last executing test programs: 12.769351956s ago: executing program 1 (id=812): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)=@newqdisc={0x8c, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, r6, {0x4}, {0xffff}, {0x2, 0xd}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x4, [0xc, 0x9, 0x0, 0x6, 0x14, 0x2, 0x6, 0x2, 0x8, 0x2, 0x0, 0x5, 0x9, 0x1, 0x10], 0x3, [0xc, 0x101, 0x7fff, 0x2002, 0x1, 0x44, 0x6, 0xd03, 0x7, 0x2, 0xb, 0x3, 0x5, 0x6, 0xd, 0x100], [0xfff1, 0x0, 0xffff, 0xfff5, 0x4, 0x8, 0x7, 0x2a, 0x401, 0x2, 0xc, 0x40, 0xfffc, 0x3, 0x4]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x810}, 0x0) 9.332684911s ago: executing program 1 (id=821): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x8, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x629, 0x7, 0x3, 0x8, 0x8000, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0x10002, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x7, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0xe, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x4e2, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x7c9d, 0x9, 0x8, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0xe59b, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0x1000]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 8.22255878s ago: executing program 0 (id=826): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x4d, 0xfffffffb, 0x7fffffff}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000003480)=@newqdisc={0x434, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdf8, {0x0, 0x0, 0x0, r3, {0x10}, {}, {0xa, 0x3}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x408, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x0, 0xc0e, 0x1, 0x529, 0x8, 0x3, 0x4be0, 0x8, 0x401, 0x9, 0x100, 0x1966, 0x2bb, 0xda1d, 0x2b6d, 0x8, 0x0, 0x7, 0x7ff, 0x6, 0x9, 0xec8, 0x3, 0x3c, 0x392f, 0x7, 0x1, 0x7, 0x4, 0x7, 0x10000, 0x5, 0x3, 0x400, 0xfffffff5, 0xfd, 0x1ce0, 0x7fff, 0x5, 0xf56, 0x8, 0xec, 0x0, 0xd925, 0x8, 0x5, 0x1ff, 0xe, 0x3, 0x0, 0x5, 0x10001, 0x0, 0x4, 0x5, 0x2, 0x5, 0x2c449a71, 0x3ff, 0x0, 0x1ff, 0x7, 0x2c8c, 0x1000, 0x8, 0x5, 0x0, 0xc42, 0x0, 0xb, 0x0, 0x0, 0xe252, 0x4, 0x8, 0x1, 0x0, 0x4, 0x7, 0x1, 0xc, 0x5, 0x9, 0x6, 0x0, 0x5, 0x8, 0x8, 0x0, 0xb9ab, 0xf015, 0x3, 0xe, 0x6, 0xc, 0x4, 0x63, 0x7ff, 0xa47, 0x200, 0x1, 0x401, 0x7, 0x400, 0x0, 0x3, 0x800, 0xde, 0x6, 0xed, 0x3, 0x1ff, 0x8, 0xa1, 0x80000000, 0xb, 0xf, 0x7fff, 0x8, 0x9, 0x8000, 0x2, 0x6, 0xe, 0x4f, 0x6, 0xa, 0x0, 0x1, 0x6, 0x88, 0x2d0, 0x8, 0x86b5, 0x5, 0x10000, 0x6, 0xffffff01, 0x67, 0x6, 0x9, 0x533, 0x22, 0xb, 0x4, 0x8, 0xfffffffd, 0x2, 0xffffffff, 0x9, 0x2, 0x3, 0x7, 0x200, 0x101, 0x3, 0x5, 0x7, 0x8, 0xffffffd9, 0x1, 0x4, 0x73, 0x63c, 0x40a615ce, 0x6, 0x0, 0xba, 0x715, 0x32f, 0xfffffff9, 0x66c5b28c, 0x8, 0x0, 0x1, 0x0, 0x0, 0x9, 0x0, 0x1, 0x4, 0x2, 0xffffffff, 0x9, 0x9, 0xfffffff8, 0x3, 0x4, 0xff, 0x8251, 0x1, 0x80000001, 0x80000000, 0x5f, 0x391e9c0c, 0x1, 0x4, 0x400, 0x9, 0x1, 0x7, 0x4ef1, 0x7, 0x42d3, 0x5, 0xaf, 0x80000000, 0x9, 0x2, 0x1, 0xf3, 0x4, 0x0, 0xb597, 0x9f, 0x0, 0x200, 0x1000, 0x5, 0x7, 0x5, 0xe79, 0x1, 0xffff, 0x9, 0x8, 0x8a0, 0x5, 0x4, 0x8000, 0x6, 0x401f, 0x0, 0x80000001, 0x8, 0x7, 0x8, 0x1, 0x976, 0x0, 0x3, 0x4, 0x5, 0x1, 0x2, 0x8, 0x6, 0x5, 0xfb9d, 0x2, 0x0, 0x40, 0x7fffffff, 0x2, 0x8, 0x5]}]}}]}, 0x434}, 0x1, 0x0, 0x0, 0x40098}, 0x0) 8.131225798s ago: executing program 1 (id=828): ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 7.588268752s ago: executing program 2 (id=831): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x4000009f, 0x0, 0xfffffffffffffffb}]}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) close_range(r3, 0xffffffffffffffff, 0x0) 7.345285099s ago: executing program 0 (id=832): syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000000)='./file2\x00', 0x2010410, &(0x7f00000002c0)=ANY=[@ANYBLOB='nodots,dmask=00000000000000000000003,usefree,nodots,flush,dots,dots,gid=', @ANYRESHEX=0x0, @ANYBLOB], 0x1, 0x214, &(0x7f0000000840)="$eJzs3D1rW1cYB/AjWa6tlhZPhXbpoV3a5bb10qVDS3GhVNCSRCEv0zWWEyFFAl8NksmgOVM+RwhkCWQL+QL+DFmymYDx5Ck3OJKs2NixE0dy4vx+ix6e/z1X5+jARVy9bP5+91ZjNUtW004ozRdC8Y/QDzuFsBCKYaQffnpwZfvOxavX/v2zUlm6MDvsx/jVd4+v377//ZPOF5cf7nYKIYStxWcbX298s/ni0s16FutZbLU7MY3L7XYnXW7W4ko9ayQx/t+spVkt1ltZbW1fvtpsj5861LIspq1ebNR6sdOOnbVeTG+k9VZMkiTOB06lem8nz8NWnuf5XD/kef62JyhMZl5Myyn3n4/c3kU97l5Nn/e71W518DjI//6nsvRLfGVhPGq7263O7OW/DvK4P58Nnw/zxUPzz8KPPwzy3eyv/yoH8nJYmfzyAQAAAADgXErinkPv7yfJUfmgeu3zgQP370vh29K4MzP5pQAAAABHyHrrjbS5Mrs2KJq1Myvmwv7Ob4+GUzxu+M9Pjz9mQsWXwyK843nKIYSjjymGM9+U6RSj75EPO6PfF5xseOl9TaP8gbwao2I+HBaVw3pjbjqbAgAAnC/jN/0nHlKc6IQAAAAAAAAAAAAAAAAAAADgEzSNPzM76zUCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALzJywAAAP//ixdW4w==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b) 6.49741083s ago: executing program 2 (id=835): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f00000009c0)=[{&(0x7f0000000640)="d9fb", 0x2}], 0x1}], 0x1, 0x40800) syz_genetlink_get_family_id$devlink(&(0x7f00000000c0), r1) 6.365309886s ago: executing program 1 (id=836): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x181000) ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x129400) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r1, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r1, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f0000000300)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r3, 0x0, 0x0, 0x1f5, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000dfff00"}}) 5.693323608s ago: executing program 0 (id=838): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0) msync(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x6) 5.061280435s ago: executing program 4 (id=840): r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$sock_int(r0, 0x1, 0x4, 0x0, &(0x7f0000000000)) 5.031060481s ago: executing program 2 (id=841): socket$unix(0x1, 0x2, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet_icmp(0x2, 0x2, 0x1) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r2 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000004c0), &(0x7f0000000500)=r1}, 0x20) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10) syz_emit_ethernet(0x42, &(0x7f0000000400)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @void, {@arp={0x806, @ether_ipv6={0x1, 0x86dd, 0x6, 0x10, 0x9, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @empty, @empty}}}}, 0x0) 5.00312543s ago: executing program 1 (id=842): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000006300)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000390000000000000000000000850000004100000085000000a000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @xdp, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r2, r1, 0x25, 0x0, @void}, 0x10) syz_emit_ethernet(0xdc1, &(0x7f0000002780)={@local, @broadcast, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x3, 0xdb3, 0x66, 0x0, 0x4, 0x2f, 0x0, @rand_addr=0x64010102, @rand_addr=0x64010101}, {{0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x86dd, [], "b3f173d041ed56001827e7ae63bc8b7155f793377334ef936a6c2210dc747ad027196c5b257dcb42f9255e718fd40bdd0b6ca65d1d9142d7878955374962492883"}, {0x8, 0x88be, 0x0, {{0x1, 0x1, 0xfa, 0x1, 0x0, 0x3, 0x7, 0x5}, 0x1, {0x800}}}, {0x8, 0x22eb, 0x1, {{0x1, 0x2, 0x9, 0x1, 0x1, 0x1, 0x6, 0x9}, 0x2, {0x5d0, 0xb, 0x1, 0x15, 0x1, 0x1, 0x2, 0x1}}}, {0x8, 0x6558, 0x1, "3e9c7461135f3431c2d3ca7b42d20ba7a787f88c935da22c690597fc4c209f8f12ffc1876878d010b6b17d6f2e66175bf144289484a27b46f2adf6f8869bc24983094224f27aa9ea5149987348ab70db2234b2d9f0ab52f2216ed4b59dcc15c6e6ebb1fa972bb4b06da1b8401d0f811c9a9c2bc7cf23635e32af59f3deae9f40b93477879611c15444da1d841ad494be856af161da849f1b3e2a3dbd02a0d34f685795ec0ce67b7b93d4bae8fcd98d5cc1c775cc5dc88cde84b99e2118d8113ffd3b74952a12b3764165af3211bf79c8573d3623877718a180fe6bb69bf71bf03f9d7269392b0663aea7ba1b2cc15a5ac5a9f800f56ddc208ff89908d3183c4aa9a7ea58a9621a8868d9ca15ba186675c1e5770090766502986df7292c6560585f8cb9096e0258f43fd0abb94fb8da39e2950ae23dd05e96eea150cefe84c58d6e3d4d196f7a71c49314d5816ce9207233666e95a40e6a4f2d9493682e4f86fc0c31003c7ba27e7c322bfe6e9bf00a00e059ef8433883aba3ce7ce527ca650b39540346693b404649d6dde6b5e682064dabeadda60e998d5e07c56449db9db6aae620e20fb818700ffda7417c179e1499971ce2f06bc87df68e6f9b019ec2238729c9abb6ac0cc0bcea961a5b72e1291ec5a6350e8b01fc4eff72b2f823841cc8fe9133fe4148ae7e7b68acadc0e3ed1455d3b4df11fb945940520c0e2a1b6679339b4abd9cd1a48169898341c64077a76f75011f7ae3c8400f392938ef90b893816785a6c5098d43967777700bfbdf45b5aa05eba56a3fa4903e96cf91713b4b1842de023b5ac1e7003d22223cc558162e43a76ab7105d0539b89ecfeb9185e0ea7c782f4d93f2d23f710d63a3af62e8304bd93991dcfe781c9274b8e3a7f1dffa1e157fd0499f16cba56fdb9930141f7bed5b8080efbf6129366640621b1a46e1ce2a0550ad3ea1e79f09eef0e94fe9e603bffcb4e73a86ed49012e3d73fc8344a6b655aba6df481202717c09b08bcd49d6369dfcd1fffba289c4054576ecbc564e1f961aa04639f0c7c450417f7c737804aedc48430c91124748c6ab05da728da4948336d9b4d1a4fee1c9a6ffd782f0905127366ab9f02b4b9b10d2da405b6eb8c7b23ab257ee9b026a35308c262c66f3affd184f118d2a41e126e1baffc91cec4da89c0ba51a1031f162e5371d85daa85234e00d53b170a0ca53b5f17fe294d3de3d9c6f96da91eb14404642ed94486a857f859dbd89a1a213c3c9b9256bb3d0e2c96f2120eb82c827704697461b309841f285c9a8792bc8855817e216f7e45d744337ad38e0be715d24e2693e40bddb186aebf5a017eb2e11eed760aa02f9e9db6a24acaa5d46d422b02eed71f2224cf9fed9575a9db4f73a3bd104f9efd0804f61ee431bc6c9893fba875bc4989733f42e2fa7fe4e0f5511afee081a52945a0466e4b8530a3863c36064cfaf718f60a4f04ba4c033413000808bca77014cac56fd240717948645971e01fbf915f193b752b426f147515e0a9dc94d4514bd9ae1e145b6cd9cf5d6efb21adecf459cd1bb6fa43054f57c2c401b7e5bb051112555ef06849ecd3b03f280a42da8ef67a5e3591164af9613cb13f3e0fed67f0bce014a8912e1540129121fbf990edb15c9bc88239ec5b12a2997c8e171d25e6e0eaa8d4d47b0b8a64dfac22d7008354b8bb82b5384a262a94d3138c6685a18cd25fa660eeed7df98f891c58e4a58ea5ec3237d471324c6efbb9d165820bd7c1037ccda38686e164324d2c37be51475cd2c10d0519db4450d3fd991c5a192a666c13944db6e49e5dd093412893de200665456c95e2f4f40533981f0d45142e42845b650a71afce245b2bc0a311797b0e7833a43df23f2ca1e5a4aec84fea84f641139d1f2fa60e21f25ae4c0d45c0cd296c773a345247dfd44e9d9ac7f5515cfa2154f239691209e46de5e70b55deb0e1724c9c59b084ba08d614c55ae47907983f581e0b79434a987e004480071b4d62bbcb2999aaa01b95e24003dabf522bb753625893d8b8e5f31b9c7d000f07bd06b0338a8aa109216960a1a0c3ad62ad0919b9548afa5f444dbd9d878bb40c928342a58003bc687971acbc6b7eb3a60cbb419c829e680ea78f173bd3ad9e4bfe14523a4293e0e199eed88cfab582ed08c3316f587d8a8e62b65a64bbfaf3f240818f3c154a7b863513fef81b733340dbea31be7b75f87c861475f9b0ee4653652112349fb801b8a1e97fee8d1f2af7684126e51896faeacc535e04d23849874f73584f5979f148704730c59c44279855172dc35be2876c8033a7af025a6766d0bdaf21a0a7099c5349f4ee71b172671b5d487f709371551b0fafe416b143fa7a9b5f921c450cb0a498930bd991c51bd8e854ad00d0573795e285a46ad29a04fefd72c31698e8ce350233371ac8c05028e25caf4a1f196e44255be145de6c8cca42ec62dab93a90730f51b17e8662230850949d2e92e50069a293cc6bf47d8ebbc677d9c021641928d116e01d558ffcba0cbedf779a44a987e7d99aaa6acdb828948b6cc2dd2ffd27bff7833b14551ccf767be53af4124b1f2db5b48655dc1dafaf1dbf058e9abf6c41a19c41d1abb273acedec7d0826180bd6bc336a723390b49461f736b64b3ff7fc2cefda83daffee10acad1ac7b3e725898b435eda36380ea97df7118b31c7bfb9c5a87353ad5b8f1673ffd8cb93ebd215f5ff1f9949334e9e979c4e94863b73655a8c790569935e9bd5218516a5eedfca46ef191f528235355f8ed16328371bd480206c5023e6ff2052650c7faaf2b292f81a32709781419b2ee908fa93d3771a4a114c2a47642509ab0a7e43fc7538e11fa63185a1af95b41bbe36c932f0a65bf297971b5699461f38c06d98da5a1c446d93f01c5d3d037a40396a28a37602f8898a5e47cd6ac1324ddff7bd3c643ae54d8f1eef10e7a0121c0be8f76c9bcccbda11333a0bd8d8e13b905d6d9d424e837d8539e02d99c6d5e730806de9c006d453a6f8ed5f3c63f603ba74c134adf64250d8eace762b717d5cc1f7964df8fb147196c6821b02224067e97d19f7b7ec35b37686c9b7128ca14b03a7da8445c551f4730e4a80b1846583b023398f429ec17a3cc4b29cb916b6db3eab865f2636008fd33330b7b7a96308bb7158cfa87ab383827ad3c704a49e41f30c061c0e3ca78179cbb4d7b2de8a0aaf8c7a4faed3270e50d29024c20f749bc74f7b04910ddbfce93806918a97ea512c9e9df0d8e33c005d7a31105596c8e25f5956671f5c4f7b785cb07c862f50298a487386e79b6ee9cf58bad497bdbda52889225dbf739ca6bc157112294834bf4a9ede07c63e50984615b0c8c79f40bafbb1b186b61365739adab9ecd79675a56ecad50761a7d07f0e11b6a577c0ef62c69794be6c5dfdd58bed3fdb4591fd5297b609d16d16b0d907fc92afbab13fff6d7807d963f99dc20558227c2abf7a9db80bcde2801c81856ef541eb4545e66cca666e79773ebba144b09fb28ad9b363e5f66f6d84a153eead6968b651176a2a36a3207f62305bf6e6182f561b189e2aceaff1fe1422a6910314f816516616594402b5b3143db377664c23835dd4a610ddf569e46b44bb05f89a98d6cfe779328fb6c50cbd635c6cbdae181f75e92deecf044919b25459bdf8f431be214e492274ec570e01d57025f9a02ef99168b8137c75a786909332d831b720a7ed53e2e603d1ceae2220f82f617c4a0ed6d81118949c1b930a80f963b737f6f051d6bf0f876e4b1a6a316acd45df1166ba1ebf6a83d408f9519b7ce47b0e178b57bdf94b8f12a5ae38f0c20c32086b78abfcc04ccb054a17f767130bf575bc42f0a6ab2e15f58df95470288e4c447e4f4b59a0d19bab1c6fc99f949c1326bb33f826855b7c445868a921481a60c87b9b06c900d7443e5b0ca515b6d2b09d2aac07662c45f542e5b74018a5b4eb93c67c8be5263992c35544749e6a783a02f54a3a290341a73d2b9fe4fb27ee46b0424249c8a2ea9b5f6f3fb030e5d74074a2ccbdc7ec39f4eb0275b133ce2562c0b710383bfdd59cc49b2a25003652c61e622e7e2d20079e7116a5529d7c7aeed331b8924e808173f4aaa1ea228e626071c1e0c7b9277a6efbab77d28609462423ce16407b5107831e55d6794400b3881a76df246f37388cd1838c85f85782558d276fb006f8981986e8e40ed136e7bcfac00ac966f8820e51cb6d7d7b01fdc5d25d52c8a60575f32d6735d9c37e3a34f1cc4f2ebe2038664a177a5d9f2b81cbee7c4d215abe4b655db17f19722944bd00832ccaf62678ef1da2549a771b1f053cc7ea26952e3813e7c30248d5779af6d6d91c52e8bf8ca80c4a940025d31b07ec8dcefdae1f09a104b1cb4148d9d557bf76a369b3f2d98dbbcec1700c37dbef6fdacdd55be2aae9e6d926a857d4d13a5ad718865e8531d85277af57e877ac9ef991c003144dfdfcf86581fa0d93751587b9f1900b71103849016815369f3c10789137c9f5a7f67eb8056dcc3c33f24a65e1ef6499add5e3da1c57bbf97a0a63b7040837dc72b3be2458241fc8d09949763514c3a2fcfc69e8351b14f7009854070996e2da8f8d1e19e4c5ee66eeb925bcc2bf3977b58cd44e37c1773490b4194658765dee18a41c6f336915da73a68fe379c3fb2aa64d5e0b0bfa6feb8e6b4d28892f298b42f18e293599bbbd730094b17fc880c1c3442d91d127726153c"}}}}}}, 0x0) 4.876625535s ago: executing program 0 (id=843): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) writev(r0, &(0x7f00000006c0)=[{&(0x7f0000000440)="2e9b3d0007e03dd65193dfb6c575", 0xe}, {&(0x7f0000000100)="31020002", 0x4}, {&(0x7f0000000040)='h?\x00W', 0x4}], 0x3) 4.59338081s ago: executing program 4 (id=845): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x7, 0x7, 0x7ffc0001}]}) set_mempolicy_home_node(&(0x7f0000ff9000/0x2000)=nil, 0x2000, 0x6, 0x0) 4.217206351s ago: executing program 2 (id=846): ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 4.118470781s ago: executing program 3 (id=847): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x2000, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f00000000c0)=0xfff7bdff) 3.894982249s ago: executing program 4 (id=848): r0 = openat$kvm(0x0, &(0x7f0000000080), 0x100, 0x0) ioctl$KVM_GET_SUPPORTED_HV_CPUID_cpu(0xffffffffffffffff, 0xc008aec1, &(0x7f0000000280)={0x4, 0x0, [{0xb, 0x4, 0x2, 0x9, 0xff, 0x8, 0x9}, {0x40000000, 0x2, 0x4, 0x6, 0xf, 0x3}, {0xc0000001, 0x6, 0x5, 0x2, 0x5d, 0x4, 0x5}, {0xc0000000, 0x4, 0x2, 0x10000, 0x4, 0x3}]}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)={0x79, 0x0, 0x756}) r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil) r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f00000000c0)={0x0, 0x0}) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000100)=@arm64={0x10, 0x2, 0xa, '\x00', 0x400009}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 3.703512614s ago: executing program 0 (id=849): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r0, &(0x7f0000019240)=""/102356, 0x18fd4, 0x200) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040), 0x8) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000080)={0x18, 0x3, 0x0, &(0x7f0000000000)='GPL\x00', 0x2, 0x0, 0x0, 0x41100, 0x7c, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) syz_usb_connect(0x1, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805", @ANYRES32], &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) pwritev(r2, &(0x7f0000000080), 0x0, 0x5, 0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x94, 0x7fff0000}]}) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_rr_get_interval(0x0, &(0x7f0000000340)) 3.575060593s ago: executing program 1 (id=850): r0 = syz_usb_connect(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f7010203010902340001000000000904fb00026c5d650009050402100000fa000905820240"], 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) 3.247092838s ago: executing program 3 (id=851): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={{0x14}, [@NFT_MSG_DELOBJ={0x34, 0x14, 0xa, 0x3, 0x0, 0x0, {0x2}, [@NFTA_OBJ_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x1}, @NFTA_OBJ_NAME={0x9, 0x2, 'syz1\x00'}]}], {0x14}}, 0x5c}}, 0x0) 2.95073649s ago: executing program 4 (id=852): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) 2.834437052s ago: executing program 2 (id=853): socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x10, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_msg}, 0x94) socket$inet6_udp(0xa, 0x2, 0x0) r0 = socket(0x28, 0x5, 0x0) r1 = socket(0x28, 0x5, 0x0) listen(r1, 0x4) connect$vsock_stream(r0, &(0x7f0000000080)={0x28, 0x0, 0x0, @local}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x48) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x10, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 2.657975743s ago: executing program 3 (id=854): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x203, 0x0) setreuid(0x0, 0xee00) ioctl$SNAPSHOT_SET_SWAP_AREA(r0, 0x400c330d, 0x0) 2.131226385s ago: executing program 2 (id=855): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x2, &(0x7f0000000000)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x2, &(0x7f00000001c0)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r1, 0x0, 0x0, 0x36, 0x0, 0x0, r1}, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x5, 0x9, r1, 0x0, 0x0, 0x5, 0x0, 0x3}]) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) io_pgetevents(r0, 0x7, 0x7, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}, {}], 0x0, 0x0) 1.863451534s ago: executing program 4 (id=856): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x8, 0x94, 0x7fff0000}]}) socket$nl_netfilter(0x10, 0x3, 0xc) fcntl$lock(r0, 0x5, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x800005}) 1.710996481s ago: executing program 3 (id=857): unshare(0x6020400) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) bind$alg(0xffffffffffffffff, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'authenc(michael_mic-generic,pcbc(fcrypt-generic))\x00'}, 0x58) getsockopt$inet_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000000)={&(0x7f0000ffb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0}, &(0x7f0000000180)=0x40) 1.115383576s ago: executing program 4 (id=858): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x104}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e) sched_getscheduler(r0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/timer_list\x00', 0x0, 0x0) sendfile(r3, r4, 0x0, 0x20000023896) 787.063661ms ago: executing program 3 (id=859): ioprio_set$pid(0x2, 0x0, 0x0) 144.4479ms ago: executing program 0 (id=860): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = dup(r0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}}) write$tun(r2, &(0x7f0000000080)=ANY=[@ANYBLOB="083c88a80001110004"], 0xfdef) 0s ago: executing program 3 (id=861): keyctl$instantiate(0xc, 0x0, &(0x7f0000000100)=@encrypted_new={'new ', 'default', 0x20, 'user:', 'syz', 0x20, 0xffd}, 0x2a, 0x0) r0 = add_key(&(0x7f0000000140)='encrypted\x00', &(0x7f0000000180), &(0x7f0000000100), 0xca, 0xfffffffffffffffe) keyctl$setperm(0x5, r0, 0x82004) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, 0x0, 0x0) add_key$user(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffd) keyctl$read(0xb, r0, &(0x7f0000000240)=""/112, 0x349b7f55) kernel console output (not intermixed with test programs): o 8 [ 356.798880][ T6937] SQUASHFS error: xz decompression failed, data probably corrupt [ 356.819882][ T6937] SQUASHFS error: Failed to read block 0x108: -5 [ 356.827751][ T6937] SQUASHFS error: Unable to read metadata cache entry [106] [ 356.843781][ T6937] SQUASHFS error: Unable to read inode 0x11f [ 357.426198][ T6711] udevd[6711]: incorrect cramfs checksum on /dev/loop3 [ 357.444233][ T6937] loop2: detected capacity change from 0 to 2048 [ 357.695831][ T6937] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 357.813285][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop3 [ 357.989420][ T5837] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 358.047024][ T6950] loop0: detected capacity change from 0 to 256 [ 358.171517][ T6950] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 358.182352][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop3 [ 358.220432][ T5837] usb 5-1: Using ep0 maxpacket: 16 [ 358.244003][ T5837] usb 5-1: config 0 has no interfaces? [ 358.266025][ T6950] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 358.308492][ T5837] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 358.341218][ T6950] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 358.349132][ T6950] UDF-fs: Scanning with blocksize 512 failed [ 358.356126][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.400543][ T5837] usb 5-1: Product: syz [ 358.405043][ T5837] usb 5-1: Manufacturer: syz [ 358.409860][ T5837] usb 5-1: SerialNumber: syz [ 358.475497][ T6950] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 358.497858][ T5837] usb 5-1: config 0 descriptor?? [ 358.670681][ T6950] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 358.892100][ T5837] usb 5-1: USB disconnect, device number 8 [ 359.046688][ T6945] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 359.304705][ T6957] loop1: detected capacity change from 0 to 512 [ 359.404236][ T6957] EXT4-fs: Ignoring removed i_version option [ 359.469254][ T6960] loop0: detected capacity change from 0 to 256 [ 359.477144][ T6957] EXT4-fs: Ignoring removed oldalloc option [ 359.497741][ T6957] EXT4-fs (loop1): Test dummy encryption mode enabled [ 359.653158][ T6957] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.267: casefold flag without casefold feature [ 359.742868][ T6957] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 359.746674][ T6957] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.267: couldn't read orphan inode 15 (err -117) [ 359.756480][ C1] EXT4-fs (loop1): error count since last fsck: 1 [ 359.756692][ C1] EXT4-fs (loop1): initial error at time 1775913032: ext4_orphan_get:1397: inode 15 [ 359.756869][ C1] EXT4-fs (loop1): last error at time 1775913032: ext4_orphan_get:1397: inode 15 [ 359.819535][ T6566] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 150 with error 28 [ 359.890604][ T6566] EXT4-fs (loop2): This should not happen!! Data will be lost [ 359.890604][ T6566] [ 359.940577][ T6566] EXT4-fs (loop2): Total free blocks count 0 [ 359.946922][ T6566] EXT4-fs (loop2): Free/Dirty block details [ 359.955151][ T6957] loop1: lost filesystem error report for type 5 error -117 [ 359.966659][ T6957] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 360.025489][ T6566] EXT4-fs (loop2): free_blocks=2415919504 [ 360.078781][ T6566] EXT4-fs (loop2): dirty_blocks=160 [ 360.144219][ T6566] EXT4-fs (loop2): Block reservation details [ 360.144314][ T6566] EXT4-fs (loop2): i_reserved_data_blocks=10 [ 360.223686][ T5772] EXT4-fs warning (device loop2): ext4_evict_inode:195: inode #18: comm syz-executor: data will be lost [ 360.283642][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.853870][ T6971] loop4: detected capacity change from 0 to 2048 [ 361.120871][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 361.193539][ T6971] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 362.185660][ T6983] loop3: detected capacity change from 0 to 2048 [ 363.300286][ T6984] loop0: detected capacity change from 0 to 2048 [ 363.491243][ T5839] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 364.299233][ T6983] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 364.763783][ T6984] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 365.927256][ T5773] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 366.086573][ T6990] process 'syz.3.275' launched './file0' with NULL argv: empty string added [ 366.339540][ T6990] loop3: detected capacity change from 0 to 512 [ 366.423780][ T6990] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 not in group (block 524322)! [ 366.457627][ T6990] EXT4-fs (loop3): group descriptors corrupted! [ 366.838317][ T6999] loop4: detected capacity change from 0 to 16 [ 366.939827][ T5839] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 367.032377][ T6999] cramfs: Error -3 while decompressing! [ 367.038136][ T6999] cramfs: ffffffff959dc238(27)->ffff88811cd92000(4096) [ 367.052989][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop4 [ 367.174918][ T6999] cramfs: Error -3 while decompressing! [ 367.330727][ T6999] cramfs: ffffffff959dc238(27)->ffff88811cd92000(4096) [ 367.495251][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop4 [ 367.600546][ T29] audit: type=1800 audit(1775913040.309:17): pid=6999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.276" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 367.936651][ T7001] loop0: detected capacity change from 0 to 32768 [ 367.946720][ T7001] btrfs: Deprecated parameter 'usebackuproot' [ 367.953246][ T7001] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 368.011932][ T7001] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.278 (7001) [ 368.041167][ T29] audit: type=1326 audit(1775913040.779:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.069085][ T5839] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 368.100677][ T7001] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 368.111454][ T7001] BTRFS info (device loop0): using crc32c checksum algorithm [ 368.123481][ T7001] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 368.161857][ T5839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.201338][ T29] audit: type=1326 audit(1775913040.779:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.253952][ T5839] usb 3-1: config 0 descriptor?? [ 368.302220][ T6538] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 368.355976][ T6538] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 368.358304][ T29] audit: type=1326 audit(1775913040.809:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.394375][ T5839] pwc: Samsung MPC-C10 USB webcam detected. [ 368.419799][ T6538] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 368.449783][ T6555] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 368.502382][ T29] audit: type=1326 audit(1775913040.809:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.538458][ T29] audit: type=1326 audit(1775913040.809:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.570960][ T1026] BTRFS warning (device loop0): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xb0e5ffa5 level 0 [ 368.597544][ T7001] BTRFS warning (device loop0): couldn't read tree root [ 368.605290][ T7001] BTRFS warning (device loop0): try to load backup roots slot 1 [ 368.621454][ T724] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x32d10ca2 level 0 [ 368.642216][ T29] audit: type=1326 audit(1775913040.809:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.687545][ T7001] BTRFS warning (device loop0): couldn't read tree root [ 368.687819][ T6993] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.696108][ T7001] BTRFS warning (device loop0): try to load backup roots slot 2 [ 368.720914][ T6557] BTRFS warning (device loop0): checksum verify failed on logical 5255168 mirror 1 wanted 0x9df47653 found 0x6344b7f5 level 1 [ 368.721429][ T5876] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 368.766280][ T29] audit: type=1326 audit(1775913040.809:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.792616][ T6993] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.811316][ T29] audit: type=1326 audit(1775913040.809:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 368.901732][ T7001] BTRFS warning (device loop0): couldn't read tree root [ 368.909130][ T7001] BTRFS warning (device loop0): try to load backup roots slot 3 [ 368.979052][ T7001] BTRFS info (device loop0): rebuilding free space tree [ 369.013701][ T5876] usb 2-1: Using ep0 maxpacket: 16 [ 369.033793][ T7001] BTRFS info (device loop0): disabling free space tree [ 369.046013][ T7001] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 369.056322][ T7001] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 369.096565][ T7001] BTRFS info (device loop0): enabling ssd optimizations [ 369.104022][ T7001] BTRFS info (device loop0): turning off barriers [ 369.123066][ T7001] BTRFS info (device loop0): turning on sync discard [ 369.130510][ T7001] BTRFS info (device loop0): enabling disk space caching [ 369.137911][ T7001] BTRFS info (device loop0): force clearing of disk cache [ 369.150333][ T7001] BTRFS info (device loop0): enabling auto defrag [ 369.157211][ T7001] BTRFS info (device loop0): trying to use backup root at mount time [ 369.165845][ T7001] BTRFS info (device loop0): max_inline set to 0 [ 369.187581][ T5876] usb 2-1: config 0 has no interfaces? [ 369.194725][ T29] audit: type=1326 audit(1775913040.819:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7004 comm="syz.3.279" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2e91f9c819 code=0x7ffc0000 [ 369.263127][ T5876] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 369.299273][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.329025][ T5876] usb 2-1: Product: syz [ 369.386092][ T5876] usb 2-1: Manufacturer: syz [ 369.430596][ T5876] usb 2-1: SerialNumber: syz [ 369.562542][ T5876] usb 2-1: config 0 descriptor?? [ 369.686987][ T6993] loop2: detected capacity change from 0 to 2048 [ 369.838882][ T6993] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 369.911437][ T795] usb 2-1: USB disconnect, device number 14 [ 370.053793][ T6993] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 370.243152][ T5774] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 370.597838][ T5839] pwc: send_video_command error -71 [ 370.653170][ T5839] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 370.702819][ T5839] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 370.813944][ T5839] usb 3-1: USB disconnect, device number 15 [ 371.105748][ T7028] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 372.402657][ T7041] loop1: detected capacity change from 0 to 2048 [ 373.080426][ T7041] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 373.586825][ T7039] loop3: detected capacity change from 0 to 2048 [ 373.848518][ T7039] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 375.255463][ T7050] loop2: detected capacity change from 0 to 32768 [ 375.341731][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 375.376973][ T7050] JBD2: Ignoring recovery information on journal [ 375.461256][ T7050] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 375.619177][ T7050] OCFS2: ERROR (device loop2): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 2061 but max bitmap bits of 2048 [ 375.637351][ T7050] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 375.647663][ T7050] OCFS2: File system is now read-only. [ 375.653423][ T7050] (syz.2.289,7050,0):ocfs2_search_chain:1888 ERROR: status = -30 [ 375.661813][ T7050] (syz.2.289,7050,0):ocfs2_search_chain:2011 ERROR: status = -30 [ 375.669810][ T7050] (syz.2.289,7050,0):ocfs2_claim_suballoc_bits:2098 ERROR: status = -30 [ 375.678656][ T7050] (syz.2.289,7050,0):ocfs2_claim_suballoc_bits:2151 ERROR: status = -30 [ 375.687434][ T7050] (syz.2.289,7050,0):ocfs2_claim_new_inode:2392 ERROR: status = -30 [ 375.701517][ T7050] (syz.2.289,7050,0):ocfs2_claim_new_inode:2407 ERROR: status = -30 [ 375.709802][ T7050] (syz.2.289,7050,0):ocfs2_mknod_locked:642 ERROR: status = -30 [ 375.719676][ T7050] (syz.2.289,7050,0):ocfs2_mknod:389 ERROR: status = -30 [ 375.727604][ T7050] (syz.2.289,7050,0):ocfs2_mknod:506 ERROR: status = -30 [ 375.735130][ T7050] (syz.2.289,7050,0):ocfs2_create:679 ERROR: status = -30 [ 375.814909][ T7056] loop4: detected capacity change from 0 to 16 [ 375.985796][ T5772] ocfs2: Unmounting device (7,2) on (node local) [ 376.067199][ T6711] udevd[6711]: incorrect cramfs checksum on /dev/loop4 [ 376.125527][ T7056] cramfs: Error -3 while decompressing! [ 376.175320][ T7056] cramfs: ffffffff959dc238(27)->ffff88811cdb2000(4096) [ 376.211483][ T795] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 376.303388][ T7056] cramfs: Error -3 while decompressing! [ 376.355169][ T7056] cramfs: ffffffff959dc238(27)->ffff88811cdb2000(4096) [ 376.417135][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 376.417216][ T29] audit: type=1800 audit(1775913049.179:31): pid=7056 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.293" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 376.434023][ T795] usb 1-1: device descriptor read/64, error -71 [ 376.462265][ T5839] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 376.484860][ T7065] netlink: 4 bytes leftover after parsing attributes in process `syz.3.292'. [ 376.526113][ T6711] udevd[6711]: incorrect cramfs checksum on /dev/loop4 [ 376.724445][ T5839] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 376.756922][ T795] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 376.810549][ T5839] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 376.891447][ T5839] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 376.946796][ T5839] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 376.960526][ T5837] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 376.998972][ T5839] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 9 [ 377.002686][ T795] usb 1-1: device descriptor read/64, error -71 [ 377.070537][ T5839] usb 2-1: New USB device found, idVendor=1784, idProduct=0001, bcdDevice=8c.04 [ 377.110450][ T5839] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.144971][ T795] usb usb1-port1: attempt power cycle [ 377.171980][ T5837] usb 3-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 377.184382][ T5839] usb 2-1: config 0 descriptor?? [ 377.205468][ T5837] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.304823][ T5837] usb 3-1: config 0 descriptor?? [ 377.406336][ T5837] pwc: Samsung MPC-C10 USB webcam detected. [ 377.425195][ T5839] usb 2-1: string descriptor 0 read error: -71 [ 377.546506][ T795] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 377.625340][ T7067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.661522][ T5839] usb 2-1: USB disconnect, device number 15 [ 377.669192][ T795] usb 1-1: device descriptor read/8, error -71 [ 377.708789][ T7067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.031529][ T795] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 378.148016][ T7067] loop2: detected capacity change from 0 to 2048 [ 378.221291][ T5945] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 378.273716][ T7067] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 378.380336][ T7067] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 378.490682][ T5945] usb 4-1: Using ep0 maxpacket: 16 [ 378.518938][ T795] usb 1-1: device descriptor read/8, error -71 [ 378.554415][ T7067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.591063][ T5945] usb 4-1: config 0 has no interfaces? [ 378.633308][ T5945] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 378.678267][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.691056][ T795] usb usb1-port1: unable to enumerate USB device [ 378.701594][ T7067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.753647][ T5945] usb 4-1: Product: syz [ 378.758207][ T5945] usb 4-1: Manufacturer: syz [ 378.810707][ T5945] usb 4-1: SerialNumber: syz [ 378.847966][ T5945] usb 4-1: config 0 descriptor?? [ 378.883786][ T5837] pwc: send_video_command error -71 [ 378.889337][ T5837] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 378.937101][ T5837] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 378.999229][ T5837] usb 3-1: USB disconnect, device number 16 [ 379.157518][ T5839] usb 4-1: USB disconnect, device number 14 [ 379.459797][ T7076] netlink: 200 bytes leftover after parsing attributes in process `syz.0.298'. [ 380.090935][ T7077] loop4: detected capacity change from 0 to 4096 [ 380.156785][ T7077] ntfs3(loop4): Different NTFS sector size (2048) and media sector size (512). [ 381.972992][ T7096] loop1: detected capacity change from 0 to 2048 [ 382.168846][ T7096] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 382.850341][ T5876] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 383.196638][ T5876] usb 3-1: config index 0 descriptor too short (expected 65345, got 45) [ 383.289118][ T5876] usb 3-1: config 1 has an invalid interface number: 7 but max is 0 [ 383.467253][ T5876] usb 3-1: config 1 has no interface number 0 [ 383.550673][ T5876] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0xF has invalid maxpacket 64 [ 383.627208][ T7101] veth0: entered promiscuous mode [ 383.690763][ T5876] usb 3-1: config 1 interface 7 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 383.705426][ T7098] veth0: left promiscuous mode [ 383.751812][ T5876] usb 3-1: config 1 interface 7 altsetting 0 bulk endpoint 0xE has invalid maxpacket 0 [ 383.976264][ T5876] usb 3-1: New USB device found, idVendor=1199, idProduct=68a3, bcdDevice= 0.00 [ 384.060671][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.159875][ T5876] usb 3-1: Product: syz [ 384.164657][ T5876] usb 3-1: Manufacturer: syz [ 384.236575][ T5876] usb 3-1: SerialNumber: syz [ 384.282531][ T7097] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 384.301669][ T5839] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 384.373787][ T5876] usb 3-1: Error in usbnet_get_endpoints (-22) [ 384.544000][ T5839] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 384.585825][ T5839] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 384.614590][ T5876] usb 3-1: USB disconnect, device number 17 [ 384.627827][ T5839] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 384.683146][ T5839] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 384.698257][ T5839] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 9 [ 384.814877][ T5839] usb 4-1: New USB device found, idVendor=1784, idProduct=0001, bcdDevice=8c.04 [ 384.849107][ T7111] loop4: detected capacity change from 0 to 16 [ 384.915081][ T5839] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.965529][ T5839] usb 4-1: config 0 descriptor?? [ 384.976664][ T7109] cramfs: wrong magic [ 385.021643][ T7111] cramfs: Error -3 while decompressing! [ 385.027548][ T7111] cramfs: ffffffff959dc238(27)->ffff88813350c000(4096) [ 385.066656][ T7111] cramfs: Error -3 while decompressing! [ 385.109088][ T7111] cramfs: ffffffff959dc238(27)->ffff88813350c000(4096) [ 385.216858][ T29] audit: type=1800 audit(1775913057.989:32): pid=7111 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.307" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 385.242891][ T5839] usb 4-1: string descriptor 0 read error: -71 [ 385.288293][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop4 [ 385.364886][ T5839] usb 4-1: USB disconnect, device number 15 [ 385.726799][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop4 [ 386.320349][ T5945] usb 3-1: new low-speed USB device number 18 using dummy_hcd [ 386.585669][ T5945] usb 3-1: config 0 has an invalid interface number: 33 but max is 0 [ 386.618866][ T5945] usb 3-1: config 0 has no interface number 0 [ 386.746759][ T5945] usb 3-1: string descriptor 0 read error: -22 [ 386.798878][ T5945] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 386.809072][ T7128] loop3: detected capacity change from 0 to 512 [ 386.841209][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.934988][ T5945] usb 3-1: config 0 descriptor?? [ 386.980169][ T5945] usbtest 3-1:0.33: FX2 device [ 386.985268][ T5945] usbtest 3-1:0.33: low-speed {control intr-in intr-out} tests (+alt) [ 387.030671][ T7128] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 387.098139][ T7128] ext4 filesystem being mounted at /67/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 387.174938][ T7130] loop0: detected capacity change from 0 to 2048 [ 387.279567][ T7122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 387.299866][ T7122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.934216][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 388.951560][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 389.452150][ T7135] loop4: detected capacity change from 0 to 2048 [ 392.999338][ T7130] NILFS (loop0): error -4 creating segctord thread [ 393.645419][ T5945] usb 3-1: USB disconnect, device number 18 [ 394.132408][ T7135] NILFS (loop4): error -4 creating segctord thread [ 394.348636][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 394.981175][ T7150] loop2: detected capacity change from 0 to 256 [ 395.947955][ T7158] loop3: detected capacity change from 0 to 2048 [ 398.804765][ T7158] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 402.476171][ T7177] loop0: detected capacity change from 0 to 128 [ 402.502668][ T5837] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 402.701521][ T7177] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 402.748354][ T5837] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 402.780237][ T5837] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 402.810562][ T5837] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 402.861087][ T7177] ext4 filesystem being mounted at /73/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 402.894400][ T5837] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 402.923267][ T5837] usb 4-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 9 [ 402.964526][ T5837] usb 4-1: New USB device found, idVendor=1784, idProduct=0001, bcdDevice=8c.04 [ 402.994381][ T5837] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 403.084042][ T7177] EXT4-fs error (device loop0): dx_make_map:1296: inode #2: block 18: comm syz.0.327: bad entry in directory: inode out of bounds - offset=988, inode=128, rec_len=36, size=1024 fake=1 [ 403.110298][ T5837] usb 4-1: config 0 descriptor?? [ 403.183884][ T7177] EXT4-fs (loop0): Remounting filesystem read-only [ 403.268114][ T7186] loop2: detected capacity change from 0 to 512 [ 403.420426][ T5839] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 403.617577][ T5837] usb 4-1: string descriptor 0 read error: -71 [ 403.815815][ T5837] usb 4-1: USB disconnect, device number 16 [ 403.882532][ T7186] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 403.920480][ T5839] usb 2-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 403.929905][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.954867][ T5839] usb 2-1: Product: syz [ 403.977885][ T5839] usb 2-1: Manufacturer: syz [ 403.983711][ T5839] usb 2-1: SerialNumber: syz [ 404.026481][ T7186] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 404.525860][ T5774] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 404.596303][ T7183] loop1: detected capacity change from 0 to 164 [ 404.835179][ T5837] usb 5-1: new low-speed USB device number 9 using dummy_hcd [ 404.942807][ T7183] netlink: 'syz.1.330': attribute type 1 has an invalid length. [ 405.039760][ T5839] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPROTO [ 405.137973][ T5839] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): lan78xx_setup_irq_domain() failed : -71 [ 405.162667][ T5837] usb 5-1: config 0 has an invalid interface number: 33 but max is 0 [ 405.201877][ T5839] lan78xx 2-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 405.240795][ T5837] usb 5-1: config 0 has no interface number 0 [ 405.388501][ T5839] lan78xx 2-1:1.0: probe with driver lan78xx failed with error -71 [ 405.389334][ T5837] usb 5-1: string descriptor 0 read error: -22 [ 405.418209][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 405.505949][ T5839] usb 2-1: USB disconnect, device number 16 [ 405.566058][ T5837] usb 5-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 406.357662][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 406.379398][ T5837] usb 5-1: config 0 descriptor?? [ 406.768731][ T7206] loop3: detected capacity change from 0 to 2048 [ 407.397257][ T5837] usbtest 5-1:0.33: FX2 device [ 408.400321][ T5837] usbtest 5-1:0.33: low-speed {control intr-in intr-out} tests (+alt) [ 408.515562][ T7206] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 411.866307][ T5839] usb 5-1: USB disconnect, device number 9 [ 412.704484][ T7217] overlayfs: failed to resolve './file0': -2 [ 413.256428][ T7224] loop2: detected capacity change from 0 to 512 [ 413.350822][ T7224] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 524322)! [ 413.416494][ T7224] EXT4-fs (loop2): group descriptors corrupted! [ 413.651365][ T5837] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 413.795805][ T7229] netlink: 16 bytes leftover after parsing attributes in process `syz.3.344'. [ 413.863701][ T7229] loop3: detected capacity change from 0 to 64 [ 413.916578][ T5837] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 413.919736][ T7229] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 413.970613][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.978962][ T5837] usb 5-1: Product: syz [ 414.012534][ T7231] loop1: detected capacity change from 0 to 512 [ 414.099501][ T5837] usb 5-1: Manufacturer: syz [ 414.104859][ T5837] usb 5-1: SerialNumber: syz [ 414.132968][ T5837] usb 5-1: config 0 descriptor?? [ 414.312976][ T7231] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 414.442420][ T5837] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 414.452947][ T7231] ext4 filesystem being mounted at /65/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 414.657644][ T7227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 414.768405][ T7227] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 415.555010][ T7226] FAULT_INJECTION: forcing a failure. [ 415.555010][ T7226] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 415.670765][ T7226] CPU: 1 UID: 0 PID: 7226 Comm: syz.0.342 Not tainted syzkaller #0 PREEMPT(full) [ 415.670919][ T7226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 415.671001][ T7226] Call Trace: [ 415.671061][ T7226] [ 415.671119][ T7226] __dump_stack+0x26/0x30 [ 415.671296][ T7226] dump_stack_lvl+0x14c/0x1c0 [ 415.671476][ T7226] dump_stack+0x1e/0x25 [ 415.671633][ T7226] should_fail_ex+0x7e2/0x8c0 [ 415.671864][ T7226] should_fail+0x2a/0x40 [ 415.672040][ T7226] should_fail_usercopy+0x2e/0x40 [ 415.672244][ T7226] _copy_from_user+0x33/0x100 [ 415.672441][ T7226] io_submit_one+0x6a/0x32e0 [ 415.672605][ T7226] ? stack_depot_save_flags+0x35/0x790 [ 415.672799][ T7226] ? kmsan_get_metadata+0xf1/0x160 [ 415.672944][ T7226] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 415.673155][ T7226] ? kmsan_get_metadata+0xf1/0x160 [ 415.673300][ T7226] ? kmsan_get_metadata+0xf1/0x160 [ 415.673441][ T7226] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 415.673603][ T7226] __se_sys_io_submit+0x26f/0x690 [ 415.673862][ T7226] __x64_sys_io_submit+0x97/0xe0 [ 415.674078][ T7226] x64_sys_call+0x1ec2/0x3ea0 [ 415.674267][ T7226] do_syscall_64+0x134/0xf80 [ 415.674456][ T7226] ? clear_bhb_loop+0x50/0xa0 [ 415.674617][ T7226] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 415.674783][ T7226] RIP: 0033:0x7f372559c819 [ 415.674893][ T7226] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 415.675024][ T7226] RSP: 002b:00007f3726501028 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 415.675169][ T7226] RAX: ffffffffffffffda RBX: 00007f3725815fa0 RCX: 00007f372559c819 [ 415.675275][ T7226] RDX: 00002000000000c0 RSI: 00000000000000f3 RDI: 00007f372649e000 [ 415.675375][ T7226] RBP: 00007f3726501090 R08: 0000000000000000 R09: 0000000000000000 [ 415.675464][ T7226] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 415.675559][ T7226] R13: 00007f3725816038 R14: 00007f3725815fa0 R15: 00007ffed68bf718 [ 415.675701][ T7226] [ 416.017021][ T7227] loop4: detected capacity change from 0 to 4096 [ 416.744243][ T7246] loop3: detected capacity change from 0 to 2048 [ 416.993108][ T7246] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 417.263295][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 417.279143][ T5837] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 418.106864][ T5839] usb 3-1: new low-speed USB device number 19 using dummy_hcd [ 419.183224][ T5839] usb 3-1: config 0 has an invalid interface number: 33 but max is 0 [ 419.234991][ T5839] usb 3-1: config 0 has no interface number 0 [ 419.302077][ T7227] ntfs3(loop4): Failed to read $AttrDef (-4). [ 419.441710][ T5839] usb 3-1: string descriptor 0 read error: -22 [ 419.460878][ T5839] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 419.502532][ T5839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.612783][ T5839] usb 3-1: config 0 descriptor?? [ 419.707856][ T5839] usbtest 3-1:0.33: FX2 device [ 419.779383][ T5839] usbtest 3-1:0.33: low-speed {control intr-in intr-out} tests (+alt) [ 419.926916][ T5876] usb 5-1: USB disconnect, device number 10 [ 420.049705][ T7250] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 420.171892][ T7250] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 424.151444][ T5945] usb 3-1: USB disconnect, device number 19 [ 425.556632][ T7276] netlink: 16 bytes leftover after parsing attributes in process `syz.2.357'. [ 425.638638][ T7276] loop2: detected capacity change from 0 to 64 [ 425.747028][ T7276] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 426.062677][ T7280] netlink: 112 bytes leftover after parsing attributes in process `syz.0.359'. [ 426.186614][ T7268] loop3: detected capacity change from 0 to 8192 [ 426.966328][ T7287] loop2: detected capacity change from 0 to 16 [ 427.193693][ T7287] cramfs: Error -3 while decompressing! [ 427.536830][ T7291] loop4: detected capacity change from 0 to 2048 [ 428.006502][ T7287] cramfs: ffffffff959dc238(27)->ffff888027ace000(4096) [ 428.188657][ T7291] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 428.460753][ T7287] cramfs: Error -3 while decompressing! [ 428.489836][ T7290] loop0: detected capacity change from 0 to 512 [ 428.563655][ T7287] cramfs: ffffffff959dc238(27)->ffff888027ace000(4096) [ 428.586148][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop2 [ 428.783666][ T29] audit: type=1800 audit(1775913101.549:33): pid=7287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.362" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 428.904273][ T7290] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 429.018977][ T7290] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 429.257394][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop2 [ 430.434833][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 430.867461][ T7310] loop2: detected capacity change from 0 to 512 [ 430.932321][ T7310] EXT4-fs (loop2): ext4_check_descriptors: Inode table for group 0 not in group (block 524322)! [ 431.005024][ T7310] EXT4-fs (loop2): group descriptors corrupted! [ 431.670762][ T7319] netlink: 16 bytes leftover after parsing attributes in process `syz.1.372'. [ 431.839377][ T7319] loop1: detected capacity change from 0 to 64 [ 431.897875][ T7319] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 432.138556][ T7322] netlink: 112 bytes leftover after parsing attributes in process `syz.2.373'. [ 434.073948][ T7338] loop1: detected capacity change from 0 to 2048 [ 435.721524][ T7339] fuse: Bad value for 'fd' [ 435.893758][ T7338] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 437.082984][ T7341] loop4: detected capacity change from 0 to 16 [ 437.103738][ T7341] erofs: Unknown parameter 'àÿ' [ 437.355863][ T7343] loop3: detected capacity change from 0 to 512 [ 437.615872][ T7343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 437.657509][ T7343] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 437.933849][ T7341] loop4: detected capacity change from 0 to 4096 [ 438.034877][ T7341] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512). [ 438.052315][ T5945] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 438.127271][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 438.256569][ T7341] ntfs3(loop4): Failed to read $UpCase (-4). [ 438.295897][ T5837] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 438.360375][ T5945] usb 3-1: config 8 has an invalid interface number: 223 but max is 0 [ 438.401256][ T5945] usb 3-1: config 8 contains an unexpected descriptor of type 0x1, skipping [ 438.441860][ T5945] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 438.500310][ T5837] usb 2-1: config 8 has an invalid interface number: 223 but max is 0 [ 438.509237][ T5837] usb 2-1: config 8 contains an unexpected descriptor of type 0x1, skipping [ 438.526570][ T5945] usb 3-1: config 8 has no interface number 0 [ 438.540187][ T5945] usb 3-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64 [ 438.576784][ T5837] usb 2-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 438.601779][ T5945] usb 3-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 438.620664][ T5837] usb 2-1: config 8 has no interface number 0 [ 438.648954][ T5837] usb 2-1: config 8 interface 223 altsetting 0 endpoint 0x7 has invalid maxpacket 15872, setting to 64 [ 438.693468][ T5945] usb 3-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 438.727869][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.736704][ T5837] usb 2-1: config 8 interface 223 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 438.789070][ T5945] usb 3-1: Product: syz [ 438.804586][ T5945] usb 3-1: Manufacturer: syz [ 438.809514][ T5945] usb 3-1: SerialNumber: syz [ 438.831678][ T5837] usb 2-1: New USB device found, idVendor=a6da, idProduct=7458, bcdDevice=2d.4d [ 438.853624][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.900575][ T5837] usb 2-1: Product: syz [ 438.918518][ T5837] usb 2-1: Manufacturer: syz [ 438.947887][ T5837] usb 2-1: SerialNumber: syz [ 439.249208][ T5945] usb 3-1: USB disconnect, device number 20 [ 439.324305][ T5837] usb 2-1: USB disconnect, device number 17 [ 439.402741][ T7361] netlink: 16 bytes leftover after parsing attributes in process `syz.0.387'. [ 439.514231][ T7361] loop0: detected capacity change from 0 to 64 [ 439.587728][ T7361] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 439.619405][ T7356] loop3: detected capacity change from 0 to 4096 [ 439.674715][ T7356] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 439.956371][ T7356] ntfs3(loop3): ino=19, mi_enum_attr [ 439.992042][ T7356] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 441.046201][ T7367] loop4: detected capacity change from 0 to 1024 [ 441.084907][ T7371] loop1: detected capacity change from 0 to 512 [ 441.263787][ T7371] EXT4-fs: Ignoring removed mblk_io_submit option [ 441.365142][ T7371] EXT4-fs: Ignoring removed nomblk_io_submit option [ 441.673074][ T7371] EXT4-fs: Invalid journal IO priority (must be 0-7) [ 441.879546][ T7367] bridge0: adding interface bridge_slave_0 with same address as a received packet (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 443.352296][ T7376] netlink: 8 bytes leftover after parsing attributes in process `syz.4.390'. [ 443.830524][ T7378] loop3: detected capacity change from 0 to 2048 [ 444.128769][ T7378] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 445.541019][ T7382] binder: BINDER_SET_CONTEXT_MGR already set [ 445.547172][ T7382] binder: 7380:7382 ioctl 4018620d 200000004a80 returned -16 [ 445.905102][ T7386] loop1: detected capacity change from 0 to 512 [ 446.503654][ T7386] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 446.986357][ T7386] ext4 filesystem being mounted at /76/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 447.415608][ T7398] netlink: 16 bytes leftover after parsing attributes in process `syz.0.398'. [ 447.493191][ T7399] loop0: detected capacity change from 0 to 64 [ 447.586260][ T7399] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 447.904801][ T7389] loop3: detected capacity change from 0 to 4096 [ 447.993411][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 448.011058][ T7389] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 448.182569][ T7402] loop4: detected capacity change from 0 to 512 [ 448.325537][ T7402] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 0 not in group (block 524322)! [ 448.389527][ T7402] EXT4-fs (loop4): group descriptors corrupted! [ 448.396410][ T7389] ntfs3(loop3): Failed to initialize $Extend/$Reparse. [ 448.483430][ T7389] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 448.541609][ T7389] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 448.581467][ T7389] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 448.673376][ T7402] loop4: detected capacity change from 0 to 64 [ 448.722751][ T7389] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 448.891353][ T7410] ntfs3(loop3): ino=1e, mi_enum_attr [ 448.897229][ T7410] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 449.085641][ T7407] loop0: detected capacity change from 0 to 4096 [ 449.160313][ T7407] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 449.708015][ T7407] ntfs3(loop0): ino=19, mi_enum_attr [ 449.750325][ T7407] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 449.864244][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 449.871191][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 451.005499][ T7421] loop1: detected capacity change from 0 to 4096 [ 451.117010][ T7421] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 451.379754][ T7433] loop3: detected capacity change from 0 to 16 [ 451.559460][ T7433] cramfs: Error -3 while decompressing! [ 451.566950][ T7434] loop4: detected capacity change from 0 to 512 [ 451.572090][ T7421] ntfs3(loop1): ino=19, mi_enum_attr [ 451.587743][ T7421] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 451.620484][ T7433] cramfs: ffffffff959dc238(27)->ffff888133650000(4096) [ 451.641173][ T7433] cramfs: Error -3 while decompressing! [ 451.646924][ T7433] cramfs: ffffffff959dc238(27)->ffff888133650000(4096) [ 451.773439][ T29] audit: type=1800 audit(1775913124.519:34): pid=7433 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.410" name="file2" dev="loop3" ino=348 res=0 errno=0 [ 451.872329][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop3 [ 451.981463][ T7434] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 452.059807][ T7439] netlink: 16 bytes leftover after parsing attributes in process `syz.2.412'. [ 452.076647][ T7434] ext4 filesystem being mounted at /80/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 452.202480][ T7439] loop2: detected capacity change from 0 to 64 [ 452.217753][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop3 [ 452.269234][ T7439] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 452.632660][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop3 [ 452.841786][ T5773] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 453.143811][ T7449] FAULT_INJECTION: forcing a failure. [ 453.143811][ T7449] name failslab, interval 1, probability 0, space 0, times 0 [ 453.230687][ T7449] CPU: 1 UID: 0 PID: 7449 Comm: syz.0.415 Not tainted syzkaller #0 PREEMPT(full) [ 453.230847][ T7449] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 453.230946][ T7449] Call Trace: [ 453.231000][ T7449] [ 453.231056][ T7449] __dump_stack+0x26/0x30 [ 453.231235][ T7449] dump_stack_lvl+0x14c/0x1c0 [ 453.231418][ T7449] dump_stack+0x1e/0x25 [ 453.231578][ T7449] should_fail_ex+0x7e2/0x8c0 [ 453.231798][ T7449] should_failslab+0x158/0x200 [ 453.231965][ T7449] kmem_cache_alloc_node_noprof+0x14c/0x12d0 [ 453.232129][ T7449] ? kmsan_get_metadata+0xf1/0x160 [ 453.232268][ T7449] ? __alloc_skb+0x744/0x1190 [ 453.232442][ T7449] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 453.232606][ T7449] __alloc_skb+0x744/0x1190 [ 453.232759][ T7449] ? __alloc_skb+0x35e/0x1190 [ 453.232918][ T7449] ? netlink_autobind+0x3b0/0x430 [ 453.233126][ T7449] netlink_alloc_large_skb+0xa5/0x290 [ 453.233312][ T7449] netlink_sendmsg+0xae9/0x1250 [ 453.233532][ T7449] ? __pfx_netlink_sendmsg+0x10/0x10 [ 453.233724][ T7449] ____sys_sendmsg+0xf37/0xfd0 [ 453.233963][ T7449] ___sys_sendmsg+0x271/0x3b0 [ 453.234135][ T7449] ? kmsan_get_metadata+0xf1/0x160 [ 453.234306][ T7449] ? __rcu_read_unlock+0x6c/0xd0 [ 453.234501][ T7449] ? __fget_files+0x3b4/0x4a0 [ 453.234660][ T7449] ? __fget_files+0x3b9/0x4a0 [ 453.234822][ T7449] ? kmsan_get_metadata+0xf1/0x160 [ 453.234974][ T7449] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 453.235140][ T7449] __x64_sys_sendmsg+0x211/0x3e0 [ 453.235342][ T7449] ? kmsan_get_metadata+0xf1/0x160 [ 453.235533][ T7449] x64_sys_call+0x1e20/0x3ea0 [ 453.235722][ T7449] do_syscall_64+0x134/0xf80 [ 453.235914][ T7449] ? clear_bhb_loop+0x50/0xa0 [ 453.236079][ T7449] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.236235][ T7449] RIP: 0033:0x7f372559c819 [ 453.236348][ T7449] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 453.236475][ T7449] RSP: 002b:00007f3726501028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.236615][ T7449] RAX: ffffffffffffffda RBX: 00007f3725815fa0 RCX: 00007f372559c819 [ 453.236736][ T7449] RDX: 00000000040080c0 RSI: 0000200000000240 RDI: 0000000000000003 [ 453.236832][ T7449] RBP: 00007f3726501090 R08: 0000000000000000 R09: 0000000000000000 [ 453.236929][ T7449] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.237019][ T7449] R13: 00007f3725816038 R14: 00007f3725815fa0 R15: 00007ffed68bf718 [ 453.237162][ T7449] [ 453.782142][ T795] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 453.951771][ T795] usb 3-1: Using ep0 maxpacket: 16 [ 453.984661][ T795] usb 3-1: config 0 has no interfaces? [ 454.010583][ T795] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 454.047481][ T795] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 454.098672][ T795] usb 3-1: Product: syz [ 454.128490][ T795] usb 3-1: Manufacturer: syz [ 454.200235][ T795] usb 3-1: SerialNumber: syz [ 454.222575][ T795] usb 3-1: config 0 descriptor?? [ 454.464222][ T7455] loop0: detected capacity change from 0 to 4096 [ 454.485708][ T7455] ntfs3(loop0): Different NTFS sector size (4096) and media sector size (512). [ 454.592334][ T795] usb 3-1: USB disconnect, device number 21 [ 454.687332][ T7463] loop1: detected capacity change from 0 to 512 [ 454.861581][ T5876] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 454.937142][ T7455] ntfs3(loop0): ino=19, mi_enum_attr [ 454.972372][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 455.018632][ T7455] ntfs3(loop0): Mark volume as dirty due to NTFS errors [ 455.026604][ T7464] can: request_module (can-proto-3) failed. [ 455.060302][ T5839] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 455.070744][ T5876] usb 4-1: Using ep0 maxpacket: 32 [ 455.107284][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.179916][ T5876] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 455.254060][ T5876] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 455.320447][ T5839] usb 5-1: config index 0 descriptor too short (expected 23569, got 27) [ 455.329084][ T5839] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.348078][ T5876] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 455.375022][ T5876] usb 4-1: config 0 descriptor?? [ 455.416455][ T5839] usb 5-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 455.473208][ T5876] hub 4-1:0.0: USB hub found [ 455.490399][ T5839] usb 5-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 455.498825][ T5839] usb 5-1: Manufacturer: syz [ 455.593354][ T5839] usb 5-1: config 0 descriptor?? [ 455.667725][ T5839] igorplugusb 5-1:0.0: incorrect number of endpoints [ 455.781452][ T5876] hub 4-1:0.0: 1 port detected [ 455.942477][ T7462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 455.951971][ T795] usb 5-1: USB disconnect, device number 11 [ 456.038303][ T7462] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 456.130287][ T5876] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 456.141981][ T5876] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 456.315035][ T5876] usbhid 4-1:0.0: can't add hid device: -71 [ 456.341081][ T5876] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 456.426164][ T5876] usb 4-1: USB disconnect, device number 17 [ 456.632788][ T7475] loop1: detected capacity change from 0 to 512 [ 456.842678][ T7475] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 456.860580][ T7475] ext4 filesystem being mounted at /83/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 457.092345][ T7480] netlink: 16 bytes leftover after parsing attributes in process `syz.2.427'. [ 457.221206][ T7480] loop2: detected capacity change from 0 to 64 [ 457.298693][ T7480] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 457.417978][ T7480] loop2: detected capacity change from 0 to 64 [ 457.497454][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 457.605117][ T795] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 457.624799][ T7480] hfs: get root inode failed [ 457.671825][ T7488] loop0: detected capacity change from 0 to 16 [ 457.792998][ T7488] cramfs: Error -3 while decompressing! [ 457.811458][ T7488] cramfs: ffffffff959dc238(27)->ffff88811cd73000(4096) [ 457.859143][ T795] usb 5-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 457.898492][ T795] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.929438][ T7488] cramfs: Error -3 while decompressing! [ 457.974063][ T795] usb 5-1: config 0 descriptor?? [ 458.014682][ T7488] cramfs: ffffffff959dc238(27)->ffff88811cd73000(4096) [ 458.056955][ T795] pwc: Samsung MPC-C10 USB webcam detected. [ 458.071685][ T29] audit: type=1800 audit(1775913130.839:35): pid=7488 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.429" name="file2" dev="loop0" ino=348 res=0 errno=0 [ 458.266755][ T7482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 458.357234][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop0 [ 458.379864][ T7482] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 458.735207][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop0 [ 458.898198][ T7482] loop4: detected capacity change from 0 to 2048 [ 459.055096][ T7482] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 459.093623][ T49] Bluetooth: hci4: unexpected event for opcode 0x202f [ 459.149564][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop0 [ 459.272570][ T7482] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 459.490338][ T7482] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 459.535593][ T5837] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 459.546456][ T7482] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 459.616965][ T795] pwc: send_video_command error -71 [ 459.633922][ T795] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 459.643737][ T795] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 459.720736][ T795] usb 5-1: USB disconnect, device number 12 [ 459.773433][ T5837] usb 4-1: Using ep0 maxpacket: 16 [ 459.786761][ T5837] usb 4-1: config 0 has no interfaces? [ 459.843165][ T5837] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 459.897349][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.939065][ T5837] usb 4-1: Product: syz [ 459.951169][ T5837] usb 4-1: Manufacturer: syz [ 459.956027][ T5837] usb 4-1: SerialNumber: syz [ 460.052619][ T5837] usb 4-1: config 0 descriptor?? [ 460.441554][ T5837] usb 4-1: USB disconnect, device number 18 [ 460.524912][ T7501] loop2: detected capacity change from 0 to 4096 [ 460.612966][ T7501] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 461.010313][ T7501] ntfs3(loop2): ino=19, mi_enum_attr [ 461.030653][ T7501] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 463.845841][ T7525] netlink: 32 bytes leftover after parsing attributes in process `syz.4.443'. [ 464.002554][ T7527] netlink: 16 bytes leftover after parsing attributes in process `syz.2.442'. [ 464.035902][ T7528] loop0: detected capacity change from 0 to 512 [ 464.149895][ T7527] loop2: detected capacity change from 0 to 64 [ 464.277654][ T7528] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 464.291453][ T7527] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 464.361871][ T7528] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 464.379626][ T7534] 9p: Bad value for 'rfdno' [ 464.864468][ T7539] loop3: detected capacity change from 0 to 512 [ 465.088320][ T7539] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 465.226959][ T5774] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 465.256677][ T7539] ext4 filesystem being mounted at /91/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 465.395752][ T7549] loop2: detected capacity change from 0 to 16 [ 465.452475][ T795] IPVS: starting estimator thread 0... [ 465.463466][ T7539] fuse: Unknown parameter 'pcr' [ 465.555645][ T7549] cramfs: Error -3 while decompressing! [ 465.562756][ T7551] IPVS: using max 192 ests per chain, 9600 per kthread [ 465.570850][ T7549] cramfs: ffffffff959dc238(27)->ffff888133490000(4096) [ 465.578288][ T7549] cramfs: Error -3 while decompressing! [ 465.590877][ T7549] cramfs: ffffffff959dc238(27)->ffff888133490000(4096) [ 465.656359][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop2 [ 465.680490][ T5837] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 465.747115][ T29] audit: type=1800 audit(1775913138.519:36): pid=7549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.448" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 465.851662][ T795] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 465.871061][ T5837] usb 5-1: Using ep0 maxpacket: 16 [ 465.904335][ T5837] usb 5-1: config 0 has no interfaces? [ 465.942008][ T5837] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 465.974500][ T5837] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 465.998483][ T5837] usb 5-1: Product: syz [ 466.019862][ T6711] udevd[6711]: incorrect cramfs checksum on /dev/loop2 [ 466.052026][ T5837] usb 5-1: Manufacturer: syz [ 466.063353][ T5837] usb 5-1: SerialNumber: syz [ 466.098463][ T795] usb 4-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 466.130370][ T795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 466.142569][ T5837] usb 5-1: config 0 descriptor?? [ 466.174517][ T795] usb 4-1: Product: syz [ 466.179009][ T795] usb 4-1: Manufacturer: syz [ 466.226422][ T795] usb 4-1: SerialNumber: syz [ 466.489721][ T795] usb 4-1: config 0 descriptor?? [ 468.302641][ T5837] usb 5-1: USB disconnect, device number 13 [ 468.725824][ T5785] Bluetooth: hci4: command 0x2016 tx timeout [ 470.800502][ T49] Bluetooth: hci4: command 0x2016 tx timeout [ 470.831312][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 470.965889][ T795] usb 4-1: USB disconnect, device number 19 [ 471.203736][ T6076] udevd[6076]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 471.807884][ T7563] loop0: detected capacity change from 0 to 128 [ 472.704526][ T7563] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 472.704692][ T7563] hpfs: filesystem error: improperly stopped [ 472.704795][ T7563] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 472.704897][ T7563] hpfs: You really don't want any checks? You are crazy... [ 472.704988][ T7563] hpfs: Code page index out of array [ 472.705037][ T7563] hpfs: code page support is disabled [ 472.827915][ T7563] hpfs: hpfs_map_4sectors(): unaligned read [ 472.884341][ T7563] hpfs: hpfs_map_4sectors(): unaligned read [ 472.884429][ T7563] hpfs: filesystem error: unable to find root dir [ 472.979034][ T7568] loop3: detected capacity change from 0 to 4096 [ 473.265238][ T7568] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 475.141687][ T7568] ntfs3(loop3): ino=19, mi_enum_attr [ 475.141827][ T7568] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 475.249074][ T7568] netlink: 388 bytes leftover after parsing attributes in process `syz.3.453'. [ 475.363524][ T7581] netlink: 16 bytes leftover after parsing attributes in process `syz.2.458'. [ 475.397528][ T7581] loop2: detected capacity change from 0 to 64 [ 475.475558][ T7581] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 475.507972][ T7585] loop1: detected capacity change from 0 to 512 [ 475.817247][ T7585] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 475.817690][ T7585] ext4 filesystem being mounted at /92/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 476.666945][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 477.849116][ T7602] loop3: detected capacity change from 0 to 16 [ 477.949491][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop3 [ 478.031956][ T7602] cramfs: Error -3 while decompressing! [ 478.038163][ T7602] cramfs: ffffffff959dc238(27)->ffff8881334f6000(4096) [ 478.078552][ T7595] loop2: detected capacity change from 0 to 4096 [ 478.091648][ T7602] cramfs: Error -3 while decompressing! [ 478.139524][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop3 [ 478.161005][ T7595] EXT4-fs: Ignoring removed orlov option [ 478.183183][ T7602] cramfs: ffffffff959dc238(27)->ffff8881334f6000(4096) [ 478.210948][ T5876] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 478.242805][ T7595] EXT4-fs (loop2): Test dummy encryption mode enabled [ 478.251186][ T29] audit: type=1800 audit(1775913151.029:37): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.465" name="file2" dev="loop3" ino=348 res=0 errno=0 [ 478.364399][ T7595] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 478.381516][ T5876] usb 2-1: Using ep0 maxpacket: 16 [ 478.393677][ T5876] usb 2-1: config 0 has no interfaces? [ 478.444010][ T5876] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 478.473876][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.483514][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop3 [ 478.491013][ T5876] usb 2-1: Product: syz [ 478.495396][ T5876] usb 2-1: Manufacturer: syz [ 478.541651][ T5876] usb 2-1: SerialNumber: syz [ 478.564699][ T5876] usb 2-1: config 0 descriptor?? [ 478.582708][ T29] audit: type=1800 audit(1775913151.359:38): pid=7595 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.462" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 478.903233][ T795] usb 2-1: USB disconnect, device number 18 [ 478.924195][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop3 [ 479.133765][ T5876] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 479.308516][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop3 [ 479.351974][ T5876] usb 1-1: Using ep0 maxpacket: 16 [ 479.391936][ T5876] usb 1-1: config 0 has no interfaces? [ 479.447600][ T5876] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 479.480610][ T5876] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 479.488895][ T5876] usb 1-1: Product: syz [ 479.510222][ T5876] usb 1-1: Manufacturer: syz [ 479.520402][ T5876] usb 1-1: SerialNumber: syz [ 479.574192][ T5876] usb 1-1: config 0 descriptor?? [ 479.790736][ T5772] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 479.924596][ T5876] usb 1-1: USB disconnect, device number 18 [ 480.166111][ T5785] Bluetooth: hci4: unexpected event for opcode 0x200f [ 483.666213][ T7628] loop0: detected capacity change from 0 to 64 [ 483.707795][ T7628] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 484.731946][ T7642] loop1: detected capacity change from 0 to 512 [ 484.808103][ T7648] loop4: detected capacity change from 0 to 16 [ 484.896735][ T7649] loop0: detected capacity change from 0 to 64 [ 484.979907][ T7642] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 485.033001][ T7645] cramfs: Error -3 while decompressing! [ 485.039890][ T7645] cramfs: ffffffff959dc238(27)->ffff88811cdc4000(4096) [ 485.103108][ T7642] ext4 filesystem being mounted at /95/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 485.115513][ T7645] cramfs: Error -3 while decompressing! [ 485.125522][ T7645] cramfs: ffffffff959dc238(27)->ffff88811cdc4000(4096) [ 485.211900][ T29] audit: type=1800 audit(1775913157.989:39): pid=7645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.478" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 485.460414][ T5876] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 485.479080][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop4 [ 485.678197][ T5876] usb 1-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 485.757705][ T5777] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 485.785250][ T5876] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 485.859755][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop4 [ 485.903271][ T5876] usb 1-1: config 0 descriptor?? [ 486.038669][ T5876] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 486.172709][ T7646] overlay: ./file1 is not a directory [ 486.205097][ T7646] fuse: Bad value for 'fd' [ 486.241949][ T7646] fuse: Bad value for 'user_id' [ 486.258008][ T7646] fuse: Bad value for 'user_id' [ 486.340351][ T5839] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 486.360705][ T5876] gspca_cpia1: usb_control_msg 05, error -71 [ 486.386304][ T5876] gspca_cpia1: usb_control_msg 01, error -71 [ 486.429112][ T5876] cpia1 1-1:0.0: only firmware version 1 is supported (got: 0) [ 486.522627][ T5876] usb 1-1: USB disconnect, device number 19 [ 486.560236][ T5839] usb 4-1: Using ep0 maxpacket: 16 [ 486.591064][ T5839] usb 4-1: config 0 has no interfaces? [ 486.676569][ T5839] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 486.705305][ T5839] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 486.738448][ T5839] usb 4-1: Product: syz [ 486.745141][ T5839] usb 4-1: Manufacturer: syz [ 486.755666][ T5839] usb 4-1: SerialNumber: syz [ 486.805809][ T5839] usb 4-1: config 0 descriptor?? [ 487.132417][ T795] usb 4-1: USB disconnect, device number 20 [ 488.088695][ T7671] netlink: 20 bytes leftover after parsing attributes in process `syz.4.482'. [ 488.098367][ T7671] netlink: 36 bytes leftover after parsing attributes in process `syz.4.482'. [ 488.734051][ T5785] Bluetooth: hci2: unexpected event for opcode 0x200f [ 489.396895][ T7680] netlink: 16 bytes leftover after parsing attributes in process `syz.3.486'. [ 489.554864][ T7682] loop3: detected capacity change from 0 to 64 [ 489.657943][ T7682] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 489.766061][ T7680] loop3: detected capacity change from 0 to 64 [ 489.891863][ T7680] hfs: get root inode failed [ 489.929820][ T7684] fuse: Unknown parameter 'grou00000000000000000000' [ 490.826822][ T7690] loop3: detected capacity change from 0 to 512 [ 491.082958][ T7690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 491.224007][ T7690] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 492.238992][ T5775] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 492.302554][ T7700] loop2: detected capacity change from 0 to 16 [ 492.422482][ T7700] cramfs: Error -3 while decompressing! [ 492.428259][ T7700] cramfs: ffffffff959dc238(27)->ffff888133596000(4096) [ 492.516452][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop2 [ 492.544862][ T7700] cramfs: Error -3 while decompressing! [ 492.591873][ T7700] cramfs: ffffffff959dc238(27)->ffff888133596000(4096) [ 492.673878][ T29] audit: type=1800 audit(1775913165.439:40): pid=7700 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.492" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 492.775058][ T7708] netlink: 14 bytes leftover after parsing attributes in process `syz.0.494'. [ 493.260574][ T5876] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 493.431464][ T5876] usb 5-1: Using ep0 maxpacket: 16 [ 493.477237][ T5876] usb 5-1: config 0 has no interfaces? [ 493.575056][ T5876] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 493.596669][ T5876] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.646261][ T5876] usb 5-1: Product: syz [ 493.690582][ T5876] usb 5-1: Manufacturer: syz [ 493.695402][ T5876] usb 5-1: SerialNumber: syz [ 493.871177][ T5876] usb 5-1: config 0 descriptor?? [ 495.385471][ T795] usb 5-1: USB disconnect, device number 14 [ 495.468495][ T5785] Bluetooth: hci3: unexpected event for opcode 0x200f [ 495.835921][ T7728] fuse: Unknown parameter 'grou00000000000000000000' [ 495.981543][ T7730] netlink: 16 bytes leftover after parsing attributes in process `syz.2.501'. [ 496.050700][ T7730] loop2: detected capacity change from 0 to 64 [ 496.078131][ T7730] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 496.164868][ T7730] loop2: detected capacity change from 0 to 64 [ 496.262677][ T7730] hfs: get root inode failed [ 497.137455][ T7739] loop1: detected capacity change from 0 to 2048 [ 499.820905][ T7735] loop0: detected capacity change from 0 to 512 [ 501.459792][ T7739] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 502.090982][ T7735] EXT4-fs warning (device loop0): ext4_multi_mount_protect:394: Unable to create kmmpd thread for loop0. [ 502.910791][ T7751] loop1: detected capacity change from 0 to 512 [ 502.956012][ T7751] EXT4-fs (loop1): Test dummy encryption mode enabled [ 503.052626][ T795] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 503.053446][ T7751] EXT4-fs (loop1): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 503.140593][ T7757] FAULT_INJECTION: forcing a failure. [ 503.140593][ T7757] name failslab, interval 1, probability 0, space 0, times 0 [ 503.209239][ T7757] CPU: 0 UID: 0 PID: 7757 Comm: syz.3.510 Not tainted syzkaller #0 PREEMPT(full) [ 503.209394][ T7757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 503.209483][ T7757] Call Trace: [ 503.209535][ T7757] [ 503.209589][ T7757] __dump_stack+0x26/0x30 [ 503.209765][ T7757] dump_stack_lvl+0x14c/0x1c0 [ 503.209946][ T7757] dump_stack+0x1e/0x25 [ 503.210102][ T7757] should_fail_ex+0x7e2/0x8c0 [ 503.210308][ T7757] should_failslab+0x158/0x200 [ 503.210456][ T7757] kmem_cache_alloc_node_noprof+0x14c/0x12d0 [ 503.210613][ T7757] ? kmsan_get_metadata+0xf1/0x160 [ 503.210750][ T7757] ? __alloc_skb+0x744/0x1190 [ 503.210923][ T7757] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 503.211125][ T7757] __alloc_skb+0x744/0x1190 [ 503.211376][ T7757] ? __alloc_skb+0x35e/0x1190 [ 503.211539][ T7757] ? netlink_autobind+0x3b0/0x430 [ 503.211746][ T7757] netlink_alloc_large_skb+0xa5/0x290 [ 503.211938][ T7757] netlink_sendmsg+0xae9/0x1250 [ 503.212198][ T7757] ? __pfx_netlink_sendmsg+0x10/0x10 [ 503.212389][ T7757] ____sys_sendmsg+0xf37/0xfd0 [ 503.212604][ T7757] ___sys_sendmsg+0x271/0x3b0 [ 503.212779][ T7757] ? kmsan_get_metadata+0xf1/0x160 [ 503.213075][ T7757] ? __rcu_read_unlock+0x6c/0xd0 [ 503.213293][ T7757] ? __fget_files+0x3b4/0x4a0 [ 503.213462][ T7757] ? __fget_files+0x3b9/0x4a0 [ 503.213628][ T7757] ? kmsan_get_metadata+0xf1/0x160 [ 503.213770][ T7757] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 503.213932][ T7757] __x64_sys_sendmsg+0x211/0x3e0 [ 503.214140][ T7757] ? kmsan_get_metadata+0xf1/0x160 [ 503.214313][ T7757] x64_sys_call+0x1e20/0x3ea0 [ 503.214514][ T7757] do_syscall_64+0x134/0xf80 [ 503.214698][ T7757] ? clear_bhb_loop+0x50/0xa0 [ 503.214855][ T7757] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.215013][ T7757] RIP: 0033:0x7f2e91f9c819 [ 503.215121][ T7757] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 503.215256][ T7757] RSP: 002b:00007f2e92ed4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 503.215392][ T7757] RAX: ffffffffffffffda RBX: 00007f2e92215fa0 RCX: 00007f2e91f9c819 [ 503.215498][ T7757] RDX: 0000000000000000 RSI: 00002000000038c0 RDI: 0000000000000003 [ 503.215592][ T7757] RBP: 00007f2e92ed4090 R08: 0000000000000000 R09: 0000000000000000 [ 503.215686][ T7757] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.215773][ T7757] R13: 00007f2e92216038 R14: 00007f2e92215fa0 R15: 00007ffdfe393e18 [ 503.215917][ T7757] [ 503.669918][ T795] usb 5-1: Using ep0 maxpacket: 16 [ 503.711165][ T795] usb 5-1: config 0 has no interfaces? [ 503.726657][ T795] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 503.736211][ T795] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 503.744690][ T795] usb 5-1: Product: syz [ 503.749072][ T795] usb 5-1: Manufacturer: syz [ 503.754128][ T795] usb 5-1: SerialNumber: syz [ 503.766131][ T795] usb 5-1: config 0 descriptor?? [ 504.177946][ T5777] EXT4-fs (loop1): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 504.225242][ T5839] usb 5-1: USB disconnect, device number 15 [ 504.589718][ T7767] loop3: detected capacity change from 0 to 16 [ 504.780211][ T7767] cramfs: Error -3 while decompressing! [ 504.801378][ T7767] cramfs: ffffffff959dc238(27)->ffff88813f66d000(4096) [ 504.806589][ T6711] udevd[6711]: incorrect cramfs checksum on /dev/loop3 [ 504.809072][ T7767] cramfs: Error -3 while decompressing! [ 504.939667][ T7767] cramfs: ffffffff959dc238(27)->ffff88813f66d000(4096) [ 505.040604][ T29] audit: type=1800 audit(1775913177.789:41): pid=7767 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.511" name="file2" dev="loop3" ino=348 res=0 errno=0 [ 505.196320][ T6711] udevd[6711]: incorrect cramfs checksum on /dev/loop3 [ 505.330394][ T795] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 507.062638][ T795] usb 1-1: Using ep0 maxpacket: 16 [ 507.628956][ T5779] Bluetooth: hci0: command 0x2016 tx timeout [ 509.800375][ T5779] Bluetooth: hci0: command 0x2016 tx timeout [ 509.832721][ T7780] loop4: detected capacity change from 0 to 2048 [ 510.138318][ T7780] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 510.380792][ T795] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 510.421137][ T795] usb 1-1: can't read configurations, error -71 [ 510.598889][ T7784] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 510.667775][ T7784] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 511.058156][ T7787] loop0: detected capacity change from 0 to 64 [ 511.151183][ T7787] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 511.182280][ T49] Bluetooth: hci3: unexpected event for opcode 0x200f [ 511.305113][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 511.312229][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 511.328077][ T7787] loop0: detected capacity change from 0 to 64 [ 511.505498][ T7787] hfs: get root inode failed [ 511.764893][ T7796] netlink: 'syz.1.520': attribute type 3 has an invalid length. [ 511.922761][ T7796] netlink: 8 bytes leftover after parsing attributes in process `syz.1.520'. [ 512.739358][ T7800] loop0: detected capacity change from 0 to 4096 [ 514.210689][ T5837] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 514.375162][ T5837] usb 4-1: Using ep0 maxpacket: 16 [ 514.390911][ T5837] usb 4-1: config 0 has no interfaces? [ 514.399109][ T7826] loop2: detected capacity change from 0 to 16 [ 514.440463][ T5837] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 514.440632][ T5837] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.440766][ T5837] usb 4-1: Product: syz [ 514.440866][ T5837] usb 4-1: Manufacturer: syz [ 514.440971][ T5837] usb 4-1: SerialNumber: syz [ 514.463413][ T5837] usb 4-1: config 0 descriptor?? [ 514.555788][ T7826] cramfs: Error -3 while decompressing! [ 514.555864][ T7826] cramfs: ffffffff959dc238(27)->ffff88811cebd000(4096) [ 514.556259][ T7826] cramfs: Error -3 while decompressing! [ 514.556318][ T7826] cramfs: ffffffff959dc238(27)->ffff88811cebd000(4096) [ 514.570546][ T29] audit: type=1800 audit(1775913187.329:42): pid=7826 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.528" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 514.680850][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop2 [ 514.898836][ T5837] usb 4-1: USB disconnect, device number 21 [ 515.121231][ T6711] udevd[6711]: incorrect cramfs checksum on /dev/loop2 [ 515.582923][ T7834] netlink: 16 bytes leftover after parsing attributes in process `syz.4.531'. [ 515.607888][ T7834] loop4: detected capacity change from 0 to 64 [ 515.651733][ T7834] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 515.716793][ T7834] loop4: detected capacity change from 0 to 64 [ 515.834388][ T7834] hfs: get root inode failed [ 515.952399][ T7837] loop1: detected capacity change from 0 to 8 [ 517.369393][ T7844] SQUASHFS error: lzo decompression failed, data probably corrupt [ 517.377658][ T7844] SQUASHFS error: Failed to read block 0x0: -5 [ 517.384583][ T7844] SQUASHFS error: Failed to read block 0xff: -5 [ 517.392439][ T7844] SQUASHFS error: lzo decompression failed, data probably corrupt [ 517.400595][ T7844] SQUASHFS error: Failed to read block 0x0: -5 [ 517.411552][ T7844] SQUASHFS error: lzo decompression failed, data probably corrupt [ 517.424029][ T7844] SQUASHFS error: Failed to read block 0x0: -5 [ 517.437607][ T7844] SQUASHFS error: Failed to read block 0x6a4: -5 [ 517.444302][ T7844] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 517.451933][ T7844] SQUASHFS error: read_indexes: reading block [6a2:0] [ 517.459087][ T7844] SQUASHFS error: Failed to read block 0x0: -5 [ 517.465726][ T7844] SQUASHFS error: Unable to read metadata cache entry [6a2] [ 517.473370][ T7844] SQUASHFS error: read_indexes: reading block [6a2:0] [ 517.480546][ T7844] SQUASHFS error: Failed to read block 0x0: -5 [ 517.550961][ T29] audit: type=1800 audit(1775913190.179:43): pid=7844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.532" name="file2" dev="loop1" ino=3 res=0 errno=0 [ 518.156941][ T7846] loop2: detected capacity change from 0 to 2048 [ 518.426072][ T29] audit: type=1800 audit(1775913190.209:44): pid=7844 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.532" name="file2" dev="loop1" ino=3 res=0 errno=0 [ 518.466749][ T49] Bluetooth: hci1: unexpected event for opcode 0x200f [ 518.534027][ T35] ntfs3(loop0): ino=5, mi_enum_attr [ 518.922254][ T7846] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 520.605291][ T7861] netlink: 72 bytes leftover after parsing attributes in process `syz.1.539'. [ 520.667228][ T7861] netlink: 72 bytes leftover after parsing attributes in process `syz.1.539'. [ 520.832103][ T7861] netlink: 8 bytes leftover after parsing attributes in process `syz.1.539'. [ 521.270297][ T5839] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 521.450394][ T5839] usb 2-1: Using ep0 maxpacket: 16 [ 521.482120][ T7870] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 521.505972][ T5839] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 521.511291][ T7870] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 521.716063][ T5839] usb 2-1: config 0 has no interface number 0 [ 521.736952][ T5839] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 521.746957][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 521.756292][ T5839] usb 2-1: Product: syz [ 521.761201][ T5839] usb 2-1: Manufacturer: syz [ 521.766020][ T5839] usb 2-1: SerialNumber: syz [ 521.784429][ T5839] usb 2-1: config 0 descriptor?? [ 521.803196][ T5839] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 521.869515][ T7872] loop4: detected capacity change from 0 to 16 [ 522.061824][ T7878] netlink: 16 bytes leftover after parsing attributes in process `syz.2.545'. [ 522.137390][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop4 [ 522.178446][ T7872] cramfs: Error -3 while decompressing! [ 522.193496][ T7878] loop2: detected capacity change from 0 to 64 [ 522.235500][ T7872] cramfs: ffffffff959dc238(27)->ffff88813f6a3000(4096) [ 522.295283][ T7878] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 522.309731][ T7872] cramfs: Error -3 while decompressing! [ 522.498002][ T7872] cramfs: ffffffff959dc238(27)->ffff88813f6a3000(4096) [ 522.552954][ T29] audit: type=1800 audit(1775913195.329:45): pid=7872 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.544" name="file2" dev="loop4" ino=348 res=0 errno=0 [ 522.590705][ T5839] gspca_spca1528: reg_w err -110 [ 522.632056][ T5839] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110 [ 522.807717][ T5966] udevd[5966]: incorrect cramfs checksum on /dev/loop4 [ 523.345729][ T7885] FAULT_INJECTION: forcing a failure. [ 523.345729][ T7885] name failslab, interval 1, probability 0, space 0, times 0 [ 523.425001][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop4 [ 523.545960][ T7885] CPU: 1 UID: 0 PID: 7885 Comm: syz.3.547 Not tainted syzkaller #0 PREEMPT(full) [ 523.546115][ T7885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 523.546204][ T7885] Call Trace: [ 523.546256][ T7885] [ 523.546311][ T7885] __dump_stack+0x26/0x30 [ 523.546493][ T7885] dump_stack_lvl+0x14c/0x1c0 [ 523.546677][ T7885] dump_stack+0x1e/0x25 [ 523.546842][ T7885] should_fail_ex+0x7e2/0x8c0 [ 523.547062][ T7885] should_failslab+0x158/0x200 [ 523.547215][ T7885] __kmalloc_noprof+0x1e0/0x1680 [ 523.547368][ T7885] ? kfree+0x20/0x1130 [ 523.547492][ T7885] ? tomoyo_realpath_from_path+0xeb/0x9f0 [ 523.547711][ T7885] ? kmsan_get_metadata+0xf1/0x160 [ 523.547857][ T7885] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 523.548027][ T7885] tomoyo_realpath_from_path+0xeb/0x9f0 [ 523.548233][ T7885] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 523.548395][ T7885] ? __srcu_read_lock+0x5e/0xd0 [ 523.548555][ T7885] tomoyo_path_number_perm+0x1d0/0x7d0 [ 523.548781][ T7885] ? kmsan_get_metadata+0xf1/0x160 [ 523.548977][ T7885] tomoyo_file_ioctl+0x3d/0x50 [ 523.549187][ T7885] security_file_ioctl+0x139/0x570 [ 523.549353][ T7885] __se_sys_ioctl+0xbb/0x400 [ 523.549555][ T7885] __x64_sys_ioctl+0x97/0xe0 [ 523.549764][ T7885] x64_sys_call+0x1975/0x3ea0 [ 523.549955][ T7885] do_syscall_64+0x134/0xf80 [ 523.550131][ T7885] ? clear_bhb_loop+0x50/0xa0 [ 523.550294][ T7885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 523.550451][ T7885] RIP: 0033:0x7f2e91f9c819 [ 523.550560][ T7885] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 523.550707][ T7885] RSP: 002b:00007f2e92ed4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 523.550854][ T7885] RAX: ffffffffffffffda RBX: 00007f2e92215fa0 RCX: 00007f2e91f9c819 [ 523.550961][ T7885] RDX: 0000200000000100 RSI: 0000000000008933 RDI: 0000000000000003 [ 523.551055][ T7885] RBP: 00007f2e92ed4090 R08: 0000000000000000 R09: 0000000000000000 [ 523.551147][ T7885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 523.551239][ T7885] R13: 00007f2e92216038 R14: 00007f2e92215fa0 R15: 00007ffdfe393e18 [ 523.551397][ T7885] [ 524.078719][ T5839] usb 2-1: USB disconnect, device number 19 [ 524.229569][ T7885] ERROR: Out of memory at tomoyo_realpath_from_path. [ 524.251715][ T7883] loop0: detected capacity change from 0 to 32768 [ 524.382853][ T5835] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 524.416414][ T7883] JBD2: Ignoring recovery information on journal [ 524.516362][ T7883] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 524.572348][ T5835] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 524.619099][ T5835] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 524.697008][ T5835] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 524.807063][ T5835] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 524.818219][ T5835] usb 3-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 9 [ 524.832862][ T5835] usb 3-1: New USB device found, idVendor=1784, idProduct=0001, bcdDevice=8c.04 [ 524.860709][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 524.881197][ T5837] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 524.913116][ T5835] usb 3-1: config 0 descriptor?? [ 525.110735][ T5837] usb 1-1: Using ep0 maxpacket: 32 [ 526.361920][ T5835] usb 3-1: string descriptor 0 read error: -71 [ 527.134965][ T7897] loop3: detected capacity change from 0 to 16 [ 527.196525][ T5835] usb 3-1: USB disconnect, device number 22 [ 527.263192][ T7897] erofs: Unknown parameter 'àÿ' [ 527.410060][ T7900] loop4: detected capacity change from 0 to 512 [ 527.477033][ T7900] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 527.732411][ T5837] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 527.793145][ T5837] usb 1-1: can't read configurations, error -71 [ 528.019737][ T7900] FAT-fs (loop4): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 528.175196][ T7900] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 548) [ 528.212037][ T5774] ocfs2: Unmounting device (7,0) on (node local) [ 528.321384][ T7900] FAT-fs (loop4): error, fat_free: invalid cluster chain (i_pos 548) [ 530.741594][ T7922] netlink: 16 bytes leftover after parsing attributes in process `syz.3.558'. [ 530.829519][ T7926] loop4: detected capacity change from 0 to 16 [ 530.848236][ T7922] loop3: detected capacity change from 0 to 64 [ 530.882364][ T7922] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 530.901795][ T7926] erofs (device loop4): invalid checksum 0x494356e9, 0xe73df4ff expected [ 531.061584][ T7928] loop1: detected capacity change from 0 to 16 [ 531.125857][ T7928] erofs: Unknown parameter 'àÿ' [ 533.635992][ T7927] loop1: detected capacity change from 0 to 4096 [ 533.656658][ T7927] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 533.828808][ T7927] ntfs3(loop1): Failed to read $AttrDef (-4). [ 534.722858][ T5835] usb 5-1: new full-speed USB device number 16 using dummy_hcd [ 534.924840][ T5835] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 534.958296][ T795] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 534.974437][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 535.204872][ T795] usb 3-1: Using ep0 maxpacket: 16 [ 535.826086][ T5837] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 536.051747][ T795] usb 3-1: config 0 has no interfaces? [ 536.778051][ T5837] usb 2-1: Using ep0 maxpacket: 32 [ 538.026097][ T5837] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 538.594829][ T5837] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 539.331507][ T5837] usb 2-1: config 0 has no interface number 0 [ 539.442152][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 539.822067][ T5837] usb 2-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 541.744089][ T5835] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 544.016815][ T5835] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 9 [ 544.836452][ T5837] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 545.074886][ T5837] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.243198][ T5837] usb 2-1: Product: syz [ 545.288508][ T5835] usb 5-1: New USB device found, idVendor=1784, idProduct=0001, bcdDevice=8c.04 [ 545.298015][ T5835] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 545.311866][ T5835] usb 5-1: config 0 descriptor?? [ 545.350232][ T5837] usb 2-1: Manufacturer: syz [ 545.785573][ T5837] usb 2-1: config 0 descriptor?? [ 545.880735][ T5837] usb 2-1: can't set config #0, error -71 [ 545.991876][ T5837] usb 2-1: USB disconnect, device number 20 [ 546.038780][ T795] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 546.071334][ T795] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 546.079517][ T795] usb 3-1: Product: syz [ 546.099243][ T795] usb 3-1: config 0 descriptor?? [ 546.110577][ T795] usb 3-1: can't set config #0, error -71 [ 546.129813][ T5835] usb 5-1: can't set config #0, error -71 [ 546.177568][ T795] usb 3-1: USB disconnect, device number 23 [ 546.386884][ T5835] usb 5-1: USB disconnect, device number 16 [ 547.425493][ T7973] netlink: 16 bytes leftover after parsing attributes in process `syz.0.573'. [ 547.494388][ T7974] loop0: detected capacity change from 0 to 64 [ 547.506959][ T7974] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 547.672206][ T7973] loop0: detected capacity change from 0 to 64 [ 547.785443][ T7973] hfs: get root inode failed [ 549.822447][ T7985] loop4: detected capacity change from 0 to 8 [ 549.840696][ T7989] fuse: Bad value for 'user_id' [ 549.846596][ T7989] fuse: Bad value for 'user_id' [ 550.103123][ T7987] netlink: 36 bytes leftover after parsing attributes in process `syz.1.577'. [ 550.608378][ T7987] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 550.679209][ T7992] SQUASHFS error: lzo decompression failed, data probably corrupt [ 550.688106][ T7992] SQUASHFS error: Failed to read block 0x0: -5 [ 550.701223][ T7992] SQUASHFS error: Failed to read block 0xff: -5 [ 550.712289][ T7992] SQUASHFS error: lzo decompression failed, data probably corrupt [ 550.721227][ T7992] SQUASHFS error: Failed to read block 0x0: -5 [ 550.780887][ T29] audit: type=1800 audit(1775913223.509:46): pid=7992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.576" name="file2" dev="loop4" ino=3 res=0 errno=0 [ 552.792123][ T8000] loop3: detected capacity change from 0 to 16 [ 552.891822][ T8000] cramfs: Error -3 while decompressing! [ 552.897584][ T8000] cramfs: ffffffff959dc238(27)->ffff88813369f000(4096) [ 552.990902][ T8000] cramfs: Error -3 while decompressing! [ 552.996665][ T8000] cramfs: ffffffff959dc238(27)->ffff88813369f000(4096) [ 553.010442][ T795] usb 5-1: new full-speed USB device number 17 using dummy_hcd [ 553.140204][ T29] audit: type=1800 audit(1775913225.889:47): pid=8000 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.580" name="file2" dev="loop3" ino=348 res=0 errno=0 [ 553.272594][ T795] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 553.322401][ T795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 553.340415][ T5835] usb 2-1: new low-speed USB device number 21 using dummy_hcd [ 553.435574][ T795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 553.512527][ T795] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 553.544747][ T5835] usb 2-1: device descriptor read/64, error -71 [ 553.587460][ T795] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 9 [ 553.641194][ T795] usb 5-1: New USB device found, idVendor=1784, idProduct=0001, bcdDevice=8c.04 [ 553.678692][ T795] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.810919][ T5835] usb 2-1: new low-speed USB device number 22 using dummy_hcd [ 553.843851][ T795] usb 5-1: config 0 descriptor?? [ 554.006763][ T7888] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 554.057340][ T5965] udevd[5965]: incorrect cramfs checksum on /dev/loop3 [ 554.093004][ T5835] usb 2-1: device descriptor read/64, error -71 [ 554.100135][ T795] usb 5-1: string descriptor 0 read error: -71 [ 554.219271][ T5835] usb usb2-port1: attempt power cycle [ 554.232816][ T795] usb 5-1: USB disconnect, device number 17 [ 554.297603][ T7888] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 554.359534][ T7888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.489167][ T7888] usb 1-1: config 0 descriptor?? [ 554.605463][ T7888] pwc: Samsung MPC-C10 USB webcam detected. [ 554.711907][ T5835] usb 2-1: new low-speed USB device number 23 using dummy_hcd [ 554.761401][ T8009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 554.804080][ T8009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.814350][ T5835] usb 2-1: device descriptor read/8, error -71 [ 555.016723][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop3 [ 555.164722][ T5835] usb 2-1: new low-speed USB device number 24 using dummy_hcd [ 555.274791][ T5835] usb 2-1: device descriptor read/8, error -71 [ 555.474375][ T8009] loop0: detected capacity change from 0 to 2048 [ 555.493873][ T5835] usb usb2-port1: unable to enumerate USB device [ 555.635463][ T8009] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 555.765910][ T8009] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 558.702358][ T8009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 559.692622][ T7888] pwc: send_video_command error -110 [ 559.698129][ T7888] pwc: Failed to set video mode VGA@30 fps; return code = -110 [ 559.733638][ T8009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 560.293849][ T8020] loop3: detected capacity change from 0 to 32768 [ 560.310919][ T7888] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -110 [ 560.438251][ T8020] JBD2: Ignoring recovery information on journal [ 560.542112][ T8020] JBD2: journal reset failed [ 560.546928][ T8020] (syz.3.585,8020,1):ocfs2_journal_load:1157 ERROR: Failed to load journal! [ 560.556073][ T8020] (syz.3.585,8020,1):ocfs2_check_volume:2376 ERROR: ocfs2 journal load failed! -4 [ 561.409664][ T7888] usb 1-1: USB disconnect, device number 24 [ 561.505756][ T8027] netlink: 16 bytes leftover after parsing attributes in process `syz.3.588'. [ 561.711326][ T8036] loop2: detected capacity change from 0 to 16 [ 562.038552][ T8037] random: crng reseeded on system resumption [ 562.899225][ T8041] cramfs: Error -3 while decompressing! [ 562.971674][ T8041] cramfs: ffffffff959dc238(27)->ffff88813f6f8000(4096) [ 563.042565][ T8042] loop0: detected capacity change from 0 to 8 [ 563.049460][ T8041] cramfs: Error -3 while decompressing! [ 563.092055][ T8041] cramfs: ffffffff959dc238(27)->ffff88813f6f8000(4096) [ 563.288064][ T29] audit: type=1800 audit(1775913236.059:48): pid=8041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.589" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 563.799846][ T6192] udevd[6192]: incorrect cramfs checksum on /dev/loop2 [ 563.910154][ T8045] SQUASHFS error: lzo decompression failed, data probably corrupt [ 563.918840][ T8045] SQUASHFS error: Failed to read block 0x0: -5 [ 563.927836][ T8045] SQUASHFS error: Failed to read block 0xff: -5 [ 563.936994][ T8045] SQUASHFS error: lzo decompression failed, data probably corrupt [ 563.945880][ T8045] SQUASHFS error: Failed to read block 0x0: -5 [ 564.777640][ T29] audit: type=1800 audit(1775913236.729:49): pid=8045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.592" name="file2" dev="loop0" ino=3 res=0 errno=0 [ 566.139674][ T6076] udevd[6076]: incorrect cramfs checksum on /dev/loop2 [ 566.333588][ T8057] loop0: detected capacity change from 0 to 16 [ 566.505366][ T8057] cramfs: Error -3 while decompressing! [ 566.524556][ T8057] cramfs: ffffffff959dc238(27)->ffff88813f54a000(4096) [ 566.552453][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop0 [ 566.589431][ T8057] cramfs: Error -3 while decompressing! [ 566.600718][ T5945] usb 2-1: new full-speed USB device number 25 using dummy_hcd [ 566.636543][ T8057] cramfs: ffffffff959dc238(27)->ffff88813f54a000(4096) [ 566.777665][ T29] audit: type=1800 audit(1775913239.539:50): pid=8057 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.595" name="file2" dev="loop0" ino=348 res=0 errno=0 [ 566.845665][ T5945] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 566.902440][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 566.954638][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 10 [ 567.088201][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop0 [ 567.097724][ T5945] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 567.160172][ T5945] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 9 [ 567.220211][ T5945] usb 2-1: New USB device found, idVendor=1784, idProduct=0001, bcdDevice=8c.04 [ 567.229642][ T5945] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.365872][ T5945] usb 2-1: config 0 descriptor?? [ 567.482710][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop0 [ 567.748692][ T5945] usb 2-1: string descriptor 0 read error: -71 [ 567.811127][ T5945] usb 2-1: USB disconnect, device number 25 [ 568.037444][ T8064] loop3: detected capacity change from 0 to 512 [ 568.198869][ T8064] EXT4-fs (loop3): ext4_check_descriptors: Inode table for group 0 not in group (block 524322)! [ 568.248345][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop0 [ 568.268279][ T8064] EXT4-fs (loop3): group descriptors corrupted! [ 568.495778][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop0 [ 569.340879][ T7888] usb 3-1: new low-speed USB device number 24 using dummy_hcd [ 569.363018][ T8079] netlink: 16 bytes leftover after parsing attributes in process `syz.1.604'. [ 569.451437][ T8079] loop1: detected capacity change from 0 to 64 [ 569.523734][ T8079] hfs: Unknown parameter 'quzô~«u‘ÅÉiet' [ 569.550283][ T7888] usb 3-1: device descriptor read/64, error -71 [ 569.600608][ T5835] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 569.665076][ T8079] loop1: detected capacity change from 0 to 64 [ 569.739392][ T8085] loop4: detected capacity change from 0 to 8 [ 569.811031][ T7888] usb 3-1: new low-speed USB device number 25 using dummy_hcd [ 569.839153][ T5835] usb 1-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 569.891164][ T5835] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.469170][ T7888] usb 3-1: device descriptor read/64, error -71 [ 570.480663][ T5835] usb 1-1: config 0 descriptor?? [ 570.501333][ T8079] hfs: get root inode failed [ 570.539395][ T5835] pwc: Samsung MPC-C10 USB webcam detected. [ 570.647807][ T8087] SQUASHFS error: lzo decompression failed, data probably corrupt [ 570.656547][ T8087] SQUASHFS error: Failed to read block 0x0: -5 [ 570.669731][ T8087] SQUASHFS error: Failed to read block 0xff: -5 [ 570.678845][ T8087] SQUASHFS error: lzo decompression failed, data probably corrupt [ 570.687688][ T8087] SQUASHFS error: Failed to read block 0x0: -5 [ 570.752777][ T29] audit: type=1800 audit(1775913243.469:51): pid=8087 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.605" name="file2" dev="loop4" ino=3 res=0 errno=0 [ 571.532815][ T7888] usb usb3-port1: attempt power cycle [ 571.564828][ T8078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 572.542845][ T8078] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 572.749428][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 572.756509][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 572.870539][ T7888] usb 3-1: new low-speed USB device number 26 using dummy_hcd [ 573.412131][ T5835] pwc: send_video_command error -71 [ 573.446497][ T7888] usb 3-1: device descriptor read/8, error -71 [ 573.460566][ T8092] random: crng reseeded on system resumption [ 573.515565][ T5835] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 573.540660][ T5835] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71 [ 573.777457][ T5835] usb 1-1: USB disconnect, device number 25 [ 574.127936][ T8093] loop4: detected capacity change from 0 to 512 [ 574.250630][ T8093] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 574.288041][ T8098] loop2: detected capacity change from 0 to 512 [ 574.313250][ T8098] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 574.333249][ T8093] EXT4-fs (loop4): ea_inode feature is not supported for Hurd [ 574.342544][ T5835] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 574.478443][ T8101] loop1: detected capacity change from 0 to 16 [ 574.521165][ T5835] usb 1-1: Using ep0 maxpacket: 16 [ 574.606243][ T5835] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 574.633160][ T8101] cramfs: Error -3 while decompressing! [ 574.638927][ T8101] cramfs: ffffffff959dc238(27)->ffff88813f5d6000(4096) [ 574.650381][ T5835] usb 1-1: config 0 has no interface number 0 [ 574.678513][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop1 [ 574.714880][ T5835] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 574.737787][ T8101] cramfs: Error -3 while decompressing! [ 574.764960][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.776981][ T8101] cramfs: ffffffff959dc238(27)->ffff88813f5d6000(4096) [ 574.800165][ T5835] usb 1-1: Product: syz [ 574.804709][ T5835] usb 1-1: Manufacturer: syz [ 574.834414][ T5835] usb 1-1: SerialNumber: syz [ 574.868918][ T5835] usb 1-1: config 0 descriptor?? [ 574.910447][ T29] audit: type=1800 audit(1775913247.659:52): pid=8101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.609" name="file2" dev="loop1" ino=348 res=0 errno=0 [ 574.959322][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop1 [ 575.029193][ T5835] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 575.256121][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop1 [ 575.721281][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop1 [ 575.730837][ T8097] mmap: syz.0.608 (8097) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 575.955366][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop1 [ 576.063336][ T5835] gspca_spca1528: reg_w err -71 [ 576.081627][ T5835] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71 [ 576.141659][ T5835] usb 1-1: USB disconnect, device number 26 [ 576.189764][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop1 [ 576.310372][ T5944] udevd[5944]: incorrect cramfs checksum on /dev/loop1 [ 577.951647][ T8113] loop3: detected capacity change from 0 to 16 [ 578.011705][ T8113] erofs (device loop3): unidentified algorithms fff0, please upgrade kernel [ 578.148081][ T8113] netlink: 'syz.3.614': attribute type 6 has an invalid length. [ 579.451644][ T5945] usb 4-1: new low-speed USB device number 22 using dummy_hcd [ 579.609581][ T8131] can: request_module (can-proto-3) failed. [ 579.681982][ T5945] usb 4-1: device descriptor read/64, error -71 [ 579.755018][ T8135] loop1: detected capacity change from 0 to 16 [ 579.830060][ T8135] erofs (device loop1): unidentified algorithms fff0, please upgrade kernel [ 579.930566][ T5945] usb 4-1: new low-speed USB device number 23 using dummy_hcd [ 580.110241][ T5945] usb 4-1: device descriptor read/64, error -71 [ 580.222481][ T5945] usb usb4-port1: attempt power cycle [ 580.625027][ T5945] usb 4-1: new low-speed USB device number 24 using dummy_hcd [ 580.661071][ T8146] loop1: detected capacity change from 0 to 16 [ 580.695038][ T5945] usb 4-1: device descriptor read/8, error -71 [ 580.764756][ T8146] erofs: Unknown parameter 'àÿ' [ 581.016858][ T5945] usb 4-1: new low-speed USB device number 25 using dummy_hcd [ 581.074132][ T5945] usb 4-1: device descriptor read/8, error -71 [ 581.204538][ T5945] usb usb4-port1: unable to enumerate USB device [ 581.436821][ T8146] loop1: detected capacity change from 0 to 4096 [ 581.473949][ T8146] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512). [ 582.262173][ T8146] ntfs3(loop1): ino=0, attr_set_size_ex [ 582.731390][ T8155] fuse: Bad value for 'fd' [ 582.870209][ T8157] loop2: detected capacity change from 0 to 16 [ 582.936600][ T8157] erofs (device loop2): unidentified algorithms fff0, please upgrade kernel [ 583.123008][ T8157] netlink: 'syz.2.630': attribute type 6 has an invalid length. [ 583.145304][ T8161] loop4: detected capacity change from 0 to 64 [ 583.406074][ T8163] netlink: 8 bytes leftover after parsing attributes in process `syz.3.633'. [ 583.481918][ T8163] netlink: 8 bytes leftover after parsing attributes in process `syz.3.633'. [ 583.817530][ T8170] loop2: detected capacity change from 0 to 16 [ 583.900167][ T8170] erofs (device loop2): unidentified algorithms fff0, please upgrade kernel [ 583.920651][ T8169] loop0: detected capacity change from 0 to 512 [ 583.972802][ T8169] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 584.169558][ T8173] loop4: detected capacity change from 0 to 256 [ 584.231113][ T8176] netlink: 4 bytes leftover after parsing attributes in process `syz.3.637'. [ 584.248766][ T8169] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 584.308048][ T8178] FAULT_INJECTION: forcing a failure. [ 584.308048][ T8178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 584.345209][ T8169] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 548) [ 584.365554][ T8178] CPU: 1 UID: 0 PID: 8178 Comm: syz.3.637 Not tainted syzkaller #0 PREEMPT(full) [ 584.365708][ T8178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 584.365796][ T8178] Call Trace: [ 584.365852][ T8178] [ 584.365904][ T8178] __dump_stack+0x26/0x30 [ 584.366083][ T8178] dump_stack_lvl+0x14c/0x1c0 [ 584.366266][ T8178] dump_stack+0x1e/0x25 [ 584.366425][ T8178] should_fail_ex+0x7e2/0x8c0 [ 584.366641][ T8178] should_fail+0x2a/0x40 [ 584.366838][ T8178] should_fail_usercopy+0x2e/0x40 [ 584.367060][ T8178] _copy_from_user+0x33/0x100 [ 584.367260][ T8178] ___sys_sendmsg+0x11b/0x3b0 [ 584.367434][ T8178] ? kmsan_get_metadata+0xf1/0x160 [ 584.367589][ T8178] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 584.367751][ T8178] ? __rcu_read_unlock+0x6c/0xd0 [ 584.367949][ T8178] ? __fget_files+0x3b4/0x4a0 [ 584.368106][ T8178] ? __fget_files+0x3b9/0x4a0 [ 584.368277][ T8178] ? kmsan_get_metadata+0xf1/0x160 [ 584.368413][ T8178] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 584.368590][ T8178] __x64_sys_sendmsg+0x211/0x3e0 [ 584.368766][ T8178] ? ksys_write+0x3ac/0x470 [ 584.368939][ T8178] ? kmsan_get_metadata+0xf1/0x160 [ 584.369077][ T8178] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 584.369235][ T8178] ? kmsan_get_metadata+0xf1/0x160 [ 584.369366][ T8178] ? kmsan_get_metadata+0xf1/0x160 [ 584.369526][ T8178] x64_sys_call+0x1e20/0x3ea0 [ 584.369702][ T8178] do_syscall_64+0x134/0xf80 [ 584.369882][ T8178] ? clear_bhb_loop+0x50/0xa0 [ 584.370038][ T8178] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 584.370203][ T8178] RIP: 0033:0x7f2e91f9c819 [ 584.370315][ T8178] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 584.370443][ T8178] RSP: 002b:00007f2e92eb3028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 584.370578][ T8178] RAX: ffffffffffffffda RBX: 00007f2e92216090 RCX: 00007f2e91f9c819 [ 584.370682][ T8178] RDX: 0000000000000000 RSI: 0000200000000d80 RDI: 0000000000000003 [ 584.370775][ T8178] RBP: 00007f2e92eb3090 R08: 0000000000000000 R09: 0000000000000000 [ 584.370862][ T8178] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 584.370951][ T8178] R13: 00007f2e92216128 R14: 00007f2e92216090 R15: 00007ffdfe393e18 [ 584.371094][ T8178] [ 584.647162][ T8169] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 548) [ 584.689439][ T8173] FAT-fs (loop4): Directory bread(block 64) failed [ 584.700840][ T8173] FAT-fs (loop4): Directory bread(block 65) failed [ 584.707770][ T8173] FAT-fs (loop4): Directory bread(block 66) failed [ 584.717145][ T8173] FAT-fs (loop4): Directory bread(block 67) failed [ 584.724478][ T8173] FAT-fs (loop4): Directory bread(block 68) failed [ 584.731633][ T8173] FAT-fs (loop4): Directory bread(block 69) failed [ 584.738544][ T8173] FAT-fs (loop4): Directory bread(block 70) failed [ 584.745601][ T8173] FAT-fs (loop4): Directory bread(block 71) failed [ 584.752656][ T8173] FAT-fs (loop4): Directory bread(block 72) failed [ 584.759399][ T8173] FAT-fs (loop4): Directory bread(block 73) failed [ 585.340402][ T5835] usb 3-1: new low-speed USB device number 28 using dummy_hcd [ 585.500627][ T5835] usb 3-1: device descriptor read/64, error -71 [ 585.801236][ T5835] usb 3-1: new low-speed USB device number 29 using dummy_hcd [ 585.983638][ T5835] usb 3-1: device descriptor read/64, error -71 [ 586.138045][ T5835] usb usb3-port1: attempt power cycle [ 586.240224][ T7888] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 586.421308][ T8197] fuse: Bad value for 'fd' [ 586.454627][ T7888] usb 2-1: Using ep0 maxpacket: 16 [ 586.619251][ T5835] usb 3-1: new low-speed USB device number 30 using dummy_hcd [ 588.121341][ T7888] usb 2-1: config 0 has no interfaces? [ 588.766855][ T7888] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 588.975301][ T7888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.010259][ T7888] usb 2-1: Product: syz [ 589.060169][ T7888] usb 2-1: Manufacturer: syz [ 589.065303][ T7888] usb 2-1: SerialNumber: syz [ 589.115922][ T5835] usb 3-1: device descriptor read/8, error -71 [ 589.129024][ T7888] usb 2-1: config 0 descriptor?? [ 589.589163][ T5779] Bluetooth: hci0: unexpected event for opcode 0x200f [ 589.601318][ T7888] usb 2-1: can't set config #0, error -71 [ 589.630535][ T7888] usb 2-1: USB disconnect, device number 26 [ 589.650986][ T5966] udevd[5966]: setting mode of /dev/bus/usb/002/026 to 020664 failed: No such file or directory [ 589.680523][ T5966] udevd[5966]: setting owner of /dev/bus/usb/002/026 to uid=0, gid=0 failed: No such file or directory [ 589.945017][ T8209] loop0: detected capacity change from 0 to 64 [ 590.269368][ T8212] netlink: 4 bytes leftover after parsing attributes in process `syz.4.648'. [ 590.343975][ T8208] veth0_to_bond: entered promiscuous mode [ 590.554177][ T8208] veth0_to_bond: left promiscuous mode [ 592.079286][ T8226] loop0: detected capacity change from 0 to 512 [ 592.245805][ T8226] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 592.745377][ T8226] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 592.761840][ T8232] netlink: 72 bytes leftover after parsing attributes in process `syz.3.653'. [ 592.856076][ T8226] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 548) [ 592.869251][ T8232] netlink: 72 bytes leftover after parsing attributes in process `syz.3.653'. [ 593.056919][ T8226] FAT-fs (loop0): error, fat_free: invalid cluster chain (i_pos 548) [ 593.099310][ T8232] netlink: 8 bytes leftover after parsing attributes in process `syz.3.653'. [ 594.322779][ T5835] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 594.591014][ T5835] usb 5-1: device descriptor read/64, error -71 [ 594.911838][ T5835] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 595.078680][ T5835] usb 5-1: device descriptor read/64, error -71 [ 595.214143][ T5835] usb usb5-port1: attempt power cycle [ 595.831336][ T5835] usb 5-1: new low-speed USB device number 20 using dummy_hcd [ 596.228833][ T5835] usb 5-1: device descriptor read/8, error -71 [ 596.529379][ T8250] loop3: detected capacity change from 0 to 4096 [ 596.583912][ T8250] ntfs3(loop3): Different NTFS sector size (4096) and media sector size (512). [ 596.751714][ T5835] usb 5-1: new low-speed USB device number 21 using dummy_hcd [ 597.020555][ T8250] ntfs3(loop3): ino=19, mi_enum_attr [ 597.026164][ T8250] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 597.047059][ T5835] usb 5-1: device descriptor read/8, error -71 [ 597.071165][ T5779] Bluetooth: hci2: unexpected event for opcode 0x200f [ 597.167719][ T5835] usb usb5-port1: unable to enumerate USB device [ 603.281415][ T8280] loop1: detected capacity change from 0 to 512 [ 603.337060][ T8280] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 603.390869][ T8281] netlink: 72 bytes leftover after parsing attributes in process `syz.3.669'. [ 603.467726][ T8285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.669'. [ 603.612861][ T8281] netlink: 72 bytes leftover after parsing attributes in process `syz.3.669'. [ 603.675477][ T8280] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 548) [ 603.811756][ T8280] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548) [ 604.037991][ T8280] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 548) [ 607.771164][ T8347] cgroup: Unknown subsys name 'cpuset' [ 612.712604][ T8421] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 613.260267][ T5835] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 613.379562][ T8434] netlink: 20 bytes leftover after parsing attributes in process `syz.4.735'. [ 613.486063][ T5835] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 613.520903][ T5835] usb 3-1: config 0 has no interfaces? [ 613.526692][ T5835] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 613.609123][ T5835] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 613.733163][ T5835] usb 3-1: config 0 descriptor?? [ 614.371991][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.4.739'. [ 614.403425][ T8441] netlink: 8 bytes leftover after parsing attributes in process `syz.4.739'. [ 614.852496][ T5945] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 614.907242][ T5945] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 615.114689][ T795] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 615.319622][ T795] usb 1-1: device descriptor read/64, error -71 [ 615.570459][ T795] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 615.736462][ T795] usb 1-1: device descriptor read/64, error -71 [ 615.851776][ T795] usb usb1-port1: attempt power cycle [ 616.069671][ T29] audit: type=1326 audit(1775913288.839:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8458 comm="syz.3.745" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2e91f9c819 code=0x0 [ 616.099129][ T5945] usb 3-1: USB disconnect, device number 32 [ 616.220833][ T795] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 616.293738][ T795] usb 1-1: device descriptor read/8, error -71 [ 616.591998][ T795] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 616.662337][ T795] usb 1-1: device descriptor read/8, error -71 [ 616.801280][ T795] usb usb1-port1: unable to enumerate USB device [ 618.864507][ T8494] raw_sendmsg: syz.3.760 forgot to set AF_INET. Fix it! [ 619.273306][ T8497] syz.2.762 uses obsolete (PF_INET,SOCK_PACKET) [ 619.780244][ T7888] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 619.950882][ T7888] usb 5-1: Using ep0 maxpacket: 16 [ 619.965329][ T7888] usb 5-1: config index 0 descriptor too short (expected 52, got 36) [ 619.974952][ T7888] usb 5-1: config 0 has an invalid interface number: 251 but max is 0 [ 619.993235][ T7888] usb 5-1: config 0 has no interface number 0 [ 620.032797][ T7888] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 620.089206][ T7888] usb 5-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 620.168248][ T7888] usb 5-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 620.190694][ T7888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 620.216644][ T7888] usb 5-1: Product: syz [ 620.248562][ T7888] usb 5-1: Manufacturer: syz [ 620.291003][ T7888] usb 5-1: SerialNumber: syz [ 620.322998][ T7888] usb 5-1: config 0 descriptor?? [ 620.369533][ T8501] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 620.399424][ T8501] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 620.717966][ T8501] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 620.780394][ T8501] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 621.065719][ T8514] netlink: 83 bytes leftover after parsing attributes in process `syz.3.770'. [ 621.236694][ T7888] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 621.274823][ T7888] asix 5-1:0.251 (unnamed net_device) (uninitialized): Failed to read software interface selection register: -71 [ 621.337486][ T7888] asix 5-1:0.251: probe with driver asix failed with error -71 [ 621.405473][ T7888] usb 5-1: USB disconnect, device number 22 [ 622.221966][ T8530] netlink: 44 bytes leftover after parsing attributes in process `syz.3.775'. [ 622.860869][ T8538] binder: 8536:8538 ioctl c0306201 0 returned -14 [ 624.238456][ T8557] netlink: 8 bytes leftover after parsing attributes in process `syz.3.786'. [ 626.879527][ T5945] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 627.206150][ T5945] usb 5-1: unable to get BOS descriptor or descriptor too short [ 627.286673][ T5945] usb 5-1: not running at top speed; connect to a high speed hub [ 627.378365][ T5945] usb 5-1: config 1 has an invalid interface number: 171 but max is 0 [ 627.460868][ T5945] usb 5-1: config 1 has no interface number 0 [ 627.490350][ T5945] usb 5-1: config 1 interface 171 altsetting 15 endpoint 0xA has invalid maxpacket 512, setting to 64 [ 627.640292][ T5945] usb 5-1: config 1 interface 171 has no altsetting 0 [ 627.740627][ T5945] usb 5-1: New USB device found, idVendor=0421, idProduct=0007, bcdDevice=d0.5e [ 627.820793][ T5945] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 627.829199][ T5945] usb 5-1: Product: syz [ 627.959650][ T5945] usb 5-1: Manufacturer: syz [ 628.024992][ T5945] usb 5-1: SerialNumber: syz [ 628.453510][ T5945] rndis_host 5-1:1.171: skipping garbage [ 628.459453][ T5945] usb 5-1: bad CDC descriptors [ 628.613030][ T5945] cdc_acm 5-1:1.171: skipping garbage [ 628.836644][ T5945] usb 5-1: USB disconnect, device number 23 [ 632.072844][ T8617] netlink: 172 bytes leftover after parsing attributes in process `syz.4.809'. [ 634.189496][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 634.212583][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 634.774434][ T8623] DRBG: could not allocate CTR cipher TFM handle: ctr(aes) [ 636.580289][ T5945] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 636.829777][ T5945] usb 4-1: Using ep0 maxpacket: 8 [ 636.992155][ T5945] usb 4-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice= d.68 [ 637.039860][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.082539][ T5945] usb 4-1: Product: syz [ 637.086965][ T5945] usb 4-1: Manufacturer: syz [ 637.128596][ T5945] usb 4-1: SerialNumber: syz [ 637.404142][ T5945] kalmia 4-1:1.0 (unnamed net_device) (uninitialized): Error sending init packet. Status -71 [ 637.439622][ T5945] kalmia 4-1:1.0: probe with driver kalmia failed with error -71 [ 637.575771][ T5945] usb 4-1: USB disconnect, device number 26 [ 638.891094][ T8673] netlink: 32 bytes leftover after parsing attributes in process `syz.3.830'. [ 639.439677][ T8678] loop0: detected capacity change from 0 to 128 [ 639.636054][ T8678] syz.0.832: attempt to access beyond end of device [ 639.636054][ T8678] loop0: rw=2049, sector=154, nr_sectors = 8 limit=128 [ 639.747630][ T8678] syz.0.832: attempt to access beyond end of device [ 639.747630][ T8678] loop0: rw=8390657, sector=160, nr_sectors = 2 limit=128 [ 639.770489][ T8678] Buffer I/O error on dev loop0, logical block 80, lost async page write [ 639.876295][ T8678] syz.0.832: attempt to access beyond end of device [ 639.876295][ T8678] loop0: rw=2049, sector=162, nr_sectors = 8 limit=128 [ 640.027576][ T8678] syz.0.832: attempt to access beyond end of device [ 640.027576][ T8678] loop0: rw=8390657, sector=168, nr_sectors = 2 limit=128 [ 640.107633][ T8678] Buffer I/O error on dev loop0, logical block 84, lost async page write [ 640.235586][ T8678] syz.0.832: attempt to access beyond end of device [ 640.235586][ T8678] loop0: rw=2049, sector=186, nr_sectors = 8 limit=128 [ 641.994549][ T8712] Illegal XDP return value 1999396580 on prog (id 40) dev syz_tun, expect packet loss! [ 642.079095][ T29] audit: type=1326 audit(1775913314.849:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 642.186308][ T29] audit: type=1326 audit(1775913314.899:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 642.317531][ T29] audit: type=1326 audit(1775913314.899:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 642.453766][ T29] audit: type=1326 audit(1775913314.899:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=450 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 642.575433][ T29] audit: type=1326 audit(1775913314.899:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 642.683274][ T29] audit: type=1326 audit(1775913314.899:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 642.832318][ T29] audit: type=1326 audit(1775913314.899:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 642.919456][ T29] audit: type=1326 audit(1775913314.909:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8713 comm="syz.4.845" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fd152b9c819 code=0x7ffc0000 [ 643.443508][ T5835] usb 1-1: new low-speed USB device number 31 using dummy_hcd [ 643.630643][ T7888] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 643.703904][ T5835] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 643.736492][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 643.800166][ T5835] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 643.813448][ T7888] usb 2-1: Using ep0 maxpacket: 16 [ 643.859320][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 643.894729][ T7888] usb 2-1: config index 0 descriptor too short (expected 52, got 36) [ 643.925137][ T7888] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 643.944913][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 643.968359][ T7888] usb 2-1: config 0 has no interface number 0 [ 643.994982][ T5835] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 644.004335][ T7888] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 644.034499][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 644.060663][ T7888] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 644.101096][ T5835] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 644.121286][ T8735] random: crng reseeded on system resumption [ 644.166460][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 644.239147][ T7888] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 644.250251][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 644.271070][ T7888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.313321][ T7888] usb 2-1: Product: syz [ 644.320805][ T5835] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 644.339176][ T7888] usb 2-1: Manufacturer: syz [ 644.349509][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 644.361749][ T7888] usb 2-1: SerialNumber: syz [ 644.402147][ T5835] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 644.422383][ T7888] usb 2-1: config 0 descriptor?? [ 644.465711][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 644.465740][ T8726] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 644.465953][ T5835] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 65535, setting to 8 [ 644.595685][ T8726] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 644.676094][ T5835] usb 1-1: string descriptor 0 read error: -22 [ 644.725136][ T5835] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 644.768672][ T5835] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.943864][ T5835] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 645.061781][ T8726] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 645.069742][ T8726] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 645.188438][ T5945] usb 1-1: USB disconnect, device number 31 [ 645.435663][ T7888] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 645.490187][ T7888] asix 2-1:0.251 (unnamed net_device) (uninitialized): Failed to read MAC address: -71 [ 645.538913][ T7888] asix 2-1:0.251: probe with driver asix failed with error -5 [ 645.610410][ T7888] usb 2-1: USB disconnect, device number 27 [ 646.807935][ T6542] ===================================================== [ 646.815830][ T6542] BUG: KMSAN: uninit-value in n_tty_receive_buf_closing+0x77e/0xf00 [ 646.825063][ T6542] n_tty_receive_buf_closing+0x77e/0xf00 [ 646.831281][ T6542] n_tty_receive_buf_common+0x19c6/0x2610 [ 646.837433][ T6542] n_tty_receive_buf2+0x4c/0x60 [ 646.842821][ T6542] tty_ldisc_receive_buf+0xc6/0x2c0 [ 646.848248][ T6542] tty_port_default_receive_buf+0xd7/0x1a0 [ 646.860564][ T6542] flush_to_ldisc+0x43e/0xe40 [ 646.869381][ T6542] process_scheduled_works+0xb82/0x1e80 [ 646.875581][ T6542] worker_thread+0xee4/0x1590 [ 646.880776][ T6542] kthread+0x53f/0x600 [ 646.885377][ T6542] ret_from_fork+0x20f/0x910 [ 646.890643][ T6542] ret_from_fork_asm+0x1a/0x30 [ 646.896006][ T6542] [ 646.898586][ T6542] Uninit was created at: [ 646.903850][ T6542] __kmalloc_noprof+0x486/0x1680 [ 646.909006][ T6542] __tty_buffer_request_room+0x3d4/0x7a0 [ 646.917430][ T6542] __tty_insert_flip_string_flags+0x157/0x6e0 [ 646.924229][ T6542] uart_insert_char+0x368/0x930 [ 646.929618][ T6542] serial8250_read_char+0x1ba/0x670 [ 646.935314][ T6542] serial8250_handle_irq_locked+0x6d4/0xa40 [ 646.942236][ T6542] serial8250_handle_irq+0x187/0x730 [ 646.947823][ T6542] serial8250_default_handle_irq+0x116/0x370 [ 646.959713][ T6542] serial8250_interrupt+0xcb/0x420 [ 646.967326][ T6542] __handle_irq_event_percpu+0x13c/0xf90 [ 646.973359][ T6542] handle_irq_event+0xe0/0x2a0 [ 646.978379][ T6542] handle_edge_irq+0x2a9/0xb30 [ 646.983932][ T6542] __common_interrupt+0x9d/0x180 [ 646.989201][ T6542] common_interrupt+0x94/0xb0 [ 646.994502][ T6542] asm_common_interrupt+0x2b/0x40 [ 646.999825][ T6542] [ 647.002509][ T6542] CPU: 1 UID: 0 PID: 6542 Comm: kworker/u8:18 Tainted: G L syzkaller #0 PREEMPT(full) [ 647.014282][ T6542] Tainted: [L]=SOFTLOCKUP [ 647.018743][ T6542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 647.029291][ T6542] Workqueue: events_unbound flush_to_ldisc [ 647.035615][ T6542] ===================================================== [ 647.046171][ T6542] Disabling lock debugging due to kernel taint [ 648.881395][ T8754] trusted_key: encrypted_key: key user:syz not found [ 649.287242][ T6542] Kernel panic - not syncing: kmsan.panic set ... [ 649.300591][ T6542] CPU: 0 UID: 0 PID: 6542 Comm: kworker/u8:18 Tainted: G B L syzkaller #0 PREEMPT(full) [ 649.311964][ T6542] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP [ 649.317638][ T6542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 649.327872][ T6542] Workqueue: events_unbound flush_to_ldisc [ 649.333916][ T6542] Call Trace: [ 649.337321][ T6542] [ 649.340369][ T6542] __dump_stack+0x26/0x30 [ 649.344919][ T6542] dump_stack_lvl+0x50/0x1c0 [ 649.349827][ T6542] ? dump_stack+0x12/0x25 [ 649.354425][ T6542] dump_stack+0x1e/0x25 [ 649.358808][ T6542] vpanic+0x7b4/0x1430 [ 649.363196][ T6542] panic+0x15d/0x160 [ 649.367374][ T6542] kmsan_report+0x31a/0x320 [ 649.372149][ T6542] ? __msan_warning+0x1b/0x30 [ 649.377066][ T6542] ? n_tty_receive_buf_closing+0x77e/0xf00 [ 649.383215][ T6542] ? n_tty_receive_buf_common+0x19c6/0x2610 [ 649.389352][ T6542] ? n_tty_receive_buf2+0x4c/0x60 [ 649.394608][ T6542] ? tty_ldisc_receive_buf+0xc6/0x2c0 [ 649.400179][ T6542] ? tty_port_default_receive_buf+0xd7/0x1a0 [ 649.406457][ T6542] ? flush_to_ldisc+0x43e/0xe40 [ 649.411505][ T6542] ? process_scheduled_works+0xb82/0x1e80 [ 649.417522][ T6542] ? worker_thread+0xee4/0x1590 [ 649.422583][ T6542] ? kthread+0x53f/0x600 [ 649.427073][ T6542] ? ret_from_fork+0x20f/0x910 [ 649.432051][ T6542] ? ret_from_fork_asm+0x1a/0x30 [ 649.437227][ T6542] ? irqentry_exit+0x8f/0x6c0 [ 649.442217][ T6542] ? kmsan_internal_set_shadow_origin+0x7a/0x110 [ 649.448860][ T6542] ? trace_reschedule_exit+0x25/0x1f0 [ 649.454843][ T6542] ? sysvec_reschedule_ipi+0x74/0x80 [ 649.460408][ T6542] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 649.466295][ T6542] ? virt_to_page_or_null+0xb3/0x170 [ 649.471800][ T6542] ? kmsan_get_metadata+0xf1/0x160 [ 649.477131][ T6542] __msan_warning+0x1b/0x30 [ 649.481890][ T6542] n_tty_receive_buf_closing+0x77e/0xf00 [ 649.487881][ T6542] n_tty_receive_buf_common+0x19c6/0x2610 [ 649.493970][ T6542] n_tty_receive_buf2+0x4c/0x60 [ 649.499073][ T6542] ? __pfx_n_tty_receive_buf2+0x10/0x10 [ 649.504951][ T6542] tty_ldisc_receive_buf+0xc6/0x2c0 [ 649.510387][ T6542] tty_port_default_receive_buf+0xd7/0x1a0 [ 649.516438][ T6542] flush_to_ldisc+0x43e/0xe40 [ 649.521357][ T6542] ? __pfx_tty_port_default_receive_buf+0x10/0x10 [ 649.528017][ T6542] ? __pfx_flush_to_ldisc+0x10/0x10 [ 649.533434][ T6542] process_scheduled_works+0xb82/0x1e80 [ 649.539282][ T6542] worker_thread+0xee4/0x1590 [ 649.544219][ T6542] kthread+0x53f/0x600 [ 649.548530][ T6542] ? __pfx_worker_thread+0x10/0x10 [ 649.553855][ T6542] ? __pfx_kthread+0x10/0x10 [ 649.558657][ T6542] ret_from_fork+0x20f/0x910 [ 649.563442][ T6542] ? __switch_to+0x51c/0x750 [ 649.568259][ T6542] ? __pfx_kthread+0x10/0x10 [ 649.573671][ T6542] ret_from_fork_asm+0x1a/0x30 [ 649.578730][ T6542] [ 649.582052][ T6542] Kernel Offset: disabled [ 649.586452][ T6542] Rebooting in 86400 seconds..