last executing test programs: 37.838066917s ago: executing program 0 (id=10846): r0 = socket(0x200000000000011, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000340)={0xa, 0x4e23, 0x3, @rand_addr=' \x01\x00', 0x80}, 0x1c) 37.685746702s ago: executing program 0 (id=10848): r0 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fgetxattr(r0, &(0x7f0000000080)=@random={'security.', '\x00'}, 0x0, 0x0) 37.471884139s ago: executing program 0 (id=10850): r0 = add_key$fscrypt_v1(&(0x7f00000020c0), &(0x7f0000002100)={'fscrypt:', @desc1}, &(0x7f0000002140)={0x0, "9a075c94554e9fbfb8c4b9f49d397a58e25f893447611eb9d551bac19c36c26138ee8a3cf6c921a6ce3ed1ee548201c1e635bd9c472c13aff9187ff8ddd52823", 0x2d}, 0x48, 0xffffffffffffffff) keyctl$clear(0x7, r0) 37.359583053s ago: executing program 0 (id=10852): syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000280)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='iocharset=cp865,uid=', @ANYRESHEX=0x0, @ANYBLOB=',namecase=1,uid=', @ANYRESHEX=0x0, @ANYBLOB="2c666d61736b3d30303030303030303030303030303030303030303031302c757466382c666d61736b3d30303030303030303030303030303030303030303030362c6572726f72733d636f6e74696e75652c7379735f747a2c616c6c6f775f7574696d653d30303030303030303030303030303030303134373036342c00968868822eaa4073da2a8bad3e75bf3fa58e5fe9023e2efe14b61e42154e792855b9c44517fcaf42990fa252a8fcc76df45041b88e383db02cc075636a6b415c49ee2ad1af7ecfc73f3809bce1541b2c780705cdd96cfb760a1f342582ee152abbe3f5828666937a5068d6170f62dc427b22ae7bd20a2fb9094ffaf7b7eda15af87283045448d6cabb51f8a411539d39a9d6db38d1"], 0x1, 0x1545, &(0x7f0000001a00)="$eJzs3AucTVX7OPDnWWvtMSROk1yGtdazOcllmSTJJUkuSZIkSW4JSZO8kpAYQpKGJCSXIYkhJJeJSeN+v18SkqRJkpDckvX/TPFXb97f+77/t19+/988389nf2Y9Z+9n7Wef55w5e2/mfNt1aK0mtas3IiL4j+CvP5IAIBYABgJAXgAIAKB8XPm4rPU5JSb9Zzthf64HU690BexK4v5nb9z/7I37n71x/7M37n/2xv3P3rj/2Rv3n7HsbNO0Qtfwkn2XP/v+fyzf////CH/+/y+SWWbsl2vKXNcNIOZfTeH+Z2/c//+1gn9lI+5/9pTzwk/uf3YVe6ULYH+lPpd/mN//2UGOf7iG+5+9cf8Zy86u9P3nv3KJuczxQuR/2HNw5MK12V+0vyv9+mOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxlj2c9pcoALg4vtJ1McYYY4wxxhhj7M/jc1zpChhjjDHGGGOMMfbfD0GABAUBxEAOiIWckAsEAFwNeSAvROAaiINrIR9cB/mhABSEQhAPhaEIaDBggSCEolAMonA9FIcboASUhFJQGhyUgQS4EcrCTVAObobycAtUgFuhIlSCylAFboOqcDtUgzugOtwJNaAm1ILacBfUgbuhLtwD9eBeqA/3IcD90BAegEbwIDSGh6AJPAxN4RFoBs2hBbSEVv91PjS4bP7z0BNegF7QG5KgD/SFF6Ef9IcB8BIMhJdhELwCg+FVSIYhMBReg2HwOgyHN2AEjIRR8CaMhrdgDIyFcTAeUmACTIS3YRK8A5PhXZgCUyEVpsF0eA9mwEyYBe/DbPgA5sBcmAfzIQ0+hAWwENLhI1gEH0MGLIYlsBSWwXJYASthFayGNbAW1sF62AAbYRNshi2wFbbBdtgBn8BO+BR2wW7YA5/BXvj838w/9Xf53RAQUKBAhQpjMAZjMRZzYS7MjbkxD+bBCEYwDuMwH+bD/JgfC2JBjMd4LIJF0KBBQsKiWBSjGMXiWBxLYAkshaXQocMETMCyeBOWw3JYHstjBayAFbESVsIqWAWrYlWshtWwOlbHGlgDa2EtvAvvwj5YF+tiPayH9bH+xdtT2AgbYWNsjE2wCTbFptgMm2ELbIGtsBW2xtbYBttgO2yH7bE9dsAOmIiJ2BE7YifshJ2xM3bBLtgVu2I37I7dM5/PAfgCvoC9sYbog32xL/bD5BwD8CV8CV/GQfgKvoKvYjIOwaH4Gr6Gr+NwPIkjcCSOwlFYVbyFY3AskhiPKZiCE3EiTsJJmFXouzgVU3EaTsfpOANn4kx8H2fjB/gBzsW5OB/TMA0X4EJMx3RchKcwAxfjElyKy3A5LsOVuApX4hpci2twPa7HjbgRN+Nm3IpbcTtux09QAeCnuBt3YzLuxb24D/fhftyPB/AAZmImHsSDeAgP4WE8jEfwCB7FY3gcj+EJPIEn8RSextN4Fs/iOXw2/uvGn5RcnQwiixJKxIgYEStiRS6RS+QWuUUekUdERETEiTiRT+QT+UV+UVAUFPEiXhQRRYQRRpAIYwBAREVUFBfFRQlRQpQSpYQTTiSIBFFWlBXlRDlRXtwiKohbRUVRSbR1VUQVUVW0c9XEHaK6qC5qiJqilqgtaos6oo6oK+qKeqKeqC/qiwbiftFQ9MEB+KDI6kwTMQSbiqHYTDQX8sJvsNZiOLYRbUU78bgYiSOwg2jtEsVToqMYg53E38RYfEZ0EeOxq3hOdBPdRQ/xvOgp2rheoreYjH1EXzEV+4n+YoB4SczAmuJ9nJ2zlnhVJIshYqh4TczH18Vw8YYYIUaKUeJNMVq8JcaIsWKcGC9SxAQxUbwtJol3xGTxrpgipopUMU1MF++JGWKmmCXeF7PFB2KOmCvmifkiTXwoFoiFIl18JBaJj0WGWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLnaIT8RO8anYJXaLPeIzsVd8LvaJL8R+8aU4IL4SmeJrcVB8Iw6Jb8Vh8Z04Ir4XR8UxcVz8IE6IH8VJcUqcFmfEWfGTOCd+FueFFyBRCimlkoGMkTlkrMwpc8mrZG4ZXHh2r5Fx8lqZT14n88sCsqAsJONlYVlEammklSRDWVQWk1F5vSwub5AlZElZSpaWTpaRCfJGWVbeJMvJm2V5eYusIG+VFWUlWVlWkbfJqvJ2CZFf91FD1pS1ZG15l0yCu2VdeY+sJ++V9eV9soG8XzaUD8hG8kHZWD4km8iHZVP5iGwmm8sWsqVsJR+VreVjso1sK9vJx2V7+YTsIJ+UifIp2VH6Cy+RZ2QX+azsKp+T3WR32UP+LM9LL3vJ3hL6gOwrX5T9ZH85IBYA5MtykHxFDpavymQ5RA6Vr8lh8nU5XL4hR8iRcpR8U46Wb8kxcqwcJ8fLFDlBTpRvy0nyHTlZviunyKkyVU6TA+TAX2aaJeU/zX/7MvmDf9n7RrlJbpZb5Fa5TW6XO+QncqfcKXfJXXKP3CP3yr1yn9wn98v98oA8IDNlpjwoD8pD8pA8LA/LI/KIPCqPyTPyB3lC/ihPylPylDwjz8qz8tyF5wAUKqGkUipQMSqHilU5VS51lcqtrlZ5VF4VUdeoOHWtyqeuU/lVAVVQFVLxqrAqorQyyipSoSqqiqmouh4vvGBUKVVaOVVGJagb/518VVzdoEqokr/Lv1hf0j+or5VqpVqr1qqNaqPaqXaqvWqvOqgOKlElqo6qo+qkOqnOqrPqorqorqqr6qa6qR6qh+qpeqpeqpdKUkmqr3pR9VP91QD1khqoXlaD1CA1WA1WySpZDVVD1TA1TA1Xw9UINUKNUqPUaDVajVFj1Dg1TqWoFDVRTVST1CQ1WU1WU9QUlapS1XQ1Xc1QM9QsNUvNVrPVHDVHzVPzVJpKUwvUApWu0tUitUhlqMVqsVqqlqrlarlaqVaq1Wq1WqvWqvVqvcpQm9QmtUVtUdvUNrVD7VA71U61S+1Se9QetVftVfvUPrVf7VcH1AGVqTLVQXVQHVKH1GF1WB1RR9RRdVQdV8fVCXVCnVQn1Wl1Wp1VZ9U5dU6dV+ezTvsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBdcF+QPCgQFg0JBfFA4KBLowAQ2EBeaHg2uD4oHNwQlgpJBqaB04IIyQUJwY1A2uCkoF9wclA9uCSoEtwYVg0pB5aBKcFtQNbg9qBbcEVQP7gxqBDWDWkHt4K6gTnB3UDe4J6gX3BvUD+4LGgT3Bw2DB4JGwYNB4+ChoEnwcNA0eCRoFjQPWgQtg1Z/6vzenyzwmOule+sk3Uf31S/qfrq/HqBf0gP1y3qQfkUP1q/qZD1ED9Wv6WH6dT1cv6FH6JF6lH5Tj9Zv6TF6rB6nx+sUPUFP1G/rSfodPVm/q6foqTpVT9PT9Xt6hp6pZ+n39Wz9gZ6j5+p5er5O0x/qBXqhTtcf6UX6Y52hF+sleqleppfrFXqlXqVX6zV6rV6n1+sNeqPepDfrLXqr3qa36x36E71Tf6p36d16j/5M79Wf6336C71ff6kP6K90pv5aH9Tf6EP6W31Yf6eP6O/1UX1MH9c/6BP6R31Sn9Kn9Rl9Vv+kz+mf9Xnts07usz7ejTLKxJgYE2tiTS6Ty+Q2uU0ek8dETMTEmTiTz+Qz+U1+U9AUNPEm3hQxRUwWMmSKmqImaqKmuCluSpgSppQpZZxxJsEkmLKmrClnypnyprypYCqYiqaiqWwqm9vMbeZ2c7u5w9xh7jR3mpqmpqltaps6po6pa+qaeqaeqW/qmwamgWloGppGppFpbBqbJqaJaWqammammWlhWphWppVpbVqbNqaNaWfamfamvelgOphEk2g6mo6mk+lkOpvOpovpYrqarqab6WZ6mB6mp+lpepleJskkmb6mr+ln+pkBZoAZaAaaQWaQGWwGm2STbIaaoWaYGWaGm+FmhBlpRmWdqJq3zBgz1owz402KSTETzUQzyUwyk81kM8VMMakm1Uw3080MM8PMMrPMbDPbzDFzzDwzz6SZNLPALDDpJt0sMotMhskwS8wSs8wsMyvMCrPKrDJrzBqzDtaZDWaD2WQ2mS1mi9lmtpkdZofZaXaaXWaX2WP2mL1mr9ln9pn9Zr85YA6YTJNpDpqD5pA5ZA6bw+aIOWKOmqPmuDluTpgT5qQ5aU6b0+asKXDh89KbWJvT5rJX2dz2apvH5rV/Hxe0hWy8LWyLWG3z2wK/i421toQtaUvZ0tbZMjbB3viHuKKtZCvbKvY2W9Xebqv9Ia5j77Z17T22nr3X1rZ3/S6ub++zDezDtiEigG1uG9uWtol92Da1j9hmtrltYVva9vYJ28E+aRPtU7ajffoP8QK70K6yq+0au9busrvtaXvGHrLf2rP2J9vL9rYD7ct2kH3FDrav2mQ75A/xKPumHW3fsmPsWDvOjv9DPMVOtal2mp1u37Mz7Mw/xGn2Qzvbpts5dq6dZ+f/EmfVlG4/sovsxzbDBrDELrXL7HK7wq68WKvPa9fbDXaj3Wk/tVvsVrvNbrc7Lp4I2912j/3M7rWf24P2G7vffmkP2MM20379S5x1fIftd/aI/d4etcfscfuDPWF/VBezs479B/uzPW+9BUICkqQooBjKQbGUk3LRVZSbrqY8lJcidA3F0bWUj66j/FSAClIhiqfCVIQ0GbJEFFJRKkZRup4ulleKSpOjMpRAN1JZuonK0c1Unm6hCnQrVaRKVJmq0G1UlW6nanQHVac7qQbVpFpUm+6iOnQ31aV7qB7dS/XpPmpA91NDeoAa0YPUmB6iJvQwNaVHqBk1pxbUklrRo9SaHqM21Jba0ePUnp6gDvQkJdJT1JGepk70N+pMz1AXepa60nPUjbpTD3qeetIL1It6UxL1ob70IvWj/jSAXqKB9DINoldoML1KyTSEhtJrNIxep+H0Bo2gkTSK3qTR9BaNobE0jsZTCk2gifQ2TaJ3aDK9S1NoKqXSNJpO79EMmkmz6H2aTR/QHJpL82g+pdGHtIAWUjp9RIvoY8qgxbSEltIyWk4raCWtotW0htbSOlpPG2gjbaLNtIW20jbaTjvoE9pJn9Iu2k176DPaS5/TPvqC9tOXdIC+okz6mg7SN3SIvqXD9J3vTd/TUTpGx+kHOkE/0kk6RafpDJ2ln+gc/UznyROEGIpQhioMwpgwRxgb5gxzhVeFucOrwzxh3jASXhPGhdeG+cLrwvxhgbBgWCiMDwuHRUIdmtCGFIZh0bBYGA2vD4uHN4QlwpJhqbB06MIyYUJ4Y1g2vCksF94clg9vCSuEt4YVw0rhw/dWCW8Lq4a3h9XCO8Lq4Z1hjbBmWCusHd4V1gnvDuuG94T1wnvDcuF9YYPw/rBh+EDYKHwwbBw+FDYJHw6bho+EzcLmYYuwZdgqfDRsHT4Wtgnbhu3Cx8P24RNhh/DJMDF8KuwYPv3L+vsW/uP1SWGfsG/4Yvhi6P09cl50fjQt+mF0QXRhND36UXRR9ONoRnRxdEl0aXRZdHl0RXRldFV0dXRNdG10XXR9dEN0Y9T72jnAoRNOOuUCF+NyuFiX0+VyV7nc7mqXx+V1EXeNi3PXunzuOpffFXAFXSEX7wq7Ik4746wjF7qirpiLuutdcXeDK+FKulKutHOujEtwLV0r18q1do+5Nq6ta+ced4+7J9wT7kn3pHvKdXRPu07ub66ze8Z1cc+6Z91zrpvr7nq4511PNyHPr+/JJNfX9XX9XD83wA1wA91AN8gNcoPdYJfskt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NciktxE91EN8lNcpPdZDfFTXGpLtVNd9PdDDfDVZ35617muDlunpvn0lyaW+CyzhnT3SK3yGW4DLfELXHL3DK3wq1wq9wqt8atcevcOrfBbXCb3Ca3xW1x29w2t8PtcDvdTrfL5/11UrfX7XP73H633x1wX7lM97U76L5xh9y37rD7zh1x37uj7pg77n5wJ9yP7qQ75U67M+6s+8mdcz+78867lMiEyMTI25FJkXcikyPvRqZEpkZSI9Mi0yPvRWZEZkZmRd6PzI58EJkTmRuZF5kfSYt8GFkQWRhJj3wUWRT5OJIRWRxZElkaWRZZHvG+8JbQF/XFfNRf74v7G3wJX9KX8qW982V8gr/Rl/U3+XL+Zl/e3+Ir+Ft9RV/JV/aP+Ga+uW/hW/pW/lHf2j/m2/i2vp1/3Lf3T/gO/kmf6J/yHf3TvpP/m+/sn/Fd/LO+q3/Od/PdfQ//vO/pX/C9fG+f5Pv4vv5F38/39wP8S36gf9kP8q/4wf5Vn+yH+KH+NT/Mv+6H+zf8CD/Sj4p504++eIkM432Kn+An+rf9JP+On+zf9VPOep/qp/np/j0/w8/0s/z7frb/wM/xc/08P9+n+Q/9Ar/Qp/uP/CL/sc/wiy/eVPYr/Eq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fa/zW/3O/wnfqf/1O/yu/0e/5nf6z/3+/wXfr//0h/wX/lM/7U/6L/xh/y3/rD/zh/x3/uj/pg/7n/wJ/yP/qQ/5U/7M/6s/8mf8z/78/w3a4wxxhhj/5IJl4bi92t+vZ3f5zI54jcb9wWAq7cWyvzt+qwzynX5fx33F/HtIwDwVO+uD15catRI+r/bZkgIis0FuPgvQVli4FK8GNrBE5AIbaHsZevvL7qfpT/On5T0m/mjtwDk+k1OLFyKL83/BQAmXWb+Rx8ftaBCeDruv5h/LkCJYpdycsKleDG0++X+Slso9w/qL9D6n9Sf88sUgDa/yckNl+JL9SfAY/A0JP5uS8YYY4wxxhhj7Ff9ReXOF68/L/6Pz7+/vs26Po9Xl3JywKX4n12fM8YYY4wxxhhj7Mp7pnuPJx9NTGzb+d8fVPt/yvqXB03hv2tmHlx24D3AxUcUAPyHEwJkDeRfeRSb/5J9JV946/z9qmVnfAD/M1r5Zwyu8C8mxhhjjDHG2J/u0kn/7x9XV6ogxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsG/orvk6Mv02AMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcZYdvd/AgAA//8vzfwg") mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0) 37.032943994s ago: executing program 0 (id=10855): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCXONC(r0, 0x4b3a, 0x3) 36.522361312s ago: executing program 0 (id=10862): r0 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0xe, 0x0, 0x0) 36.165995804s ago: executing program 32 (id=10862): r0 = socket$kcm(0xa, 0x1, 0x106) setsockopt$sock_int(r0, 0x1, 0xe, 0x0, 0x0) 4.044587273s ago: executing program 1 (id=11173): syz_mount_image$erofs(&(0x7f0000000340), &(0x7f0000000180)='./file1\x00', 0x2000000, &(0x7f00000004c0)=ANY=[], 0x1, 0x248, &(0x7f0000000a00)="$eJzsmL1uE08Uxc/Mrtd2FOWff5OCJkhEIgiyjtcCpbEgSEhUNHyJDitZIuNNjJxFIpaQ4AGgo0CiQYIXoKBIRcFDIEEBSEgUcUFBA8Wg2ZmsZz2xd3HL/RWjM3PvfNzj8RQLgiD+Wb5++fn5ycW1a2cAzGIJZT3+3QEYU5ob+Z+e3z/9rHnpxZuPr9/vzD3cH1luVjZCGCMMqEzY3wXwbt1BnO6Uzv4lxZLuLIKn+jo4Tml9E+I/X+vb4LihdQiGW1rfNXQXDL5/HO0o9De60eaddhSuyqYum0A2jdHzDR4zbOq+EEIwI7671++0oijsGcLVsWzIsUaOFNKskVC6WWfB8q8ED4N1jqZxPm4c8NCbVcO/OjjqOqcBhqt6fA1l+L4/tMSo/5g7XN/J1H9QbkV2tVHYk6kyMKlaKSpKNH+oWYf1u5A5XtHpR4X+X5ns9TixLMu5YIfm8XfrKIHsrBKGIenkyG9fxLFcIRfRIhlx82/eeb33FJteyVYxXjyt2pe7gJgv4GpGFKli49UYnxcG+xX7j/0tb0HB8sthxe9PpZA/xh99+ttSRb/Dp/ndTVG2zAQ+vFXvh3jJcFIf87cQwjXej1q8fa+2u9dfaW+3tsKtcCcIGucY8OhsUEseItnOWM+e8T5Xk/dpxnj/SmNyPe7hQSuOe3XVesxDFXHcC5J+kJx7Tid3DzytYlwGcEJ1pONeuqJj7cE8lcOTXKmW7SSCIAiCIAiCIAiCIAiCIIipWARLvoLmEKivsH8CAAD//zcjTJM=") open(&(0x7f0000000400)='./file1\x00', 0x101000, 0x1a0) 3.84502391s ago: executing program 1 (id=11175): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@mangle={'mangle\x00', 0x64, 0x6, 0x540, 0x0, 0xd0, 0x1b8, 0x1b8, 0x0, 0x470, 0x470, 0x1b8, 0x470, 0x470, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE1={0x28, 'NFQUEUE\x00', 0x1, {0x8000, 0x3}}}, {{@ipv6={@mcast1, @local, [], [], 'macvtap0\x00', 'ip6tnl0\x00'}, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@broadcast}}}, {{@ipv6={@mcast2, @loopback, [0x0, 0xff], [], 'veth0_to_team\x00', 'syzkaller0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@unspec=@connmark={{0x20}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffc}}, {{@uncond, 0x0, 0xa8, 0xd0}, @inet=@DSCP={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x0, 0x0, @ipv4=@dev}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a0) 3.581011728s ago: executing program 1 (id=11178): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x1008a, &(0x7f0000002300)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@dax}, {@noload}, {@data_err_ignore}, {@grpjquota, 0x22}, {@errors_continue}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x1ff}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0xe21}}]}, 0xfe, 0x44a, &(0x7f0000000900)="$eJzs3MtvG0UYAPBv7SR9k1CeDS0ECiLikTTpgx6QoAgkDiAhwaGIU0jSKtRtUBMkWkUQOIQjqsQdcUTiL+BCuSDghMQV7ggpQrlQOBmtvZu6iZ04iROX+veTNpnxjDXz7e7Y41mvA+hYA+mfJGJ/RPwWEb3V7K0VBqr/bizNjf+zNDeeRLn85l9Jpd7fS3PjedX8eS9UM+XyGu0uvBMxVipNXs7yw7MX3x+euXL12amLY+cnz09eGj19+sTxIz2nRk+2JM4DaV/7P5o+fOjVt6+9Pn722rs/fZP2d39WXhtHqwxU925dT7S6sTY7kCdejEi62tsXmleMiPRwdVfGf28UY89yWW+88mlbOwdsq3K5UN7VuHi+DADccfI3+vTzb77t0NTjtrB4JpbXMW5kW7WkKwpZne7sM9J2GIiIs/P/fplusU3rEAAAta6fiYhn6s3/CnF/Tb27smtDfRFxd0QcjIh7IuLeiLgvolL3gYh4cIPtr7xCsnr+U+7dVGBNSud/z2fXtm6d/+Wzv+grZrkDlfi7k3NTpclj2T4ZjO5daX5kjTa+f/nXzxuV1c7/0i1tP58LZv34s2vFAt3E2OzYVmKutfhJRH9XvfiT5TlvOj8+FBH9m2xj6qmvDzcqWz/+NbRgUl7+KuLJ6vGfjxXx55KG1ydHnjs1enJ4d5Qmjw3nZ8VqP/+y8Eaj9rcUfwssXi/H3rrn/3L8fcnuiJkrVy9UrtfObLyNhd8/a/iZZrPnf0/yViXdkz324djs7OWRiJ7ktdWPj958bp7P66fn/+DR+uP/YNzcEw9FRHoSH4mIhyPikazvj0bEYxFxdI34f3zp8fc2Hv8aq/ItlMY/sd7xj9rjv/FE8cIP3248/lx6/E9UUoPZI828/jXbwa3sOwAAAPi/KFS+A58UhpbThcLQUMS+ytru3qQ0PTP79LnpDy5NVL8r3xfdhXylq7dmPXQkWxvO86Mr8sezdeMvinsq+aHx6dJEu4OHDrevwfhP/VFsd++Abed+Lehcxj90LuMfOpfxD53L+IfOVW/8f9yGfgA7b533/z071Q9g55n/Q+cy/qFzGf/QkRreG1/Y0i3/Em1KfNeztd9qaD4Rhdsk5DsmkY7HOkVdTf+YxSYTu+oWtfuVCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDX+CwAA//8ngeSM") mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0) 3.275921029s ago: executing program 1 (id=11181): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000014da2108ab1204000000000000010902240001b30000040904410c17ff5d810009050f1f05e13f000009058303", @ANYRESDEC], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x3b, &(0x7f00000000c0)=ANY=[]) 1.686095293s ago: executing program 3 (id=11192): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) syslog(0x4, &(0x7f0000000000)=""/19, 0xb12288e90d7c8384) 1.345843944s ago: executing program 2 (id=11195): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="02000000040000000800000001000000800000", @ANYRES32=0x0], 0xe) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x3, 0x10, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b70800000000000e7b8af0ff00000000bfa10000000000000701000000feffffbfa40000000000000704000000feffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000c500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 1.205803579s ago: executing program 4 (id=11196): r0 = add_key$keyring(&(0x7f0000000340), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$assume_authority(0x10, r0) 1.167074761s ago: executing program 2 (id=11197): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a310000000054000000030a01020000000000000000010000000900030073797a320000000028000480080002400000000008000140000000051400030076657468315f6d6163767461700000000900010073797a310000000040000000050a11020000000000000000010020000c00024000000000000000010900010073797a310000000014000480080002"], 0xdc}}, 0x9840) 1.144488261s ago: executing program 3 (id=11198): r0 = socket(0x10, 0x3, 0x0) sendto$inet6(r0, &(0x7f0000000000)="7800000018002507b9409b14ffff00000204be04020506050e0204094300080004000000040010000d0068d0bf46d32345653600648d0a0012000200000049935ade4a460c89b6ec0cff3959547f509058ba86c902000000004a32000400160005000a0000000000e000e218d1ddf66ed538f25232500000", 0x78, 0x0, 0x0, 0x0) 1.045534884s ago: executing program 4 (id=11199): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x2000001, 0x3032, 0xffffffffffffffff, 0x0) name_to_handle_at(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', &(0x7f0000002380)=ANY=[], &(0x7f0000000080), 0x400) 1.023632405s ago: executing program 1 (id=11200): r0 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f0000000180), 0x80000, 0x0) read$FUSE(r0, &(0x7f0000001380)={0x2020}, 0x2020) 931.469548ms ago: executing program 2 (id=11201): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) getsockopt$netrom_NETROM_T2(r0, 0x103, 0x2, 0x0, &(0x7f0000000000)=0xffffffffffffff71) 813.182833ms ago: executing program 1 (id=11202): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009e173610ef171e7206de010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000680)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="000004000000f82710e0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 748.787864ms ago: executing program 3 (id=11203): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000040000000000000000000300000a20000000000a05000000000000000000070000000900010073797a300000000044000000090a010400000000000000000700ffff08000a40000000030900020073797a31000000000900010073797a3000000000080005400000002105000d40930000005c0000000c0a01020000000000000000070000000900020073797a31000000000900010073797a3000000000300003802c0000800400018024000b80100001800c000100636f756e746572001000018009"], 0xe8}, 0x1, 0x0, 0x0, 0x10}, 0x0) 739.449205ms ago: executing program 2 (id=11204): setreuid(0xee01, 0xee00) ioprio_set$pid(0x2, 0x0, 0x0) 566.27908ms ago: executing program 2 (id=11205): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_FLUSH(r0, 0x0, 0x480, 0x0, 0x0) 553.995271ms ago: executing program 4 (id=11206): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_tcp_int(r0, 0x6, 0x12, 0x0, &(0x7f0000000580)) 544.151511ms ago: executing program 3 (id=11207): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001480)=[{&(0x7f0000000140)="ec", 0x1}], 0x1, 0x9, 0x26d0d5f1) 402.192046ms ago: executing program 2 (id=11208): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0) sendfile(r0, r0, 0x0, 0x200000) 368.957427ms ago: executing program 3 (id=11209): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000005c0)=@migrate={0xa0, 0x21, 0x1, 0x0, 0xfffffffe, {{@in6=@private0, @in=@remote, 0xfffc, 0x0, 0x0, 0x4, 0xa, 0xe0, 0x80}, 0x2}, [@migrate={0x50, 0x11, [{@in=@local, @in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@empty, @in6=@mcast1, 0x33, 0x3, 0x0, 0x2, 0x2, 0x2}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x800}, 0x42000) 302.46697ms ago: executing program 4 (id=11210): r0 = fsopen(&(0x7f00000001c0)='cpuset\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x2, &(0x7f0000000180)='dirsync\x00', &(0x7f0000000200)='A;', 0x2) 175.925074ms ago: executing program 3 (id=11211): r0 = socket$kcm(0x15, 0x5, 0x0) sendmsg$kcm(r0, &(0x7f0000000580)={&(0x7f00000000c0)=@in6={0xa, 0x0, 0x80, @empty}, 0x80, 0x0}, 0x0) 121.680956ms ago: executing program 4 (id=11212): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$unix(r0, &(0x7f00000025c0)=@file={0x0, './file0\x00'}, 0x6e) 0s ago: executing program 4 (id=11213): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x1f}]}, @NFT_MSG_NEWSETELEM={0x44, 0xc, 0xa, 0x201, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz2\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x18, 0x3, 0x0, 0x1, [{0x14, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_EXPIRATION={0xc, 0x5, 0x1, 0x0, 0x7}, @NFTA_SET_ELEM_KEY={0x4}]}]}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0xa}}}, 0xc8}}, 0x0) kernel console output (not intermixed with test programs): ed [ 1212.740017][T27353] FAT-fs (loop1): Directory bread(block 67) failed [ 1212.748634][T27353] FAT-fs (loop1): Directory bread(block 68) failed [ 1212.767819][T27329] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1212.777234][T27353] FAT-fs (loop1): Directory bread(block 69) failed [ 1212.807951][T27353] FAT-fs (loop1): Directory bread(block 70) failed [ 1212.833976][T27353] FAT-fs (loop1): Directory bread(block 71) failed [ 1212.863611][T27365] loop0: detected capacity change from 0 to 512 [ 1212.872688][T27353] FAT-fs (loop1): Directory bread(block 72) failed [ 1212.878655][T27365] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1212.886421][T27329] XFS (loop2): Ending clean mount [ 1212.913741][T27353] FAT-fs (loop1): Directory bread(block 73) failed [ 1212.957481][T27337] loop3: detected capacity change from 0 to 32768 [ 1212.971896][T27337] JFS: Invalid value of umask [ 1213.085209][T27365] FAT-fs (loop0): error, fat_get_cluster: invalid start cluster (i_pos 0, start 22000003) [ 1213.191675][ T6306] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1213.227250][ T28] audit: type=1400 audit(1774710716.306:135): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=27366 comm="syz.3.9734" [ 1213.846612][T27379] loop3: detected capacity change from 0 to 16 [ 1213.866361][T27379] erofs: (device loop3): mounted with root inode @ nid 36. [ 1213.879546][T25079] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1213.892013][T27379] erofs: (device loop3): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 1213.913926][T27379] erofs: (device loop3): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851] [ 1213.926857][T27379] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 1214.089729][T25079] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1214.113571][T25079] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1214.160570][T25079] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1214.182007][T25079] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1214.202660][T27375] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1214.220007][T25079] usb 1-1: Quirk or no altest; falling back to MIDI 1.0 [ 1214.719909][ T28] audit: type=1326 audit(1774710717.870:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27403 comm="syz.3.9752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e02d9c819 code=0x7ffc0000 [ 1214.762351][ T28] audit: type=1326 audit(1774710717.901:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27403 comm="syz.3.9752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0e02d9c819 code=0x7ffc0000 [ 1214.792752][T27404] loop3: detected capacity change from 0 to 2048 [ 1214.810333][ T28] audit: type=1326 audit(1774710717.901:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27403 comm="syz.3.9752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0e02d9c819 code=0x7ffc0000 [ 1214.813427][ T5756] usb 1-1: USB disconnect, device number 21 [ 1214.877892][T27404] Alternate GPT is invalid, using primary GPT. [ 1214.884463][T27404] loop3: p2 p3 p7 [ 1214.911718][ T28] audit: type=1326 audit(1774710717.901:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27403 comm="syz.3.9752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0e02d9c582 code=0x7ffc0000 [ 1214.963945][ T28] audit: type=1326 audit(1774710717.912:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=27403 comm="syz.3.9752" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0e02d5d04e code=0x7ffc0000 [ 1215.048760][ T5137] Alternate GPT is invalid, using primary GPT. [ 1215.076271][ T5137] loop3: p2 p3 p7 [ 1215.183975][ T7648] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1215.303695][T27414] loop2: detected capacity change from 0 to 4096 [ 1215.373974][T27414] ntfs: volume version 3.1. [ 1215.385972][ T6269] udevd[6269]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 1215.397695][ T7648] udevd[7648]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 1215.404516][ T5759] udevd[5759]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 1215.488960][ T5759] udevd[5759]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 1215.503068][ T7752] udevd[7752]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 1215.524184][ T7648] udevd[7648]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 1215.900496][T27430] loop2: detected capacity change from 0 to 512 [ 1215.947307][T27430] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 1216.000540][T27430] EXT4-fs (loop2): external journal device major/minor numbers have changed [ 1216.245663][T27430] EXT4-fs (loop2): failed to open journal device unknown-block(0,5) -6 [ 1216.408218][T27450] loop3: detected capacity change from 0 to 4096 [ 1216.471459][T27450] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 1216.973075][T27466] netlink: 'syz.0.9779': attribute type 1 has an invalid length. [ 1217.010407][T27466] netlink: 248 bytes leftover after parsing attributes in process `syz.0.9779'. [ 1217.867344][T27505] xt_TCPMSS: Only works on TCP SYN packets [ 1219.036322][T27553] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073709510581) [ 1219.063849][T27553] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 1219.607867][T27573] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 1219.612049][T27575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9831'. [ 1219.686943][T27575] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1219.695012][T27575] IPv6: NLM_F_CREATE should be set when creating new route [ 1219.702394][T27575] IPv6: NLM_F_CREATE should be set when creating new route [ 1220.040194][T27587] xfrm0 speed is unknown, defaulting to 1000 [ 1220.072719][T27587] xfrm0 speed is unknown, defaulting to 1000 [ 1220.102752][T27587] xfrm0 speed is unknown, defaulting to 1000 [ 1220.174937][T27587] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 1220.239712][T27587] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 1220.387871][T27587] xfrm0 speed is unknown, defaulting to 1000 [ 1220.408442][T27587] xfrm0 speed is unknown, defaulting to 1000 [ 1220.427254][T27587] xfrm0 speed is unknown, defaulting to 1000 [ 1220.455239][T27587] xfrm0 speed is unknown, defaulting to 1000 [ 1220.656391][T27583] loop3: detected capacity change from 0 to 32768 [ 1220.670228][T27579] loop0: detected capacity change from 0 to 32768 [ 1220.718685][T27579] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1220.746817][T27583] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1220.917446][T27583] XFS (loop3): Ending clean mount [ 1220.923428][T27579] XFS (loop0): Ending clean mount [ 1221.103134][ T6316] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1221.260222][ T6305] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1221.718681][T27636] loop3: detected capacity change from 0 to 64 [ 1221.974102][T27640] loop2: detected capacity change from 0 to 1024 [ 1222.102144][T27640] syz.2.9856: attempt to access beyond end of device [ 1222.102144][T27640] loop2: rw=0, sector=393226, nr_sectors = 2 limit=1024 [ 1222.715730][T27660] netlink: 44 bytes leftover after parsing attributes in process `syz.1.9862'. [ 1222.718161][T27662] netlink: 444 bytes leftover after parsing attributes in process `syz.0.9863'. [ 1222.736719][T27660] netlink: 43 bytes leftover after parsing attributes in process `syz.1.9862'. [ 1222.782735][T27660] netlink: 'syz.1.9862': attribute type 6 has an invalid length. [ 1222.804665][T27660] netlink: 'syz.1.9862': attribute type 5 has an invalid length. [ 1222.821531][T27660] netlink: 43 bytes leftover after parsing attributes in process `syz.1.9862'. [ 1223.381979][ T9] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 1223.487179][T27691] netlink: 3 bytes leftover after parsing attributes in process `syz.0.9877'. [ 1223.599377][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1223.607862][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1223.643180][ T9] usb 2-1: config 0 has no interface number 0 [ 1223.653896][ T9] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 1223.667375][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1223.675903][ T9] usb 2-1: Product: syz [ 1223.680661][ T9] usb 2-1: Manufacturer: syz [ 1223.685651][ T9] usb 2-1: SerialNumber: syz [ 1223.708569][ T9] usb 2-1: config 0 descriptor?? [ 1223.724850][T25079] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1223.735355][ T9] cx231xx 2-1:0.1: New device syz syz @ 12 Mbps (0572:58a5) with 1 interfaces [ 1223.762299][ T9] cx231xx 2-1:0.1: Not found matching IAD interface [ 1223.943765][T25079] usb 4-1: Using ep0 maxpacket: 16 [ 1223.962473][ T9] usb 2-1: USB disconnect, device number 15 [ 1223.973071][T25079] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1224.010552][T25079] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1224.031182][T25079] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1224.055894][T25079] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1224.082832][T25079] usb 4-1: Product: syz [ 1224.088065][T25079] usb 4-1: Manufacturer: syz [ 1224.109266][T25079] usb 4-1: SerialNumber: syz [ 1224.134656][T25079] r8152-cfgselector 4-1: config 0 descriptor?? [ 1224.152504][T27711] ieee802154 phy0 wpan0: encryption failed: -22 [ 1224.356597][T25079] usbip-host 4-1: 4-1 is not in match_busid table... skip! [ 1224.594685][ T5756] usb 4-1: USB disconnect, device number 34 [ 1224.779891][T27725] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1224.796635][T27715] loop0: detected capacity change from 0 to 32768 [ 1224.826368][T27715] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.9890 (27715) [ 1224.862627][T27715] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1224.905431][T27715] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1224.916683][T27715] BTRFS info (device loop0): using free space tree [ 1225.049788][T27715] BTRFS info (device loop0): enabling ssd optimizations [ 1225.097770][T27748] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1225.102876][T27715] BTRFS info (device loop0): auto enabling async discard [ 1225.468464][ T6305] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1225.783988][T27760] netlink: 4 bytes leftover after parsing attributes in process `syz.0.9903'. [ 1225.811915][T27760] netlink: 16 bytes leftover after parsing attributes in process `syz.0.9903'. [ 1225.865253][T27763] loop1: detected capacity change from 0 to 1764 [ 1225.888000][T27727] loop2: detected capacity change from 0 to 32768 [ 1226.339353][T27773] netlink: 660 bytes leftover after parsing attributes in process `syz.0.9912'. [ 1226.475577][T27777] netlink: 12 bytes leftover after parsing attributes in process `syz.0.9914'. [ 1226.484978][T27775] netlink: 312 bytes leftover after parsing attributes in process `syz.1.9913'. [ 1226.516535][T27777] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1226.550226][T27779] loop3: detected capacity change from 0 to 512 [ 1226.622159][T27779] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 1226.677914][T27779] EXT4-fs (loop3): 1 truncate cleaned up [ 1226.685069][T27779] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1226.762679][T27779] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.9915: bg 0: block 465: padding at end of block bitmap is not set [ 1226.917204][ T6316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1227.749707][T27823] siw: device registration error -23 [ 1228.552619][T27854] loop3: detected capacity change from 0 to 512 [ 1228.632956][T27854] FAT-fs (loop3): Directory bread(block 199916) failed [ 1228.659888][T27854] FAT-fs (loop3): Directory bread(block 199917) failed [ 1228.672190][T27854] FAT-fs (loop3): Directory bread(block 199918) failed [ 1228.725897][T27854] FAT-fs (loop3): Directory bread(block 199919) failed [ 1228.732906][T27854] FAT-fs (loop3): Directory bread(block 199920) failed [ 1228.767785][T27854] FAT-fs (loop3): Directory bread(block 199921) failed [ 1228.801881][T27854] FAT-fs (loop3): Directory bread(block 199922) failed [ 1228.808846][T27854] FAT-fs (loop3): Directory bread(block 199923) failed [ 1228.908199][T27854] FAT-fs (loop3): Directory bread(block 199916) failed [ 1228.915729][T27854] FAT-fs (loop3): Directory bread(block 199917) failed [ 1229.266947][T27848] loop0: detected capacity change from 0 to 32768 [ 1229.299398][T27872] netlink: 'syz.1.9958': attribute type 9 has an invalid length. [ 1229.366290][T27874] netlink: 209860 bytes leftover after parsing attributes in process `syz.2.9959'. [ 1229.888117][T27890] loop1: detected capacity change from 0 to 2048 [ 1229.970692][T27897] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1230.039711][T27890] syz.1.9966: attempt to access beyond end of device [ 1230.039711][T27890] loop1: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048 [ 1230.098327][T27890] NILFS (loop1): I/O error reading b-tree node block (ino=16, blocknr=15) [ 1230.136438][T27890] NILFS (loop1): error -5 truncating bmap (ino=16) [ 1231.116706][T27939] sctp: [Deprecated]: syz.3.9990 (pid 27939) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1231.116706][T27939] Use struct sctp_sack_info instead [ 1232.448998][T27965] loop3: detected capacity change from 0 to 32768 [ 1233.287751][T27999] loop0: detected capacity change from 0 to 256 [ 1233.414810][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10022'. [ 1233.459249][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10022'. [ 1233.525574][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10022'. [ 1233.591558][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10022'. [ 1233.626638][T28009] loop2: detected capacity change from 0 to 256 [ 1233.631665][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10022'. [ 1233.677838][T28009] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x395e47cf, utbl_chksum : 0xe619d30d) [ 1233.686668][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10022'. [ 1233.737542][T28003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10022'. [ 1233.764607][T28012] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10027'. [ 1233.806841][T28012] vlan0: entered promiscuous mode [ 1233.827959][T28012] vlan0: entered allmulticast mode [ 1233.837640][T28012] veth0_vlan: entered allmulticast mode [ 1234.478419][T28035] loop2: detected capacity change from 0 to 256 [ 1234.602158][T28035] FAT-fs (loop2): Directory bread(block 64) failed [ 1234.633170][T28033] loop3: detected capacity change from 0 to 8192 [ 1234.640757][T28035] FAT-fs (loop2): Directory bread(block 65) failed [ 1234.655499][T28035] FAT-fs (loop2): Directory bread(block 66) failed [ 1234.677331][T28035] FAT-fs (loop2): Directory bread(block 67) failed [ 1234.709004][T28033] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1234.722471][T28035] FAT-fs (loop2): Directory bread(block 68) failed [ 1234.732128][T28035] FAT-fs (loop2): Directory bread(block 69) failed [ 1234.738884][T28035] FAT-fs (loop2): Directory bread(block 70) failed [ 1234.745658][T28035] FAT-fs (loop2): Directory bread(block 71) failed [ 1234.753112][T28035] FAT-fs (loop2): Directory bread(block 72) failed [ 1234.759857][T28035] FAT-fs (loop2): Directory bread(block 73) failed [ 1234.761605][ T28] kauditd_printk_skb: 39 callbacks suppressed [ 1234.761620][ T28] audit: type=1400 audit(1774710738.918:160): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=28039 comm="syz.0.10040" [ 1234.780938][T28033] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 1234.792116][ C0] vkms_vblank_simulate: vblank timer overrun [ 1234.808694][T28033] REISERFS (device loop3): using ordered data mode [ 1234.815341][T28033] reiserfs: using flush barriers [ 1234.822550][T28033] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1234.839528][T28033] REISERFS (device loop3): checking transaction log (loop3) [ 1235.186290][T28033] REISERFS (device loop3): Using r5 hash to sort names [ 1235.201742][T28033] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 1235.296472][T28044] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.10042'. [ 1235.381478][T28046] loop0: detected capacity change from 0 to 512 [ 1235.396723][T28046] EXT4-fs: Ignoring removed orlov option [ 1235.473830][T28046] EXT4-fs: Ignoring removed nobh option [ 1235.527250][T28046] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1235.567673][T28046] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1235.651708][T28046] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.10043: bg 0: block 248: padding at end of block bitmap is not set [ 1235.717427][T28046] Quota error (device loop0): write_blk: dquota write failed [ 1235.745879][T28046] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 1235.799441][T28046] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.10043: Failed to acquire dquot type 1 [ 1235.862667][T28046] EXT4-fs (loop0): 1 truncate cleaned up [ 1235.882307][T28046] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1235.989103][T28061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10049'. [ 1236.018711][T28046] EXT4-fs: Ignoring removed orlov option [ 1236.034180][T28046] EXT4-fs: Ignoring removed nobh option [ 1236.036898][T28061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10049'. [ 1236.058284][T28046] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1236.067372][T28046] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 1236.068630][T28061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10049'. [ 1236.079296][ T8305] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1236.115933][T28046] EXT4-fs error (device loop0): __ext4_remount:6752: comm syz.0.10043: Abort forced by user [ 1236.132908][T28061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10049'. [ 1236.139178][T28046] EXT4-fs (loop0): Remounting filesystem read-only [ 1236.161632][T28046] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 1236.170876][T28046] ext4 filesystem being remounted at /2436/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1236.173384][T28061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10049'. [ 1236.234003][T28061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10049'. [ 1236.260397][ T8305] usb 4-1: Using ep0 maxpacket: 32 [ 1236.263955][T28061] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10049'. [ 1236.274026][ T8305] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 1236.296203][ T6305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1236.320038][ T8305] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1236.359783][ T8305] usb 4-1: config 0 descriptor?? [ 1236.372201][ T8305] gspca_main: sunplus-2.14.0 probing 041e:400b [ 1236.534678][ T28] audit: type=1326 audit(1774710740.777:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28073 comm="syz.1.10055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1236.613656][ T28] audit: type=1326 audit(1774710740.777:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28073 comm="syz.1.10055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1236.694964][ T28] audit: type=1326 audit(1774710740.777:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28073 comm="syz.1.10055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=38 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1236.742891][T28081] netlink: 36 bytes leftover after parsing attributes in process `syz.0.10059'. [ 1236.771788][T28081] netlink: 6 bytes leftover after parsing attributes in process `syz.0.10059'. [ 1236.785810][ T28] audit: type=1326 audit(1774710740.777:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28073 comm="syz.1.10055" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1236.809257][ T8305] gspca_sunplus: reg_w_riv err -71 [ 1236.822415][ T8305] sunplus: probe of 4-1:0.0 failed with error -71 [ 1236.855652][ T8305] usb 4-1: USB disconnect, device number 35 [ 1237.697049][T28114] netlink: 'syz.1.10075': attribute type 2 has an invalid length. [ 1238.087281][T28128] loop0: detected capacity change from 0 to 512 [ 1238.177560][T28128] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1238.270993][T28128] ext4 filesystem being mounted at /2444/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1238.357979][T28128] Quota error (device loop0): find_block_dqentry: Quota for id 0 referenced but not present [ 1238.423012][T28128] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0 [ 1238.474164][T28128] EXT4-fs error (device loop0): ext4_acquire_dquot:6949: comm syz.0.10081: Failed to acquire dquot type 0 [ 1238.559882][T28142] loop1: detected capacity change from 0 to 2048 [ 1238.574718][T28142] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1238.594857][T28111] loop3: detected capacity change from 0 to 32768 [ 1238.605409][ T6305] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1238.619965][T28111] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.10074 (28111) [ 1238.657457][T28145] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1238.671008][T28142] syz.1.10088: attempt to access beyond end of device [ 1238.671008][T28142] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1238.727656][T28111] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1238.774019][T28111] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 1238.829700][T28111] BTRFS info (device loop3): force zlib compression, level 3 [ 1238.834267][T28142] syz.1.10088: attempt to access beyond end of device [ 1238.834267][T28142] loop1: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 1238.867371][T28111] BTRFS info (device loop3): force clearing of disk cache [ 1238.886946][T28142] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=3) [ 1238.895533][T28111] BTRFS info (device loop3): setting nodatasum [ 1238.895562][T28111] BTRFS info (device loop3): use zlib compression, level 3 [ 1238.895586][T28111] BTRFS info (device loop3): allowing degraded mounts [ 1238.895607][T28111] BTRFS info (device loop3): enabling disk space caching [ 1238.895625][T28111] BTRFS info (device loop3): disk space caching is enabled [ 1238.954037][T28149] loop2: detected capacity change from 0 to 512 [ 1238.961724][T28149] EXT4-fs: Ignoring removed orlov option [ 1238.977625][T28149] EXT4-fs: Ignoring removed nobh option [ 1239.019078][T28149] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1239.067253][T28111] BTRFS info (device loop3): enabling ssd optimizations [ 1239.082182][T28149] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1239.089980][T28111] BTRFS info (device loop3): auto enabling async discard [ 1239.115722][T28111] BTRFS info (device loop3): rebuilding free space tree [ 1239.155515][T28149] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.10090: bg 0: block 248: padding at end of block bitmap is not set [ 1239.157921][T28111] BTRFS info (device loop3): disabling free space tree [ 1239.203155][T28149] Quota error (device loop2): write_blk: dquota write failed [ 1239.242417][T28149] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.10090: Failed to acquire dquot type 1 [ 1239.251752][T28111] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1239.301553][T28111] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1239.337545][T28149] EXT4-fs (loop2): 1 truncate cleaned up [ 1239.370320][T28149] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1239.528493][T28149] EXT4-fs: Ignoring removed orlov option [ 1239.556709][T28149] EXT4-fs: Ignoring removed nobh option [ 1239.562455][T28149] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1239.601539][T28111] BTRFS info (device loop3): balance: start -sprofiles=data|system|metadata|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,drange=9223372036854776315..7,vrange=11..8,limit=7,limit=7..0,stripes=1..73 [ 1239.733738][T28111] BTRFS info (device loop3): balance: ended with status: 0 [ 1239.890069][T28149] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 1239.905691][ T6316] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1239.947035][T28149] EXT4-fs error (device loop2): __ext4_remount:6752: comm syz.2.10090: Abort forced by user [ 1239.997430][T28149] EXT4-fs (loop2): Remounting filesystem read-only [ 1240.013622][T28149] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 1240.053761][T28149] ext4 filesystem being remounted at /2435/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1240.319908][ T6306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1240.530138][T28194] netlink: 'syz.2.10103': attribute type 6 has an invalid length. [ 1240.585104][T28194] __nla_validate_parse: 11 callbacks suppressed [ 1240.585122][T28194] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.10103'. [ 1240.607489][T28196] loop1: detected capacity change from 0 to 128 [ 1240.628623][T28198] loop3: detected capacity change from 0 to 512 [ 1240.684927][T28198] EXT4-fs (loop3): 1 orphan inode deleted [ 1240.692515][T28198] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1240.706834][T28196] FAT-fs (loop1): Directory bread(block 32) failed [ 1240.756480][T28196] FAT-fs (loop1): Directory bread(block 33) failed [ 1240.789037][ T61] __quota_error: 1 callbacks suppressed [ 1240.789056][ T61] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 1240.806783][T28198] ext4 filesystem being mounted at /2230/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1240.842674][T28196] FAT-fs (loop1): Directory bread(block 34) failed [ 1240.849472][T28196] FAT-fs (loop1): Directory bread(block 35) failed [ 1240.876039][T28198] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.10105: iget: bad i_size value: -81346268269379574 [ 1240.896236][ T61] EXT4-fs error (device loop3): ext4_release_dquot:6985: comm kworker/u4:4: Failed to release dquot type 1 [ 1240.914953][T28196] FAT-fs (loop1): Directory bread(block 36) failed [ 1240.933446][T28196] FAT-fs (loop1): Directory bread(block 37) failed [ 1240.967671][T28196] FAT-fs (loop1): Directory bread(block 38) failed [ 1240.974289][T28196] FAT-fs (loop1): Directory bread(block 39) failed [ 1240.991632][T28196] FAT-fs (loop1): Directory bread(block 40) failed [ 1241.026168][T28196] FAT-fs (loop1): Directory bread(block 41) failed [ 1241.057751][ T6316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1241.077049][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1241.083603][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1241.351105][T28212] loop3: detected capacity change from 0 to 2048 [ 1241.377588][T28196] FAT-fs (loop1): Filesystem has been set read-only [ 1241.433560][T28212] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1241.633082][T28217] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1241.634148][T28212] syz.3.10110: attempt to access beyond end of device [ 1241.634148][T28212] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1241.734294][T28212] syz.3.10110: attempt to access beyond end of device [ 1241.734294][T28212] loop3: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 1241.749984][T28212] NILFS (loop3): I/O error reading meta-data file (ino=6, block-offset=3) [ 1242.073998][T28229] xt_cgroup: xt_cgroup: no path or classid specified [ 1242.252273][T28235] netlink: 'syz.3.10122': attribute type 2 has an invalid length. [ 1242.260623][T28235] netlink: 132 bytes leftover after parsing attributes in process `syz.3.10122'. [ 1242.313083][T28237] loop1: detected capacity change from 0 to 512 [ 1242.316827][T28233] loop2: detected capacity change from 0 to 4096 [ 1242.338707][T28237] EXT4-fs: Ignoring removed orlov option [ 1242.345866][T28233] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1242.354661][T28237] EXT4-fs: Ignoring removed nobh option [ 1242.414841][T28237] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1242.444173][T28237] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1242.473534][T28233] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 1242.480122][T28233] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 1242.502976][T28237] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.10123: bg 0: block 248: padding at end of block bitmap is not set [ 1242.567196][T28244] loop0: detected capacity change from 0 to 64 [ 1242.611197][T28237] Quota error (device loop1): write_blk: dquota write failed [ 1242.644502][T28237] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 1242.681657][T28244] syz.0.10125: attempt to access beyond end of device [ 1242.681657][T28244] loop0: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 1242.699606][T28237] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.10123: Failed to acquire dquot type 1 [ 1242.719248][T28244] Buffer I/O error on dev loop0, logical block 134217734, lost async page write [ 1242.764152][T28237] EXT4-fs (loop1): 1 truncate cleaned up [ 1242.791132][T28237] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1242.912291][T28237] EXT4-fs: Ignoring removed orlov option [ 1242.940293][T28237] EXT4-fs: Ignoring removed nobh option [ 1242.948870][T28237] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1242.989474][T28237] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 1242.989996][ T1136] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 1243.018925][ T6306] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 1243.034918][ T6306] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1243.035287][T28237] EXT4-fs error (device loop1): __ext4_remount:6752: comm syz.1.10123: Abort forced by user [ 1243.053232][ T6306] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 1243.066906][ T1136] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 1243.079716][T28237] EXT4-fs (loop1): Remounting filesystem read-only [ 1243.104475][T28237] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 1243.137732][T28237] ext4 filesystem being remounted at /2514/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1243.349435][ T6304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1243.538779][ T28] audit: type=1326 audit(1774710748.125:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28262 comm="syz.1.10134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1243.638801][ T28] audit: type=1326 audit(1774710748.125:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28262 comm="syz.1.10134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1243.681855][T28267] set match dimension is over the limit! [ 1243.710250][ T28] audit: type=1326 audit(1774710748.167:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28262 comm="syz.1.10134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1243.750552][ T28] audit: type=1326 audit(1774710748.167:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28262 comm="syz.1.10134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1243.838447][ T28] audit: type=1326 audit(1774710748.167:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28262 comm="syz.1.10134" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1243.852914][T28269] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1243.947855][T28276] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10140'. [ 1244.365081][T28292] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10149'. [ 1244.406802][T28292] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10149'. [ 1245.016322][T28317] loop1: detected capacity change from 0 to 8 [ 1245.431087][T28323] loop1: detected capacity change from 0 to 4096 [ 1245.553696][T28323] ntfs: volume version 3.1. [ 1245.576353][T28333] netlink: 'syz.3.10169': attribute type 21 has an invalid length. [ 1245.584400][T28333] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10169'. [ 1245.850431][T28340] loop3: detected capacity change from 0 to 128 [ 1245.974927][T28340] FAT-fs (loop3): Directory bread(block 32) failed [ 1245.994456][T28340] FAT-fs (loop3): Directory bread(block 33) failed [ 1246.016580][T28340] FAT-fs (loop3): Directory bread(block 34) failed [ 1246.023188][T28340] FAT-fs (loop3): Directory bread(block 35) failed [ 1246.036731][T28340] FAT-fs (loop3): Directory bread(block 36) failed [ 1246.044704][T28340] FAT-fs (loop3): Directory bread(block 37) failed [ 1246.059665][T28340] FAT-fs (loop3): Directory bread(block 38) failed [ 1246.073071][T28347] loop1: detected capacity change from 0 to 1024 [ 1246.100985][T28340] FAT-fs (loop3): Directory bread(block 39) failed [ 1246.107753][T28340] FAT-fs (loop3): Directory bread(block 40) failed [ 1246.137054][T28340] FAT-fs (loop3): Directory bread(block 41) failed [ 1246.281484][T28340] FAT-fs (loop3): Filesystem has been set read-only [ 1246.433653][ T6297] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1246.633517][ T6297] usb 2-1: Using ep0 maxpacket: 32 [ 1246.640479][ T6297] usb 2-1: config 0 has an invalid interface number: 132 but max is 0 [ 1246.649283][ T6297] usb 2-1: config 0 has no interface number 0 [ 1246.655510][ T6297] usb 2-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid maxpacket 65519, setting to 1024 [ 1246.666983][ T6297] usb 2-1: config 0 interface 132 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1246.680287][ T6297] usb 2-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 1246.689451][ T6297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1246.697583][ T6297] usb 2-1: Product: syz [ 1246.701822][ T6297] usb 2-1: Manufacturer: syz [ 1246.706427][ T6297] usb 2-1: SerialNumber: syz [ 1246.714059][ T6297] usb 2-1: config 0 descriptor?? [ 1246.720040][T28347] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1246.730872][ T6297] em28xx 2-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 1246.740769][ T6297] em28xx 2-1:0.132: Video interface 132 found: bulk [ 1246.995957][ T6297] em28xx 2-1:0.132: unknown em28xx chip ID (0) [ 1247.077841][ T6297] em28xx 2-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5) [ 1247.086630][ T6297] em28xx 2-1:0.132: board has no eeprom [ 1247.167297][ T6297] em28xx 2-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 1247.175594][ T6297] em28xx 2-1:0.132: analog set to bulk mode. [ 1247.181867][ T9] em28xx 2-1:0.132: Registering V4L2 extension [ 1247.193820][ T6297] usb 2-1: USB disconnect, device number 16 [ 1247.211087][ T6297] em28xx 2-1:0.132: Disconnecting em28xx [ 1247.307072][ T9] em28xx 2-1:0.132: Config register raw data: 0xffffffed [ 1247.314263][ T9] em28xx 2-1:0.132: AC97 chip type couldn't be determined [ 1247.324045][ T9] em28xx 2-1:0.132: No AC97 audio processor [ 1247.335725][ T9] usb 2-1: Decoder not found [ 1247.340419][ T9] em28xx 2-1:0.132: failed to create media graph [ 1247.346851][ T9] em28xx 2-1:0.132: V4L2 device video103 deregistered [ 1247.356973][ T9] em28xx 2-1:0.132: Remote control support is not available for this card. [ 1247.365682][ T6297] em28xx 2-1:0.132: Closing input extension [ 1247.378110][ T6297] em28xx 2-1:0.132: Freeing device [ 1247.853484][T28367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10182'. [ 1248.265930][T28383] loop1: detected capacity change from 0 to 16 [ 1248.310148][T28383] erofs: (device loop1): mounted with root inode @ nid 36. [ 1248.349280][T28383] erofs: (device loop1): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 32768 [ 1248.379181][T28383] erofs: (device loop1): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 32768 [ 1248.419117][T28383] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 32811 of nid 36 [ 1248.567936][T14719] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1248.768330][T14719] usb 1-1: Using ep0 maxpacket: 8 [ 1248.776183][T14719] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1248.811749][T14719] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1248.834389][T14719] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1248.848538][T14719] usb 1-1: New USB device found, idVendor=2466, idProduct=8010, bcdDevice= 0.40 [ 1248.863924][T14719] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1248.881277][T14719] usb 1-1: Product: syz [ 1248.890689][T14719] usb 1-1: Manufacturer: syz [ 1248.897455][T14719] usb 1-1: SerialNumber: syz [ 1248.976794][ T9] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1249.158066][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1249.175297][ T9] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1249.194838][ T9] usb 2-1: config 1 has no interface number 1 [ 1249.201405][ T9] usb 2-1: config 1 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 1249.245221][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1249.268622][ T9] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1249.297477][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1249.316561][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.329346][ T9] usb 2-1: Product: syz [ 1249.336305][T14719] usb 1-1: cannot find UAC_HEADER [ 1249.345717][ T9] usb 2-1: Manufacturer: syz [ 1249.355613][ T9] usb 2-1: SerialNumber: syz [ 1249.403297][T14719] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 1249.429149][T14719] usb 1-1: USB disconnect, device number 22 [ 1249.486188][ T7752] udevd[7752]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1249.582330][ T9] usb 2-1: failed to enable PITCH for EP 0x82 [ 1249.602915][ T9] usb 2-1: 2:1: cannot set freq 11994917 to ep 0x82 [ 1249.654807][T28418] netlink: 'syz.2.10208': attribute type 6 has an invalid length. [ 1249.667201][ T9] usb 2-1: USB disconnect, device number 17 [ 1249.926577][T28411] loop3: detected capacity change from 0 to 32768 [ 1249.940011][T28411] XFS: attr2 mount option is deprecated. [ 1249.978972][T28411] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1250.148405][T28411] XFS (loop3): Ending clean mount [ 1250.180052][T28411] XFS (loop3): Quotacheck needed: Please wait. [ 1250.312682][T28411] XFS (loop3): Quotacheck: Done. [ 1250.599344][ T6316] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1250.645497][T28444] xt_ipcomp: unknown flags 12 [ 1251.336525][T28463] autofs4:pid:28463:autofs_fill_super: called with bogus options [ 1252.163578][T28485] loop1: detected capacity change from 0 to 4096 [ 1252.888891][T28471] loop0: detected capacity change from 0 to 32768 [ 1252.960182][T28471] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1253.007010][T28507] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1253.129961][T28471] XFS (loop0): Ending clean mount [ 1253.357067][ T6305] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1253.422963][T28523] loop3: detected capacity change from 0 to 256 [ 1253.508557][T28490] loop2: detected capacity change from 0 to 32768 [ 1253.527701][T28523] FAT-fs (loop3): Directory bread(block 64) failed [ 1253.582544][T28490] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.10239 (28490) [ 1253.596065][T28523] FAT-fs (loop3): Directory bread(block 65) failed [ 1253.622379][T28523] FAT-fs (loop3): Directory bread(block 66) failed [ 1253.647951][T28523] FAT-fs (loop3): Directory bread(block 67) failed [ 1253.667833][T28523] FAT-fs (loop3): Directory bread(block 68) failed [ 1253.676841][T28490] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1253.686833][T28523] FAT-fs (loop3): Directory bread(block 69) failed [ 1253.719769][T28490] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 1253.720024][T28523] FAT-fs (loop3): Directory bread(block 70) failed [ 1253.769322][T28490] BTRFS info (device loop2): force zlib compression, level 3 [ 1253.775107][T28523] FAT-fs (loop3): Directory bread(block 71) failed [ 1253.792852][T28523] FAT-fs (loop3): Directory bread(block 72) failed [ 1253.812816][T28490] BTRFS info (device loop2): force clearing of disk cache [ 1253.822551][T28490] BTRFS info (device loop2): setting nodatasum [ 1253.832845][T28523] FAT-fs (loop3): Directory bread(block 73) failed [ 1253.857145][T28490] BTRFS info (device loop2): use zlib compression, level 3 [ 1253.868975][T28529] loop1: detected capacity change from 0 to 512 [ 1253.882964][T28490] BTRFS info (device loop2): allowing degraded mounts [ 1253.890064][T28490] BTRFS info (device loop2): enabling disk space caching [ 1253.904148][T28490] BTRFS info (device loop2): disk space caching is enabled [ 1253.942209][T28529] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 1253.959488][T28529] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 1253.981005][T28529] EXT4-fs (loop1): 1 truncate cleaned up [ 1253.997711][T28529] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1254.070347][T28529] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 1254.173455][ T6304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1254.187106][T28547] netlink: 424 bytes leftover after parsing attributes in process `syz.0.10253'. [ 1254.187698][T28490] BTRFS info (device loop2): enabling ssd optimizations [ 1254.223531][T28547] netlink: 'syz.0.10253': attribute type 1 has an invalid length. [ 1254.232724][T28490] BTRFS info (device loop2): auto enabling async discard [ 1254.311212][T28551] loop3: detected capacity change from 0 to 512 [ 1254.341953][T28490] BTRFS info (device loop2): rebuilding free space tree [ 1254.423806][T28551] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1254.446485][T28490] BTRFS info (device loop2): disabling free space tree [ 1254.513053][T28490] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1254.540532][T28551] ext4 filesystem being mounted at /2269/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1254.560183][T28490] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1254.647869][T28551] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 1254.783778][T28490] BTRFS info (device loop2): balance: start -sprofiles=data|system|metadata|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,drange=9223372036854776315..7,vrange=11..8,limit=7,limit=7..0,stripes=1..73 [ 1254.846017][T28490] BTRFS info (device loop2): balance: ended with status: 0 [ 1254.901592][ T6316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1255.028308][ T6306] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1255.141972][T28570] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10266'. [ 1255.148836][T28569] loop1: detected capacity change from 0 to 2048 [ 1255.323876][T28569] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1255.451935][T28569] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1255.806209][T28584] loop2: detected capacity change from 0 to 4096 [ 1255.949360][T28584] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1256.029443][T28584] ntfs3: loop2: Failed to load $Extend (-22). [ 1256.074162][T28584] ntfs3: loop2: Failed to initialize $Extend. [ 1256.155763][T28598] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1256.461443][T28604] loop1: detected capacity change from 0 to 128 [ 1256.681986][T28610] loop0: detected capacity change from 0 to 1024 [ 1256.870932][T28169] hfsplus: b-tree write err: -5, ino 25 [ 1256.891807][T28169] hfsplus: b-tree write err: -5, ino 4 [ 1256.927861][T28169] hfsplus: b-tree write err: -5, ino 2 [ 1257.280655][T28625] netlink: 'syz.3.10290': attribute type 5 has an invalid length. [ 1257.310036][T28625] netlink: 3657 bytes leftover after parsing attributes in process `syz.3.10290'. [ 1257.550662][T28635] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 1257.998781][ T8305] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1258.210646][ T8305] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1258.230877][ T8305] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1258.273363][ T8305] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1258.306273][ T8305] usb 3-1: config 1 has no interface number 1 [ 1258.326629][ T8305] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1258.369598][ T8305] usb 3-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1258.405337][ T8305] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1258.424924][ T8305] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1258.446052][ T8305] usb 3-1: Product: syz [ 1258.450321][ T8305] usb 3-1: Manufacturer: syz [ 1258.484852][ T8305] usb 3-1: SerialNumber: syz [ 1258.580443][T28675] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1258.581145][T28674] netlink: 'syz.3.10308': attribute type 1 has an invalid length. [ 1258.628709][T28674] netlink: 'syz.3.10308': attribute type 3 has an invalid length. [ 1258.645663][T28674] netlink: 224 bytes leftover after parsing attributes in process `syz.3.10308'. [ 1258.732274][ T8305] usb 3-1: No endpoint at altset 1, falling back to MIDI 1.0 [ 1258.751570][ T8305] usb 3-1: MIDIStreaming interface descriptor not found [ 1258.885110][ T8305] usb 3-1: USB disconnect, device number 20 [ 1259.142106][T28689] netlink: 8 bytes leftover after parsing attributes in process `syz.0.10313'. [ 1259.777541][T28712] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 1259.835981][T28714] loop3: detected capacity change from 0 to 512 [ 1259.868918][T28681] loop1: detected capacity change from 0 to 32768 [ 1259.908403][T28681] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.10311 (28681) [ 1259.924021][T28714] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e01c, mo2=0022] [ 1259.932669][T28714] System zones: 1-12 [ 1259.950599][T28714] EXT4-fs error (device loop3): dx_probe:823: inode #2: comm syz.3.10322: Directory hole found for htree index block 0 [ 1259.963265][T28681] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1259.975220][T28681] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 1259.985691][T28681] BTRFS info (device loop1): force zlib compression, level 3 [ 1259.993484][T28681] BTRFS info (device loop1): force clearing of disk cache [ 1260.001088][T28681] BTRFS info (device loop1): setting nodatasum [ 1260.007298][T28681] BTRFS info (device loop1): use zlib compression, level 3 [ 1260.015210][T28681] BTRFS info (device loop1): allowing degraded mounts [ 1260.022380][T28681] BTRFS info (device loop1): enabling disk space caching [ 1260.029896][T28681] BTRFS info (device loop1): disk space caching is enabled [ 1260.039003][T28714] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -117 [ 1260.065578][T28714] EXT4-fs error (device loop3): dx_probe:823: inode #2: comm syz.3.10322: Directory hole found for htree index block 0 [ 1260.154196][T28714] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -117 [ 1260.189106][T28714] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1260.259567][T28714] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 1260.270932][T28730] loop2: detected capacity change from 0 to 1024 [ 1260.297938][T28681] BTRFS info (device loop1): enabling ssd optimizations [ 1260.317942][ T28] audit: type=1326 audit(1774710765.741:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28740 comm="syz.0.10326" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f931499c819 code=0x0 [ 1260.339930][ C1] vkms_vblank_simulate: vblank timer overrun [ 1260.344826][T28681] BTRFS info (device loop1): auto enabling async discard [ 1260.367716][T28730] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1260.397015][T28681] BTRFS info (device loop1): rebuilding free space tree [ 1260.460004][T28730] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1260.507393][ T6316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1260.521038][T28681] BTRFS info (device loop1): disabling free space tree [ 1260.528163][T28681] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1260.538434][T28681] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1260.605478][T28730] EXT4-fs error (device loop2): ext4_xattr_inode_iget:441: inode #11: comm syz.2.10325: missing EA_INODE flag [ 1260.700998][T28730] EXT4-fs (loop2): Remounting filesystem read-only [ 1260.730805][T28730] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1260.749769][T28681] BTRFS info (device loop1): balance: start -sprofiles=data|system|metadata|single|raid0|raid1|dup|raid10|raid5|raid6|raid1c3|raid1c4|0xfffefffffffff800,drange=9223372036854776315..7,vrange=11..8,limit=7,limit=7..0,stripes=1..73 [ 1260.822406][T28681] BTRFS info (device loop1): balance: ended with status: 0 [ 1260.934453][ T6306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1261.018655][ T6304] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1261.492271][ T7752] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 13 /dev/loop1 scanned by udevd (7752) [ 1262.523179][T28798] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1263.008869][T28826] bridge4: entered promiscuous mode [ 1263.014165][T28826] bridge4: entered allmulticast mode [ 1263.638758][T28850] i2c i2c-0: Frontend requested software zigzag, but didn't set the frequency step size [ 1263.919962][T28861] netlink: 'syz.3.10371': attribute type 1 has an invalid length. [ 1263.928298][T28862] binder: 28859:28862 unknown command 1074553619 [ 1263.943870][T28862] binder: 28859:28862 ioctl c0306201 200000000640 returned -22 [ 1264.620943][T28886] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10380'. [ 1265.204936][T28866] loop0: detected capacity change from 0 to 32768 [ 1265.212110][T28906] netlink: 'syz.1.10387': attribute type 4 has an invalid length. [ 1265.241367][T28906] netlink: 152 bytes leftover after parsing attributes in process `syz.1.10387'. [ 1265.281810][T28866] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1265.308261][T28906] wlan1: mtu less than device minimum [ 1265.648785][ T6305] ocfs2: Unmounting device (7,0) on (node local) [ 1266.361808][T28938] overlayfs: missing 'lowerdir' [ 1266.580513][ T9] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1266.813088][ T9] usb 2-1: config index 0 descriptor too short (expected 57635, got 36) [ 1266.856924][ T9] usb 2-1: config 1 has an invalid interface number: 188 but max is 0 [ 1266.876659][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1266.915210][ T9] usb 2-1: config 1 has no interface number 0 [ 1266.956643][ T9] usb 2-1: config 1 interface 188 altsetting 209 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1266.983147][ T9] usb 2-1: config 1 interface 188 has no altsetting 0 [ 1267.019046][ T9] usb 2-1: New USB device found, idVendor=2040, idProduct=7210, bcdDevice=5b.6b [ 1267.049147][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1267.075305][ T9] usb 2-1: Product: syz [ 1267.079619][ T9] usb 2-1: Manufacturer: syz [ 1267.084257][ T9] usb 2-1: SerialNumber: syz [ 1267.228779][T28971] netlink: 'syz.0.10411': attribute type 10 has an invalid length. [ 1267.354934][ T9] usb 2-1: unknown interface protocol 0xc1, assuming v1 [ 1267.385228][ T9] usb 2-1: 188:0 : does not exist [ 1267.392067][T28975] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1267.434188][ T9] usb 2-1: USB disconnect, device number 18 [ 1267.584138][ T7752] udevd[7752]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.188/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1267.653560][T28982] netlink: 44 bytes leftover after parsing attributes in process `syz.0.10416'. [ 1268.251942][T29007] netlink: 'syz.3.10427': attribute type 4 has an invalid length. [ 1268.294885][T29009] openvswitch: netlink: Missing key (keys=40, expected=10000000) [ 1268.481473][ T28] audit: type=1326 audit(1774710774.318:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29014 comm="syz.2.10430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1268.537590][ T28] audit: type=1326 audit(1774710774.349:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29014 comm="syz.2.10430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1268.627940][ T28] audit: type=1326 audit(1774710774.349:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29014 comm="syz.2.10430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=228 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1268.707730][ T28] audit: type=1326 audit(1774710774.349:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29014 comm="syz.2.10430" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1268.887068][T29030] loop0: detected capacity change from 0 to 64 [ 1268.929320][T29034] netlink: 'syz.3.10439': attribute type 26 has an invalid length. [ 1269.167490][T29042] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10444'. [ 1269.199787][T29042] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10444'. [ 1269.216430][T29042] netlink: 36 bytes leftover after parsing attributes in process `syz.3.10444'. [ 1269.289860][T29040] loop0: detected capacity change from 0 to 4096 [ 1269.344581][T29040] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1269.371343][T29040] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1269.395973][T29040] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1269.421985][T29040] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1269.455477][T29040] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1269.515114][T29040] ntfs: volume version 3.1. [ 1269.548894][T29040] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1270.141687][T29072] netlink: 'syz.1.10460': attribute type 7 has an invalid length. [ 1270.742013][T29095] bridge2: entered promiscuous mode [ 1270.758689][T29095] bridge2: entered allmulticast mode [ 1270.840286][T29099] geneve0: entered promiscuous mode [ 1270.845576][T29099] geneve0: entered allmulticast mode [ 1270.909238][T29099] A link change request failed with some changes committed already. Interface geneve0 may have been left with an inconsistent configuration, please check. [ 1271.186914][T29114] tmpfs: Bad value for 'mpol' [ 1271.432649][ T6297] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1271.467263][T29124] netlink: 'syz.3.10483': attribute type 63 has an invalid length. [ 1271.648448][ T6297] usb 1-1: Using ep0 maxpacket: 8 [ 1271.670354][ T6297] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1271.715008][ T6297] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1271.731467][ T6297] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 249, changing to 7 [ 1271.772565][ T6297] usb 1-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 1271.810352][ T6297] usb 1-1: New USB device found, idVendor=2b53, idProduct=0031, bcdDevice= 0.40 [ 1271.830789][ T6297] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1271.854175][ T6297] usb 1-1: Product: syz [ 1271.876840][ T6297] usb 1-1: Manufacturer: syz [ 1271.881514][ T6297] usb 1-1: SerialNumber: syz [ 1271.881750][T29137] netlink: 16186 bytes leftover after parsing attributes in process `syz.2.10491'. [ 1272.045651][T29144] comedi comedi3: no devices specified [ 1272.148969][ T6297] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 1272.171963][ T8305] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1272.178719][ T6297] snd-usb-audio: probe of 1-1:1.1 failed with error -22 [ 1272.294149][ T6297] snd-usb-audio: probe of 1-1:1.2 failed with error -22 [ 1272.360231][ T6297] usb 1-1: USB disconnect, device number 23 [ 1272.361438][ T8305] usb 4-1: Using ep0 maxpacket: 8 [ 1272.384735][ T8305] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1272.396957][T29155] netlink: 112 bytes leftover after parsing attributes in process `syz.1.10499'. [ 1272.423114][T29155] netlink: 'syz.1.10499': attribute type 1 has an invalid length. [ 1272.426974][ T8305] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1272.451482][ T5761] udevd[5761]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1272.500137][ T8305] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1272.546333][ T8305] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1272.572322][ T8305] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1272.621329][ T8305] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1272.642523][ T8305] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1272.678405][ T8305] usb 4-1: config 0 descriptor?? [ 1272.701214][T29139] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1273.217344][T29177] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10511'. [ 1273.306192][ T5082] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 1273.317367][T14719] usb 4-1: USB disconnect, device number 36 [ 1273.381277][T29183] loop2: detected capacity change from 0 to 64 [ 1273.578513][T29187] loop0: detected capacity change from 0 to 4096 [ 1273.622048][T29187] __ntfs_error: 19 callbacks suppressed [ 1273.622068][T29187] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1273.668440][T29187] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1273.719288][T29187] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1273.732384][T29187] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1273.768217][T29187] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1273.801983][T29187] ntfs: volume version 3.1. [ 1273.820487][T29187] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1273.842463][T29187] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1273.879292][T29187] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1273.924827][T29187] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1273.982783][T29187] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1274.417036][T29211] JFS: discard option not supported on device [ 1274.429659][T29211] Mount JFS Failure: -22 [ 1274.433974][T29211] jfs_mount failed w/return code = -22 [ 1274.534525][ T6297] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1274.638358][T29219] tmpfs: Bad value for 'mpol' [ 1274.660111][ T8305] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1274.769535][ T6297] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1274.798788][ T6297] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1274.827212][ T6297] usb 4-1: Product: syz [ 1274.832344][ T6297] usb 4-1: Manufacturer: syz [ 1274.836983][ T6297] usb 4-1: SerialNumber: syz [ 1274.848489][ T8305] usb 3-1: Using ep0 maxpacket: 32 [ 1274.857137][ T8305] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1274.863003][ T6297] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1274.886104][ T8305] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1274.896282][ T9] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1274.920883][ T8305] usb 3-1: New USB device found, idVendor=ae6f, idProduct=79f4, bcdDevice=8f.99 [ 1274.946302][ T8305] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1274.967164][ T8305] usb 3-1: Product: syz [ 1274.981388][ T8305] usb 3-1: Manufacturer: syz [ 1274.990731][ T8305] usb 3-1: SerialNumber: syz [ 1275.019436][ T8305] usb 3-1: config 0 descriptor?? [ 1275.102611][T29231] loop0: detected capacity change from 0 to 128 [ 1275.114747][ C0] usb 4-1: ath9k_htc: invalid pkt_len (fd7e) [ 1275.121695][T29231] FAT-fs (loop0): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1275.178667][T29231] FAT-fs (loop0): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 1275.247437][ T6297] usb 3-1: USB disconnect, device number 21 [ 1275.308320][ T8305] usb 4-1: USB disconnect, device number 37 [ 1275.388795][T29235] x_tables: ip_tables: osf match: only valid for protocol 6 [ 1275.521619][T29240] netlink: 'syz.0.10542': attribute type 2 has an invalid length. [ 1275.900478][ T9] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1275.924809][ T9] ath9k_htc: Failed to initialize the device [ 1275.950044][ T8305] usb 4-1: ath9k_htc: USB layer deinitialized [ 1276.144838][T29262] loop3: detected capacity change from 0 to 128 [ 1276.213985][T29262] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1276.226742][T29262] ext4 filesystem being mounted at /2344/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1276.246930][T29262] EXT4-fs warning (device loop3): ext4_dirblock_csum_verify:406: inode #2: comm syz.3.10553: No space for directory leaf checksum. Please run e2fsck -D. [ 1276.263530][T29262] EXT4-fs error (device loop3): __ext4_find_entry:1696: inode #2: comm syz.3.10553: checksumming directory block 0 [ 1276.324375][ T6316] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1276.870886][T29288] loop0: detected capacity change from 0 to 64 [ 1277.233105][T29298] netlink: 72 bytes leftover after parsing attributes in process `syz.0.10570'. [ 1277.266286][T29298] netlink: 172 bytes leftover after parsing attributes in process `syz.0.10570'. [ 1277.375650][T29302] netlink: 'syz.2.10572': attribute type 21 has an invalid length. [ 1277.629287][T29276] loop3: detected capacity change from 0 to 32768 [ 1277.711970][T29276] XFS (loop3): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 1278.027073][T29276] XFS (loop3): Starting recovery (logdev: internal) [ 1278.143193][T29276] XFS (loop3): Ending recovery (logdev: internal) [ 1278.415467][ T6316] XFS (loop3): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 1278.523151][T29346] netlink: 'syz.2.10591': attribute type 8 has an invalid length. [ 1278.739520][T29345] loop0: detected capacity change from 0 to 4096 [ 1278.847504][T29345] ntfs3: loop0: ino=5, "/" directory corrupted [ 1279.076831][T29356] netlink: 268 bytes leftover after parsing attributes in process `syz.0.10596'. [ 1279.095525][T29356] unsupported nla_type 65024 [ 1279.242323][T29360] bond2: entered allmulticast mode [ 1279.424262][T29369] IPv6: NLM_F_CREATE should be specified when creating new route [ 1279.799782][T29379] ip6tnl4: entered allmulticast mode [ 1280.268966][ T9] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 1280.308933][T29363] loop2: detected capacity change from 0 to 32768 [ 1280.388283][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 1280.388300][ T28] audit: type=1800 audit(1774710786.810:184): pid=29363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.10598" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 1280.460270][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1280.484459][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1280.540411][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1280.564466][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1280.584083][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1280.615208][ T9] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1280.656097][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1280.707051][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1280.718589][ T9] usb 2-1: config 0 descriptor?? [ 1280.724690][T29384] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1281.009905][T29413] xt_TCPMSS: Only works on TCP SYN packets [ 1281.130577][T29417] netlink: 'syz.3.10625': attribute type 24 has an invalid length. [ 1281.232921][ T9] usb 2-1: USB disconnect, device number 19 [ 1281.235887][ T5082] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 1281.419424][T29420] loop2: detected capacity change from 0 to 4096 [ 1281.420924][T29426] netlink: 'syz.3.10629': attribute type 10 has an invalid length. [ 1281.457504][T29427] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1281.484496][T29426] team0: Cannot enslave team device to itself [ 1281.569314][T29420] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 1281.595720][T29420] Remounting filesystem read-only [ 1281.708957][ T6306] NILFS (loop2): discard dirty page: offset=8192, ino=6 [ 1281.726318][ T6306] NILFS (loop2): discard dirty block: blocknr=25, size=4096 [ 1282.314603][T29453] netlink: 'syz.1.10642': attribute type 5 has an invalid length. [ 1282.819617][T29473] netlink: 28 bytes leftover after parsing attributes in process `syz.3.10651'. [ 1283.826440][T29506] ip6tnl1: entered allmulticast mode [ 1284.723166][T29542] bond3: entered allmulticast mode [ 1284.870064][ T9] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1285.012481][ T6297] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 1285.088778][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1285.106109][ T9] usb 2-1: config index 0 descriptor too short (expected 1068, got 27) [ 1285.129037][T29561] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10694'. [ 1285.129231][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 1285.186573][ T9] usb 2-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=7d.f9 [ 1285.196285][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1285.204796][ T6297] usb 1-1: Using ep0 maxpacket: 8 [ 1285.214212][ T9] usb 2-1: Product: syz [ 1285.219758][ T6297] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1285.242085][ T6297] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1285.252146][ T9] usb 2-1: Manufacturer: syz [ 1285.256796][ T9] usb 2-1: SerialNumber: syz [ 1285.267436][ T6297] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1285.278728][ T9] usb 2-1: config 0 descriptor?? [ 1285.284081][ T6297] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1285.305950][ T6297] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1285.326394][ T6297] usb 1-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1285.336546][ T6297] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1285.356541][ T6297] usb 1-1: config 0 descriptor?? [ 1285.369020][T29549] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1285.631001][ T6297] usb 2-1: USB disconnect, device number 20 [ 1285.785009][T29575] loop2: detected capacity change from 0 to 512 [ 1285.818087][T29575] EXT4-fs (loop2): orphan cleanup on readonly fs [ 1285.830516][T29575] EXT4-fs warning (device loop2): ext4_xattr_inode_get:546: inode #11: comm syz.2.10701: ea_inode file size=4 entry size=6 [ 1285.848894][T29575] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 1285.868189][T29575] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #15: comm syz.2.10701: corrupted inode contents [ 1285.886781][T29575] EXT4-fs (loop2): Remounting filesystem read-only [ 1285.890608][T14719] usb 1-1: USB disconnect, device number 24 [ 1285.893633][T29575] EXT4-fs warning (device loop2): ext4_evict_inode:272: xattr delete (err -5) [ 1285.902045][ T5082] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 1285.927724][T29575] EXT4-fs (loop2): 1 orphan inode deleted [ 1285.935037][T29575] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1286.209509][ T6306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1286.746969][T29596] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10711'. [ 1286.801966][T29584] loop3: detected capacity change from 0 to 32768 [ 1286.849840][T29584] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.10705 (29584) [ 1286.914036][T29584] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1286.937985][T29584] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1286.961339][T29584] BTRFS info (device loop3): using free space tree [ 1287.101145][T29589] loop1: detected capacity change from 0 to 32768 [ 1287.117905][T29584] BTRFS info (device loop3): enabling ssd optimizations [ 1287.139058][T29584] BTRFS info (device loop3): auto enabling async discard [ 1287.198979][T29589] JBD2: Ignoring recovery information on journal [ 1287.318025][ T6316] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1287.351685][T29589] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1287.375314][T14719] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 1287.567754][T14719] usb 1-1: Using ep0 maxpacket: 16 [ 1287.578321][T14719] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 1287.592262][T14719] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1287.619603][ T6304] ocfs2: Unmounting device (7,1) on (node local) [ 1287.634424][T14719] usb 1-1: config 0 has no interface number 0 [ 1287.681020][T14719] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1287.705291][T14719] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1287.738036][T14719] usb 1-1: Product: syz [ 1287.742323][T14719] usb 1-1: Manufacturer: syz [ 1287.794433][T14719] usb 1-1: SerialNumber: syz [ 1287.802426][T14719] usb 1-1: config 0 descriptor?? [ 1288.076241][T14719] usb 1-1: Found UVC 0.00 device syz (046d:08f3) [ 1288.087026][T14719] usb 1-1: No valid video chain found. [ 1288.332668][T29644] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1288.340303][ T5756] usb 1-1: USB disconnect, device number 25 [ 1288.429053][T29646] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 1288.685056][T29652] loop2: detected capacity change from 0 to 764 [ 1288.746144][T29652] Symlink component flag not implemented [ 1288.762195][T29652] Symlink component flag not implemented [ 1288.773886][T29636] loop3: detected capacity change from 0 to 32768 [ 1288.785079][T29652] Symlink component flag not implemented (129) [ 1288.791414][T29652] Symlink component flag not implemented (6) [ 1288.861833][T29636] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1288.944409][T29663] netlink: 'syz.1.10734': attribute type 27 has an invalid length. [ 1288.952921][T29663] netlink: 'syz.1.10734': attribute type 3 has an invalid length. [ 1288.964798][T29663] netlink: 132 bytes leftover after parsing attributes in process `syz.1.10734'. [ 1289.124385][T29636] XFS (loop3): Ending clean mount [ 1289.295290][ T6316] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1289.944945][T29688] loop1: detected capacity change from 0 to 4096 [ 1290.107218][T29700] i2c i2c-0: Invalid block write size 34 [ 1290.147303][T29688] ntfs: volume version 3.1. [ 1290.297856][T29688] ntfs: (device loop1): ntfs_setattr(): Changes in user/group/mode are not supported yet, ignoring. [ 1290.485287][T29710] loop3: detected capacity change from 0 to 256 [ 1290.687365][T29710] FAT-fs (loop3): Directory bread(block 64) failed [ 1290.699829][T29710] FAT-fs (loop3): Directory bread(block 65) failed [ 1290.723043][T29710] FAT-fs (loop3): Directory bread(block 66) failed [ 1290.756255][T29710] FAT-fs (loop3): Directory bread(block 67) failed [ 1290.762958][T29710] FAT-fs (loop3): Directory bread(block 68) failed [ 1290.806677][T29710] FAT-fs (loop3): Directory bread(block 69) failed [ 1290.813374][T29710] FAT-fs (loop3): Directory bread(block 70) failed [ 1290.825389][T29720] loop1: detected capacity change from 0 to 16 [ 1290.857600][T29720] erofs: (device loop1): mounted with root inode @ nid 36. [ 1290.865055][T29710] FAT-fs (loop3): Directory bread(block 71) failed [ 1290.898216][T29720] syz.1.10760: attempt to access beyond end of device [ 1290.898216][T29720] loop1: rw=0, sector=15300821024, nr_sectors = 8 limit=16 [ 1290.904235][T29710] FAT-fs (loop3): Directory bread(block 72) failed [ 1290.924051][T29710] FAT-fs (loop3): Directory bread(block 73) failed [ 1290.937460][T29722] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10761'. [ 1290.944172][T29720] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 72 of nid 36 [ 1291.225430][T29731] loop1: detected capacity change from 0 to 256 [ 1291.241386][T29731] exfat: Deprecated parameter 'utf8' [ 1291.262122][T29731] exfat: Deprecated parameter 'utf8' [ 1291.277657][T29731] exfat: Deprecated parameter 'utf8' [ 1291.325377][T29731] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011f3f, chksum : 0x96b62a4c, utbl_chksum : 0xe619d30d) [ 1291.491667][T29735] loop0: detected capacity change from 0 to 1024 [ 1291.681158][ T11] hfsplus: b-tree write err: -5, ino 25 [ 1291.701888][ T11] hfsplus: b-tree write err: -5, ino 4 [ 1291.723613][ T11] hfsplus: b-tree write err: -5, ino 2 [ 1291.747604][ T11] hfsplus: b-tree write err: -5, ino 26 [ 1292.143883][T29747] loop1: detected capacity change from 0 to 64 [ 1292.349145][T29727] loop2: detected capacity change from 0 to 40427 [ 1292.383906][T29727] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x7ffff [ 1292.388784][T29733] loop3: detected capacity change from 0 to 32768 [ 1292.406002][T29727] F2FS-fs (loop2): invalid crc value [ 1292.437082][T29733] (syz.3.10766,29733,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1292.451100][T29727] F2FS-fs (loop2): Found nat_bits in checkpoint [ 1292.508685][T29733] (syz.3.10766,29733,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1292.657888][T29733] JBD2: Ignoring recovery information on journal [ 1292.694504][T29727] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 1292.757658][T29733] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1292.940346][T29727] syz.2.10763: attempt to access beyond end of device [ 1292.940346][T29727] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1293.149363][ T6306] syz-executor: attempt to access beyond end of device [ 1293.149363][ T6306] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 1293.176186][ T6306] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 1293.415753][ T6316] ocfs2: Unmounting device (7,3) on (node local) [ 1293.452432][T14719] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 1293.642720][T14719] usb 1-1: Using ep0 maxpacket: 16 [ 1293.661169][T14719] usb 1-1: config 0 has an invalid interface number: 104 but max is 1 [ 1293.675746][T14719] usb 1-1: config 0 has an invalid interface number: 104 but max is 1 [ 1293.685854][T14719] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1293.698953][T14719] usb 1-1: config 0 has no interface number 0 [ 1293.715633][T14719] usb 1-1: config 0 interface 104 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1293.736736][T14719] usb 1-1: config 0 interface 104 has no altsetting 1 [ 1293.771748][T14719] usb 1-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice= 0.00 [ 1293.789967][T14719] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1293.805263][T14719] usb 1-1: Product: syz [ 1293.823947][T14719] usb 1-1: Manufacturer: syz [ 1293.828618][T14719] usb 1-1: SerialNumber: syz [ 1293.853334][T14719] usb 1-1: config 0 descriptor?? [ 1293.873873][T14719] asix: probe of 1-1:0.104 failed with error -22 [ 1293.952061][T29776] loop2: detected capacity change from 0 to 2048 [ 1294.020564][T29776] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1294.061237][T29776] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #12: block 2: comm syz.2.10785: lblock 0 mapped to illegal pblock 2 (length 1) [ 1294.163696][T14719] usb 1-1: USB disconnect, device number 26 [ 1294.235528][ T6306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1294.425940][T29793] A link change request failed with some changes committed already. Interface wg1 may have been left with an inconsistent configuration, please check. [ 1294.554385][T29795] loop2: detected capacity change from 0 to 64 [ 1294.609057][ T28] audit: type=1800 audit(1774710801.749:185): pid=29795 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.10792" name="bus" dev="loop2" ino=21 res=0 errno=0 [ 1294.653117][ T9] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1294.863303][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1294.891737][ T9] usb 2-1: config index 0 descriptor too short (expected 65532, got 18) [ 1294.909756][ T9] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 1294.928076][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 1294.951377][ T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1294.977827][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1294.999642][ T9] usb 2-1: Product: syz [ 1295.003876][ T9] usb 2-1: Manufacturer: syz [ 1295.011078][T29806] netlink: 'syz.2.10797': attribute type 46 has an invalid length. [ 1295.023262][ T9] usb 2-1: SerialNumber: syz [ 1295.066501][ T9] r8152-cfgselector 2-1: config 0 descriptor?? [ 1295.506933][ T9] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1295.525646][ T9] r8152-cfgselector 2-1: USB disconnect, device number 21 [ 1296.153472][T29822] loop3: detected capacity change from 0 to 32768 [ 1296.337335][T29828] loop2: detected capacity change from 0 to 32768 [ 1296.415225][T29828] (syz.2.10809,29828,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1296.455637][T29828] (syz.2.10809,29828,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1296.537461][T29828] JBD2: Ignoring recovery information on journal [ 1296.724825][T29828] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 1297.120063][ T6306] ocfs2: Unmounting device (7,2) on (node local) [ 1297.214446][T29854] loop0: detected capacity change from 0 to 2048 [ 1297.309483][T29854] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1297.615131][T29864] netlink: 'syz.1.10827': attribute type 32 has an invalid length. [ 1297.634578][T29864] netlink: 16 bytes leftover after parsing attributes in process `syz.1.10827'. [ 1297.662957][T29864] (unnamed net_device) (uninitialized): option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 1297.666976][T29868] loop0: detected capacity change from 0 to 256 [ 1297.829606][T29868] FAT-fs (loop0): Directory bread(block 64) failed [ 1297.851162][T29868] FAT-fs (loop0): Directory bread(block 65) failed [ 1297.881888][T29868] FAT-fs (loop0): Directory bread(block 66) failed [ 1297.908839][T29868] FAT-fs (loop0): Directory bread(block 67) failed [ 1297.948519][T29868] FAT-fs (loop0): Directory bread(block 68) failed [ 1297.955127][T29868] FAT-fs (loop0): Directory bread(block 69) failed [ 1298.006227][T29868] FAT-fs (loop0): Directory bread(block 70) failed [ 1298.023621][T29868] FAT-fs (loop0): Directory bread(block 71) failed [ 1298.044418][T29868] FAT-fs (loop0): Directory bread(block 72) failed [ 1298.051024][T29868] FAT-fs (loop0): Directory bread(block 73) failed [ 1298.209615][T29885] loop2: detected capacity change from 0 to 256 [ 1298.235068][T29885] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x395e47cf, utbl_chksum : 0xe619d30d) [ 1298.310242][ T9] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1298.500626][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 1298.516817][ T9] usb 2-1: config 0 has an invalid interface number: 83 but max is 0 [ 1298.538933][ T9] usb 2-1: config 0 has no interface number 0 [ 1298.557829][ T9] usb 2-1: config 0 interface 83 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1298.586614][ T9] usb 2-1: config 0 interface 83 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1298.618074][ T9] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=d8.11 [ 1298.635585][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.658487][ T9] usb 2-1: Product: syz [ 1298.665303][ T9] usb 2-1: Manufacturer: syz [ 1298.680196][ T9] usb 2-1: SerialNumber: syz [ 1298.698678][ T9] usb 2-1: config 0 descriptor?? [ 1298.712774][ T9] redrat3 2-1:0.83: Couldn't find all endpoints [ 1298.911584][ T9] usb 2-1: USB disconnect, device number 22 [ 1299.623616][ T1291] ieee802154 phy0 wpan0: encryption failed: -22 [ 1299.630179][ T1291] ieee802154 phy1 wpan1: encryption failed: -22 [ 1299.631726][T29915] loop1: detected capacity change from 0 to 4096 [ 1299.669615][T29915] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1299.692472][T29918] loop0: detected capacity change from 0 to 256 [ 1299.700284][T29918] exfat: Deprecated parameter 'namecase' [ 1299.725941][T29918] exfat: Deprecated parameter 'utf8' [ 1299.769884][T29918] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 1299.991464][T29915] ntfs3: loop1: failed to convert "c46c" to maccroatian [ 1300.077133][T29922] loop3: detected capacity change from 0 to 4096 [ 1300.196639][T29927] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1300.254418][T29922] NILFS (loop3): the device already has a read/write mount. [ 1300.609975][ T27] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1300.630812][T22117] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1300.758780][T22117] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1300.816101][ T27] usb 3-1: Using ep0 maxpacket: 16 [ 1300.833606][ T27] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1300.858580][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1300.882479][ T27] usb 3-1: Product: syz [ 1300.886735][ T27] usb 3-1: Manufacturer: syz [ 1300.891364][ T27] usb 3-1: SerialNumber: syz [ 1300.912849][T22117] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1300.931360][ T27] r8152-cfgselector 3-1: config 0 descriptor?? [ 1300.997825][T29942] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10866'. [ 1301.147840][T22117] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1301.357890][ T27] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1301.392741][ T27] r8152-cfgselector 3-1: USB disconnect, device number 22 [ 1301.607031][T25410] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1301.629114][T25410] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1301.639310][T25410] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1301.668141][T25410] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1301.690145][T25410] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1301.713781][T25410] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1301.844167][T29962] loop3: detected capacity change from 0 to 64 [ 1301.863093][ T9] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1302.082120][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1302.089687][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1302.168295][ T9] usb 2-1: New USB device found, idVendor=05e1, idProduct=0893, bcdDevice=fd.5b [ 1302.177423][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1302.205404][ T9] usb 2-1: Product: syz [ 1302.210368][ T9] usb 2-1: Manufacturer: syz [ 1302.216309][ T9] usb 2-1: SerialNumber: syz [ 1302.227842][ T9] usb 2-1: config 0 descriptor?? [ 1302.253745][ T9] gspca_main: stk014-2.14.0 probing 05e1:0893 [ 1302.260099][ T9] usb 2-1: selecting invalid altsetting 1 [ 1302.413198][T29955] xfrm0 speed is unknown, defaulting to 1000 [ 1302.737464][ T9] usb 2-1: USB disconnect, device number 23 [ 1303.041609][T29991] loop3: detected capacity change from 0 to 256 [ 1303.562035][T30000] netlink: 56 bytes leftover after parsing attributes in process `syz.1.10885'. [ 1303.712649][T25410] Bluetooth: hci1: command tx timeout [ 1303.910358][T22117] bond0: (slave wlan1): Releasing backup interface [ 1303.956838][T30010] netlink: 'syz.2.10889': attribute type 10 has an invalid length. [ 1303.979174][T30010] netlink: 40 bytes leftover after parsing attributes in process `syz.2.10889'. [ 1304.006750][T30010] veth0_vlan: entered allmulticast mode [ 1304.013217][T30010] bridge0: port 3(veth0_vlan) entered blocking state [ 1304.049720][T30010] bridge0: port 3(veth0_vlan) entered disabled state [ 1304.069378][T30010] A link change request failed with some changes committed already. Interface veth0_vlan may have been left with an inconsistent configuration, please check. [ 1304.102293][T29955] chnl_net:caif_netlink_parms(): no params data found [ 1304.380475][T30028] loop2: detected capacity change from 0 to 256 [ 1304.399172][T30028] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1304.429385][T30022] loop3: detected capacity change from 0 to 4096 [ 1304.897419][T22117] hsr_slave_0: left promiscuous mode [ 1304.932022][T22117] hsr_slave_1: left promiscuous mode [ 1304.969849][T22117] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1304.995921][T22117] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1305.027607][T22117] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1305.046234][T22117] bridge_slave_1: left allmulticast mode [ 1305.051961][T22117] bridge_slave_1: left promiscuous mode [ 1305.092872][T22117] bridge0: port 2(bridge_slave_1) entered disabled state [ 1305.179443][T22117] bridge_slave_0: left allmulticast mode [ 1305.185597][T22117] bridge_slave_0: left promiscuous mode [ 1305.215932][T22117] bridge0: port 1(bridge_slave_0) entered disabled state [ 1305.322324][T22117] veth1_macvtap: left promiscuous mode [ 1305.328088][T22117] veth0_macvtap: left promiscuous mode [ 1305.339496][T22117] veth1_vlan: left promiscuous mode [ 1305.473914][T30025] loop1: detected capacity change from 0 to 32768 [ 1305.517703][T30025] [ 1305.517703][T30025] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1305.517703][T30025] [ 1305.633688][ T6304] [ 1305.633688][ T6304] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1305.633688][ T6304] [ 1305.664039][ T6304] [ 1305.664039][ T6304] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1305.664039][ T6304] [ 1305.695254][T25410] Bluetooth: hci1: command tx timeout [ 1305.918917][T30054] loop3: detected capacity change from 0 to 8192 [ 1305.953053][T30054] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1305.977305][T30054] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 1305.993431][T30054] REISERFS (device loop3): using ordered data mode [ 1306.007295][T30054] reiserfs: using flush barriers [ 1306.048670][T30054] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1306.088987][T30054] REISERFS (device loop3): checking transaction log (loop3) [ 1306.178133][T30054] REISERFS (device loop3): Using r5 hash to sort names [ 1306.220054][T30054] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 1306.461302][T22117] bond6 (unregistering): Released all slaves [ 1306.694015][T22117] bond5 (unregistering): Released all slaves [ 1306.707009][T22117] bond4 (unregistering): Released all slaves [ 1306.722955][T22117] bond3 (unregistering): Released all slaves [ 1306.735189][T22117] bond2 (unregistering): Released all slaves [ 1306.757873][T22117] bond1 (unregistering): Released all slaves [ 1307.438450][T22117] team0 (unregistering): Port device team_slave_1 removed [ 1307.499848][T22117] team0 (unregistering): Port device team_slave_0 removed [ 1307.567786][T22117] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1307.632567][T22117] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1307.673741][T25410] Bluetooth: hci1: command tx timeout [ 1308.126942][T22117] bond0 (unregistering): Released all slaves [ 1308.275298][T29955] bridge0: port 1(bridge_slave_0) entered blocking state [ 1308.282863][T29955] bridge0: port 1(bridge_slave_0) entered disabled state [ 1308.294180][T29955] bridge_slave_0: entered allmulticast mode [ 1308.301733][T29955] bridge_slave_0: entered promiscuous mode [ 1308.322370][T29955] bridge0: port 2(bridge_slave_1) entered blocking state [ 1308.329572][T29955] bridge0: port 2(bridge_slave_1) entered disabled state [ 1308.344439][T29955] bridge_slave_1: entered allmulticast mode [ 1308.354289][T29955] bridge_slave_1: entered promiscuous mode [ 1308.459905][T29955] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1308.495634][T29955] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1308.602673][T29955] team0: Port device team_slave_0 added [ 1308.625968][T29955] team0: Port device team_slave_1 added [ 1308.667392][T29955] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1308.685953][T29955] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1308.717266][T29955] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1308.759188][T29955] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1308.767616][T29955] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1308.797983][T29955] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1308.849052][T29955] hsr_slave_0: entered promiscuous mode [ 1308.856809][T29955] hsr_slave_1: entered promiscuous mode [ 1309.118904][T29955] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1309.130057][T29955] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1309.146637][T29955] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1309.163084][T29955] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1309.287070][T29955] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1309.338910][T29955] 8021q: adding VLAN 0 to HW filter on device team0 [ 1309.361719][ T1136] bridge0: port 1(bridge_slave_0) entered blocking state [ 1309.368873][ T1136] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1309.384918][ T1136] bridge0: port 2(bridge_slave_1) entered blocking state [ 1309.392160][ T1136] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1309.656057][T25410] Bluetooth: hci1: command tx timeout [ 1309.880509][T29955] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1310.471351][T29955] veth0_vlan: entered promiscuous mode [ 1310.488160][T29955] veth1_vlan: entered promiscuous mode [ 1310.543097][T29955] veth0_macvtap: entered promiscuous mode [ 1310.562828][T29955] veth1_macvtap: entered promiscuous mode [ 1310.590814][T29955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1310.601741][T29955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1310.617767][T29955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1310.630929][T29955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1310.643602][T29955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1310.659770][T29955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1310.675151][T29955] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1310.694068][T29955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1310.712794][T29955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1310.735028][T29955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1310.750580][T29955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1310.765378][T29955] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1310.777324][T29955] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1310.795183][T29955] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1310.813700][T29955] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1310.822947][T29955] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1310.833213][T29955] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1310.842377][T29955] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1310.972968][T28169] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1310.993254][T28169] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1311.027843][T28169] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1311.035717][T28169] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1311.735770][T30125] loop4: detected capacity change from 0 to 32768 [ 1311.768900][T30125] (syz.4.10863,30125,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1311.796176][T30125] (syz.4.10863,30125,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1311.852849][T30125] JBD2: Ignoring recovery information on journal [ 1311.980251][T30125] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 1312.257676][T29955] ocfs2: Unmounting device (7,4) on (node local) [ 1312.315440][T30153] comedi comedi2: pcm3724: I/O port conflict (0x8,16) [ 1312.598059][T30163] netlink: 12 bytes leftover after parsing attributes in process `syz.2.10915'. [ 1312.874433][T30172] netlink: 'syz.2.10922': attribute type 3 has an invalid length. [ 1313.656171][T30200] sock: sock_timestamping_bind_phc: sock not bind to device [ 1313.705463][T30196] loop1: detected capacity change from 0 to 4096 [ 1313.746267][T30196] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1313.833632][T30196] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1313.861349][T30204] netlink: 'syz.2.10934': attribute type 9 has an invalid length. [ 1313.942219][T30196] ntfs3: loop1: ino=21, The size of extended attributes must not exceed 64KiB [ 1314.199575][T30213] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551614) [ 1314.263582][T30213] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 1314.721505][T30229] netdevsim netdevsim4 ªªªªªª: renamed from netdevsim0 (while UP) [ 1315.288294][T30255] netlink: 'syz.2.10953': attribute type 2 has an invalid length. [ 1315.299127][T30253] ieee802154 phy0 wpan0: encryption failed: -22 [ 1315.418484][ T27] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1315.430261][T30259] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 1315.639868][ T27] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1315.669598][ T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1315.699615][ T27] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1315.746325][ T27] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1315.777901][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1315.802270][ T27] usb 4-1: Product: syz [ 1315.811683][ T27] usb 4-1: Manufacturer: syz [ 1315.816349][ T27] usb 4-1: SerialNumber: syz [ 1315.877677][ T27] usb 4-1: config 0 descriptor?? [ 1316.051671][T30280] netlink: 'syz.2.10964': attribute type 46 has an invalid length. [ 1316.075405][T30280] netlink: 44 bytes leftover after parsing attributes in process `syz.2.10964'. [ 1316.312257][T30287] netlink: 4 bytes leftover after parsing attributes in process `syz.2.10967'. [ 1316.420279][ T9] usb 2-1: new low-speed USB device number 24 using dummy_hcd [ 1316.471252][ T6297] usb 4-1: USB disconnect, device number 38 [ 1316.635867][T30293] loop2: detected capacity change from 0 to 1764 [ 1316.651086][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1316.675181][ T9] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1316.698283][ T9] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1316.711852][T30293] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1316.726305][ T9] usb 2-1: config 1 interface 0 has no altsetting 0 [ 1316.747109][ T9] usb 2-1: string descriptor 0 read error: -22 [ 1316.764924][ T9] usb 2-1: New USB device found, idVendor=0644, idProduct=800e, bcdDevice= 0.40 [ 1316.797999][ T9] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3 [ 1316.851635][ T9] usb 2-1: 0:2 : does not exist [ 1316.866884][ T27] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 1316.892986][ T9] usb-storage 2-1:1.1: USB Mass Storage device detected [ 1317.059107][ T27] usb 5-1: Using ep0 maxpacket: 16 [ 1317.073218][ T27] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1317.107681][ T27] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1317.144940][ T27] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1317.167752][ T27] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1317.180420][ T27] usb 5-1: Product: syz [ 1317.184644][ T27] usb 5-1: Manufacturer: syz [ 1317.199555][ T27] usb 5-1: SerialNumber: syz [ 1317.276733][ T9] us122l: couldn't allocate write buffer [ 1317.282848][ T9] snd-usb-us122l: probe of 2-1:1.1 failed with error -22 [ 1317.328823][ T9] usb 2-1: USB disconnect, device number 24 [ 1317.452058][ T27] usb 5-1: 0:2 : does not exist [ 1317.471389][ T27] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 1317.532550][ T27] usb 5-1: USB disconnect, device number 2 [ 1317.675249][ T7752] udevd[7752]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card5/controlC5/../uevent} for writing: No such file or directory [ 1317.718245][T30323] loop2: detected capacity change from 0 to 512 [ 1317.792159][T30323] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1317.808621][T30323] ext4 filesystem being mounted at /2664/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1317.863338][T30325] loop3: detected capacity change from 0 to 4096 [ 1317.931709][T30323] Quota error (device loop2): do_check_range: Getting dqdh_next_free 2741 out of range 0-6 [ 1317.955835][T30325] ntfs: volume version 3.1. [ 1318.005467][T30323] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 1318.041464][T30323] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.10979: Failed to acquire dquot type 0 [ 1318.114817][T30325] ntfs: (device loop3): ntfs_truncate(): Inode 0x43 has unknown attribute type 0x80. Aborting truncate. [ 1318.269879][ T6306] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1318.300363][T30335] netlink: 460 bytes leftover after parsing attributes in process `syz.4.10983'. [ 1318.741300][T30350] delete_channel: no stack [ 1319.605683][T30385] loop3: detected capacity change from 0 to 256 [ 1319.727430][T30385] FAT-fs (loop3): Directory bread(block 64) failed [ 1319.745344][T30385] FAT-fs (loop3): Directory bread(block 65) failed [ 1319.771771][T30385] FAT-fs (loop3): Directory bread(block 66) failed [ 1319.798576][T30385] FAT-fs (loop3): Directory bread(block 67) failed [ 1319.826411][T30385] FAT-fs (loop3): Directory bread(block 68) failed [ 1319.836119][T30385] FAT-fs (loop3): Directory bread(block 69) failed [ 1319.850264][T30385] FAT-fs (loop3): Directory bread(block 70) failed [ 1319.851774][T30394] x_tables: duplicate entry at hook 1 [ 1319.857416][T30385] FAT-fs (loop3): Directory bread(block 71) failed [ 1319.881059][T30385] FAT-fs (loop3): Directory bread(block 72) failed [ 1319.902686][T30385] FAT-fs (loop3): Directory bread(block 73) failed [ 1319.994324][ T6297] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 1320.127033][ T28] audit: type=1800 audit(1774710828.529:186): pid=30385 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.11007" name="cpu.stat" dev="loop3" ino=1048684 res=0 errno=0 [ 1320.154519][T30385] FAT-fs (loop3): error, invalid access to FAT (entry 0x00006c61) [ 1320.181564][ T6297] usb 5-1: Using ep0 maxpacket: 8 [ 1320.189661][ T6297] usb 5-1: config 8 has an invalid interface number: 243 but max is 0 [ 1320.218630][ T6297] usb 5-1: config 8 has no interface number 0 [ 1320.234658][ T6297] usb 5-1: config 8 interface 243 altsetting 5 endpoint 0xC has an invalid bInterval 0, changing to 7 [ 1320.279221][ T6297] usb 5-1: config 8 interface 243 altsetting 5 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 1320.300878][ T6297] usb 5-1: config 8 interface 243 has no altsetting 0 [ 1320.317651][ T6297] usb 5-1: New USB device found, idVendor=2c7c, idProduct=0306, bcdDevice=ae.5f [ 1320.349275][ T6297] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1320.372003][ T6297] usb 5-1: Product: syz [ 1320.376241][ T6297] usb 5-1: Manufacturer: syz [ 1320.380874][ T6297] usb 5-1: SerialNumber: syz [ 1320.659185][ T6297] option 5-1:8.243: GSM modem (1-port) converter detected [ 1320.686514][ T6297] usb 5-1: USB disconnect, device number 3 [ 1320.705974][T30416] ±ÿ: renamed from lo [ 1320.713468][ T6297] option 5-1:8.243: device disconnected [ 1320.893914][T30419] loop3: detected capacity change from 0 to 256 [ 1320.978273][T30419] FAT-fs (loop3): Directory bread(block 64) failed [ 1320.990644][T30419] FAT-fs (loop3): Directory bread(block 65) failed [ 1320.997357][T30419] FAT-fs (loop3): Directory bread(block 66) failed [ 1321.029810][T30419] FAT-fs (loop3): Directory bread(block 67) failed [ 1321.038192][T30419] FAT-fs (loop3): Directory bread(block 68) failed [ 1321.080872][T30419] FAT-fs (loop3): Directory bread(block 69) failed [ 1321.090839][ T28] audit: type=1326 audit(1774710829.537:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30422 comm="syz.1.11026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1321.124474][T30419] FAT-fs (loop3): Directory bread(block 70) failed [ 1321.131093][T30419] FAT-fs (loop3): Directory bread(block 71) failed [ 1321.162534][T30419] FAT-fs (loop3): Directory bread(block 72) failed [ 1321.169164][T30419] FAT-fs (loop3): Directory bread(block 73) failed [ 1321.181582][ T28] audit: type=1326 audit(1774710829.537:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30422 comm="syz.1.11026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1321.211645][T30402] loop2: detected capacity change from 0 to 32768 [ 1321.246910][T30402] [ 1321.246910][T30402] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1321.246910][T30402] [ 1321.265652][ T28] audit: type=1326 audit(1774710829.548:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30422 comm="syz.1.11026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1321.333830][ T28] audit: type=1326 audit(1774710829.548:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30422 comm="syz.1.11026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1321.432872][ T6306] [ 1321.432872][ T6306] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1321.432872][ T6306] [ 1321.439456][ T28] audit: type=1326 audit(1774710829.548:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30422 comm="syz.1.11026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1321.489804][ T6306] [ 1321.489804][ T6306] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1321.489804][ T6306] [ 1321.546378][ T28] audit: type=1326 audit(1774710829.548:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30422 comm="syz.1.11026" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0d4319c819 code=0x7ffc0000 [ 1321.953275][ T6297] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1322.159670][ T6297] usb 2-1: Using ep0 maxpacket: 8 [ 1322.172110][ T6297] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 1322.216467][ T6297] usb 2-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1322.223751][T30453] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11038'. [ 1322.234651][ T6297] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1322.262816][ T6297] usb 2-1: Product: syz [ 1322.276353][ T6297] usb 2-1: Manufacturer: syz [ 1322.280658][T30453] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11038'. [ 1322.281213][ T6297] usb 2-1: SerialNumber: syz [ 1322.343265][ T6297] usb 2-1: config 0 descriptor?? [ 1322.360137][ T6297] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 1322.458065][T30460] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 1322.483257][T30458] loop2: detected capacity change from 0 to 1764 [ 1322.537201][T30462] netlink: 830 bytes leftover after parsing attributes in process `syz.3.11042'. [ 1322.555555][ T6297] gspca_zc3xx: reg_w_i err -71 [ 1323.111750][T30485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11052'. [ 1323.127559][T30485] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11052'. [ 1323.171968][ T6297] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 1323.178601][ T6297] gspca_zc3xx: probe of 2-1:0.0 failed with error -71 [ 1323.204361][ T6297] usb 2-1: USB disconnect, device number 25 [ 1323.436153][T30490] loop4: detected capacity change from 0 to 4096 [ 1323.467587][T30490] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 1323.889985][T30510] RDS: rds_bind could not find a transport for 0:0:200::1, load rds_tcp or rds_rdma? [ 1325.161244][T30551] netlink: 'syz.1.11084': attribute type 15 has an invalid length. [ 1325.379084][T30558] netlink: 'syz.2.11087': attribute type 5 has an invalid length. [ 1326.372573][ T27] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1326.575028][ T27] usb 4-1: config 0 has an invalid interface number: 64 but max is 0 [ 1326.580251][T30610] bond0: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1326.599530][ T27] usb 4-1: config 0 has no interface number 0 [ 1326.633735][ T27] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 1326.654509][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1326.686869][ T27] usb 4-1: Product: syz [ 1326.701335][ T27] usb 4-1: Manufacturer: syz [ 1326.715603][ T27] usb 4-1: SerialNumber: syz [ 1326.741702][ T27] usb 4-1: config 0 descriptor?? [ 1327.001615][ T27] usb 4-1: Found UVC 0.08 device syz (046d:0823) [ 1327.030241][ T27] usb 4-1: No valid video chain found. [ 1327.046315][ T27] usb 4-1: USB disconnect, device number 39 [ 1327.291435][T30629] loop2: detected capacity change from 0 to 4096 [ 1328.302665][ T5756] usb 3-1: new low-speed USB device number 23 using dummy_hcd [ 1328.472318][T30669] tmpfs: Bad value for 'mpol' [ 1328.492415][ T5756] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1328.528923][ T5756] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1328.559171][ T5756] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1328.604050][ T5756] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1328.643059][ T5756] usb 3-1: string descriptor 0 read error: -22 [ 1328.652065][ T5756] usb 3-1: New USB device found, idVendor=0644, idProduct=800e, bcdDevice= 0.40 [ 1328.664158][ T5756] usb 3-1: New USB device strings: Mfr=1, Product=3, SerialNumber=3 [ 1328.702614][ T5756] usb 3-1: 0:2 : does not exist [ 1328.799767][ T5756] usb-storage 3-1:1.1: USB Mass Storage device detected [ 1329.056723][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.085749][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.085818][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.085946][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.086035][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.086099][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.086198][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.086256][T30688] netlink: 'syz.3.11134': attribute type 3 has an invalid length. [ 1329.157084][ T5756] us122l: couldn't allocate write buffer [ 1329.234781][ T5756] snd-usb-us122l: probe of 3-1:1.1 failed with error -22 [ 1329.263299][ T5756] usb 3-1: USB disconnect, device number 23 [ 1329.522657][T30703] loop4: detected capacity change from 0 to 256 [ 1329.597834][T30703] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 1329.637645][T30698] loop3: detected capacity change from 0 to 4096 [ 1329.674002][T30698] ntfs3: loop3: Different NTFS sector size (2048) and media sector size (512). [ 1329.798091][T30698] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 1329.865674][T30709] netlink: 72 bytes leftover after parsing attributes in process `syz.1.11141'. [ 1329.887649][T30709] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11141'. [ 1329.906634][T30709] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11141'. [ 1330.367147][T30724] loop4: detected capacity change from 0 to 2048 [ 1330.417939][T30724] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1330.423968][T30729] loop3: detected capacity change from 0 to 512 [ 1330.499656][T30729] EXT4-fs error (device loop3): ext4_validate_block_bitmap:430: comm syz.3.11148: bg 0: block 4: invalid block bitmap [ 1330.554899][T30735] loop1: detected capacity change from 0 to 4096 [ 1330.623833][T30729] EXT4-fs (loop3): Remounting filesystem read-only [ 1330.631013][T30737] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1330.644331][T30729] EXT4-fs (loop3): 1 truncate cleaned up [ 1330.684334][T30729] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1330.911479][T30743] netlink: 5 bytes leftover after parsing attributes in process `syz.4.11153'. [ 1330.941565][ T6316] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1330.956924][T30743] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1331.722844][T30768] loop3: detected capacity change from 0 to 1024 [ 1331.831603][T14719] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 1331.940810][T22117] hfsplus: b-tree write err: -5, ino 25 [ 1331.955449][T22117] hfsplus: b-tree write err: -5, ino 4 [ 1331.961429][T22117] hfsplus: b-tree write err: -5, ino 2 [ 1332.053185][T14719] usb 3-1: config index 0 descriptor too short (expected 61256, got 72) [ 1332.088274][T14719] usb 3-1: config 1 has an invalid interface number: 0 but max is -1 [ 1332.117157][T14719] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1332.161082][T14719] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 0 [ 1332.206176][T14719] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 1332.237227][T14719] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1332.274402][T14719] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1332.279543][T30779] loop1: detected capacity change from 0 to 4096 [ 1332.317532][T14719] usb 3-1: SerialNumber: syz [ 1332.332741][T30779] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1332.338550][T14719] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 1332.381544][T14719] cdc_acm 3-1:1.0: This needs exactly 3 endpoints [ 1332.401031][T14719] cdc_acm: probe of 3-1:1.0 failed with error -22 [ 1332.536303][ T5756] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 1332.566092][T30779] ntfs3: loop1: failed to convert "c46c" to cp936 [ 1332.606132][T14719] usb 3-1: USB disconnect, device number 24 [ 1332.747580][ T5756] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1332.763940][ T5756] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1332.783758][ T5756] usb 5-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1332.809915][ T5756] usb 5-1: config 1 interface 0 has no altsetting 1 [ 1332.852774][ T5756] usb 5-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 1332.872038][ T5756] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1332.907252][ T5756] usb 5-1: Product: syz [ 1332.923346][ T5756] usb 5-1: Manufacturer: syz [ 1332.928453][ T5756] usb 5-1: SerialNumber: syz [ 1332.930127][T30799] loop1: detected capacity change from 0 to 16 [ 1332.952261][ T5756] smsusb:smsusb_probe: board id=8, interface number 0 [ 1332.975224][T30799] erofs: (device loop1): mounted with root inode @ nid 36. [ 1333.193073][ T5756] smsusb:smsusb_probe: Device initialized with return code -19 [ 1333.408167][ T5756] usb 5-1: USB disconnect, device number 4 [ 1333.462128][T30815] loop1: detected capacity change from 0 to 512 [ 1333.519457][T30815] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 1333.527731][T30815] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2 [ 1333.536156][T30815] EXT4-fs error (device loop1): ext4_orphan_get:1424: comm syz.1.11178: bad orphan inode 13 [ 1333.564073][T30815] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1333.633020][ T27] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1333.693999][ T6304] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1333.833826][ T27] usb 4-1: Using ep0 maxpacket: 8 [ 1333.866369][ T27] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 7 [ 1333.908434][ T27] usb 4-1: New USB device found, idVendor=082d, idProduct=0100, bcdDevice=70.4b [ 1333.930970][ T27] usb 4-1: New USB device strings: Mfr=44, Product=2, SerialNumber=3 [ 1333.939904][ T27] usb 4-1: Product: syz [ 1333.944212][ T27] usb 4-1: Manufacturer: syz [ 1333.951530][ T27] usb 4-1: SerialNumber: syz [ 1334.146208][ T9] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1334.217955][ T27] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 1334.227091][ T27] usb 4-1: Handspring Visor / Palm OS: port 0, is for Generic use [ 1334.241112][ T28] kauditd_printk_skb: 3 callbacks suppressed [ 1334.241130][ T28] audit: type=1326 audit(1774710843.342:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30840 comm="syz.2.11184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1334.282457][ T27] usb 4-1: Handspring Visor / Palm OS: Number of ports: 2 [ 1334.290649][ T28] audit: type=1326 audit(1774710843.342:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30840 comm="syz.2.11184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1334.296428][T30845] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1334.314271][ T28] audit: type=1326 audit(1774710843.353:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30840 comm="syz.2.11184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=59 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1334.361622][ T28] audit: type=1326 audit(1774710843.353:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30840 comm="syz.2.11184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1334.385151][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1334.404779][ T27] usb 4-1: palm_os_3_probe - error -71 getting bytes available request [ 1334.408429][ T9] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 1334.423675][ T27] visor 4-1:1.0: Handspring Visor / Palm OS converter detected [ 1334.441250][ T9] usb 2-1: config 179 has no interface number 0 [ 1334.447666][ T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 1334.467930][ T28] audit: type=1326 audit(1774710843.353:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30840 comm="syz.2.11184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f860b79c819 code=0x7ffc0000 [ 1334.469917][ T27] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 1334.506718][ T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 1334.535949][ T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 1334.568641][ T9] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 1334.591975][ T27] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 1334.601108][ T9] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1334.634514][ T27] usb 4-1: USB disconnect, device number 40 [ 1334.640907][ T9] usb 2-1: config 179 interface 65 has no altsetting 0 [ 1334.656277][ T9] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1334.688341][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1334.689807][ T27] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 1334.756951][ T9] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input58 [ 1334.791135][ T27] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 1334.832196][ T27] visor 4-1:1.0: device disconnected [ 1334.883646][ T5122] input input58: unable to receive magic message: -110 [ 1334.965059][ T5122] input input58: unable to receive magic message: -32 [ 1335.058038][ T5761] input input58: unable to receive magic message: -32 [ 1335.146481][ T5122] input input58: unable to receive magic message: -32 [ 1335.203134][ T5122] input input58: unable to receive magic message: -32 [ 1335.303313][ T9] usb 2-1: USB disconnect, device number 26 [ 1335.309438][ C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1335.354605][ T9] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1335.860949][T30881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11197'. [ 1335.951708][T30883] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11198'. [ 1336.507879][ T9] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1336.698617][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1336.711701][ T9] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1336.733805][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1336.759145][ T9] usb 2-1: Product: syz [ 1336.763914][ T9] usb 2-1: Manufacturer: syz [ 1336.793952][ T9] usb 2-1: SerialNumber: syz [ 1336.813466][ T9] r8152-cfgselector 2-1: config 0 descriptor?? [ 1336.963629][ T1136] [ 1336.966037][ T1136] ====================================================== [ 1336.973096][ T1136] WARNING: possible circular locking dependency detected [ 1336.980172][ T1136] syzkaller #0 Not tainted [ 1336.985050][ T1136] ------------------------------------------------------ [ 1336.992096][ T1136] kworker/u4:7/1136 is trying to acquire lock: [ 1336.998299][ T1136] ffff8880316c0990 (jbd2_handle){++++}-{0:0}, at: wait_transaction_locked+0x1aa/0x270 [ 1337.008103][ T1136] [ 1337.008103][ T1136] but task is already holding lock: [ 1337.015497][ T1136] ffff8880316aebd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 1337.025711][ T1136] [ 1337.025711][ T1136] which lock already depends on the new lock. [ 1337.025711][ T1136] [ 1337.036145][ T1136] [ 1337.036145][ T1136] the existing dependency chain (in reverse order) is: [ 1337.045186][ T1136] [ 1337.045186][ T1136] -> #2 (&sbi->s_writepages_rwsem){++++}-{0:0}: [ 1337.053743][ T1136] percpu_down_read+0x44/0x1a0 [ 1337.059089][ T1136] ext4_writepages+0x1a4/0x350 [ 1337.064423][ T1136] do_writepages+0x3b3/0x630 [ 1337.069555][ T1136] __writeback_single_inode+0x153/0xec0 [ 1337.075635][ T1136] writeback_single_inode+0x21f/0x760 [ 1337.081544][ T1136] write_inode_now+0x183/0x210 [ 1337.086839][ T1136] iput+0x5ae/0x920 [ 1337.091170][ T1136] ext4_xattr_block_set+0x273f/0x32b0 [ 1337.097079][ T1136] ext4_expand_extra_isize_ea+0x12c5/0x1e80 [ 1337.103504][ T1136] __ext4_expand_extra_isize+0x306/0x400 [ 1337.109673][ T1136] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 1337.115675][ T1136] ext4_evict_inode+0x7f3/0xea0 [ 1337.121070][ T1136] evict+0x4ca/0x8d0 [ 1337.125497][ T1136] ext4_orphan_cleanup+0xbec/0x1420 [ 1337.131565][ T1136] ext4_fill_super+0x5ed0/0x6790 [ 1337.137038][ T1136] get_tree_bdev+0x3f3/0x520 [ 1337.142158][ T1136] vfs_get_tree+0x8c/0x280 [ 1337.147101][ T1136] do_new_mount+0x24b/0xa40 [ 1337.152132][ T1136] __se_sys_mount+0x2e7/0x3d0 [ 1337.157335][ T1136] do_syscall_64+0x55/0xa0 [ 1337.162281][ T1136] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1337.168718][ T1136] [ 1337.168718][ T1136] -> #1 (&ei->xattr_sem){++++}-{3:3}: [ 1337.176382][ T1136] down_read+0x46/0x2e0 [ 1337.181063][ T1136] ext4_setattr+0x86b/0x1ca0 [ 1337.186184][ T1136] notify_change+0xb0d/0xe10 [ 1337.191400][ T1136] chown_common+0x413/0x5d0 [ 1337.196783][ T1136] do_fchownat+0x14b/0x240 [ 1337.201728][ T1136] __x64_sys_chown+0x82/0x90 [ 1337.206848][ T1136] do_syscall_64+0x55/0xa0 [ 1337.211797][ T1136] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1337.218226][ T1136] [ 1337.218226][ T1136] -> #0 (jbd2_handle){++++}-{0:0}: [ 1337.225532][ T1136] __lock_acquire+0x2df1/0x7d40 [ 1337.230910][ T1136] lock_acquire+0x19e/0x420 [ 1337.235946][ T1136] wait_transaction_locked+0x1c3/0x270 [ 1337.241942][ T1136] start_this_handle+0x7e8/0x21c0 [ 1337.247580][ T1136] jbd2__journal_start+0x2bb/0x5b0 [ 1337.253215][ T1136] __ext4_journal_start_sb+0x203/0x560 [ 1337.259203][ T1136] ext4_do_writepages+0xfb7/0x3990 [ 1337.264845][ T1136] ext4_writepages+0x1dd/0x350 [ 1337.270142][ T1136] do_writepages+0x3b3/0x630 [ 1337.275264][ T1136] __writeback_single_inode+0x153/0xec0 [ 1337.281341][ T1136] writeback_sb_inodes+0x7cd/0xf50 [ 1337.286982][ T1136] __writeback_inodes_wb+0x111/0x240 [ 1337.292882][ T1136] wb_writeback+0x47e/0xbf0 [ 1337.297918][ T1136] wb_workfn+0xad7/0xe60 [ 1337.302698][ T1136] process_scheduled_works+0xa5d/0x15d0 [ 1337.308781][ T1136] worker_thread+0xa55/0xfc0 [ 1337.313901][ T1136] kthread+0x2fa/0x390 [ 1337.318498][ T1136] ret_from_fork+0x48/0x80 [ 1337.323454][ T1136] ret_from_fork_asm+0x11/0x20 [ 1337.328771][ T1136] [ 1337.328771][ T1136] other info that might help us debug this: [ 1337.328771][ T1136] [ 1337.338999][ T1136] Chain exists of: [ 1337.338999][ T1136] jbd2_handle --> &ei->xattr_sem --> &sbi->s_writepages_rwsem [ 1337.338999][ T1136] [ 1337.352407][ T1136] Possible unsafe locking scenario: [ 1337.352407][ T1136] [ 1337.359874][ T1136] CPU0 CPU1 [ 1337.365248][ T1136] ---- ---- [ 1337.370624][ T1136] rlock(&sbi->s_writepages_rwsem); [ 1337.375919][ T1136] lock(&ei->xattr_sem); [ 1337.382774][ T1136] lock(&sbi->s_writepages_rwsem); [ 1337.390852][ T1136] lock(jbd2_handle); [ 1337.394946][ T1136] [ 1337.394946][ T1136] *** DEADLOCK *** [ 1337.394946][ T1136] [ 1337.403103][ T1136] 4 locks held by kworker/u4:7/1136: [ 1337.408390][ T1136] #0: ffff888145a50138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 1337.419721][ T1136] #1: ffffc900048efd00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x96f/0x15d0 [ 1337.432174][ T1136] #2: ffff8880316ac0e0 (&type->s_umount_key#32){++++}-{3:3}, at: super_trylock_shared+0x20/0xf0 [ 1337.442723][ T1136] #3: ffff8880316aebd8 (&sbi->s_writepages_rwsem){++++}-{0:0}, at: ext4_writepages+0x1a4/0x350 [ 1337.453271][ T1136] [ 1337.453271][ T1136] stack backtrace: [ 1337.459174][ T1136] CPU: 1 PID: 1136 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 1337.466721][ T1136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1337.476782][ T1136] Workqueue: writeback wb_workfn (flush-8:0) [ 1337.482799][ T1136] Call Trace: [ 1337.486088][ T1136] [ 1337.489042][ T1136] dump_stack_lvl+0x18c/0x250 [ 1337.493740][ T1136] ? load_image+0x400/0x400 [ 1337.498260][ T1136] ? show_regs_print_info+0x20/0x20 [ 1337.503472][ T1136] ? print_circular_bug+0x12b/0x1a0 [ 1337.508684][ T1136] check_noncircular+0x2fc/0x400 [ 1337.513632][ T1136] ? print_deadlock_bug+0x5d0/0x5d0 [ 1337.518842][ T1136] ? lockdep_lock+0xf5/0x230 [ 1337.523444][ T1136] ? _find_first_zero_bit+0xd3/0x100 [ 1337.528732][ T1136] __lock_acquire+0x2df1/0x7d40 [ 1337.533603][ T1136] ? __lock_acquire+0x1347/0x7d40 [ 1337.538650][ T1136] ? verify_lock_unused+0x140/0x140 [ 1337.543886][ T1136] ? mark_lock+0x94/0x320 [ 1337.548234][ T1136] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1337.554325][ T1136] lock_acquire+0x19e/0x420 [ 1337.558847][ T1136] ? wait_transaction_locked+0x1aa/0x270 [ 1337.564500][ T1136] ? __lock_acquire+0x7d40/0x7d40 [ 1337.569531][ T1136] ? ret_from_fork_asm+0x11/0x20 [ 1337.574482][ T1136] ? read_lock_is_recursive+0x20/0x20 [ 1337.579860][ T1136] ? prepare_to_wait_exclusive+0x82/0x220 [ 1337.585588][ T1136] ? wait_transaction_locked+0x1aa/0x270 [ 1337.591235][ T1136] wait_transaction_locked+0x1c3/0x270 [ 1337.596727][ T1136] ? wait_transaction_locked+0x1aa/0x270 [ 1337.602460][ T1136] ? stack_trace_snprint+0xf0/0xf0 [ 1337.607695][ T1136] ? jbd2_journal_begin_ordered_truncate+0x150/0x150 [ 1337.614409][ T1136] ? wake_bit_function+0x200/0x200 [ 1337.619537][ T1136] ? kasan_set_track+0x5f/0x70 [ 1337.624311][ T1136] start_this_handle+0x7e8/0x21c0 [ 1337.629343][ T1136] ? writeback_sb_inodes+0x7cd/0xf50 [ 1337.634652][ T1136] ? jbd2__journal_start+0x5b0/0x5b0 [ 1337.639958][ T1136] ? __kasan_slab_alloc+0x6c/0x80 [ 1337.644989][ T1136] ? slab_post_alloc_hook+0x8a/0x4b0 [ 1337.650310][ T1136] ? rcu_is_watching+0x15/0xb0 [ 1337.655087][ T1136] ? kmem_cache_alloc+0x149/0x2d0 [ 1337.660249][ T1136] jbd2__journal_start+0x2bb/0x5b0 [ 1337.665370][ T1136] __ext4_journal_start_sb+0x203/0x560 [ 1337.671216][ T1136] ext4_do_writepages+0xfb7/0x3990 [ 1337.676375][ T1136] ? ext4_normal_submit_inode_data_buffers+0x240/0x240 [ 1337.683260][ T1136] ? rcu_read_lock_any_held+0xb4/0x140 [ 1337.688761][ T1136] ? __lock_acquire+0x1347/0x7d40 [ 1337.693806][ T1136] ext4_writepages+0x1dd/0x350 [ 1337.698657][ T1136] ? ext4_read_folio+0x2f0/0x2f0 [ 1337.703673][ T1136] ? __rwlock_init+0x150/0x150 [ 1337.708449][ T1136] ? do_raw_spin_unlock+0x121/0x230 [ 1337.713686][ T1136] ? ext4_read_folio+0x2f0/0x2f0 [ 1337.718829][ T1136] do_writepages+0x3b3/0x630 [ 1337.723442][ T1136] ? folio_clear_dirty_for_io+0xc30/0xc30 [ 1337.729447][ T1136] ? writeback_sb_inodes+0x4b0/0xf50 [ 1337.734780][ T1136] ? __lock_acquire+0x7d40/0x7d40 [ 1337.739814][ T1136] ? do_raw_spin_lock+0x11f/0x2c0 [ 1337.744850][ T1136] __writeback_single_inode+0x153/0xec0 [ 1337.750423][ T1136] writeback_sb_inodes+0x7cd/0xf50 [ 1337.755577][ T1136] ? queue_io+0x550/0x550 [ 1337.759918][ T1136] ? do_raw_spin_unlock+0x121/0x230 [ 1337.765135][ T1136] ? __writeback_inodes_wb+0x240/0x240 [ 1337.770844][ T1136] __writeback_inodes_wb+0x111/0x240 [ 1337.776167][ T1136] wb_writeback+0x47e/0xbf0 [ 1337.780881][ T1136] ? queue_io+0x3d1/0x550 [ 1337.785239][ T1136] ? percpu_ref_tryget+0x250/0x250 [ 1337.790476][ T1136] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1337.796478][ T1136] ? process_scheduled_works+0x96f/0x15d0 [ 1337.802225][ T1136] wb_workfn+0xad7/0xe60 [ 1337.806495][ T1136] ? try_to_wake_up+0x70a/0x1190 [ 1337.811452][ T1136] ? inode_wait_for_writeback+0x230/0x230 [ 1337.818592][ T1136] ? lockdep_hardirqs_on_prepare+0x40d/0x770 [ 1337.824589][ T1136] ? read_lock_is_recursive+0x20/0x20 [ 1337.830059][ T1136] ? _raw_spin_unlock_irq+0x23/0x50 [ 1337.835278][ T1136] ? process_scheduled_works+0x96f/0x15d0 [ 1337.841009][ T1136] ? process_scheduled_works+0x96f/0x15d0 [ 1337.846743][ T1136] process_scheduled_works+0xa5d/0x15d0 [ 1337.852308][ T1136] ? worker_attach_to_pool+0x380/0x380 [ 1337.857956][ T1136] ? assign_work+0x3d2/0x5d0 [ 1337.862755][ T1136] worker_thread+0xa55/0xfc0 [ 1337.867367][ T1136] kthread+0x2fa/0x390 [ 1337.871532][ T1136] ? pr_cont_work+0x560/0x560 [ 1337.876404][ T1136] ? kthread_blkcg+0xd0/0xd0 [ 1337.881174][ T1136] ret_from_fork+0x48/0x80 [ 1337.885688][ T1136] ? kthread_blkcg+0xd0/0xd0 [ 1337.890289][ T1136] ret_from_fork_asm+0x11/0x20 [ 1337.895074][ T1136] [ 1337.931089][ T9] usbip-host 2-1: 2-1 is not in match_busid table... skip! [ 1338.133714][T25079] usb 2-1: USB disconnect, device number 27