14811] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.4930: Failed to acquire dquot type 1 [ 334.319664][T14811] EXT4-fs (loop0): 1 truncate cleaned up [ 334.321088][ T13] mcba_usb 5-1:0.0: Can't find endpoints [ 334.351211][T14811] EXT4-fs (loop0): mounted filesystem without journal. Opts: barrier,,errors=continue. Quota mode: writeback. [ 334.453943][T14811] Quota error (device loop0): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 334.497204][T14811] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 334.530712][T14811] EXT4-fs error (device loop0): ext4_acquire_dquot:6234: comm syz.0.4930: Failed to acquire dquot type 1 [ 334.546645][T14838] loop3: detected capacity change from 0 to 512 [ 334.571657][ T13] usb 5-1: USB disconnect, device number 19 [ 334.630603][T14838] EXT4-fs (loop3): Test dummy encryption mode enabled [ 334.652501][T14838] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 334.690681][ T155] Quota error (device loop0): remove_tree: Getting block too big (0 >= 6) [ 334.714276][T14838] EXT4-fs error (device loop3): xattr_find_entry:297: inode #15: comm syz.3.4944: corrupted xattr entries [ 334.718010][ T155] EXT4-fs error (device loop0): ext4_release_dquot:6270: comm kworker/u4:3: Failed to release dquot type 1 [ 334.742889][T14838] EXT4-fs (loop3): Remounting filesystem read-only [ 334.749693][T13980] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 334.764196][T14838] EXT4-fs (loop3): 1 orphan inode deleted [ 334.795803][T14838] EXT4-fs (loop3): mounted filesystem without journal. Opts: nogrpid,errors=remount-ro,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,test_dummy_encryption,. Quota mode: none. [ 335.019839][T14851] device wlan0 entered promiscuous mode [ 335.030976][T14851] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 335.071537][T14853] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4961'. [ 335.080854][T14853] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 335.195563][T13980] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 335.195627][T13980] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 335.386732][T13980] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 335.396817][T14869] netlink: 'syz.0.4958': attribute type 1 has an invalid length. [ 335.404850][T14869] netlink: 224 bytes leftover after parsing attributes in process `syz.0.4958'. [ 335.434943][T13980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.459632][T13980] usb 3-1: Product: syz [ 335.463961][T13980] usb 3-1: Manufacturer: syz [ 335.479599][T13980] usb 3-1: SerialNumber: syz [ 335.506124][ T13] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 335.546895][T13980] usb 3-1: bad CDC descriptors [ 335.755433][T13980] usb 3-1: USB disconnect, device number 19 [ 335.822059][T14881] device wlan0 entered promiscuous mode [ 335.859752][T14881] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 335.925735][ T13] usb 4-1: New USB device found, idVendor=0c45, idProduct=6280, bcdDevice=d5.fc [ 335.946150][ T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 336.018066][ T13] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:6280 [ 336.445389][ T13] gspca_sn9c20x: Write register 1001 failed -71 [ 336.454801][ T13] gspca_sn9c20x: Device initialization failed [ 336.482227][ T13] gspca_sn9c20x: probe of 4-1:252.0 failed with error -71 [ 336.522594][ T13] usb 4-1: USB disconnect, device number 24 [ 336.578797][T14917] binfmt_misc: register: failed to install interpreter file ./file0 [ 336.909929][T14935] netlink: 'syz.2.4991': attribute type 1 has an invalid length. [ 337.166168][T14905] loop4: detected capacity change from 0 to 32768 [ 337.176364][ T6344] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 337.271116][T14952] netlink: 'syz.2.5000': attribute type 3 has an invalid length. [ 337.283568][T14905] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 337.325332][T14905] (syz.4.4977,14905,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=0, inode=65, rec_len=16, name_len=8 [ 337.343601][T14905] (syz.4.4977,14905,1):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 337.352581][T14905] (syz.4.4977,14905,1):ocfs2_mknod:298 ERROR: status = -2 [ 337.360535][T14905] (syz.4.4977,14905,1):ocfs2_mknod:502 ERROR: status = -2 [ 337.369076][T14905] (syz.4.4977,14905,1):ocfs2_create:676 ERROR: status = -2 [ 337.419999][ T4195] ocfs2: Unmounting device (7,4) on (node local) [ 337.520057][T14961] (syz.3.5004,14961,1):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 337.545627][ T6344] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 337.574642][T14961] (syz.3.5004,14961,1):ocfs2_fill_super:1177 ERROR: status = -22 [ 337.731469][ T6344] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 337.755472][ T6344] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.779034][ T6344] usb 2-1: Product: syz [ 337.783310][ T6344] usb 2-1: Manufacturer: syz [ 337.794957][ T6344] usb 2-1: SerialNumber: syz [ 337.802333][T14973] netlink: 72 bytes leftover after parsing attributes in process `syz.4.5009'. [ 337.835372][ T4635] usb 1-1: new low-speed USB device number 21 using dummy_hcd [ 337.847696][ T6344] usb 2-1: config 0 descriptor?? [ 337.886816][ T6344] asix: probe of 2-1:0.0 failed with error -22 [ 338.096037][T13980] usb 2-1: USB disconnect, device number 22 [ 338.205793][ T4635] usb 1-1: config 32 interface 0 altsetting 0 endpoint 0x85 is Bulk; changing to Interrupt [ 338.233034][ T4635] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 338.276738][ T4635] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.315745][T14965] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 338.373054][T14997] netlink: 72 bytes leftover after parsing attributes in process `syz.3.5020'. [ 338.531435][T15001] loop3: detected capacity change from 0 to 4096 [ 338.597352][ T4635] usb 1-1: string descriptor 0 read error: -71 [ 338.605842][T15001] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 338.635448][T15001] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 338.636591][ T4635] hub 1-1:32.0: USB hub found [ 338.665058][T15001] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 338.725676][ T4635] hub 1-1:32.0: config failed, can't read hub descriptor (err -22) [ 338.734799][T15001] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 338.863360][T15001] ntfs: volume version 3.1. [ 338.916570][ T4635] usb 1-1: USB disconnect, device number 21 [ 339.014812][T15001] ntfs: (device loop3): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 339.054540][T15001] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 339.228166][ T4175] udevd[4175]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:32.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 339.309999][T15038] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5042'. [ 339.357701][T15038] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5042'. [ 339.675460][ T4635] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 339.693772][ T26] audit: type=1400 audit(1773734725.729:22): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457C51CCA93031D371D06D2E59E880583300E11E8 pid=15058 comm="syz.2.5050" [ 339.845419][ T13] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 339.935495][ T4635] usb 1-1: Using ep0 maxpacket: 8 [ 339.997860][T15077] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5061'. [ 340.055994][ T4635] usb 1-1: config 127 has an invalid interface number: 171 but max is 1 [ 340.076860][ T4635] usb 1-1: config 127 has no interface number 1 [ 340.083331][ T4635] usb 1-1: config 127 interface 0 altsetting 10 endpoint 0x1 has invalid wMaxPacketSize 0 [ 340.100606][ T4635] usb 1-1: config 127 interface 171 has no altsetting 0 [ 340.109367][ T4635] usb 1-1: config 127 interface 0 has no altsetting 0 [ 340.115522][T13980] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 340.276910][T15090] loop4: detected capacity change from 0 to 128 [ 340.287445][ T4635] usb 1-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 340.303490][ T4635] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.312727][ T4635] usb 1-1: Product: syz [ 340.317460][ T4635] usb 1-1: Manufacturer: syz [ 340.322185][ T4635] usb 1-1: SerialNumber: syz [ 340.326359][ T13] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 340.335075][ T13] usb 4-1: config 0 has no interface number 0 [ 340.352379][ T13] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 340.364945][ T13] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 340.385376][T13980] usb 3-1: Using ep0 maxpacket: 8 [ 340.491857][T15094] loop1: detected capacity change from 0 to 4096 [ 340.545335][T15094] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 340.565784][ T13] usb 4-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 340.577555][ T13] usb 4-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 340.587929][ T13] usb 4-1: Product: syz [ 340.592150][ T13] usb 4-1: Manufacturer: syz [ 340.618093][ T13] usb 4-1: SerialNumber: syz [ 340.662982][ T13] usb 4-1: config 0 descriptor?? [ 340.709174][ T4635] xr_serial 1-1:127.171: xr_serial converter detected [ 340.727168][ T13] keyspan 4-1:0.107: Keyspan 4 port adapter converter detected [ 340.736462][T13980] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 340.751708][ T4635] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 340.757960][ T13] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 81 [ 340.768279][T13980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 340.778802][ T4635] xr_serial: probe of ttyUSB0 failed with error -71 [ 340.785367][T13980] usb 3-1: Product: syz [ 340.795818][ T13] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 1 [ 340.825896][T13980] usb 3-1: Manufacturer: syz [ 340.830600][T13980] usb 3-1: SerialNumber: syz [ 340.848693][ T13] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 340.872350][ T4635] usb 1-1: USB disconnect, device number 22 [ 340.887995][T13980] usb 3-1: config 0 descriptor?? [ 340.896441][ T13] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 2 [ 340.910175][ T4635] xr_serial 1-1:127.171: device disconnected [ 340.958260][ T13] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 340.979332][ T13] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 4 [ 341.007588][ T13] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 341.018117][ T13] keyspan 4-1:0.107: found no endpoint descriptor for endpoint 6 [ 341.052680][ T13] usb 4-1: Keyspan 4 port adapter converter now attached to ttyUSB4 [ 341.069020][ T13] usb 4-1: USB disconnect, device number 25 [ 341.096522][ T13] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 341.136265][ T13] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 341.178772][T13980] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 341.212331][ T13] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 341.253928][ T13] keyspan_4 ttyUSB4: Keyspan 4 port adapter converter now disconnected from ttyUSB4 [ 341.273503][ T13] keyspan 4-1:0.107: device disconnected [ 341.341709][T15116] netlink: 'syz.1.5081': attribute type 49 has an invalid length. [ 341.395427][T13980] usb write operation failed. (-71) [ 341.409476][T15120] Invalid ELF header magic: != ELF [ 341.419073][T13980] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 341.441178][T13980] dvbdev: DVB: registering new adapter (Terratec H7) [ 341.461164][T13980] usb 3-1: media controller created [ 341.486209][T13980] usb read operation failed. (-71) [ 341.525899][T13980] usb write operation failed. (-71) [ 341.554167][T13980] dvb_usb_az6007: probe of 3-1:0.0 failed with error -5 [ 341.616215][T13980] usb 3-1: USB disconnect, device number 20 [ 341.915772][ T13] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 341.995837][T15141] device bridge4 entered promiscuous mode [ 342.064078][T15126] loop1: detected capacity change from 0 to 32768 [ 342.072342][T15145] loop2: detected capacity change from 0 to 1024 [ 342.165312][ T13] usb 5-1: Using ep0 maxpacket: 16 [ 342.187634][T15126] (syz.1.5084,15126,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 342.242279][T15126] (syz.1.5084,15126,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 342.295913][ T13] usb 5-1: config 0 has no interfaces? [ 342.375784][ T13] usb 5-1: config 0 has no interfaces? [ 342.414083][T15126] JBD2: Ignoring recovery information on journal [ 342.455555][ T13] usb 5-1: config 0 has no interfaces? [ 342.535643][ T13] usb 5-1: string descriptor 0 read error: -71 [ 342.541979][ T13] usb 5-1: New USB device found, idVendor=0403, idProduct=e80c, bcdDevice=fb.ba [ 342.552196][ T13] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 342.566749][ T13] usb 5-1: rejected 3 configurations due to insufficient available bus power [ 342.576157][ T13] usb 5-1: no configuration chosen from 3 choices [ 342.607027][ T13] usb 5-1: USB disconnect, device number 20 [ 342.630568][T15126] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 342.667527][T15166] loop2: detected capacity change from 0 to 256 [ 342.764057][T15171] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5107'. [ 342.883100][ T4191] ocfs2: Unmounting device (7,1) on (node local) [ 342.955309][ T4635] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 343.010274][T15175] loop2: detected capacity change from 0 to 512 [ 343.151993][T15175] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 343.196842][ T4635] usb 1-1: Using ep0 maxpacket: 32 [ 343.212314][T15175] ext4 filesystem being mounted at /1041/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 343.245328][ T13] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 343.271482][T15186] loop1: detected capacity change from 0 to 164 [ 343.311100][T15175] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1161: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 343.359504][T15175] Quota error (device loop2): write_blk: dquota write failed [ 343.374255][ T4635] usb 1-1: unable to get BOS descriptor or descriptor too short [ 343.393457][T15175] Quota error (device loop2): qtree_write_dquot: Error -28 occurred while creating quota [ 343.411042][T15175] EXT4-fs error (device loop2): ext4_acquire_dquot:6234: comm syz.2.5109: Failed to acquire dquot type 1 [ 343.465677][ T4635] usb 1-1: config 1 has an invalid interface number: 255 but max is 2 [ 343.484202][ T4635] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 343.514931][ T4635] usb 1-1: config 1 has no interface number 2 [ 343.517490][ T13] usb 4-1: Using ep0 maxpacket: 8 [ 343.530669][ T4635] usb 1-1: config 1 interface 255 has no altsetting 0 [ 343.614251][T15194] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5117'. [ 343.655694][T15193] loop1: detected capacity change from 0 to 2048 [ 343.695546][ T4635] usb 1-1: New USB device found, idVendor=0582, idProduct=0009, bcdDevice= 0.40 [ 343.709490][ T4635] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.718326][ T4635] usb 1-1: Product: syz [ 343.722644][ T4635] usb 1-1: Manufacturer: syz [ 343.727740][ T4635] usb 1-1: SerialNumber: syz [ 343.757672][T15193] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 343.805402][T15193] NILFS (loop1): unrecognized mount option "ÿÿ" [ 343.830692][T15193] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 343.864630][T15203] overlayfs: unrecognized mount option "\" or missing value [ 343.881418][ T13] usb 4-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 343.911317][ T13] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.927924][T15205] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 343.938879][ T13] usb 4-1: Product: syz [ 343.962097][ T13] usb 4-1: Manufacturer: syz [ 343.984221][ T13] usb 4-1: SerialNumber: syz [ 344.015959][ T13] usb 4-1: config 0 descriptor?? [ 344.049179][ T4635] usb 1-1: USB disconnect, device number 23 [ 344.096470][T15207] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5124'. [ 344.130813][T15207] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5124'. [ 344.152777][T15207] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5124'. [ 344.223884][T15207] netlink: 152 bytes leftover after parsing attributes in process `syz.2.5124'. [ 344.275509][ T13] usb 4-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 344.326376][T15215] loop2: detected capacity change from 0 to 16 [ 344.333571][T15215] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 344.341918][ T9961] udevd[9961]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 344.495427][ T13] usb write operation failed. (-71) [ 344.527611][ T13] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 344.575614][ T13] dvbdev: DVB: registering new adapter (Terratec H7) [ 344.603064][ T13] usb 4-1: media controller created [ 344.646375][ T13] usb read operation failed. (-71) [ 344.705832][ T13] usb write operation failed. (-71) [ 344.720085][ T13] dvb_usb_az6007: probe of 4-1:0.0 failed with error -5 [ 344.752043][ T13] usb 4-1: USB disconnect, device number 26 [ 344.783708][T15235] netlink: 132 bytes leftover after parsing attributes in process `syz.0.5136'. [ 344.989344][T15246] loop0: detected capacity change from 0 to 128 [ 345.467517][T15218] loop1: detected capacity change from 0 to 32768 [ 345.629304][T15218] XFS (loop1): Mounting V5 Filesystem [ 345.665876][T15287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5163'. [ 345.675110][T15287] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5163'. [ 345.688619][T15287] netlink: 152 bytes leftover after parsing attributes in process `syz.4.5163'. [ 345.806673][T15218] XFS (loop1): Ending clean mount [ 345.911575][ T4191] XFS (loop1): Unmounting Filesystem [ 345.929087][T15301] xt_recent: hitcount (16777216) is larger than allowed maximum (255) [ 346.007359][T15304] SET target dimension over the limit! [ 346.251173][T15318] loop4: detected capacity change from 0 to 128 [ 346.413982][T15318] affs: No valid root block on device loop4 [ 346.427373][T15322] team0: Port device macvlan1 removed [ 346.450445][T15288] loop3: detected capacity change from 0 to 32768 [ 346.523889][T15288] (syz.3.5158,15288,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 346.584476][T15288] (syz.3.5158,15288,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 346.776548][T15288] JBD2: Ignoring recovery information on journal [ 346.930179][T15336] netlink: 'syz.1.5182': attribute type 10 has an invalid length. [ 346.980788][T15336] device team0 entered promiscuous mode [ 347.017648][T15336] device team_slave_0 entered promiscuous mode [ 347.043744][T15332] loop4: detected capacity change from 0 to 8192 [ 347.051559][T15336] device team_slave_1 entered promiscuous mode [ 347.058557][T15336] device macvlan0 entered promiscuous mode [ 347.064777][T15288] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 347.078815][T15336] bridge0: port 3(team0) entered blocking state [ 347.116078][T15336] bridge0: port 3(team0) entered disabled state [ 347.141232][T15332] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 347.171343][T15332] REISERFS (device loop4): using ordered data mode [ 347.181151][T15336] bridge0: port 3(team0) entered blocking state [ 347.187595][T15336] bridge0: port 3(team0) entered forwarding state [ 347.196533][T15332] reiserfs: using flush barriers [ 347.231138][T15332] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 347.303234][ T4194] ocfs2: Unmounting device (7,3) on (node local) [ 347.364905][T15332] REISERFS (device loop4): checking transaction log (loop4) [ 347.451766][T15352] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 347.501308][T15352] overlayfs: conflicting options: userxattr,metacopy=on [ 347.814884][T15363] [U] ^C [ 347.823468][T15359] EXT4-fs (loop2): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 347.845993][T15332] REISERFS (device loop4): Using tea hash to sort names [ 347.853891][T15332] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 347.916856][T15359] ext4 filesystem being mounted at /1067/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 347.946034][T15359] EXT4-fs error (device loop2): ext4_xattr_block_get:543: inode #15: comm syz.2.5193: corrupted xattr block 32 [ 348.098570][T15381] set_capacity_and_notify: 1 callbacks suppressed [ 348.098591][T15381] loop3: detected capacity change from 0 to 64 [ 348.198238][T15385] __nla_validate_parse: 6 callbacks suppressed [ 348.198261][T15385] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5202'. [ 348.261858][T15385] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5202'. [ 348.325394][ T13] usb 2-1: new full-speed USB device number 23 using dummy_hcd [ 348.355388][T15387] xt_TCPMSS: Only works on TCP SYN packets [ 348.765104][T15399] device bridge1 entered promiscuous mode [ 348.786162][ T13] usb 2-1: config 0 has an invalid interface number: 107 but max is 0 [ 348.800907][ T13] usb 2-1: config 0 has no interface number 0 [ 348.812460][T15401] netlink: 84 bytes leftover after parsing attributes in process `syz.2.5213'. [ 348.833597][ T13] usb 2-1: config 0 interface 107 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 10 [ 348.875903][ T13] usb 2-1: config 0 interface 107 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 348.995027][T15411] netlink: 'syz.4.5217': attribute type 28 has an invalid length. [ 349.004410][T15411] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5217'. [ 349.082847][ T13] usb 2-1: New USB device found, idVendor=06cd, idProduct=0131, bcdDevice=16.60 [ 349.102549][ T13] usb 2-1: New USB device strings: Mfr=175, Product=2, SerialNumber=3 [ 349.128127][ T13] usb 2-1: Product: syz [ 349.134559][T15415] netlink: 204 bytes leftover after parsing attributes in process `syz.0.5218'. [ 349.151585][ T13] usb 2-1: Manufacturer: syz [ 349.165235][ T13] usb 2-1: SerialNumber: syz [ 349.181691][T15418] loop4: detected capacity change from 0 to 1024 [ 349.193749][ T13] usb 2-1: config 0 descriptor?? [ 349.226583][T15418] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 349.260127][T15418] JBD2: no valid journal superblock found [ 349.283637][ T13] keyspan 2-1:0.107: Keyspan 4 port adapter converter detected [ 349.287224][T15418] EXT4-fs (loop4): error loading journal [ 349.303793][T15424] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.5222'. [ 349.339891][ T13] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 81 [ 349.385280][T15424] openvswitch: netlink: Key 29 has unexpected len 3064 expected 0 [ 349.407361][ T13] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 1 [ 349.443470][ T13] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 349.463479][ T13] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 2 [ 349.518643][ T13] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 349.541793][ T13] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 4 [ 349.553397][ T13] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 349.563090][ T13] keyspan 2-1:0.107: found no endpoint descriptor for endpoint 6 [ 349.573329][ T13] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 349.586894][ T150] block nbd0: Attempted send on invalid socket [ 349.593911][ T13] usb 2-1: USB disconnect, device number 23 [ 349.599610][ T150] blk_update_request: I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0 [ 349.630080][T15427] XFS (nbd0): SB validate failed with error -5. [ 349.675985][ T13] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 349.712745][ T13] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 349.792866][ T13] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 349.834391][ T13] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 349.850796][ T13] keyspan 2-1:0.107: device disconnected [ 349.972308][T13980] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 350.369587][T15462] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 350.423766][T15464] loop2: detected capacity change from 0 to 256 [ 350.512689][T15464] FAT-fs (loop2): Directory bread(block 64) failed [ 350.539617][T15464] FAT-fs (loop2): Directory bread(block 65) failed [ 350.550859][T15459] loop1: detected capacity change from 0 to 8192 [ 350.561834][T15464] FAT-fs (loop2): Directory bread(block 66) failed [ 350.576667][T15464] FAT-fs (loop2): Directory bread(block 67) failed [ 350.577687][T15459] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 350.583430][T15464] FAT-fs (loop2): Directory bread(block 68) failed [ 350.605484][T13980] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 350.614646][T13980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 350.626789][T13980] usb 4-1: Product: syz [ 350.631015][T13980] usb 4-1: Manufacturer: syz [ 350.635850][T13980] usb 4-1: SerialNumber: syz [ 350.644667][T15459] REISERFS (device loop1): using ordered data mode [ 350.651967][T15459] reiserfs: using flush barriers [ 350.656727][T15464] FAT-fs (loop2): Directory bread(block 69) failed [ 350.661281][T15459] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 350.681351][T15459] REISERFS (device loop1): checking transaction log (loop1) [ 350.696408][T13980] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 350.705408][T15464] FAT-fs (loop2): Directory bread(block 70) failed [ 350.712363][T15464] FAT-fs (loop2): Directory bread(block 71) failed [ 350.725538][T15464] FAT-fs (loop2): Directory bread(block 72) failed [ 350.743924][T15448] loop4: detected capacity change from 0 to 32768 [ 350.767039][T15464] FAT-fs (loop2): Directory bread(block 73) failed [ 350.832937][T15448] (syz.4.5232,15448,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 350.883400][T15459] REISERFS (device loop1): Using tea hash to sort names [ 350.901275][T15459] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 350.912841][T15448] (syz.4.5232,15448,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 350.995305][T15448] JBD2: Ignoring recovery information on journal [ 351.061250][T15467] [U]  [ 351.103147][T15448] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 351.159656][ C0] vkms_vblank_simulate: vblank timer overrun [ 351.374320][T15479] ieee802154 phy1 wpan1: encryption failed: -22 [ 351.432837][T13980] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 351.453744][ T4195] ocfs2: Unmounting device (7,4) on (node local) [ 351.464206][T15482] loop0: detected capacity change from 0 to 1024 [ 351.645341][ C0] usb 4-1: ath9k_htc: invalid pkt_len (b701) [ 351.670584][T15482] EXT4-fs (loop0): mounted filesystem without journal. Opts: nogrpid,nodiscard,user_xattr,,errors=continue. Quota mode: none. [ 351.709547][T15482] EXT4-fs error (device loop0): ext4_get_first_dir_block:3619: inode #11: comm syz.0.5247: directory missing '..' [ 351.783190][T15494] loop2: detected capacity change from 0 to 2048 [ 351.832196][T15494] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 351.859712][ T13] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 351.871476][T13978] usb 4-1: USB disconnect, device number 27 [ 351.895321][T15494] NILFS (loop2): unrecognized mount option "ÿÿ" [ 351.965883][T15494] NILFS (loop2): device size too small [ 352.135413][ T13] usb 2-1: Using ep0 maxpacket: 8 [ 352.271564][ T13] usb 2-1: config 127 has an invalid interface number: 171 but max is 1 [ 352.296396][ T13] usb 2-1: config 127 has no interface number 1 [ 352.302768][ T13] usb 2-1: config 127 interface 0 altsetting 10 endpoint 0x1 has invalid wMaxPacketSize 0 [ 352.341734][ T13] usb 2-1: config 127 interface 171 has no altsetting 0 [ 352.358898][T15516] tmpfs: Bad value for 'mpol' [ 352.368512][ T13] usb 2-1: config 127 interface 0 has no altsetting 0 [ 352.537630][T13980] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 352.544741][T13980] ath9k_htc: Failed to initialize the device [ 352.575757][T13978] usb 4-1: ath9k_htc: USB layer deinitialized [ 352.585781][ T13] usb 2-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 352.599022][ T13] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 352.624700][ T13] usb 2-1: Product: syz [ 352.631494][ T13] usb 2-1: Manufacturer: syz [ 352.636503][ T13] usb 2-1: SerialNumber: syz [ 352.845524][T13981] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 352.977010][ T13] xr_serial 2-1:127.171: xr_serial converter detected [ 353.015491][ T13] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 353.021973][ T13] xr_serial: probe of ttyUSB0 failed with error -71 [ 353.090296][ T13] usb 2-1: USB disconnect, device number 24 [ 353.124618][ T13] xr_serial 2-1:127.171: device disconnected [ 353.225698][T13981] usb 1-1: config 1 has an invalid interface number: 7 but max is 0 [ 353.244364][T13981] usb 1-1: config 1 has no interface number 0 [ 353.264495][T13981] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0xB has invalid maxpacket 64 [ 353.285916][T13981] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x8 has invalid maxpacket 1088, setting to 1024 [ 353.307577][T13981] usb 1-1: config 1 interface 7 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024 [ 353.366054][T13981] usb 1-1: config 1 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 252, changing to 11 [ 353.481446][T15565] netlink: 7 bytes leftover after parsing attributes in process `syz.4.5287'. [ 353.522214][T15565] netlink: 76 bytes leftover after parsing attributes in process `syz.4.5287'. [ 353.575737][T13981] usb 1-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 353.618583][T13981] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.635396][T13981] usb 1-1: Product: syz [ 353.645519][T13981] usb 1-1: Manufacturer: syz [ 353.656028][T13981] usb 1-1: SerialNumber: syz [ 353.715859][T15527] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 353.735165][T15527] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 353.796703][T15579] loop2: detected capacity change from 0 to 64 [ 353.804101][T13981] usb 1-1: Error in usbnet_get_endpoints (-22) [ 353.828228][T15578] loop1: detected capacity change from 0 to 1024 [ 353.846015][T15549] loop3: detected capacity change from 0 to 32768 [ 353.897420][T15578] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 353.908739][T15549] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.5279 (15549) [ 353.924946][T15578] JBD2: no valid journal superblock found [ 353.945358][T15578] EXT4-fs (loop1): error loading journal [ 354.005688][ T4638] usb 1-1: USB disconnect, device number 24 [ 354.047625][T15549] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 354.112775][T15549] BTRFS info (device loop3): force zlib compression, level 3 [ 354.179715][T15549] BTRFS info (device loop3): force clearing of disk cache [ 354.215366][T15549] BTRFS info (device loop3): setting nodatasum [ 354.227834][T15549] BTRFS info (device loop3): use zlib compression, level 3 [ 354.235967][T15549] BTRFS info (device loop3): allowing degraded mounts [ 354.243366][T15549] BTRFS info (device loop3): enabling disk space caching [ 354.289079][T15549] BTRFS info (device loop3): disk space caching is enabled [ 354.320357][T15549] BTRFS info (device loop3): has skinny extents [ 354.328132][T15590] netlink: 'syz.4.5299': attribute type 1 has an invalid length. [ 354.425358][ T4228] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 354.618281][T15549] BTRFS info (device loop3): enabling ssd optimizations [ 354.637189][T15549] BTRFS info (device loop3): clearing free space tree [ 354.678486][T15549] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 354.723882][T15549] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 354.761049][T13981] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 354.825657][ T4228] usb 3-1: unable to get BOS descriptor or descriptor too short [ 354.869430][T15549] BTRFS info (device loop3): balance: start -sprofiles=data|raid0,devid=0,drange=9223372036854776315..7,vrange=11..8,limit=7..0 [ 354.914111][T15549] BTRFS info (device loop3): balance: ended with status: 0 [ 354.935595][ T4228] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 354.946576][ T4228] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 355.041213][T13981] usb 5-1: Using ep0 maxpacket: 8 [ 355.135876][ T4228] usb 3-1: New USB device found, idVendor=041e, idProduct=3263, bcdDevice= 0.40 [ 355.159438][ T4228] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.179700][ T4228] usb 3-1: Product: syz [ 355.184035][ T4228] usb 3-1: Manufacturer: syz [ 355.208473][ T4228] usb 3-1: SerialNumber: syz [ 355.245626][T13981] usb 5-1: unable to get BOS descriptor or descriptor too short [ 355.470001][T15646] loop0: detected capacity change from 0 to 4096 [ 355.585543][T13981] usb 5-1: New USB device found, idVendor=0d8c, idProduct=0103, bcdDevice= 0.40 [ 355.620007][T13981] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.649850][ T4228] snd-usb-audio: probe of 3-1:1.0 failed with error -22 [ 355.675865][ T4228] usb 3-1: USB disconnect, device number 21 [ 355.691569][T13981] usb 5-1: Product: syz [ 355.701114][T13981] usb 5-1: Manufacturer: syz [ 355.716938][T13981] usb 5-1: SerialNumber: syz [ 355.782987][T15646] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 355.938692][ T9961] udevd[9961]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 355.970963][ T4188] ntfs3: loop0: ntfs_sync_fs r=9 failed, -22. [ 355.990949][ T4188] ntfs3: loop0: ntfs_evict_inode r=9 failed, -22. [ 356.097908][T15662] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 356.168046][T13981] usb 5-1: MIDIStreaming interface descriptor not found [ 356.246053][T13981] usb 5-1: USB disconnect, device number 21 [ 356.439862][T15681] loop0: detected capacity change from 0 to 256 [ 356.516052][T15681] exfat: Deprecated parameter 'namecase' [ 356.578599][ T4179] udevd[4179]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 356.627623][T15681] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 356.981268][T15717] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (8) [ 357.157495][T15728] loop3: detected capacity change from 0 to 128 [ 357.201492][T15728] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 357.322726][ T4194] sysv_free_block: flc_count > flc_size [ 357.351526][ T4194] sysv_free_block: flc_count > flc_size [ 357.371056][ T4194] sysv_free_block: flc_count > flc_size [ 357.375874][ T4228] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 357.395388][ T4194] sysv_free_block: flc_count > flc_size [ 357.401701][ T4194] sysv_free_block: flc_count > flc_size [ 357.413703][ T4194] sysv_free_block: flc_count > flc_size [ 357.426773][ T4194] sysv_free_block: flc_count > flc_size [ 357.432602][ T4194] sysv_free_block: flc_count > flc_size [ 357.444321][ T4194] sysv_free_block: flc_count > flc_size [ 357.450626][ T4194] sysv_free_block: flc_count > flc_size [ 357.464920][ T4194] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 357.625296][ T4228] usb 5-1: Using ep0 maxpacket: 16 [ 357.698213][T15762] loop0: detected capacity change from 0 to 512 [ 357.740927][T15762] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 357.748804][ T4228] usb 5-1: config 0 has an invalid interface number: 133 but max is 0 [ 357.769049][ T4228] usb 5-1: config 0 has no interface number 0 [ 357.779229][T15762] EXT4-fs (loop0): Ignoring removed nobh option [ 357.789351][ T4228] usb 5-1: config 0 interface 133 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 357.802398][T15762] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 357.814689][T15769] netlink: 28 bytes leftover after parsing attributes in process `syz.1.5374'. [ 357.825317][T15762] EXT4-fs (loop0): can't mount with both data=journal and delalloc [ 357.839189][T15768] netlink: 'syz.3.5376': attribute type 1 has an invalid length. [ 357.877688][T15768] netlink: 224 bytes leftover after parsing attributes in process `syz.3.5376'. [ 358.005722][ T4228] usb 5-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 358.041475][ T4228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.067797][ T4228] usb 5-1: Product: syz [ 358.094195][T15780] loop0: detected capacity change from 0 to 1024 [ 358.095498][ T4228] usb 5-1: Manufacturer: syz [ 358.126129][ T4228] usb 5-1: SerialNumber: syz [ 358.147481][ T4228] usb 5-1: config 0 descriptor?? [ 358.194474][T15787] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5384'. [ 358.211060][T15787] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5384'. [ 358.321317][ T144] hfsplus: b-tree write err: -5, ino 25 [ 358.334760][ T144] hfsplus: b-tree write err: -5, ino 4 [ 358.345981][ T144] hfsplus: b-tree write err: -5, ino 2 [ 358.374959][T15795] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5389'. [ 358.426750][ T4228] keyspan 5-1:0.133: Keyspan 1 port adapter converter detected [ 358.461202][ T4228] keyspan 5-1:0.133: unsupported endpoint type 0 [ 358.486206][ T4228] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 81 [ 358.515741][ T4228] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 1 [ 358.540396][ T4228] keyspan 5-1:0.133: found no endpoint descriptor for endpoint 2 [ 358.573697][ T4228] usb 5-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 358.625633][ T4228] usb 5-1: USB disconnect, device number 22 [ 358.657325][ T4228] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 358.716050][ T4228] keyspan 5-1:0.133: device disconnected [ 358.903511][T15825] xt_addrtype: both incoming and outgoing interface limitation cannot be selected [ 359.065258][T15837] netlink: 'syz.1.5409': attribute type 1 has an invalid length. [ 359.240729][T15845] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5414'. [ 359.446354][T15855] loop3: detected capacity change from 0 to 512 [ 359.532814][T15863] netlink: 'syz.0.5423': attribute type 1 has an invalid length. [ 359.548885][T15863] netlink: 200 bytes leftover after parsing attributes in process `syz.0.5423'. [ 359.673532][T15855] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 359.714861][T15855] ext4 filesystem being mounted at /1031/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 359.746666][T15876] sctp: [Deprecated]: syz.4.5429 (pid 15876) Use of int in maxseg socket option. [ 359.746666][T15876] Use struct sctp_assoc_value instead [ 359.904818][T15882] netlink: 32 bytes leftover after parsing attributes in process `syz.4.5430'. [ 359.929201][T15882] batman_adv: Cannot find parent device [ 359.967599][ T4228] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 360.225366][ T4228] usb 2-1: Using ep0 maxpacket: 16 [ 360.249477][T15902] netlink: 'syz.2.5440': attribute type 1 has an invalid length. [ 360.267847][T15902] netlink: 224 bytes leftover after parsing attributes in process `syz.2.5440'. [ 360.345641][ T4228] usb 2-1: config index 0 descriptor too short (expected 51443, got 18) [ 360.505680][ T4228] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 360.515006][ T4228] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 360.565785][ T4228] usb 2-1: Product: syz [ 360.570032][ T4228] usb 2-1: Manufacturer: syz [ 360.574750][ T4228] usb 2-1: SerialNumber: syz [ 360.632882][ T4228] r8152-cfgselector 2-1: config 0 descriptor?? [ 361.145414][ T4228] r8152-cfgselector 2-1: Unknown version 0x0000 [ 361.152180][ T4228] r8152-cfgselector 2-1: bad CDC descriptors [ 361.271721][ T4228] r8152-cfgselector 2-1: Unknown version 0x0000 [ 361.306805][ T4228] r8152-cfgselector 2-1: USB disconnect, device number 25 [ 361.341734][T15944] loop4: detected capacity change from 0 to 64 [ 361.461401][T15944] attempt to access beyond end of device [ 361.461401][T15944] loop4: rw=0, want=130064, limit=64 [ 361.521836][T15944] Buffer I/O error on dev loop4, logical block 65031, async page read [ 361.592170][T15944] Trying to free block not in datazone [ 361.617827][T15953] loop2: detected capacity change from 0 to 512 [ 361.646794][T15944] Trying to free block not in datazone [ 361.652339][T15944] Trying to free block not in datazone [ 361.688685][T15953] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,noload,data_err=ignore,debug_want_extra_isize=0x0000000000000010,,errors=continue. Quota mode: none. [ 361.725407][T15944] Trying to free block not in datazone [ 361.803255][T15944] Trying to free block not in datazone [ 362.600435][T16003] xt_l2tp: v2 doesn't support IP mode [ 362.759953][T16019] ieee802154 phy1 wpan1: encryption failed: -90 [ 363.030141][ T13] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 363.243621][T16050] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.5511'. [ 363.285280][ T4228] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 363.335486][ T4635] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 363.466794][ T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 363.466832][ T13] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 363.466861][ T13] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 363.466887][ T13] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 363.533751][ T4228] usb 5-1: Using ep0 maxpacket: 32 [ 363.589670][ T4635] usb 2-1: Using ep0 maxpacket: 8 [ 363.605044][T16060] UBIFS error (pid: 16060): cannot open "(null)", error -22 [ 363.625835][ T4647] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 363.645566][ T4228] usb 5-1: config 7 has an invalid interface number: 8 but max is 0 [ 363.645733][ T13] usb 4-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16 [ 363.653618][ T4228] usb 5-1: config 7 has no interface number 0 [ 363.653656][ T4228] usb 5-1: config 7 interface 8 has no altsetting 0 [ 363.685125][ T13] usb 4-1: New USB device strings: Mfr=28, Product=2, SerialNumber=3 [ 363.695076][ T13] usb 4-1: Product: syz [ 363.705841][ T13] usb 4-1: Manufacturer: syz [ 363.710724][ T13] usb 4-1: SerialNumber: syz [ 363.725123][ T13] usb 4-1: config 0 descriptor?? [ 363.745707][ T4635] usb 2-1: unable to get BOS descriptor or descriptor too short [ 363.767922][T16064] loop2: detected capacity change from 0 to 512 [ 363.787108][ T13] kvaser_usb 4-1:0.0: CMD_MAP_CHANNEL_REQ failed for CAN0 [ 363.798688][T16064] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 363.798698][ T13] kvaser_usb 4-1:0.0: Failed to initialize card, error -90 [ 363.808762][ T13] kvaser_usb: probe of 4-1:0.0 failed with error -90 [ 363.817379][ T4228] usb 5-1: New USB device found, idVendor=048d, idProduct=9006, bcdDevice=36.6e [ 363.832892][ T4228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 363.841920][ T4228] usb 5-1: Product: syz [ 363.846861][ T4635] usb 2-1: config 86 has an invalid interface number: 246 but max is 0 [ 363.858398][ T4228] usb 5-1: Manufacturer: syz [ 363.863680][ T4635] usb 2-1: config 86 has no interface number 0 [ 363.877228][T16064] EXT4-fs (loop2): orphan cleanup on readonly fs [ 363.884525][T16064] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:510: comm syz.2.5517: Block bitmap for bg 0 marked uninitialized [ 363.901503][ T4228] usb 5-1: SerialNumber: syz [ 363.917940][ T4635] usb 2-1: config 86 interface 246 altsetting 128 bulk endpoint 0x88 has invalid maxpacket 1023 [ 363.929463][ T4647] usb 1-1: Using ep0 maxpacket: 32 [ 363.937833][ T4635] usb 2-1: config 86 interface 246 altsetting 128 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 363.950250][ T4635] usb 2-1: config 86 interface 246 has no altsetting 0 [ 363.961640][T16064] EXT4-fs (loop2): Remounting filesystem read-only [ 363.969265][T16064] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 363.979973][T16064] EXT4-fs (loop2): Remounting filesystem read-only [ 363.992270][ T13] usb 4-1: USB disconnect, device number 28 [ 363.996703][T16064] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:510: comm syz.2.5517: Block bitmap for bg 0 marked uninitialized [ 364.024366][T16064] EXT4-fs (loop2): Remounting filesystem read-only [ 364.032119][T16064] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 364.045874][T16064] EXT4-fs (loop2): Remounting filesystem read-only [ 364.052876][T16064] EXT4-fs error (device loop2): ext4_read_block_bitmap_nowait:510: comm syz.2.5517: Block bitmap for bg 0 marked uninitialized [ 364.068306][T16064] EXT4-fs (loop2): Remounting filesystem read-only [ 364.074919][T16064] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6192: Corrupt filesystem [ 364.085096][T16064] EXT4-fs (loop2): Remounting filesystem read-only [ 364.092647][T16064] EXT4-fs (loop2): 1 orphan inode deleted [ 364.095957][ T4647] usb 1-1: unable to get BOS descriptor or descriptor too short [ 364.098868][T16064] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,nolazytime,. Quota mode: none. [ 364.125517][ T4635] usb 2-1: New USB device found, idVendor=0bfd, idProduct=0012, bcdDevice=12.36 [ 364.141985][ T4635] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.150796][ T4635] usb 2-1: Product: syz [ 364.155104][ T4635] usb 2-1: Manufacturer: syz [ 364.162927][ T4635] usb 2-1: SerialNumber: syz [ 364.186045][T16041] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 364.199117][ T4647] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 25978, setting to 64 [ 364.220880][ T4647] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023 [ 364.281685][ T4228] usb 5-1: USB disconnect, device number 23 [ 364.343835][T16067] device ip6gretap2 entered promiscuous mode [ 364.385751][ T4647] usb 1-1: New USB device found, idVendor=0582, idProduct=0156, bcdDevice= 0.40 [ 364.395575][ T4647] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.403616][ T4647] usb 1-1: Product: syz [ 364.408549][ T4647] usb 1-1: Manufacturer: syz [ 364.413191][ T4647] usb 1-1: SerialNumber: syz [ 364.435696][T16054] raw-gadget.3 gadget: fail, usb_ep_enable returned -22 [ 364.506022][ T4635] kvaser_usb 2-1:86.246: Cannot get usb endpoint(s) [ 364.526813][ T4635] usb 2-1: USB disconnect, device number 26 [ 364.540098][T16071] loop2: detected capacity change from 0 to 4096 [ 364.626481][T16071] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 364.687548][T16076] overlayfs: './file0' not a directory [ 364.798485][T16080] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5524'. [ 364.815718][ T4647] usb 1-1: MIDIStreaming interface descriptor not found [ 364.881586][ T4647] usb 1-1: USB disconnect, device number 25 [ 365.047394][ T9968] udevd[9968]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 365.066065][T16087] netlink: 80 bytes leftover after parsing attributes in process `syz.4.5527'. [ 365.390142][T16113] loop3: detected capacity change from 0 to 64 [ 365.548036][T16113] attempt to access beyond end of device [ 365.548036][T16113] loop3: rw=0, want=130064, limit=64 [ 365.605766][T16113] Buffer I/O error on dev loop3, logical block 65031, async page read [ 365.633882][T16130] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5547'. [ 365.644852][T16128] netlink: 'syz.0.5546': attribute type 1 has an invalid length. [ 365.653191][T16113] Trying to free block not in datazone [ 365.663150][T16113] Trying to free block not in datazone [ 365.668845][T16128] netlink: 105120 bytes leftover after parsing attributes in process `syz.0.5546'. [ 365.681628][T16113] Trying to free block not in datazone [ 365.725052][T16113] Trying to free block not in datazone [ 365.738911][T16113] Trying to free block not in datazone [ 365.775413][T16134] netlink: 16 bytes leftover after parsing attributes in process `syz.2.5550'. [ 365.811835][T16134] openvswitch: netlink: Missing key (keys=40, expected=2000) [ 366.252518][T16162] libceph: resolve '0..' (ret=-3): failed [ 366.279972][T16167] loop1: detected capacity change from 0 to 64 [ 366.418353][T16167] attempt to access beyond end of device [ 366.418353][T16167] loop1: rw=0, want=130064, limit=64 [ 366.481851][T16176] loop0: detected capacity change from 0 to 512 [ 366.485642][T16167] Buffer I/O error on dev loop1, logical block 65031, async page read [ 366.516516][T16167] Trying to free block not in datazone [ 366.541092][T16167] Trying to free block not in datazone [ 366.559504][T16176] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 366.585420][T16167] Trying to free block not in datazone [ 366.591829][T16167] Trying to free block not in datazone [ 366.614983][T16167] Trying to free block not in datazone [ 366.671780][T16176] EXT4-fs (loop0): 1 truncate cleaned up [ 366.677867][T16176] EXT4-fs (loop0): mounted filesystem without journal. Opts: init_itable=0x0000000000000000,jqfmt=vfsold,debug_want_extra_isize=0x0000000000000004,user_xattr,max_dir_size_kb=0x0000000000000005,quota,,errors=continue. Quota mode: writeback. [ 366.706356][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5573'. [ 366.796023][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5573'. [ 366.845496][T16184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5573'. [ 366.912649][T16184] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 367.290392][T16193] loop0: detected capacity change from 0 to 8192 [ 367.339266][T16193] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 367.364143][T16209] trusted_key: encrypted_key: master key parameter is missing [ 367.374293][T16193] REISERFS (device loop0): using ordered data mode [ 367.387866][T16193] reiserfs: using flush barriers [ 367.423866][T16193] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 367.486727][T16193] REISERFS (device loop0): checking transaction log (loop0) [ 367.512237][T16193] REISERFS (device loop0): Using r5 hash to sort names [ 367.542501][T16193] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 367.823079][ T13] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 367.881779][T16228] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 367.899537][T16228] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 367.927375][T16228] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 367.977583][T16232] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5593'. [ 368.106212][T16242] loop4: detected capacity change from 0 to 8 [ 368.305477][ T13] usb 3-1: unable to get BOS descriptor or descriptor too short [ 368.365504][ T13] usb 3-1: not running at top speed; connect to a high speed hub [ 368.383870][T16257] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5601'. [ 368.465678][ T13] usb 3-1: config 9 has an invalid interface number: 124 but max is 0 [ 368.484313][ T13] usb 3-1: config 9 has no interface number 0 [ 368.510213][ T13] usb 3-1: config 9 interface 124 altsetting 195 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 368.552357][ T13] usb 3-1: config 9 interface 124 has no altsetting 0 [ 368.776096][ T13] usb 3-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=42.b4 [ 368.829798][ T13] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.870351][ T13] usb 3-1: Product: syz [ 368.894711][ T13] usb 3-1: Manufacturer: syz [ 368.910968][ T13] usb 3-1: SerialNumber: syz [ 368.934235][T16282] batman_adv: Cannot find parent device [ 368.973870][T16285] netlink: 'syz.4.5617': attribute type 10 has an invalid length. [ 369.047286][T16285] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 369.256942][ T13] usbtest 3-1:9.124: couldn't get endpoints, -22 [ 369.282052][ T13] usbtest: probe of 3-1:9.124 failed with error -22 [ 369.324121][ T13] usb 3-1: USB disconnect, device number 22 [ 369.377344][T16303] loop4: detected capacity change from 0 to 256 [ 369.418354][T16304] overlayfs: missing 'lowerdir' [ 369.478241][T16308] IPv6: sit2: Disabled Multicast RS [ 370.077375][T16319] loop1: detected capacity change from 0 to 4096 [ 370.152846][T16319] ntfs3: loop1: ino=3, Correct links count -> 2. [ 370.205386][T13981] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 370.455585][T13981] usb 4-1: Using ep0 maxpacket: 32 [ 370.465423][T16342] overlayfs: workdir and upperdir must be separate subtrees [ 370.595625][T13981] usb 4-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 370.727451][T16348] __nla_validate_parse: 2 callbacks suppressed [ 370.727475][T16348] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5649'. [ 370.790558][T16325] loop4: detected capacity change from 0 to 32768 [ 370.835643][T13981] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 370.875344][T13981] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.915556][T13981] usb 4-1: Product: syz [ 370.921513][T13981] usb 4-1: Manufacturer: syz [ 370.930839][T13981] usb 4-1: SerialNumber: syz [ 370.967033][T13981] usb 4-1: config 0 descriptor?? [ 371.051866][T13981] usb 4-1: bad CDC descriptors [ 371.059865][T13981] usb 4-1: unsupported MDLM descriptors [ 371.252753][T16365] loop4: detected capacity change from 0 to 256 [ 371.294793][T13981] usb 4-1: USB disconnect, device number 29 [ 371.383232][T16365] FAT-fs (loop4): Directory bread(block 64) failed [ 371.391239][T16365] FAT-fs (loop4): Directory bread(block 65) failed [ 371.410986][T16365] FAT-fs (loop4): Directory bread(block 66) failed [ 371.431239][T16365] FAT-fs (loop4): Directory bread(block 67) failed [ 371.445503][T16365] FAT-fs (loop4): Directory bread(block 68) failed [ 371.465722][T16365] FAT-fs (loop4): Directory bread(block 69) failed [ 371.486082][T16365] FAT-fs (loop4): Directory bread(block 70) failed [ 371.499673][T16365] FAT-fs (loop4): Directory bread(block 71) failed [ 371.528923][T16365] FAT-fs (loop4): Directory bread(block 72) failed [ 371.558557][T16365] FAT-fs (loop4): Directory bread(block 73) failed [ 371.635723][ T13] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 371.901080][T16383] netlink: 'syz.3.5664': attribute type 10 has an invalid length. [ 371.919646][ T13] usb 1-1: Using ep0 maxpacket: 32 [ 371.979693][T16383] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 372.035378][T13981] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 372.075575][ T13] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.103951][ T13] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.281344][ T13] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 372.305669][T13978] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 372.324261][ T13] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 372.339179][ T13] usb 1-1: Product: syz [ 372.343468][ T13] usb 1-1: Manufacturer: syz [ 372.350366][T13981] usb 3-1: Using ep0 maxpacket: 8 [ 372.417404][ T13] hub 1-1:4.0: USB hub found [ 372.496925][T13981] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 372.525241][T13981] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 372.555465][T13981] usb 3-1: config 6 has no interface number 0 [ 372.571925][T13981] usb 3-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 372.635796][ T13] hub 1-1:4.0: 8 ports detected [ 372.655804][ T13] hub 1-1:4.0: insufficient power available to use all downstream ports [ 372.795686][T13981] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 372.819627][T13981] usb 3-1: New USB device strings: Mfr=17, Product=2, SerialNumber=3 [ 372.845417][ T13] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 372.852058][ T13] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 372.875653][T13981] usb 3-1: Product: syz [ 372.879901][T13981] usb 3-1: Manufacturer: syz [ 372.915143][T13981] usb 3-1: SerialNumber: syz [ 372.915685][T13978] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 372.950769][T13978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.960387][ T13] usb 1-1: USB disconnect, device number 26 [ 372.986648][T13981] hso 3-1:6.2: Failed to find INT IN ep [ 373.001980][T13978] usb 2-1: Product: syz [ 373.015274][T13978] usb 2-1: Manufacturer: syz [ 373.030411][T13978] usb 2-1: SerialNumber: syz [ 373.096443][T13978] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 373.189668][T13981] usb 3-1: USB disconnect, device number 23 [ 373.562319][T16428] netlink: 'syz.0.5685': attribute type 2 has an invalid length. [ 373.622892][T16428] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.5685'. [ 373.735564][T13978] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 374.206036][ T4635] usb 2-1: USB disconnect, device number 27 [ 374.294600][T16460] loop0: detected capacity change from 0 to 256 [ 374.585472][ T4647] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 374.785437][T13978] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 374.804331][T13978] ath9k_htc: Failed to initialize the device [ 374.838236][ T4635] usb 2-1: ath9k_htc: USB layer deinitialized [ 374.845405][ T4647] usb 3-1: Using ep0 maxpacket: 32 [ 374.934294][T16485] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5715'. [ 374.965684][ T4647] usb 3-1: config 8 has an invalid interface number: 220 but max is 1 [ 374.995404][ T4647] usb 3-1: config 8 has no interface number 0 [ 375.021600][ T4647] usb 3-1: config 8 interface 220 has no altsetting 0 [ 375.041585][ T4647] usb 3-1: config 8 interface 1 has no altsetting 0 [ 375.251551][ T4647] usb 3-1: New USB device found, idVendor=04e2, idProduct=1401, bcdDevice=34.ae [ 375.271304][ T4647] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.298987][ T4647] usb 3-1: Product: syz [ 375.303623][ T4647] usb 3-1: Manufacturer: syz [ 375.308856][ T4647] usb 3-1: SerialNumber: syz [ 375.483881][T16506] loop0: detected capacity change from 0 to 64 [ 375.646837][ T4647] xr_serial 3-1:8.220: xr_serial converter detected [ 375.690189][ T4647] xr_serial ttyUSB0: Failed to set reg 0x81: -71 [ 375.730989][ T4647] xr_serial: probe of ttyUSB0 failed with error -71 [ 375.793413][ T4647] usb 3-1: USB disconnect, device number 24 [ 375.813725][ T4647] xr_serial 3-1:8.220: device disconnected [ 375.860838][T16522] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5732'. [ 375.893740][T16522] netlink: 64 bytes leftover after parsing attributes in process `syz.3.5732'. [ 376.665375][T13981] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 376.675582][ T4635] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 376.725426][T16566] loop0: detected capacity change from 0 to 128 [ 376.743654][T16567] device vti0 entered promiscuous mode [ 376.838330][T16566] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 376.890891][T16566] ext4 filesystem being mounted at /1148/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 376.912321][T13981] usb 2-1: Using ep0 maxpacket: 32 [ 377.045976][ T4635] usb 3-1: config 1 has an invalid interface number: 105 but max is 0 [ 377.072204][ T4635] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 377.083036][ T4635] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 1 [ 377.086748][T13981] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.096016][ T4228] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 377.125366][T13981] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.145805][ T4635] usb 3-1: config 1 has no interface number 1 [ 377.152135][ T4635] usb 3-1: config 1 interface 105 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 377.185281][ T4635] usb 3-1: config 1 interface 105 has no altsetting 0 [ 377.290043][T16578] loop0: detected capacity change from 0 to 4096 [ 377.314311][T13981] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 377.343962][T16578] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 377.355546][ T4635] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d [ 377.359477][T13981] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 377.378826][T13981] usb 2-1: Product: syz [ 377.384112][T13981] usb 2-1: Manufacturer: syz [ 377.390656][ T4635] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.415355][ T4228] usb 5-1: Using ep0 maxpacket: 16 [ 377.425682][ T4635] usb 3-1: Product: syz [ 377.429911][ T4635] usb 3-1: Manufacturer: syz [ 377.455817][ T4635] usb 3-1: SerialNumber: syz [ 377.465544][T13981] hub 2-1:4.0: USB hub found [ 377.535682][ T4228] usb 5-1: config 253 has an invalid interface number: 184 but max is 0 [ 377.544217][ T4228] usb 5-1: config 253 has no interface number 0 [ 377.564711][T16578] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 377.571503][ T4228] usb 5-1: config 253 interface 184 has no altsetting 0 [ 377.685412][T13981] hub 2-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 377.730885][ T4635] aqc111: probe of 3-1:1.105 failed with error -22 [ 377.745657][ T4228] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.00 [ 377.754854][ T4228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.801109][ T4228] usb 5-1: Product: syz [ 377.815837][ T4228] usb 5-1: Manufacturer: syz [ 377.820730][ T4228] usb 5-1: SerialNumber: syz [ 377.888185][ T4228] go7007: probe of 5-1:253.184 failed with error -12 [ 377.905838][ T4305] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22. [ 377.913304][ T4188] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 377.936242][T13981] usb 3-1: USB disconnect, device number 25 [ 377.945914][ T4188] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 377.952923][ T4188] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 377.998780][ T4305] ntfs3: loop0: ntfs3_write_inode r=3 failed, -22. [ 378.024767][ T4188] ntfs3: loop0: ntfs_evict_inode r=3 failed, -22. [ 378.045746][ T4228] usb 2-1: USB disconnect, device number 28 [ 378.090381][ T4228] usb 5-1: USB disconnect, device number 24 [ 378.179710][T16597] xt_CT: You must specify a L4 protocol and not use inversions on it [ 378.295563][ T13] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 378.585235][ T13] usb 4-1: Using ep0 maxpacket: 8 [ 378.725756][ T13] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 378.725792][ T13] usb 4-1: config 179 has no interface number 0 [ 378.725828][ T13] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 378.725861][ T13] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 378.725900][ T13] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 378.725930][ T13] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 378.725962][ T13] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 378.726049][ T13] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 378.726077][ T13] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 378.757236][T16595] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 379.079504][T16639] loop2: detected capacity change from 0 to 64 [ 379.111414][ T1423] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.190575][ T4635] usb 4-1: USB disconnect, device number 30 [ 379.205302][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 379.213784][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 379.223618][ C0] ================================================================== [ 379.232785][ C0] BUG: KASAN: use-after-free in do_raw_spin_lock+0x283/0x2f0 [ 379.241170][ C0] Read of size 4 at addr ffff8880239dd05c by task syz.4.5786/16633 [ 379.249823][ C0] [ 379.252316][ C0] CPU: 0 PID: 16633 Comm: syz.4.5786 Not tainted syzkaller #0 [ 379.260011][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 379.270221][ C0] Call Trace: [ 379.273552][ C0] [ 379.276523][ C0] dump_stack_lvl+0x188/0x250 [ 379.281989][ C0] ? show_regs_print_info+0x20/0x20 [ 379.287598][ C0] ? load_image+0x400/0x400 [ 379.292167][ C0] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 379.297720][ C0] print_address_description+0x60/0x2d0 [ 379.303341][ C0] ? do_raw_spin_lock+0x283/0x2f0 [ 379.308689][ C0] kasan_report+0xdf/0x130 [ 379.313178][ C0] ? do_raw_spin_lock+0x283/0x2f0 [ 379.318379][ C0] do_raw_spin_lock+0x283/0x2f0 [ 379.323299][ C0] ? read_lock_is_recursive+0x10/0x10 [ 379.328726][ C0] ? __rwlock_init+0x140/0x140 [ 379.333556][ C0] _raw_spin_lock_irqsave+0xbc/0x100 [ 379.339809][ C0] ? _raw_spin_lock+0x40/0x40 [ 379.344849][ C0] __wake_up+0xf4/0x180 [ 379.349065][ C0] ? remove_wait_queue+0x120/0x120 [ 379.354248][ C0] ? _raw_spin_unlock+0x24/0x40 [ 379.359257][ C0] __usb_hcd_giveback_urb+0x396/0x520 [ 379.367959][ C0] dummy_timer+0x8a8/0x31e0 [ 379.368072][ C0] ? mark_lock+0x94/0x320 [ 379.368134][ C0] ? dummy_free_streams+0x530/0x530 [ 379.368168][ C0] ? dummy_free_streams+0x530/0x530 [ 379.368193][ C0] call_timer_fn+0x17b/0x540 [ 379.368223][ C0] ? dummy_free_streams+0x530/0x530 [ 379.368247][ C0] ? __run_timers+0x800/0x800 [ 379.368281][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 379.368306][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 379.368333][ C0] ? dummy_free_streams+0x530/0x530 [ 379.368358][ C0] __run_timers+0x53e/0x800 [ 379.368396][ C0] ? detach_timer+0x2b0/0x2b0 [ 379.368419][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 379.368453][ C0] ? sched_clock_cpu+0x15/0x3c0 [ 379.368479][ C0] ? ktime_get_real_ts64+0x440/0x440 [ 379.368508][ C0] run_timer_softirq+0x63/0xf0 [ 379.368534][ C0] handle_softirqs+0x339/0x830 [ 379.368564][ C0] ? __irq_exit_rcu+0x13b/0x230 [ 379.368591][ C0] ? do_softirq+0x210/0x210 [ 379.368617][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 379.368645][ C0] __irq_exit_rcu+0x13b/0x230 [ 379.368669][ C0] ? irq_exit_rcu+0x20/0x20 [ 379.368702][ C0] irq_exit_rcu+0x5/0x20 [ 379.368722][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 379.368747][ C0] [ 379.368757][ C0] [ 379.368766][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 379.368805][ C0] RIP: 0010:lock_acquire+0x208/0x400 [ 379.368833][ C0] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3d 04 f8 0f 85 f1 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 43 c7 44 3d 08 00 00 00 00 65 48 8b 04 [ 379.368853][ C0] RSP: 0018:ffffc900041ff6e0 EFLAGS: 00000206 [ 379.368877][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: c08af696e293a800 [ 379.368894][ C0] RDX: 0000000000000000 RSI: ffffffff8a2b3a20 RDI: ffffffff8a79f980 [ 379.368911][ C0] RBP: ffffc900041ff7e8 R08: dffffc0000000000 R09: 1ffffffff203a818 [ 379.368930][ C0] R10: dffffc0000000000 R11: fffffbfff203a819 R12: ffffffff8c31eaa0 [ 379.368948][ C0] R13: 1ffff9200083fee8 R14: 0000000000000246 R15: dffffc0000000000 [ 379.368987][ C0] ? lock_page_memcg+0x1f8/0x440 [ 379.369013][ C0] ? read_lock_is_recursive+0x10/0x10 [ 379.369038][ C0] ? lock_page_memcg+0x24a/0x440 [ 379.369069][ C0] ? mem_cgroup_get_oom_group+0x350/0x350 [ 379.369093][ C0] ? rcu_lock_acquire+0x30/0x30 [ 379.369120][ C0] rcu_lock_acquire+0x20/0x30 [ 379.369141][ C0] ? __page_memcg+0x140/0x140 [ 379.369161][ C0] __mod_lruvec_page_state+0x98/0x330 [ 379.369189][ C0] ? page_remove_rmap+0x69e/0x10f0 [ 379.369215][ C0] page_remove_rmap+0x6b8/0x10f0 [ 379.369244][ C0] unmap_page_range+0xf96/0x2500 [ 379.369301][ C0] unmap_vmas+0x131/0x250 [ 379.369327][ C0] ? unmap_page_range+0x2500/0x2500 [ 379.369347][ C0] ? __mutex_lock_common+0x465/0x2400 [ 379.369376][ C0] ? exit_mm_release+0x16/0x30 [ 379.369410][ C0] exit_mmap+0x3b9/0x640 [ 379.369437][ C0] ? vm_brk+0x20/0x20 [ 379.369476][ C0] ? uprobe_clear_state+0x2f6/0x460 [ 379.369499][ C0] ? mm_update_next_owner+0x522/0x640 [ 379.369526][ C0] __mmput+0x115/0x3b0 [ 379.369552][ C0] exit_mm+0x588/0x6e0 [ 379.369573][ C0] ? xacct_add_tsk+0x4a0/0x4a0 [ 379.369603][ C0] ? do_exit+0x20c0/0x20c0 [ 379.369626][ C0] ? taskstats_exit+0x439/0xab0 [ 379.369655][ C0] ? tty_audit_exit+0x14e/0x1f0 [ 379.369687][ C0] do_exit+0x5a9/0x20c0 [ 379.369711][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 379.369738][ C0] ? put_task_struct+0x80/0x80 [ 379.369760][ C0] ? lock_chain_count+0x20/0x20 [ 379.369789][ C0] ? preempt_schedule_thunk+0x16/0x18 [ 379.369824][ C0] do_group_exit+0x12e/0x300 [ 379.369851][ C0] __x64_sys_exit_group+0x3b/0x40 [ 379.369872][ C0] do_syscall_64+0x4c/0xa0 [ 379.369893][ C0] ? clear_bhb_loop+0x30/0x80 [ 379.369914][ C0] ? clear_bhb_loop+0x30/0x80 [ 379.369938][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 379.369962][ C0] RIP: 0033:0x7f1ee5601799 [ 379.369982][ C0] Code: Unable to access opcode bytes at RIP 0x7f1ee560176f. [ 379.369994][ C0] RSP: 002b:00007ffdcdcfca08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 379.370019][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ee5601799 [ 379.370035][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 379.370050][ C0] RBP: 00007ffdcdcfca6c R08: 0000000000000000 R09: 00000000000927c0 [ 379.370074][ C0] R10: 00007f1ee587b038 R11: 0000000000000246 R12: 000000000000047c [ 379.370090][ C0] R13: 00000000000927c0 R14: 000000000005c7ce R15: 00007ffdcdcfcac0 [ 379.370123][ C0] [ 379.370132][ C0] [ 379.370138][ C0] Allocated by task 13: [ 379.370150][ C0] __kasan_kmalloc+0xb5/0xf0 [ 379.370174][ C0] xpad_probe+0x3f6/0x1b20 [ 379.370196][ C0] usb_probe_interface+0x5c5/0xb20 [ 379.370218][ C0] really_probe+0x284/0xc80 [ 379.370238][ C0] __driver_probe_device+0x18c/0x330 [ 379.370257][ C0] driver_probe_device+0x4f/0x420 [ 379.370276][ C0] __device_attach_driver+0x2b0/0x500 [ 379.370296][ C0] bus_for_each_drv+0x184/0x210 [ 379.370320][ C0] __device_attach+0x2a8/0x480 [ 379.370337][ C0] bus_probe_device+0xbc/0x1e0 [ 379.370359][ C0] device_add+0xa00/0xfb0 [ 379.370379][ C0] usb_set_configuration+0x1991/0x1fd0 [ 379.370399][ C0] usb_generic_driver_probe+0x89/0x150 [ 379.370420][ C0] usb_probe_device+0x139/0x270 [ 379.370439][ C0] really_probe+0x284/0xc80 [ 379.370457][ C0] __driver_probe_device+0x18c/0x330 [ 379.370476][ C0] driver_probe_device+0x4f/0x420 [ 379.370496][ C0] __device_attach_driver+0x2b0/0x500 [ 379.370514][ C0] bus_for_each_drv+0x184/0x210 [ 379.370536][ C0] __device_attach+0x2a8/0x480 [ 379.370554][ C0] bus_probe_device+0xbc/0x1e0 [ 379.370575][ C0] device_add+0xa00/0xfb0 [ 379.370594][ C0] usb_new_device+0xd65/0x1660 [ 379.370616][ C0] hub_event+0x2e4a/0x55e0 [ 379.370636][ C0] process_one_work+0x85f/0x1010 [ 379.370659][ C0] worker_thread+0xaa6/0x1290 [ 379.370679][ C0] kthread+0x436/0x520 [ 379.370698][ C0] ret_from_fork+0x1f/0x30 [ 379.370719][ C0] [ 379.370724][ C0] Freed by task 4635: [ 379.370734][ C0] kasan_set_track+0x4b/0x70 [ 379.370754][ C0] kasan_set_free_info+0x1f/0x40 [ 379.370777][ C0] ____kasan_slab_free+0xd5/0x110 [ 379.370797][ C0] slab_free_freelist_hook+0xea/0x170 [ 379.370818][ C0] kfree+0xef/0x2a0 [ 379.370835][ C0] xpad_disconnect+0x34c/0x470 [ 379.370856][ C0] usb_unbind_interface+0x1ee/0x860 [ 379.370875][ C0] device_release_driver_internal+0x4b4/0x750 [ 379.370895][ C0] bus_remove_device+0x2e2/0x400 [ 379.370916][ C0] device_del+0x6af/0xaf0 [ 379.370936][ C0] usb_disable_device+0x3e2/0x890 [ 379.370955][ C0] usb_disconnect+0x348/0x8a0 [ 379.370974][ C0] hub_event+0x1ecb/0x55e0 [ 379.370994][ C0] process_one_work+0x85f/0x1010 [ 379.371015][ C0] worker_thread+0xaa6/0x1290 [ 379.371034][ C0] kthread+0x436/0x520 [ 379.371052][ C0] ret_from_fork+0x1f/0x30 [ 379.371077][ C0] [ 379.371082][ C0] The buggy address belongs to the object at ffff8880239dd000 [ 379.371082][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 379.371101][ C0] The buggy address is located 92 bytes inside of [ 379.371101][ C0] 1024-byte region [ffff8880239dd000, ffff8880239dd400) [ 379.371125][ C0] The buggy address belongs to the page: [ 379.371143][ C0] page:ffffea00008e7600 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x239d8 [ 379.371167][ C0] head:ffffea00008e7600 order:3 compound_mapcount:0 compound_pincount:0 [ 379.371186][ C0] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 379.371226][ C0] raw: 00fff00000010200 dead000000000100 dead000000000122 ffff888016c41dc0 [ 379.371246][ C0] raw: 0000000000000000 0000000000100010 00000001ffffffff 0000000000000000 [ 379.371257][ C0] page dumped because: kasan: bad access detected [ 379.371273][ C0] page_owner tracks the page as allocated [ 379.371281][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 9, ts 73614953584, free_ts 73589407631 [ 379.371316][ C0] get_page_from_freelist+0x1bbd/0x1ca0 [ 379.371340][ C0] __alloc_pages+0x1ee/0x480 [ 379.371361][ C0] new_slab+0xc0/0x4b0 [ 379.371380][ C0] ___slab_alloc+0x80a/0xdd0 [ 379.371398][ C0] __kmalloc_node_track_caller+0x1fc/0x3a0 [ 379.371419][ C0] __alloc_skb+0x22c/0x750 [ 379.371441][ C0] inet6_rt_notify+0xdd/0x290 [ 379.371460][ C0] fib6_add+0x1d4d/0x3d40 [ 379.371481][ C0] ip6_route_add+0x86/0x130 [ 379.371504][ C0] addrconf_add_dev+0x295/0x3c0 [ 379.371523][ C0] addrconf_init_auto_addrs+0x6a0/0xb00 [ 379.371545][ C0] addrconf_notify+0xa6b/0xf00 [ 379.371564][ C0] raw_notifier_call_chain+0xcb/0x160 [ 379.371585][ C0] netdev_state_change+0xe0/0x160 [ 379.371609][ C0] linkwatch_do_dev+0x10d/0x160 [ 379.371628][ C0] __linkwatch_run_queue+0x4b1/0x7c0 [ 379.371648][ C0] page last free stack trace: [ 379.371655][ C0] free_unref_page_prepare+0x637/0x6c0 [ 379.371678][ C0] free_unref_page+0x8f/0x2a0 [ 379.371698][ C0] __unfreeze_partials+0x1a5/0x200 [ 379.371718][ C0] put_cpu_partial+0x12d/0x190 [ 379.371737][ C0] qlist_free_all+0x35/0x90 [ 379.371755][ C0] kasan_quarantine_reduce+0x150/0x160 [ 379.371773][ C0] __kasan_slab_alloc+0x2f/0xd0 [ 379.371794][ C0] slab_post_alloc_hook+0x4c/0x380 [ 379.371814][ C0] kmem_cache_alloc_trace+0x103/0x2a0 [ 379.371833][ C0] nsim_fib_event_work+0x88d/0x33e0 [ 379.371857][ C0] process_one_work+0x85f/0x1010 [ 379.371877][ C0] worker_thread+0xd60/0x1290 [ 379.371898][ C0] kthread+0x436/0x520 [ 379.371915][ C0] ret_from_fork+0x1f/0x30 [ 379.371936][ C0] [ 379.371941][ C0] Memory state around the buggy address: [ 379.371953][ C0] ffff8880239dcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 379.371968][ C0] ffff8880239dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 379.371983][ C0] >ffff8880239dd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 379.371995][ C0] ^ [ 379.372008][ C0] ffff8880239dd080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 379.372023][ C0] ffff8880239dd100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 379.372035][ C0] ================================================================== [ 379.372044][ C0] Disabling lock debugging due to kernel taint [ 379.372066][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 379.372078][ C0] CPU: 0 PID: 16633 Comm: syz.4.5786 Tainted: G B syzkaller #0 [ 379.372101][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 379.372113][ C0] Call Trace: [ 379.372121][ C0] [ 379.372128][ C0] dump_stack_lvl+0x188/0x250 [ 379.372152][ C0] ? show_regs_print_info+0x20/0x20 [ 379.372176][ C0] ? load_image+0x400/0x400 [ 379.372201][ C0] panic+0x2e5/0x810 [ 379.372226][ C0] ? bpf_jit_dump+0xd0/0xd0 [ 379.372249][ C0] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 379.372270][ C0] ? _raw_spin_unlock+0x40/0x40 [ 379.372290][ C0] ? do_raw_spin_lock+0x283/0x2f0 [ 379.372311][ C0] check_panic_on_warn+0x80/0xa0 [ 379.372335][ C0] ? do_raw_spin_lock+0x283/0x2f0 [ 379.372355][ C0] end_report+0x6d/0xf0 [ 379.372376][ C0] kasan_report+0x102/0x130 [ 379.372398][ C0] ? do_raw_spin_lock+0x283/0x2f0 [ 379.372420][ C0] do_raw_spin_lock+0x283/0x2f0 [ 379.372441][ C0] ? read_lock_is_recursive+0x10/0x10 [ 379.372464][ C0] ? __rwlock_init+0x140/0x140 [ 379.372488][ C0] _raw_spin_lock_irqsave+0xbc/0x100 [ 379.372508][ C0] ? _raw_spin_lock+0x40/0x40 [ 379.372531][ C0] __wake_up+0xf4/0x180 [ 379.372556][ C0] ? remove_wait_queue+0x120/0x120 [ 379.372580][ C0] ? _raw_spin_unlock+0x24/0x40 [ 379.372603][ C0] __usb_hcd_giveback_urb+0x396/0x520 [ 379.372629][ C0] dummy_timer+0x8a8/0x31e0 [ 379.372654][ C0] ? mark_lock+0x94/0x320 [ 379.372688][ C0] ? dummy_free_streams+0x530/0x530 [ 379.372711][ C0] ? dummy_free_streams+0x530/0x530 [ 379.372731][ C0] call_timer_fn+0x17b/0x540 [ 379.372753][ C0] ? dummy_free_streams+0x530/0x530 [ 379.372773][ C0] ? __run_timers+0x800/0x800 [ 379.372798][ C0] ? _raw_spin_unlock_irq+0x1f/0x40 [ 379.372818][ C0] ? lockdep_hardirqs_on+0x94/0x140 [ 379.372838][ C0] ? dummy_free_streams+0x530/0x530 [ 379.372859][ C0] __run_timers+0x53e/0x800 [ 379.372886][ C0] ? detach_timer+0x2b0/0x2b0 [ 379.372906][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 379.372932][ C0] ? sched_clock_cpu+0x15/0x3c0 [ 379.372953][ C0] ? ktime_get_real_ts64+0x440/0x440 [ 379.372976][ C0] run_timer_softirq+0x63/0xf0 [ 379.372998][ C0] handle_softirqs+0x339/0x830 [ 379.373020][ C0] ? __irq_exit_rcu+0x13b/0x230 [ 379.373043][ C0] ? do_softirq+0x210/0x210 [ 379.373070][ C0] ? irqtime_account_irq+0xb2/0x1b0 [ 379.373094][ C0] __irq_exit_rcu+0x13b/0x230 [ 379.373114][ C0] ? irq_exit_rcu+0x20/0x20 [ 379.373138][ C0] irq_exit_rcu+0x5/0x20 [ 379.373156][ C0] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 379.373178][ C0] [ 379.373186][ C0] [ 379.373193][ C0] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 379.373215][ C0] RIP: 0010:lock_acquire+0x208/0x400 [ 379.373239][ C0] Code: f7 84 24 80 00 00 00 00 02 00 00 43 c6 44 3d 04 f8 0f 85 f1 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 48 c7 44 24 60 0e 36 e0 45 <4b> c7 44 3d 00 00 00 00 00 43 c7 44 3d 08 00 00 00 00 65 48 8b 04 [ 379.373257][ C0] RSP: 0018:ffffc900041ff6e0 EFLAGS: 00000206 [ 379.373276][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: c08af696e293a800 [ 379.373290][ C0] RDX: 0000000000000000 RSI: ffffffff8a2b3a20 RDI: ffffffff8a79f980 [ 379.373306][ C0] RBP: ffffc900041ff7e8 R08: dffffc0000000000 R09: 1ffffffff203a818 [ 379.373322][ C0] R10: dffffc0000000000 R11: fffffbfff203a819 R12: ffffffff8c31eaa0 [ 379.373339][ C0] R13: 1ffff9200083fee8 R14: 0000000000000246 R15: dffffc0000000000 [ 379.373363][ C0] ? lock_page_memcg+0x1f8/0x440 [ 379.373383][ C0] ? read_lock_is_recursive+0x10/0x10 [ 379.373405][ C0] ? lock_page_memcg+0x24a/0x440 [ 379.373425][ C0] ? mem_cgroup_get_oom_group+0x350/0x350 [ 379.373446][ C0] ? rcu_lock_acquire+0x30/0x30 [ 379.373467][ C0] rcu_lock_acquire+0x20/0x30 [ 379.373486][ C0] ? __page_memcg+0x140/0x140 [ 379.373504][ C0] __mod_lruvec_page_state+0x98/0x330 [ 379.373527][ C0] ? page_remove_rmap+0x69e/0x10f0 [ 379.373548][ C0] page_remove_rmap+0x6b8/0x10f0 [ 379.373570][ C0] unmap_page_range+0xf96/0x2500 [ 379.373603][ C0] unmap_vmas+0x131/0x250 [ 379.373623][ C0] ? unmap_page_range+0x2500/0x2500 [ 379.373642][ C0] ? __mutex_lock_common+0x465/0x2400 [ 379.373666][ C0] ? exit_mm_release+0x16/0x30 [ 379.373690][ C0] exit_mmap+0x3b9/0x640 [ 379.373712][ C0] ? vm_brk+0x20/0x20 [ 379.373739][ C0] ? uprobe_clear_state+0x2f6/0x460 [ 379.373760][ C0] ? mm_update_next_owner+0x522/0x640 [ 379.373780][ C0] __mmput+0x115/0x3b0 [ 379.373801][ C0] exit_mm+0x588/0x6e0 [ 379.373819][ C0] ? xacct_add_tsk+0x4a0/0x4a0 [ 379.373843][ C0] ? do_exit+0x20c0/0x20c0 [ 379.373862][ C0] ? taskstats_exit+0x439/0xab0 [ 379.373885][ C0] ? tty_audit_exit+0x14e/0x1f0 [ 379.373909][ C0] do_exit+0x5a9/0x20c0 [ 379.373929][ C0] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 379.373952][ C0] ? put_task_struct+0x80/0x80 [ 379.373971][ C0] ? lock_chain_count+0x20/0x20 [ 379.373995][ C0] ? preempt_schedule_thunk+0x16/0x18 [ 379.374021][ C0] do_group_exit+0x12e/0x300 [ 379.374041][ C0] __x64_sys_exit_group+0x3b/0x40 [ 379.374066][ C0] do_syscall_64+0x4c/0xa0 [ 379.374086][ C0] ? clear_bhb_loop+0x30/0x80 [ 379.374105][ C0] ? clear_bhb_loop+0x30/0x80 [ 379.374125][ C0] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 379.374147][ C0] RIP: 0033:0x7f1ee5601799 [ 379.374162][ C0] Code: Unable to access opcode bytes at RIP 0x7f1ee560176f. [ 379.374173][ C0] RSP: 002b:00007ffdcdcfca08 EFLAGS: 00000246 ORIG_RAX: 00000000000000e7 [ 379.374194][ C0] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f1ee5601799 [ 379.374209][ C0] RDX: 0000000000000064 RSI: 0000000000000000 RDI: 0000000000000000 [ 379.374223][ C0] RBP: 00007ffdcdcfca6c R08: 0000000000000000 R09: 00000000000927c0 [ 379.374238][ C0] R10: 00007f1ee587b038 R11: 0000000000000246 R12: 000000000000047c [ 379.374253][ C0] R13: 00000000000927c0 R14: 000000000005c7ce R15: 00007ffdcdcfcac0 [ 379.374275][ C0] [ 379.374531][ C0] Kernel Offset: disabled [ 381.014138][ C0] Rebooting in 86400 seconds..