last executing test programs: 4m23.306741817s ago: executing program 1 (id=1334): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}}, 0x4044004) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8000}, {{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffe68}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001a00)=[{&(0x7f0000000000)=""/190, 0xbe}, {&(0x7f00000007c0)=""/273, 0x111}, {&(0x7f00000000c0)=""/84, 0x54}, {&(0x7f0000003bc0)=""/4098, 0x1002}, {&(0x7f00000005c0)=""/236, 0xec}, {&(0x7f00000004c0)=""/220, 0xda}], 0x6}, 0x80000000}], 0x4, 0x0, 0x0) 4m22.585866971s ago: executing program 1 (id=1338): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETTXFILTER(r0, 0x400454d1, &(0x7f0000000000)=ANY=[@ANYBLOB="010008"]) 4m21.736882117s ago: executing program 1 (id=1344): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000280)=@newqdisc={0x44, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r1, {}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x14, 0x2, [@TCA_CAKE_RTT={0x8, 0x7, 0x80000000}, @TCA_CAKE_MPU={0x8, 0xe, 0x2e}]}}]}, 0x44}}, 0x0) 4m20.935226623s ago: executing program 1 (id=1349): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd0009058202"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) connect$inet(0xffffffffffffffff, 0x0, 0x0) 4m18.343745429s ago: executing program 1 (id=1361): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x10) newfstatat(0xffffffffffffff9c, 0x0, &(0x7f0000000300), 0x3800) 4m17.599787231s ago: executing program 1 (id=1366): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0x15, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000002380), &(0x7f00000023c0)=0x4) 4m2.18706483s ago: executing program 32 (id=1366): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000000040)=0x15, 0x4) getsockopt$bt_l2cap_L2CAP_LM(r0, 0x6, 0x3, &(0x7f0000002380), &(0x7f00000023c0)=0x4) 3m14.406698559s ago: executing program 5 (id=1634): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000030800"/16, @ANYRES64=0x0, @ANYRES64=r0], 0x80}, 0x1, 0x0, 0x0, 0x20040004}, 0x0) 3m13.668866612s ago: executing program 5 (id=1638): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000004c0)={'veth1_vlan\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=@setlink={0x28, 0x13, 0x201, 0x70bd30, 0x25dfdbff, {0x0, 0x0, 0x0, r1, 0x24300, 0x1c03c}, [@IFLA_OPERSTATE={0x5, 0x10, 0x4}]}, 0x28}, 0x1, 0x0, 0x0, 0x24000808}, 0x20000000) 3m12.984710178s ago: executing program 5 (id=1643): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={r1, @in={{0x2, 0x4e24, @private=0xa010101}}, 0xe0, 0x48}, 0x90) 3m11.328600763s ago: executing program 5 (id=1651): r0 = socket$inet(0x2, 0x2, 0x1) sendmsg$SEG6_CMD_SETHMAC(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x14}, 0x4010) sendmsg$inet(r0, &(0x7f0000000600)={&(0x7f0000000040)={0x2, 0xffff, @multicast2}, 0x10, &(0x7f00000000c0)=[{&(0x7f0000000400)='\b\x00', 0x2}, {&(0x7f0000000180)="2d0000008058", 0x5a}], 0x2, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000007000000890b040a0101027f00000100000000001c000000000000000000000008"], 0x40}, 0x20000000) 3m10.734511487s ago: executing program 5 (id=1655): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x10) setxattr$system_posix_acl(&(0x7f0000002a00)='.\x00', &(0x7f0000002a40)='system.posix_acl_default\x00', 0x0, 0x0, 0x0) 3m10.088695266s ago: executing program 5 (id=1660): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp=r1}, @IFLA_GTP_FD1={0x8}]}}}]}, 0x40}}, 0x0) 2m53.897012477s ago: executing program 33 (id=1660): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x70bd29, 0x0, {0x0, 0x0, 0x0, 0x0, 0x32b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8, 0x1, @udp=r1}, @IFLA_GTP_FD1={0x8}]}}}]}, 0x40}}, 0x0) 6.789698248s ago: executing program 2 (id=2632): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x22, &(0x7f0000000080)=0x1, 0x4) sendmmsg$inet6(r0, &(0x7f0000000140)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x2, @empty, 0xfffffffe}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000a40)="fbd3c8412e7da3bf91d0a355257c55499520c4ee3830cbf2bec3b93f59024564afdc025b45dcaa3febcc4b65dcd7f58245801b92429c258f8aa2a008994d0e38dfd9e9", 0x43}, {0x0}], 0x2}}, {{0x0, 0x0, 0x0}}], 0x2, 0x20080058) 6.681474126s ago: executing program 6 (id=2633): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000001280), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000001340)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x2, 0x0, r1, 0x0, 0x0, 0xa513}) 6.16222146s ago: executing program 4 (id=2636): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv6_newnexthop={0x1c, 0x68, 0x5fb9a818fb7378e9, 0x0, 0x0, {}, [@NHA_BLACKHOLE={0x4}]}, 0x1c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@ipv4_getnexthop={0x1c, 0x6a, 0x101, 0x70bd2d, 0x25dfdbfd, {}, [@NHA_GROUPS={0x4}]}, 0x1c}}, 0x0) 6.049797139s ago: executing program 6 (id=2637): bpf$MAP_CREATE(0x0, &(0x7f0000001240)=ANY=[@ANYBLOB="12000000040000000800000001"], 0x50) openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x40040, 0x0) pselect6(0x40, &(0x7f0000000300)={0x0, 0x4000000000000000, 0x0, 0x1}, &(0x7f0000000000)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000}, 0x0, 0x0, 0x0) 5.845006411s ago: executing program 2 (id=2638): munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r0 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00') getdents(r0, &(0x7f0000000f40)=""/243, 0xf3) 5.799382598s ago: executing program 0 (id=2639): io_setup(0x8f0, &(0x7f0000002400)=0x0) r1 = syz_init_net_socket$ax25(0x3, 0x5, 0x0) io_submit(r0, 0x1, &(0x7f0000000100)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x8, 0xfffa, r1, &(0x7f0000000080)="53212d0d94b34c14075c98b6bd639786", 0x10, 0xade}]) 5.549160439s ago: executing program 6 (id=2641): syz_usb_connect(0x5, 0x4c, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x35, 0xfe, 0x65, 0x10, 0x1aca, 0xb28e, 0x9232, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x3a, 0x1, 0xd, 0x1, 0x90, 0x2, [{{0x9, 0x4, 0x32, 0xa7, 0x2, 0x1, 0x3, 0x9e, 0x8, [], [{{0x9, 0x5, 0x8, 0x6, 0x10, 0x6, 0x4, 0x8, [@generic={0x8, 0x23, "87ac33afe341"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x5, 0x4f8}]}}, {{0x9, 0x5, 0x7, 0x2, 0x200, 0x4, 0x2, 0x66, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3, 0x3}]}}]}}]}}]}}, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0}) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder1\x00', 0x0, 0x0) inotify_add_watch(0xffffffffffffffff, &(0x7f00000000c0)='./file0\x00', 0x20000000) 5.397829255s ago: executing program 4 (id=2642): syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000a80)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="6e6c733d63703835322c6e6f626172726965722c63726561746f723dbd3c66f52c626172726965722c706172743d3078303030303030303030303030303030322c756d61736b3d30303030303030303030303030303030303030363734352c00b08558549e3fb3af8feff2a5c10c825cef8ec0f1ddcd940f6058a48f0cc0887456a5b70061a195d3ed592d"], 0x3, 0x6a4, &(0x7f0000000100)="$eJzs3U9sHFcdB/DvbDbrbJBS918aEFKtRqqgEYmdVUmQkBoQQjlEKIJLr1biNFY2aeW4KK0Q2QAFiRMn1AOHIhQOPSGEkMoJUc5ISFw4+R6JG4ccAKOZnV2v7Y1jJ7HXbT8faTzv7Zv33m9+nT+7s402wGfW+ddzsJci509cuFXWV+52uit3O9cH5SRTSRpJs79K0U6Kj5Nz6S/5fPliPVzxoHlevfdR0Xz/w06/1qyXavvGVv02GbtlLzk0rBxIMtMv/mfbw24ar1qqcS6tjfeIimHcZcKODxIHk7a6SW+tsfHQ7ts/b4F963b/vrnJdHI4/btr+T4g9dXh4VeGydvy2tTbuzgAAABgt4z9LD/qqfu5n1s5sjfhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwKdD0f/NwKJeGoPyTIrB7/+3Rn5TvzXhcB/Te1eq1XefmnQgAAAAAAAAAPBYXryf+7mVI4P6alF95/9SVXmu+vu5vJ2bWchSTuZW5rOc5SxlLsn0yECtW/PLy0tzm3v+MmXP1dXV23XP02N7nl4fV29joOP+T4NNGwEAAAAAAADAZ9aPcn7t+38AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANgPiuRAf1Utzw3K02k0kxxK0ipmhpu3JhrsE/DnSQcAAAAAu69dr48U/+sXVovqM//R6nP/obydG1nOYpbTzUIuV88C+p/6G3/vdbordzvXy2XzwN/4147iqEZM/9nD+Jlnqy2eH/Y4n2/nezmRmVzMUhbz/cxnOQuZybeq0nyKTNdPL6ZX7rYziHVzvOfW1S5ujO3FkXIZ37EqknauZLGK7WQutQahN+rtjo3M9sdWsmHGO2V2itdq28zR5Xpd7tEv6vX+MF3t+cFhRmbr3JfZeHo075tzv8PjZONMc2kMn0E9tzZLWd040yPl/HC9LnP9093N+Q4fpa3PRO/nZW1w9B3dOufJl//xl4tXGzeuXb1y88T+OYwe0cZjojOSiRe2lYlumYneY2Ti0OPE/+S06mz0r6I7u1q+VPU9ksV8J2/mchZyJrOZy9nM5ms5nU5Oj+T1+a3zWp1rjZ2da8e/VBfKe9LPRu5Ne2bqQQ1lXp8eyevolW66aht9ZS1Lz2wjS0Ur47P0z7GhNL9QF8o5fjxyx5m8jZmYG8nEs1tn4tf/XU1ys3vj2tLV+be2Od/L9bo8bd9bf23+zRPZoZ2rd7c8Xp4p/2Olf9sYPTrKtmcHbRvy1aq/cWnWg61ra6U6n/ttDztTy5GO3hk3Ur/thbGzdKq2YyNt697l5M10h+9CANjHDr9yuNW+1/5b+4P2T9pX2xcOfXPq7NQXWzn41+afDvyu8dvG14tX8kF+mCOTjhQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4Nbr7z7rX5bndhaR8W0njCA94Z2zRIRf+V1v7Y909qYWqrI+r3Sbbo3ppEzO0k+yJ1ae7BXFMZ03Rh+Eo7aQzjSXJtn/zAHbAbTi1ff+vUzXfe/cri9fk3Ft5YuHH67JnXznS+Onf71JXF7sJs/++kowR2w9rbgElHAgAAAAAAAAAAAGzXXvzzhjHTFr0J7CsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwyXT+9Rzspcjc7MnZsr5yt9Mtl0F5bctmkkaS4gdJ8XFyLv0l0yPDFQ+a59V7H/3q5fc/7KyN1Rxs39jQ7w//Xl3d4V706iUzSQ7U64eb2tZ4l0bG6+0wsL5iuIdlwo4PEgeT9v8AAAD//x5LB84=") mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x208041, 0xe8) 5.174566486s ago: executing program 0 (id=2643): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xf, 0x4, 0x8, 0x8}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x20000002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x6a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 5.148039073s ago: executing program 2 (id=2644): r0 = openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000040), 0x21041, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000100)=0xd) ioctl$TCFLSH(r0, 0x540b, 0x0) 4.567283411s ago: executing program 3 (id=2645): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 4.476013284s ago: executing program 4 (id=2646): syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES16=0x0], 0x1, 0xabd, &(0x7f0000000e00)="$eJzs3U2MW0cBAODx7nqz2x/ilIQuaWgTCm356abZLOEngqRKhETUVIhLpYpLlKYlIgSJIgFVJZKcuNGqChInfsSpl6ogJHpBUU9cKtFIFVJPhQMHoiAqcSiBxCj2zNvniZ1nb3btdfx90ux43szzzPM+P7+/eROAiTXV+ru8vFAL4fwbrxz+x0N/n78+5UBRotH6O1NK1UMItZieyd7vvel2fPX9F493i2thqfU3pcOTl4t57wwhnAk7w4XQCNvPX3z5raUnjp49cm7X26/uv7Q+Sw8AAJPl6xf2L2/765/v23LltfsPhk3F9LR/3ojpu+J+/8G445/2/6dCZ7pWCmWzWbmZGKbmO8tNdylXrqeelZvpUf9sVn+9R7lN4eb1T5emdVtuGGdpPW6E2tRiR3pqanGxfUweWsf1s7XF0ydPPfv8iBoKrLl/PxBC2FkKh851pjdaOLAB2rDK0NwAbRjLcHB4dV1pto18mYcUmptHvQUCaMuvF97gTH5m4dYU7zbTX/2XH5/qPj+sgWGv/wPVPzvi+oP6f3PWFoe1c7uuTWm50vforpjOryPk9y/1/v7lVzo6p+bXI+p9trPXdYRxub7Qq53TQ27HavVqf75e3K6+HOP0OXylI/eBju9P/j8dl/8x0N0H+fl/QRA2dggd6fqtvFdzxNsfYOPK75trpuujUX5fX56/qSJ/riJ/viL/jor8OyvyYZL97vs/DS/VVs535cf0g50PnyvOs90d4w8N2J78fOSg5+Pz+34Hdav15/cTw0b2h2NPnfjCM09fbN//XyvW/2txfU+HG4343boQC6Tzhfl59eLe/0ZnPVM9yt2TtefuLuVbr7d2lqttXXmfUNrO3NCOhc75Nvcqt6OzXCMrNx/DXNbefP/kjmy+tP8x3d71KOabyZa3ni3HbNaOtF3ZEuO8HbAa6fvb6/7/tH4uhHrt2ZOnTjwW02k9/dN0fdP16XuG3G7g1vXb/2chdPb/uauYXp8qbxc2r0yvtbcLr8f365y+VNRTml76UUu/c9+anm+VXzz+3VPPrPGyw6R7/kcvfPvYqVMnvufFql98dWM0Y5AX6bBlo7THi0Ff7FzvKka8YQLW3e4ft3cCHj35nWPPnXjuxOm9+/btXVra98W9y7tb+/W7y3v3ZWdG0FpgLa386I+6JQAAAAAAAAAAAEC/fnDk8MV33vz8u+3+/yv9/1L//3Tnb+r//5Os/3/eTz71g0/9ALd0yW+VyR6wOpuVq8fw4ay9W7N6tmXzfSTGxTh+sf9/qi5/rmtqz73Z9HqPZPY4gRuelzKbPYMkHy/w4zE+F+NfBxih2nz3yTG+yfOtax+U1vX0fIpSF96m5wOPj/R/a60NpUcapf7fXZ/r1KW/NuNlGD0WR72MQHf/nKjnf/9rZcFH3hahd5gZbn0/n9x1otlzL73fEWwA1saox/9M5z1TfPqPX5u7HlKxy493bi/z55fCIP7yTmd6o48/ud715+P2Dbv+US//sMf/LMa/63v7l42Y11hdvf/5xaV3S9WG7f3Wny9/eg701sHqvxLrT0vzcOiv/uavsvrzC0J9+m9W/x191n/D8u9YXf3/i/Wnj+2RB/utv93i2lRnO+az5UjX//LzxsnVbPnTsz1vUv83Xui2/KscqPFarB8mWdU4s+M6nkW2H1HstK9+/N/ozNqO/1s0Ntus5fdhfC6m04Y43eeQj3cyaPvT/RXpd2Bb9v61it834/+Oty/FuOr7kMb/TetjI/7kl9KtzzKl610+23EZ0xomxXsTdf1vWOFS+zBodfPPjb79wgChOb2K+Yr96hG3v9lsru8JrQojrZyRf/6jPk4Ydf2j/vyr5OP/5vvw+fi/eX4+/m+en4//m+fPx/9Qr/x8/N/888zH/83z783eNx8feKEi/6MV+du75xeH7fdVzL+jIv9jFfm7ivwDHSVS/v03nX+lXK/3v6ci/8GK/E9U5H+yIv+hivxHSvnlMaBT/qcq5r/dpf4ocfnrk7b8MMny/nm+/zA50vWfXt//rRX5wPj62Wt7Dj3922822v3/Z4vzIek63sGYrsfjpx/GdH7dO5TS1/PejOm/Zfkb/XwHTJL8+Rn57/vDFfnA+Er3efl+wwSqzXWfHOOq51b12s9nvHw6xp+J8Wdj/GiMF2O8O8Z7Yrw0pPaxPg69/vv9L9VWjvc3Z/n93k+e9wfqeE5UCGFvn+3Jzw8Mej97/hy/Qd1q/avsDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAyU62/y8sLtRDOv/HK4aeOntx9fcqBokSj9XemlKoX84XwWIynY/zL+OLq+y8eL8fXYlwLS6EWasX08OTloqY7Qwhnws5wITTC9vMXX35r6YmjZ4+c2/X2q/svrd8nAAAAALe//wcAAP//di0VJA==") r0 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0) ftruncate(r0, 0x2007ffc) 4.419035953s ago: executing program 0 (id=2647): r0 = socket$inet6(0xa, 0x5, 0x0) setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in={0x2, 0x4e22, @local}, @in={0x2, 0x4e22, @multicast2}, @in6={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x640100fd}}, @in6={0xa, 0x0, 0x0, @remote}], 0x58) 4.418768808s ago: executing program 2 (id=2648): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$sock_timeval(r0, 0x1, 0x2, 0x0, 0x48) getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000005c0)=0x98) 3.898565864s ago: executing program 0 (id=2649): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b40)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a0b020000000000000000020000000900020073797a300000000008000440000000000900010073797a30000000000800034000000009"], 0x64}}, 0x0) 3.822569633s ago: executing program 2 (id=2650): sendmsg$key(0xffffffffffffffff, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x3, 0x0, 0x3, 0xa, 0x0, 0x0, 0x0, [@sadb_key={0x1, 0x9}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb, 0x1}]}, 0x50}, 0x1, 0x7}, 0x0) r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000040)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x18, 0x18, 0x4, [@func={0x2, 0x0, 0x0, 0xc, 0x2}, @func_proto]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x34}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000080)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r0, 0x8, &(0x7f00000000c0)={0x0, 0x1}, 0x8}, 0x94) 3.451225052s ago: executing program 3 (id=2651): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000180), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="05000000020c00"/16, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYRES64=0x77359400, @ANYRES64=0x0, @ANYBLOB='\x00\x00\x00@\r'], 0x80}}, 0x0) 3.253390567s ago: executing program 2 (id=2652): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_ctr_aes192\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) 3.191014556s ago: executing program 0 (id=2653): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x22000406, &(0x7f0000000680)={[{@dioread_lock}, {@noblock_validity}, {@abort}, {@nodelalloc}, {@user_xattr}, {@grpjquota, 0x2e}, {@max_batch_time={'max_batch_time', 0x3d, 0x3}}, {@errors_remount}, {@jqfmt_vfsv1}, {@grpid}], [], 0x2c}, 0x84, 0x4c1, &(0x7f0000001940)="$eJzs3M9vFFUcAPDvTGkpP1uQqPxQVtHYiLa0oHLwoEYTLhoTPeCxlkqQAobWRAiRagwejX+BejQx8eTFkybGqBc1XvVuTIjhAnowa2Z3pt2l2+3ulnbF/XyS3b4382be+76Ztzs7r7sB9KxS9pREbI2IXyNiqJqtL1Cq/rlx7dLUX9cuTSVRLr/0Z1Ipd/3apamiaLHdljwzkkak7yWxt0G9sxcunp6cmZk+n+fH5s68MTZ74eKjp85Mnpw+OX124ujRI4fHn3h84rGW4ri8wvosrut73j63b/exVz58fqocr37/Wdberfn62jiqhluqt5lSlKKcW1w6UHl+cNV7/2/ZVpNONnSxIbSlLyKyw9VfGf9D0ReLB28onnt3IfNNlxoIrJnsvWnHkqV9+d904f0L+D9KjHHoUcU7fvb5t3is5/VHt119OnuersR/I3/8+EK1b9Lss+xw9RN7eZnt72ywbHAxWR5aof6tEXF8/u+Pskc0vA/RRNJySQCABV9l1z+PNLr+S+uubbbncyjDEXEwInZGxB0RsSvShTJ3RcTdbdZfuim/9Prn501t7rIt2fXfk/ncVvGoriniShZy2yrx9yevnZqZPpT3yUj0b8zy403q+PrZXz5Ybl2p5vove2T1F9eCeTv+2LCxfpsTk3OTqwi5ztV3IvZsaBR/sjATkPXA7ojY08H+sz479fCn+7L09i1L168cfxO3YJ6p/EnEQ9XjPx83xV9IqjUtNz85Nhgz04fGirNiqR9+uvJibb6/Jl0X/2BrMQ12GmwD2fHf3PD8z+MvhkExXzvbfh1Xfnt/2c80S49/Esfna0vk5/+mxW7Lzv+B5OVKeiBf9tbk3Nz58YiBfEHd8onFvRX5onwW/8iBxuN/Z8Q/H+fb7Y2I7CS+JyLujYj9edvvi4j7I+JAk/i/e+aB15v3UIfn/y2QxX+i2fGPGE5q5+s7SPSd/vbL5epv7fXvSCU1ki9p5fWv1Qaupu8AAADgdpFW5qCTdLRI19yc2hWb05lzs3MHS/Hm2RPVuerh6E+LO11DNfdDx/N7w0V+4qb84YjYUflPo02V/OjUuZlt3QwcqHxXp278R5qOjlbX/d7X7dYBa66tebTafzr7/Itb3xhgXfm+JvQu4x96l/EPvcv4h97VaPxfjrjRhaYA68z7P/Qu4x96l/EPvcv4h5609Cvxxc+tdPJN/8XEzmOr2nzNE+WhNdnzfPtb9a1RpFH7ox3LJpKI6KyKSJuXGWih9q4l0hXLPLVSt/Sv6jcxssT+PLExIlrd6vK69WrxCpH4lUkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC29m8AAAD//2cg5YI=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000280)='.\x00', 0x0, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)=@v2={0x2, @adiantum, 0x4, '\x00', @d}) 3.160195056s ago: executing program 6 (id=2654): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x6, 0x4) setsockopt$MRT_INIT(r0, 0x0, 0xc8, &(0x7f0000000040), 0x4) 2.99169328s ago: executing program 4 (id=2655): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f00000000c0), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000040)={{0x1, 0x2, 0x762}}) ioctl$SNDRV_TIMER_IOCTL_STATUS64(r0, 0x80605414, &(0x7f0000010340)) 2.815346578s ago: executing program 3 (id=2656): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000001a80)={&(0x7f00000000c0)={0x20, r1, 0x1, 0xffffffff, 0x0, {}, [@NBD_ATTR_SOCKETS={0x4}, @NBD_ATTR_INDEX={0x8, 0x1, 0x0}]}, 0x20}}, 0x20000000) 2.391626866s ago: executing program 6 (id=2657): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0x7) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x7e) 2.245475431s ago: executing program 4 (id=2658): openat$userio(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f00000001c0)='.\x00', &(0x7f0000000180), 0x0, &(0x7f0000000100)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}}) 1.948152728s ago: executing program 3 (id=2659): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000400000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1c, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10) move_pages(0x0, 0x0, 0x0, 0x0, 0x0, 0x2) 1.283177381s ago: executing program 0 (id=2660): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003e40), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r0, &(0x7f0000004080)={0x0, 0x0, &(0x7f0000004040)={&(0x7f0000003e80)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01002dbd7000ffdbdf2501000000040001801c0002800c00018008000100070000000c000180070001"], 0x34}, 0x1, 0x0, 0x0, 0x4000}, 0x10) 1.019647449s ago: executing program 3 (id=2661): r0 = socket(0x10, 0x3, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000001a80)="d8000000180081064e81f782db4cb904021d0800fd007c05e8fe50a10a000600014002020c600e41b0000900ac000a0501000000160012000a00ff120048035c3b61c1d67f6f94007134cf6efb8007a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667daffffffffff1f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5b7276505de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000001008af26c8b7b55f4d2a6823a45", 0xd8}], 0x1}, 0x894) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x8, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x0, 0x29, 0x0, @local, @rand_addr=0x3}}}}) 705.95929ms ago: executing program 4 (id=2662): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) statx(r0, 0x0, 0x1000, 0xf0cb2f4a0c2cfc5d, 0x0) 644.458268ms ago: executing program 6 (id=2663): r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f0000002200)=[0x0], 0x0, 0x0, 0x0, 0x1}) 0s ago: executing program 3 (id=2664): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast2, 0x300, 0x0, 0xff, 0x9, 0x0, 0x6}, 0x20) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000080)={@mcast1, 0x300, 0x0, 0xff, 0x8, 0x6, 0x102}, 0x20) kernel console output (not intermixed with test programs): bread(block 71) failed [ 556.552584][ T9224] FAT-fs (loop4): Directory bread(block 72) failed [ 556.559609][ T9224] FAT-fs (loop4): Directory bread(block 73) failed [ 556.644805][ T5864] usb 2-1: config 0 descriptor?? [ 556.671935][ T5864] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 556.717591][ T9228] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 556.895263][ T5864] usb 2-1: qt2_setup_urbs - submit read urb failed -90 [ 556.903853][ T5864] quatech2 2-1:0.51: probe with driver quatech2 failed with error -90 [ 557.161132][ T5864] usb 2-1: USB disconnect, device number 6 [ 557.438302][ T9236] loop3: detected capacity change from 0 to 512 [ 557.503272][ T9236] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 557.711652][ T9236] EXT4-fs error (device loop3): ext4_get_branch:178: inode #11: block 4294967295: comm syz.3.1356: invalid block [ 557.804367][ T9236] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1356: invalid indirect mapped block 4294967295 (level 1) [ 557.871723][ T9236] EXT4-fs error (device loop3): ext4_free_branches:1023: inode #11: comm syz.3.1356: invalid indirect mapped block 4294967295 (level 1) [ 557.992600][ T9236] EXT4-fs (loop3): 2 truncates cleaned up [ 558.001503][ T9236] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 558.156745][ T9236] EXT4-fs error (device loop3): ext4_get_parent:1834: inode #11: comm syz.3.1356: bad parent inode number: 3 [ 558.534685][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 559.272249][ T9251] loop2: detected capacity change from 0 to 4096 [ 559.857384][ T9251] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 559.864698][ T9251] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 560.246261][ T3888] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22. [ 560.311676][ T5815] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 560.318887][ T5815] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 560.327211][ T5815] ntfs3(loop2): ino=3, ntfs_set_state failed, -22. [ 560.336466][ T1305] ntfs3(loop2): ino=3, ntfs3_write_inode failed, -22. [ 560.678514][ T9268] loop4: detected capacity change from 0 to 256 [ 560.911077][ T9268] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x587066de, utbl_chksum : 0xe619d30d) [ 561.672909][ T9267] loop0: detected capacity change from 0 to 32768 [ 561.715413][ T9267] (syz.0.1371,9267,0):ocfs2_initialize_super:2087 ERROR: couldn't mount because of unsupported optional features (40000). [ 561.734790][ T9267] (syz.0.1371,9267,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 562.738972][ T9276] loop2: detected capacity change from 0 to 8192 [ 562.908474][ T9282] loop0: detected capacity change from 0 to 128 [ 564.627610][ T9290] loop0: detected capacity change from 0 to 32768 [ 564.637733][ T9290] (syz.0.1381,9290,1):ocfs2_parse_param:1357 ERROR: Invalid cluster_stack option [ 565.417222][ T9300] loop2: detected capacity change from 0 to 256 [ 565.485422][ T9300] exfat: Deprecated parameter 'utf8' [ 565.491171][ T9300] exfat: Deprecated parameter 'utf8' [ 565.820463][ T9300] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36d2a6b4, utbl_chksum : 0xe619d30d) [ 566.894344][ T9314] IPVS: set_ctl: invalid protocol: 115 224.0.0.2:0 [ 566.978715][ T9318] loop0: detected capacity change from 0 to 64 [ 568.146346][ T9330] loop3: detected capacity change from 0 to 256 [ 568.217330][ T9330] exfat: Deprecated parameter 'namecase' [ 568.222480][ T9324] loop4: detected capacity change from 0 to 4096 [ 568.223353][ T9330] exfat: Deprecated parameter 'namecase' [ 568.451558][ T9330] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 568.570474][ T9324] ntfs3(loop4): ino=1a, mi_enum_attr [ 568.576535][ T9324] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 570.315454][ T9347] openvswitch: netlink: Unknown key attributes 2 [ 575.986947][ T9410] loop0: detected capacity change from 0 to 256 [ 575.998793][ T5820] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 576.018287][ T5820] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 576.043622][ T5820] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 576.100662][ T5820] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 576.118396][ T5820] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 576.321153][ T9410] FAT-fs (loop0): Directory bread(block 64) failed [ 576.328439][ T9410] FAT-fs (loop0): Directory bread(block 65) failed [ 576.336162][ T9410] FAT-fs (loop0): Directory bread(block 66) failed [ 576.343008][ T9410] FAT-fs (loop0): Directory bread(block 67) failed [ 576.350309][ T9410] FAT-fs (loop0): Directory bread(block 68) failed [ 576.357247][ T9410] FAT-fs (loop0): Directory bread(block 69) failed [ 576.371934][ T9410] FAT-fs (loop0): Directory bread(block 70) failed [ 576.380968][ T9410] FAT-fs (loop0): Directory bread(block 71) failed [ 576.388122][ T9410] FAT-fs (loop0): Directory bread(block 72) failed [ 576.395202][ T9410] FAT-fs (loop0): Directory bread(block 73) failed [ 577.196745][ T9414] loop3: detected capacity change from 0 to 4096 [ 577.278390][ T9414] ntfs3: Unknown parameter 'ÿIfY|GHJ [ 583.453679][ T3618] tipc: Left network mode [ 583.554957][ T9411] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 584.044222][ T9411] team0: Port device team_slave_0 added [ 584.170954][ T9411] team0: Port device team_slave_1 added [ 584.312442][ T3618] hsr_slave_0: left promiscuous mode [ 584.366441][ T3618] hsr_slave_1: left promiscuous mode [ 584.378392][ T3618] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 584.386509][ T3618] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 584.499191][ T3618] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 584.507679][ T3618] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 584.560113][ T5820] Bluetooth: hci5: command tx timeout [ 584.696595][ T3618] veth1_macvtap: left promiscuous mode [ 584.702401][ T3618] veth0_macvtap: left promiscuous mode [ 584.709088][ T3618] veth1_vlan: left promiscuous mode [ 584.715019][ T3618] veth0_vlan: left promiscuous mode [ 584.749974][ T9482] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1468'. [ 584.763243][ T9482] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1468'. [ 585.031403][ T9480] loop4: detected capacity change from 0 to 40427 [ 585.041895][ T9480] F2FS-fs: heap/no_heap options were deprecated [ 585.094413][ T9480] F2FS-fs (loop4): build fault injection rate: 19 [ 585.101133][ T9480] F2FS-fs (loop4): build fault injection type: 0x3bfe8c [ 585.115889][ T9480] F2FS-fs (loop4): invalid crc value [ 585.247556][ T9480] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_build_free_nids+0xd0b/0x1e80 [ 585.606755][ T9480] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x1d2/0x4b0 [ 585.627748][ T9480] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 585.715285][ T9480] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 586.055237][ T3618] team0 (unregistering): Port device team_slave_1 removed [ 586.148538][ T3618] team0 (unregistering): Port device team_slave_0 removed [ 587.171382][ T9411] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 587.179099][ T9411] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 587.207722][ T9411] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 587.311356][ T3618] IPVS: stop unused estimator thread 0... [ 587.386865][ T9499] netlink: 'syz.2.1474': attribute type 7 has an invalid length. [ 587.395155][ T9499] netlink: 'syz.2.1474': attribute type 8 has an invalid length. [ 587.426743][ T9411] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 587.436894][ T9411] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 587.463742][ T9411] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 588.030355][ T9411] hsr_slave_0: entered promiscuous mode [ 588.049738][ T9411] hsr_slave_1: entered promiscuous mode [ 588.059841][ T9411] debugfs: 'hsr0' already exists in 'hsr' [ 588.066183][ T9411] Cannot create hsr debugfs directory [ 589.647206][ T9411] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 589.748635][ T9411] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 589.824175][ T9411] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 589.886430][ T9411] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 590.838619][ T9528] loop4: detected capacity change from 0 to 32768 [ 591.039639][ T9528] (syz.4.1487,9528,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x62b9e51c, computed 0xc1700438. Applying ECC. [ 591.057276][ T9528] (syz.4.1487,9528,0):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x62b9e51c, computed 0x98b843da [ 591.070463][ T9528] (syz.4.1487,9528,0):ocfs2_validate_dir_block:452 ERROR: Checksum failed for dinode 352 [ 591.080990][ T9528] (syz.4.1487,9528,0):ocfs2_read_virt_blocks:1029 ERROR: status = -5 [ 591.089560][ T9528] (syz.4.1487,9528,0):ocfs2_read_dir_block:511 ERROR: status = -5 [ 591.097776][ T9528] (syz.4.1487,9528,0):ocfs2_find_entry_el:728 ERROR: reading directory 66, offset 0 [ 591.216371][ T9530] loop0: detected capacity change from 0 to 32768 [ 591.236367][ T9528] (syz.4.1487,9528,0):ocfs2_init_global_system_inodes:465 ERROR: status = -22 [ 591.245876][ T9528] (syz.4.1487,9528,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 1, possibly corrupt fs? [ 591.246089][ T9528] (syz.4.1487,9528,0):ocfs2_init_global_system_inodes:476 ERROR: status = -22 [ 591.268284][ T9528] (syz.4.1487,9528,0):ocfs2_initialize_super:2198 ERROR: status = -22 [ 591.277760][ T9528] (syz.4.1487,9528,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 591.472461][ T9530] bcachefs (loop0): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,recovery_pass_last=snapshots_read,nojournal_transaction_names,noexcl,read_only,no_data_io [ 591.472646][ T9530] allowing incompatible features above 0.0: (unknown version) [ 591.472754][ T9530] features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes [ 591.524177][ T9530] bcachefs (loop0): Using encoding defined by superblock: utf8-12.1.0 [ 591.534379][ T9530] bcachefs (loop0): invalid journal entry, version=1.7: mi_btree_bitmap type=clock in superblock: bad rw, fixing [ 591.547652][ T9530] bcachefs (loop0): recovering from clean shutdown, journal seq 10 [ 591.557492][ T9530] bcachefs (loop0): Version upgrade required: [ 591.557492][ T9530] Version upgrade from 0.27: fragmentation_lru to 1.7: mi_btree_bitmap incomplete [ 591.557492][ T9530] Doing incompatible version upgrade from 0.27: fragmentation_lru to 1.28: inode_has_case_insensitive [ 591.557492][ T9530] running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance [ 591.746301][ T9530] bcachefs (loop0): btree node read error at btree extents level 0/0 [ 591.746426][ T9530] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 26 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0 [ 591.746561][ T9530] loop0 node offset 16/26: btree node data missing: expected 26 sectors, found 16 [ 591.746668][ T9530] loop0 btree validate error [ 591.746749][ T9530] repair success (rewriting node) [ 591.978497][ T9530] bcachefs (loop0): btree node read error at btree backpointers level 0/0 [ 591.978626][ T9530] u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4a8b0fa43a9980a6 written 24 min_key POS_MIN durability: 1 ptr: 0:37:0 gen 0 [ 591.978764][ T9530] loop0 node offset 0/24 bset u64s 0: checksum error, type none: got should be [ 591.978870][ T9530] loop0 btree validate error [ 591.978953][ T9530] flagging btree backpointers lost data [ 591.979043][ T9530] running recovery pass check_topology (2), currently at recovery_pass_empty (0) [ 591.979149][ T9530] ret fsck_errors_not_fixed [ 592.043274][ T9530] bcachefs (loop0): error reading btree root btree=backpointers level=0: btree_node_read_error, fixing [ 592.071515][ T9530] bcachefs (loop0): check_topology... done [ 592.088749][ T9530] bcachefs (loop0): accounting_read... done [ 592.105679][ T9530] bcachefs (loop0): alloc_read... done [ 592.117125][ T9530] bcachefs (loop0): snapshots_read... done [ 592.137097][ T9530] bcachefs (loop0): Fixed errors, running fsck a second time to verify fs is clean [ 592.179536][ T9530] bcachefs (loop0): done starting filesystem [ 592.389406][ T5808] bcachefs (loop0): shutting down [ 592.513169][ T9538] A link change request failed with some changes committed already. Interface syz_tun may have been left with an inconsistent configuration, please check. [ 592.621520][ T5808] bcachefs (loop0): shutdown complete [ 592.967238][ T9411] 8021q: adding VLAN 0 to HW filter on device bond0 [ 593.043271][ T9542] loop3: detected capacity change from 0 to 256 [ 593.097780][ T9542] exfat: Deprecated parameter 'namecase' [ 593.104977][ T9542] exfat: Deprecated parameter 'utf8' [ 593.207161][ T9411] 8021q: adding VLAN 0 to HW filter on device team0 [ 593.255490][ T9542] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf4419509, utbl_chksum : 0xe619d30d) [ 593.310305][ T1305] bridge0: port 1(bridge_slave_0) entered blocking state [ 593.318172][ T1305] bridge0: port 1(bridge_slave_0) entered forwarding state [ 593.426791][ T1305] bridge0: port 2(bridge_slave_1) entered blocking state [ 593.434680][ T1305] bridge0: port 2(bridge_slave_1) entered forwarding state [ 595.519310][ T5820] Bluetooth: hci0: command 0x0406 tx timeout [ 595.526784][ T9546] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 595.569213][ T9565] loop3: detected capacity change from 0 to 512 [ 595.588667][ T9411] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 595.643468][ T9565] EXT4-fs: Ignoring removed bh option [ 595.684629][ T9565] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 595.694406][ T9565] EXT4-fs (loop3): DAX unsupported by block device. [ 596.265235][ T9546] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 596.305855][ T9546] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 596.312364][ T9546] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 596.340404][ T9546] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 596.347232][ T9546] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 596.451822][ T9546] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 596.458765][ T9546] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 596.531694][ T9546] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 596.544636][ T9546] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 596.613292][ T9546] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 596.704329][ T9576] netlink: 'syz.3.1504': attribute type 32 has an invalid length. [ 596.712504][ T9576] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1504'. [ 596.722710][ T9576] (unnamed net_device) (uninitialized): option coupled_control: invalid value (3) [ 596.834927][ T9578] loop4: detected capacity change from 0 to 256 [ 597.020896][ T9578] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 597.615865][ T5820] Bluetooth: hci0: command 0x0406 tx timeout [ 597.633656][ T9588] loop0: detected capacity change from 0 to 1024 [ 597.806236][ T9588] hfsplus: bad catalog entry type [ 597.990769][ T9411] veth0_vlan: entered promiscuous mode [ 598.065892][ T9411] veth1_vlan: entered promiscuous mode [ 598.154340][ T1305] hfsplus: b-tree write err: -5, ino 4 [ 598.401619][ T5820] Bluetooth: hci2: command 0x0406 tx timeout [ 598.408256][ T5820] Bluetooth: hci1: command 0x0406 tx timeout [ 598.437222][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 598.444081][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 598.476138][ T49] Bluetooth: hci3: command 0x0406 tx timeout [ 598.517688][ T9411] veth0_macvtap: entered promiscuous mode [ 598.554947][ T49] Bluetooth: hci5: command 0x0c1a tx timeout [ 598.592420][ T9596] loop3: detected capacity change from 0 to 64 [ 598.614477][ T9411] veth1_macvtap: entered promiscuous mode [ 598.723032][ T9600] loop4: detected capacity change from 0 to 256 [ 598.848285][ T9600] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 598.859976][ T9600] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 598.926102][ T9411] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 599.000505][ T9411] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 599.157061][ T4355] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.192859][ T4355] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.211081][ T9600] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 599.290684][ T3530] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 599.345324][ T30] audit: type=1800 audit(1756516337.689:490): pid=9600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1515" name="file1" dev="loop4" ino=1048761 res=0 errno=0 [ 599.345749][ T3530] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 600.483524][ T49] Bluetooth: hci1: command 0x0406 tx timeout [ 600.485061][ T5820] Bluetooth: hci2: command 0x0406 tx timeout [ 600.555138][ T5820] Bluetooth: hci3: command 0x0406 tx timeout [ 600.635273][ T5820] Bluetooth: hci5: command 0x0c1a tx timeout [ 601.487141][ T9625] loop0: detected capacity change from 0 to 4096 [ 602.110244][ T9625] ntfs3(loop0): ino=b, Correct links count -> 1. [ 602.153121][ T9625] ntfs3(loop0): ino=18, mi_enum_attr [ 602.385857][ T9625] ntfs3(loop0): failed to convert "0080" to koi8-r [ 602.425909][ T9625] ntfs3(loop0): failed to convert name for inode 1e. [ 602.464586][ T9625] ntfs3(loop0): ino=1f, mi_enum_attr [ 602.527352][ T9642] loop3: detected capacity change from 0 to 256 [ 602.660670][ T9642] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 602.725873][ T5820] Bluetooth: hci5: command 0x0c1a tx timeout [ 603.361739][ T9646] loop2: detected capacity change from 0 to 4096 [ 603.406996][ T9646] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 603.844951][ T9646] ntfs3(loop2): MFT: r=18, expect seq=1 instead of 0! [ 603.852425][ T9646] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 603.944653][ T9646] ntfs3(loop2): Failed to initialize $Extend/$ObjId. [ 604.118707][ T9646] ntfs3(loop2): ino=1e, "file1" fallocate(0x41) is not supported [ 604.490647][ T9667] loop0: detected capacity change from 0 to 164 [ 605.181779][ T11] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 605.426647][ T11] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 605.440058][ T11] usb 5-1: New USB device found, idVendor=046d, idProduct=ca03, bcdDevice= 0.00 [ 605.452855][ T11] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 605.566613][ T11] usb 5-1: config 0 descriptor?? [ 606.082634][ T11] logitech 0003:046D:CA03.000A: unbalanced delimiter at end of report description [ 606.151209][ T11] logitech 0003:046D:CA03.000A: parse failed [ 606.158307][ T11] logitech 0003:046D:CA03.000A: probe with driver logitech failed with error -22 [ 606.295166][ T11] usb 5-1: USB disconnect, device number 4 [ 606.372284][ T9684] loop0: detected capacity change from 0 to 4096 [ 606.449382][ T9688] loop2: detected capacity change from 0 to 1024 [ 606.457804][ T9684] NILFS (loop0): invalid segment: Checksum error in segment payload [ 606.470879][ T9684] NILFS (loop0): trying rollback from an earlier position [ 606.543306][ T1860] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.551788][ T1860] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 606.622559][ T9684] NILFS (loop0): recovery complete [ 606.713145][ T9692] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 606.782348][ T3618] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 606.791008][ T3618] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 607.521444][ T9703] syz.2.1552 (9703) used obsolete PPPIOCDETACH ioctl [ 608.496986][ T9706] loop0: detected capacity change from 0 to 2048 [ 608.745008][ T9706] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 608.777638][ T9702] loop3: detected capacity change from 0 to 40427 [ 608.787526][ T9702] F2FS-fs: heap/no_heap options were deprecated [ 608.795245][ T9702] F2FS-fs: heap/no_heap options were deprecated [ 608.833546][ T9702] F2FS-fs (loop3): invalid crc value [ 608.948919][ T9713] loop2: detected capacity change from 0 to 512 [ 609.006474][ T30] audit: type=1800 audit(1756516347.359:491): pid=9706 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1554" name="file1" dev="loop0" ino=1367 res=0 errno=0 [ 609.150072][ T9713] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 609.247443][ T9702] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 609.264832][ T9702] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 609.439749][ T9713] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 609.454262][ T9713] ext4 filesystem being mounted at /310/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 609.861948][ T9726] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1558: corrupted xattr block 19: overlapping e_value [ 609.945427][ T9713] EXT4-fs error (device loop2): ext4_xattr_block_get:593: inode #15: comm syz.2.1558: corrupted xattr block 19: overlapping e_value [ 610.413455][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 610.779934][ T9738] loop5: detected capacity change from 0 to 64 [ 610.886402][ T11] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 611.098176][ T11] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 611.110222][ T11] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 611.120792][ T11] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 611.134272][ T11] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 611.143575][ T11] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 611.316089][ T11] usb 5-1: config 0 descriptor?? [ 611.783021][ T11] hid (null): invalid report_size -150992896 [ 611.875634][ T11] hid-multitouch 0003:0EEF:72D0.000B: invalid report_size -150992896 [ 611.885508][ T11] hid-multitouch 0003:0EEF:72D0.000B: item 0 4 1 7 parsing failed [ 611.952768][ T9748] loop2: detected capacity change from 0 to 64 [ 611.970253][ T11] hid-multitouch 0003:0EEF:72D0.000B: probe with driver hid-multitouch failed with error -22 [ 612.028100][ T11] usb 5-1: USB disconnect, device number 5 [ 612.699089][ T9755] netlink: 'syz.0.1572': attribute type 3 has an invalid length. [ 612.755903][ T9757] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 612.762820][ T9757] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 612.770079][ T9757] comedi comedi3: 8255: I/O port conflict (0x2,4) [ 612.777264][ T9757] comedi comedi3: 8255: I/O port conflict (0x5c952399,4) [ 612.785474][ T9757] comedi comedi3: 8255: I/O port conflict (0x5,4) [ 612.792309][ T9757] comedi comedi3: 8255: I/O port conflict (0x3ff,4) [ 612.799537][ T9757] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 612.806565][ T9757] comedi comedi3: 8255: I/O port conflict (0x1,4) [ 612.813296][ T9757] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 612.827236][ T9757] comedi comedi3: 8255: I/O port conflict (0x9,4) [ 612.836581][ T9757] comedi comedi3: 8255: I/O port conflict (0x6,4) [ 612.843355][ T9757] comedi comedi3: 8255: I/O port conflict (0x4,4) [ 613.207744][ T9763] loop5: detected capacity change from 0 to 256 [ 613.510811][ T9771] loop0: detected capacity change from 0 to 16 [ 613.567392][ T9776] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1579'. [ 613.577903][ T9776] 8021q: VLANs not supported on lo [ 614.597308][ T9779] loop2: detected capacity change from 0 to 2048 [ 614.626992][ T9779] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 614.638072][ T9779] NILFS (loop2): mounting unchecked fs [ 614.782437][ T9779] NILFS (loop2): recovery complete [ 614.841165][ T9788] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 615.411596][ T9797] loop3: detected capacity change from 0 to 512 [ 615.661487][ T9797] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 615.675440][ T9797] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 615.876712][ T9804] loop4: detected capacity change from 0 to 1024 [ 615.975497][ T9809] loop5: detected capacity change from 0 to 512 [ 616.236855][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 617.610528][ T9831] loop2: detected capacity change from 0 to 512 [ 617.764619][ T9831] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002] [ 617.773332][ T9831] System zones: 1-12 [ 617.858859][ T9831] EXT4-fs error (device loop2): dx_probe:791: inode #2: comm syz.2.1602: Directory hole found for htree index block 0 [ 617.896834][ T9831] EXT4-fs (loop2): Remounting filesystem read-only [ 617.903636][ T9831] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -117 [ 617.924763][ T9831] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 617.937366][ T9831] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 618.417440][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 618.493813][ T9845] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1608'. [ 618.745727][ T9847] x_tables: ip6_tables: quota.0 match: invalid size 24 (kernel) != (user) 144 [ 620.435861][ T9873] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1621'. [ 620.511283][ T9871] loop3: detected capacity change from 0 to 1024 [ 620.689882][ T9877] loop5: detected capacity change from 0 to 47 [ 620.835261][ T9877] MINIX-fs: deleted inode referenced: 9 [ 620.855128][ T9877] MINIX-fs: deleted inode referenced: 9 [ 620.899601][ T4355] hfsplus: b-tree write err: -5, ino 4 [ 621.811676][ T9889] loop3: detected capacity change from 0 to 2048 [ 621.902279][ T9892] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1630'. [ 621.912261][ T9892] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1630'. [ 621.992361][ T9889] loop3: p3 p4 < > [ 625.201038][ T9935] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1650'. [ 625.764961][ T30] audit: type=1326 audit(1756516364.109:492): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9929 comm="syz.2.1648" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077f18ebe9 code=0x7fc00000 [ 626.390671][ T9951] loop3: detected capacity change from 0 to 256 [ 626.427905][ T9951] exfat: Deprecated parameter 'namecase' [ 626.438066][ T9951] exfat: Deprecated parameter 'utf8' [ 626.445087][ T9952] loop2: detected capacity change from 0 to 128 [ 626.453400][ T9954] loop4: detected capacity change from 0 to 16 [ 626.485954][ T9952] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 626.583402][ T9954] erofs (device loop4): mounted with root inode @ nid 36. [ 626.612096][ T9951] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 626.703403][ T9954] syz.4.1659: attempt to access beyond end of device [ 626.703403][ T9954] loop4: rw=524288, sector=524984, nr_sectors = 8 limit=16 [ 626.718218][ T9954] syz.4.1659: attempt to access beyond end of device [ 626.718218][ T9954] loop4: rw=524288, sector=368, nr_sectors = 8 limit=16 [ 626.732517][ T9954] syz.4.1659: attempt to access beyond end of device [ 626.732517][ T9954] loop4: rw=524288, sector=33822867456, nr_sectors = 8 limit=16 [ 626.750885][ T9954] syz.4.1659: attempt to access beyond end of device [ 626.750885][ T9954] loop4: rw=524288, sector=524280, nr_sectors = 8 limit=16 [ 626.766517][ T9954] syz.4.1659: attempt to access beyond end of device [ 626.766517][ T9954] loop4: rw=524288, sector=525096, nr_sectors = 8 limit=16 [ 626.780717][ T9954] syz.4.1659: attempt to access beyond end of device [ 626.780717][ T9954] loop4: rw=524288, sector=712, nr_sectors = 8 limit=16 [ 626.795211][ T9954] syz.4.1659: attempt to access beyond end of device [ 626.795211][ T9954] loop4: rw=0, sector=524984, nr_sectors = 8 limit=16 [ 626.808936][ T9954] erofs (device loop4): failed to readdir of logical block 0 of nid 36 [ 628.745255][ T9972] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1668'. [ 630.624533][ T9993] ALSA: mixer_oss: invalid OSS volume '' [ 631.439316][T10002] loop3: detected capacity change from 0 to 256 [ 631.488304][T10003] 9pnet_rdma: rdma_create_trans (10003): problem binding to privport: 13 [ 631.804797][T10002] FAT-fs (loop3): Directory bread(block 64) failed [ 631.811608][T10002] FAT-fs (loop3): Directory bread(block 65) failed [ 631.819585][T10002] FAT-fs (loop3): Directory bread(block 66) failed [ 631.826597][T10002] FAT-fs (loop3): Directory bread(block 67) failed [ 631.833513][T10002] FAT-fs (loop3): Directory bread(block 68) failed [ 631.841213][T10002] FAT-fs (loop3): Directory bread(block 69) failed [ 631.848595][T10002] FAT-fs (loop3): Directory bread(block 70) failed [ 631.855640][T10002] FAT-fs (loop3): Directory bread(block 71) failed [ 631.866616][T10002] FAT-fs (loop3): Directory bread(block 72) failed [ 631.873421][T10002] FAT-fs (loop3): Directory bread(block 73) failed [ 632.921887][T10015] loop3: detected capacity change from 0 to 256 [ 633.102226][T10017] loop0: detected capacity change from 0 to 256 [ 633.128321][T10015] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 633.325595][T10017] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x23633d53, utbl_chksum : 0xe619d30d) [ 634.097233][T10027] loop2: detected capacity change from 0 to 1024 [ 634.226384][T10027] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 634.239705][T10027] ext4 filesystem being mounted at /337/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 634.847510][T10038] loop4: detected capacity change from 0 to 256 [ 634.969465][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 635.003748][T10038] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xf6e0d861, utbl_chksum : 0xe619d30d) [ 637.770960][T10076] loop4: detected capacity change from 0 to 16 [ 637.818194][T10075] netlink: 60034 bytes leftover after parsing attributes in process `syz.0.1714'. [ 637.845866][T10076] erofs (device loop4): mounted with root inode @ nid 36. [ 638.903423][T10084] loop4: detected capacity change from 0 to 4096 [ 639.024941][T10084] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 639.195343][T10084] EXT4-fs error (device loop4): ext4_get_first_dir_block:3549: inode #12: block 80: comm syz.4.1718: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 639.305159][T10084] EXT4-fs error (device loop4): ext4_get_first_dir_block:3552: inode #12: comm syz.4.1718: directory missing '..' [ 639.768744][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 639.946788][T10099] loop2: detected capacity change from 0 to 512 [ 640.115805][T10099] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 640.125129][T10099] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 640.249719][T10099] EXT4-fs (loop2): 1 truncate cleaned up [ 640.266568][T10099] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 640.746848][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 641.388422][T10113] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1730'. [ 641.627275][T10117] loop2: detected capacity change from 0 to 64 [ 642.505999][T10116] loop0: detected capacity change from 0 to 32768 [ 642.530828][T10116] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section replicas_v0: no devices in entry sb: 1/0 [] [ 642.530828][T10116] replicas_v0 (size 24): [ 642.530828][T10116] btree: 2 [0 2] sb: 0 [] user: 1 [0] [ 642.530828][T10116] [ 642.557835][T10116] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry [ 643.464463][T10124] netlink: 71 bytes leftover after parsing attributes in process `syz.2.1735'. [ 644.287519][T10132] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 644.338641][T10135] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1741'. [ 644.595055][T10137] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 644.610662][T10137] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 644.639328][T10137] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 644.717165][T10137] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 644.735062][T10137] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 645.104239][T10143] loop3: detected capacity change from 0 to 1024 [ 645.469022][T10150] hfsplus: catalog searching failed [ 645.942495][T10145] loop4: detected capacity change from 0 to 4096 [ 646.052616][T10145] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512). [ 646.344032][T10136] chnl_net:caif_netlink_parms(): no params data found [ 646.378497][T10159] atomic_op ffff88804d25a128 conn xmit_atomic 0000000000000000 [ 646.441737][T10160] loop3: detected capacity change from 0 to 764 [ 646.495586][T10160] rock: directory entry would overflow storage [ 646.501954][T10160] rock: sig=0x5850, size=36, remaining=22 [ 646.744871][T10145] ntfs3(loop4): Mark volume as dirty due to NTFS errors [ 646.775244][T10145] ntfs3(loop4): Failed to load $Extend (-22). [ 646.789873][T10145] ntfs3(loop4): Failed to initialize $Extend. [ 646.796605][T10137] Bluetooth: hci4: command tx timeout [ 647.569447][ T3589] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.796608][ T3589] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 647.829867][T10172] loop0: detected capacity change from 0 to 16 [ 647.885920][T10172] erofs (device loop0): mounted with root inode @ nid 36. [ 648.057136][ T3589] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.091361][T10177] netlink: 240 bytes leftover after parsing attributes in process `syz.4.1754'. [ 648.240575][ T3589] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 648.707435][T10136] bridge0: port 1(bridge_slave_0) entered blocking state [ 648.715328][T10136] bridge0: port 1(bridge_slave_0) entered disabled state [ 648.723270][T10136] bridge_slave_0: entered allmulticast mode [ 648.733716][T10136] bridge_slave_0: entered promiscuous mode [ 648.880186][T10136] bridge0: port 2(bridge_slave_1) entered blocking state [ 648.889668][T10136] bridge0: port 2(bridge_slave_1) entered disabled state [ 648.898064][T10136] bridge_slave_1: entered allmulticast mode [ 648.908330][T10136] bridge_slave_1: entered promiscuous mode [ 648.935607][ T3589] bridge_slave_1: left allmulticast mode [ 648.941638][ T3589] bridge_slave_1: left promiscuous mode [ 648.945854][T10137] Bluetooth: hci4: command tx timeout [ 648.948559][ T3589] bridge0: port 2(bridge_slave_1) entered disabled state [ 649.032662][ T3589] bridge_slave_0: left allmulticast mode [ 649.039946][ T3589] bridge_slave_0: left promiscuous mode [ 649.046968][ T3589] bridge0: port 1(bridge_slave_0) entered disabled state [ 649.823387][ T3589] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 649.878346][T10196] loop3: detected capacity change from 0 to 512 [ 649.946989][ T3589] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 650.006786][ T3589] bond0 (unregistering): Released all slaves [ 650.217310][T10195] loop4: detected capacity change from 0 to 4096 [ 650.369096][T10136] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 650.420159][T10199] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 650.443222][T10136] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 650.942301][T10136] team0: Port device team_slave_0 added [ 650.955651][T10137] Bluetooth: hci4: command tx timeout [ 651.020239][T10136] team0: Port device team_slave_1 added [ 651.361836][T10136] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 651.370393][T10136] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 651.399679][T10136] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 651.545138][ T3589] hsr_slave_0: left promiscuous mode [ 651.564302][ T3589] hsr_slave_1: left promiscuous mode [ 651.572951][ T3589] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 651.581063][ T3589] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 651.595014][ T3589] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 651.603283][ T3589] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 651.663781][ T3589] veth1_macvtap: left promiscuous mode [ 651.671693][ T3589] veth0_macvtap: left promiscuous mode [ 651.678173][ T3589] veth1_vlan: left promiscuous mode [ 651.683788][ T3589] veth0_vlan: left promiscuous mode [ 652.283539][T10217] loop3: detected capacity change from 0 to 256 [ 652.314383][T10216] loop4: detected capacity change from 0 to 256 [ 652.337434][T10217] exfat: Deprecated parameter 'utf8' [ 652.692372][T10217] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 652.718321][ T3589] team0 (unregistering): Port device team_slave_1 removed [ 652.800157][ T3589] team0 (unregistering): Port device team_slave_0 removed [ 653.036799][T10137] Bluetooth: hci4: command tx timeout [ 653.293845][T10136] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 653.301476][T10136] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 653.328506][T10136] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 653.540393][T10222] loop4: detected capacity change from 0 to 1024 [ 654.033758][T10136] hsr_slave_0: entered promiscuous mode [ 654.045965][ T78] hfsplus: b-tree write err: -5, ino 4 [ 654.049832][T10136] hsr_slave_1: entered promiscuous mode [ 654.060905][T10136] debugfs: 'hsr0' already exists in 'hsr' [ 654.067254][T10136] Cannot create hsr debugfs directory [ 655.557375][ T1620] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 655.586859][T10136] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 655.630403][T10136] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 655.686634][T10136] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 655.736186][ T1620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 655.747366][ T1620] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 655.758727][ T1620] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 655.763113][T10244] loop2: detected capacity change from 0 to 4096 [ 655.768828][ T1620] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 655.861040][T10136] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 655.892258][ T1620] usb 4-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 655.902089][ T1620] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.910666][ T1620] usb 4-1: Product: syz [ 655.915727][ T1620] usb 4-1: Manufacturer: syz [ 655.920553][ T1620] usb 4-1: SerialNumber: syz [ 655.967870][T10244] NILFS (loop2): invalid segment: Checksum error in segment payload [ 655.976383][T10244] NILFS (loop2): trying rollback from an earlier position [ 656.009999][ T1620] usb 4-1: config 0 descriptor?? [ 656.056530][ T1620] ums-isd200 4-1:0.0: USB Mass Storage device detected [ 656.122587][T10244] NILFS (loop2): recovery complete [ 656.258872][T10253] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1788'. [ 656.305903][T10255] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 656.354786][ T1620] scsi host1: usb-storage 4-1:0.0 [ 656.576503][ T9] usb 4-1: USB disconnect, device number 7 [ 656.902372][T10258] loop4: detected capacity change from 0 to 2048 [ 657.042606][T10258] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 657.061088][T10136] 8021q: adding VLAN 0 to HW filter on device bond0 [ 657.130894][T10136] 8021q: adding VLAN 0 to HW filter on device team0 [ 657.181592][ T9773] bridge0: port 1(bridge_slave_0) entered blocking state [ 657.189359][ T9773] bridge0: port 1(bridge_slave_0) entered forwarding state [ 657.275793][ T9773] bridge0: port 2(bridge_slave_1) entered blocking state [ 657.283560][ T9773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 657.658348][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 658.482089][T10273] loop3: detected capacity change from 0 to 1024 [ 658.631414][T10275] loop9: detected capacity change from 0 to 7 [ 658.665995][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.674460][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.682855][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.695842][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.705739][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.714343][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.722656][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.730919][T10275] ldm_validate_partition_table(): Disk read failed. [ 658.738011][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.746512][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.754908][T10275] Buffer I/O error on dev loop9, logical block 0, async page read [ 658.763162][T10275] Dev loop9: unable to read RDB block 0 [ 658.770172][T10275] loop9: unable to read partition table [ 658.831407][T10275] loop9: partition table beyond EOD, truncated [ 658.838754][T10275] loop_reread_partitions: partition scan of loop9 (þ被xüŸÑø éÚ¬§½dG¤´à–ƒÝ¡¯ â·û [ 658.838754][T10275] ) failed (rc=-5) [ 658.857085][T10278] ALSA: mixer_oss: invalid OSS volume 'DIG¨TAL1' [ 659.284349][T10281] loop3: detected capacity change from 0 to 256 [ 659.378379][T10136] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 659.518644][T10281] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e06c6e, utbl_chksum : 0xe619d30d) [ 659.865469][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 659.872394][ T1288] ieee802154 phy1 wpan1: encryption failed: -22 [ 660.396771][T10296] loop0: detected capacity change from 0 to 256 [ 660.558768][T10296] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 660.572709][T10296] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 660.900533][T10302] loop3: detected capacity change from 0 to 512 [ 660.998638][T10302] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 661.135556][T10306] loop4: detected capacity change from 0 to 64 [ 661.185159][T10302] EXT4-fs (loop3): 1 orphan inode deleted [ 661.191282][T10302] EXT4-fs (loop3): 1 truncate cleaned up [ 661.199766][T10302] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 661.205922][T10306] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 661.279391][T10302] EXT4-fs error (device loop3): ext4_check_all_de:659: inode #12: block 7: comm syz.3.1805: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=124 fake=0 [ 661.325505][T10309] loop0: detected capacity change from 0 to 1024 [ 661.370407][T10302] EXT4-fs (loop3): Remounting filesystem read-only [ 661.437660][T10309] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 661.573320][T10136] veth0_vlan: entered promiscuous mode [ 661.615265][T10136] veth1_vlan: entered promiscuous mode [ 661.677160][T10307] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 661.875397][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 661.953262][T10136] veth0_macvtap: entered promiscuous mode [ 662.025866][T10136] veth1_macvtap: entered promiscuous mode [ 662.136570][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 662.260659][T10136] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 662.387527][T10136] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 662.550953][ T9770] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.597424][ T9770] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.637378][ T9769] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 662.690906][ T9770] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 664.472225][T10334] loop4: detected capacity change from 0 to 4096 [ 664.536605][T10334] NILFS (loop4): invalid segment: Checksum error in segment payload [ 664.545645][T10334] NILFS (loop4): trying rollback from an earlier position [ 664.644605][T10334] NILFS (loop4): recovery complete [ 664.682737][T10346] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 664.747947][T10347] /dev/nullb0: Can't open blockdev [ 666.459945][T10374] loop4: detected capacity change from 0 to 8 [ 666.525230][T10368] nvme_fabrics: missing parameter 'transport=%s' [ 666.532896][T10368] nvme_fabrics: missing parameter 'nqn=%s' [ 666.725530][T10374] SQUASHFS error: Failed to read block 0x1ec: -5 [ 666.732286][T10374] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 667.020715][T10379] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1832'. [ 669.068935][T10395] loop3: detected capacity change from 0 to 8192 [ 670.463040][ T3530] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.475274][ T3530] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 670.719165][ T1860] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 670.727448][ T1860] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 671.008324][T10431] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1852'. [ 671.275923][ T30] audit: type=1326 audit(1756516409.599:493): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.2.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077f18ebe9 code=0x7ffc0000 [ 671.529474][ T30] audit: type=1326 audit(1756516409.729:494): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.2.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077f18ebe9 code=0x7ffc0000 [ 671.553080][ T30] audit: type=1326 audit(1756516409.759:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.2.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=442 compat=0 ip=0x7f077f18ebe9 code=0x7ffc0000 [ 671.576420][ T30] audit: type=1326 audit(1756516409.759:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.2.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077f18ebe9 code=0x7ffc0000 [ 671.605170][ T30] audit: type=1326 audit(1756516409.759:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10434 comm="syz.2.1855" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f077f18ebe9 code=0x7ffc0000 [ 671.841549][T10437] loop4: detected capacity change from 0 to 2048 [ 672.062361][T10437] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 672.078707][T10435] loop3: detected capacity change from 0 to 32768 [ 672.127271][T10437] UDF-fs: warning (device loop4): udf_load_vrs: No anchor found [ 672.135573][T10437] UDF-fs: Scanning with blocksize 512 failed [ 672.186744][T10442] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1856'. [ 672.230314][T10437] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 672.267032][T10435] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 672.451227][T10435] XFS (loop3): Ending clean mount [ 672.510612][ T30] audit: type=1800 audit(1756516410.869:498): pid=10437 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1854" name="file2" dev="loop4" ino=839 res=0 errno=0 [ 672.521228][T10435] XFS (loop3): Quotacheck needed: Please wait. [ 672.668541][T10435] XFS (loop3): Quotacheck: Done. [ 672.782198][ T5821] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 673.467111][T10460] loop6: detected capacity change from 0 to 512 [ 673.523130][T10460] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 673.653625][T10460] EXT4-fs (loop6): 1 truncate cleaned up [ 673.662405][T10460] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 673.810189][T10454] loop2: detected capacity change from 0 to 8192 [ 673.825469][ T5864] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 674.095739][ T5864] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 674.104735][ T5864] usb 5-1: config 0 has no interface number 0 [ 674.111061][ T5864] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 674.122628][ T5864] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 674.134176][ T5864] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 674.143498][ T5864] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 674.234145][T10467] loop0: detected capacity change from 0 to 256 [ 674.293454][ T5864] usb 5-1: config 0 descriptor?? [ 674.303280][T10136] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 674.305380][T10462] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 674.416947][ T5864] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 674.638051][ T5864] usb 5-1: USB disconnect, device number 6 [ 675.839331][T10487] loop0: detected capacity change from 0 to 128 [ 676.086416][T10493] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1874'. [ 678.257901][T10503] loop0: detected capacity change from 0 to 32768 [ 678.281091][T10503] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 678.289771][T10503] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 678.324905][T10503] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 1 34, function = gfs2_check_internal_file_size, file = fs/gfs2/inode.h, line = 85 [ 678.340797][T10503] gfs2: fsid=syz:syz.0: G: s:SH n:2/22 f:aqob t:SH d:EX/0 a:0 v:0 r:2 m:20 p:1 [ 678.350398][T10503] gfs2: fsid=syz:syz.0: H: s:SH f:eEcH e:0 p:0 [(none)] init_inodes+0x124/0x510 [ 678.369323][T10503] gfs2: fsid=syz:syz.0: I: n:1/34 t:8 f:0x00 d:0x00000200 s:466944 p:0 [ 678.378384][T10503] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 678.415903][T10503] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 678.425378][T10503] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 678.432351][T10503] gfs2: fsid=syz:syz.0: File system withdrawn [ 678.439058][T10503] CPU: 1 UID: 0 PID: 10503 Comm: syz.0.1879 Not tainted syzkaller #0 PREEMPT(none) [ 678.439235][T10503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 678.439333][T10503] Call Trace: [ 678.439396][T10503] [ 678.439456][T10503] __dump_stack+0x26/0x30 [ 678.439660][T10503] dump_stack_lvl+0x1df/0x270 [ 678.439878][T10503] dump_stack+0x1e/0x25 [ 678.440063][T10503] gfs2_withdraw+0x1182/0x2050 [ 678.440370][T10503] gfs2_consist_inode_i+0x1b2/0x250 [ 678.440630][T10503] gfs2_jdesc_check+0x170/0x440 [ 678.440829][T10503] init_journal+0x1471/0x3a30 [ 678.441029][T10503] ? init_inodes+0x124/0x510 [ 678.441195][T10503] ? init_inodes+0x124/0x510 [ 678.441336][T10503] ? kmsan_get_metadata+0xfb/0x160 [ 678.441530][T10503] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 678.441744][T10503] init_inodes+0x124/0x510 [ 678.441914][T10503] gfs2_fill_super+0x384d/0x3f50 [ 678.442150][T10503] ? init_locking+0xed/0x500 [ 678.442352][T10503] get_tree_bdev_flags+0x6e3/0x920 [ 678.442557][T10503] ? __pfx_gfs2_fill_super+0x10/0x10 [ 678.442727][T10503] ? __pfx_gfs2_fill_super+0x10/0x10 [ 678.442884][T10503] ? __pfx_gfs2_get_tree+0x10/0x10 [ 678.443129][T10503] get_tree_bdev+0x38/0x50 [ 678.443317][T10503] gfs2_get_tree+0x57/0x350 [ 678.443558][T10503] ? __pfx_gfs2_get_tree+0x10/0x10 [ 678.443795][T10503] vfs_get_tree+0xb0/0x5c0 [ 678.443994][T10503] ? mount_capable+0x99/0x100 [ 678.444182][T10503] do_new_mount+0x733/0x1420 [ 678.444370][T10503] ? apparmor_capable+0x32d/0x410 [ 678.444590][T10503] ? kmsan_get_metadata+0xfb/0x160 [ 678.444811][T10503] path_mount+0x6db/0x1e90 [ 678.445015][T10503] ? user_path_at+0x32d/0x3d0 [ 678.445216][T10503] __se_sys_mount+0x6eb/0x7d0 [ 678.445421][T10503] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 678.445725][T10503] __x64_sys_mount+0xe4/0x150 [ 678.445955][T10503] x64_sys_call+0x3604/0x3e20 [ 678.446170][T10503] do_syscall_64+0xd9/0x210 [ 678.446380][T10503] ? irqentry_exit+0x16/0x60 [ 678.446567][T10503] ? clear_bhb_loop+0x40/0x90 [ 678.446745][T10503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 678.446925][T10503] RIP: 0033:0x7f252b79038a [ 678.447051][T10503] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 678.447210][T10503] RSP: 002b:00007f252c624e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 678.447369][T10503] RAX: ffffffffffffffda RBX: 00007f252c624ef0 RCX: 00007f252b79038a [ 678.447496][T10503] RDX: 000020000001f680 RSI: 000020000001f6c0 RDI: 00007f252c624eb0 [ 678.447617][T10503] RBP: 000020000001f680 R08: 00007f252c624ef0 R09: 0000000000000084 [ 678.447731][T10503] R10: 0000000000000084 R11: 0000000000000246 R12: 000020000001f6c0 [ 678.447841][T10503] R13: 00007f252c624eb0 R14: 000000000001f791 R15: 0000200000000000 [ 678.447996][T10503] [ 678.735717][T10503] gfs2: fsid=syz:syz.0: my journal (0) is bad: -5 [ 679.107606][T10522] loop4: detected capacity change from 0 to 64 [ 679.367676][ T9] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 679.655814][ T9] usb 4-1: config 0 has an invalid interface number: 2 but max is 0 [ 679.665027][ T9] usb 4-1: config 0 has no interface number 0 [ 679.671359][ T9] usb 4-1: too many endpoints for config 0 interface 2 altsetting 0: 129, using maximum allowed: 30 [ 679.686889][ T9] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 679.699731][ T9] usb 4-1: config 0 interface 2 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 679.709863][ T9] usb 4-1: config 0 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 679.723351][ T9] usb 4-1: New USB device found, idVendor=056a, idProduct=0084, bcdDevice= 0.00 [ 679.733008][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 679.877650][ T9] usb 4-1: config 0 descriptor?? [ 680.170069][T10531] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1892'. [ 680.179876][T10531] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1892'. [ 680.190333][T10531] netlink: 'syz.6.1892': attribute type 14 has an invalid length. [ 680.375372][ T9] wacom 0003:056A:0084.000C: unknown main item tag 0x0 [ 680.382697][ T9] wacom 0003:056A:0084.000C: unknown main item tag 0x0 [ 680.469759][T10533] loop0: detected capacity change from 0 to 1024 [ 680.482317][ T9] wacom 0003:056A:0084.000C: hidraw0: USB HID vff.ea Device [HID 056a:0084] on usb-dummy_hcd.3-1/input2 [ 680.576879][ T1620] usb 4-1: USB disconnect, device number 8 [ 681.031174][ T4355] hfsplus: b-tree write err: -5, ino 4 [ 681.961357][T10551] netlink: 32 bytes leftover after parsing attributes in process `syz.6.1900'. [ 682.000017][ C0] vkms_vblank_simulate: vblank timer overrun [ 682.599456][ T5864] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 683.104540][ T5864] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 683.114874][ T5864] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 683.123375][ T5864] usb 5-1: Product: syz [ 683.127997][ T5864] usb 5-1: Manufacturer: syz [ 683.132814][ T5864] usb 5-1: SerialNumber: syz [ 683.221195][ C0] vkms_vblank_simulate: vblank timer overrun [ 683.275683][ T5864] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 683.422636][T10558] loop6: detected capacity change from 0 to 1024 [ 683.464899][ T1620] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 683.597418][T10558] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 684.327333][ T9] usb 5-1: USB disconnect, device number 7 [ 684.386873][T10136] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 684.767910][T10567] loop3: detected capacity change from 0 to 4096 [ 684.850478][T10571] loop2: detected capacity change from 0 to 2048 [ 684.964523][ T1620] usb 5-1: Service connection timeout for: 256 [ 684.978742][ T1620] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 684.990241][ T1620] ath9k_htc: Failed to initialize the device [ 685.013787][T10567] ntfs3(loop3): Mark volume as dirty due to NTFS errors [ 685.042000][ T9] usb 5-1: ath9k_htc: USB layer deinitialized [ 685.053837][T10571] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 685.265210][T10567] ntfs3(loop3): Failed to load $Extend (-22). [ 685.271557][T10567] ntfs3(loop3): Failed to initialize $Extend. [ 686.042739][T10586] program syz.4.1918 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 686.117569][T10583] loop6: detected capacity change from 0 to 2048 [ 686.293504][T10590] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 686.380847][ T30] audit: type=1800 audit(1756516424.739:499): pid=10583 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1915" name="bus" dev="loop6" ino=18 res=0 errno=0 [ 686.908573][T10590] NILFS (loop6): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 686.920018][T10590] NILFS error (device loop6): nilfs_bmap_propagate: broken bmap (inode number=4) [ 686.964685][T10595] loop3: detected capacity change from 0 to 1024 [ 687.001525][T10590] Remounting filesystem read-only [ 687.002388][T10598] loop4: detected capacity change from 0 to 512 [ 687.096106][T10598] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 687.216916][T10598] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 687.231891][T10598] ext4 filesystem being mounted at /412/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 687.322653][ T1860] hfsplus: b-tree write err: -5, ino 4 [ 687.818820][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 688.021767][T10612] loop2: detected capacity change from 0 to 8 [ 688.077430][T10612] SQUASHFS error: lzo decompression failed, data probably corrupt [ 688.092897][T10612] SQUASHFS error: Failed to read block 0x91: -5 [ 688.101772][T10612] SQUASHFS error: Unable to read metadata cache entry [8f] [ 688.109594][T10612] SQUASHFS error: Unable to read inode 0x11f [ 688.751679][T10621] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1931'. [ 688.761171][T10621] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 688.881309][T10626] loop6: detected capacity change from 0 to 16 [ 688.972641][T10626] erofs (device loop6): mounted with root inode @ nid 36. [ 689.075550][T10626] erofs (device loop6): bogus i_mode (0) @ nid 38654705664 [ 689.533112][T10634] sp0: Synchronizing with TNC [ 692.331962][T10681] loop0: detected capacity change from 0 to 16 [ 692.415150][T10681] erofs (device loop0): mounted with root inode @ nid 36. [ 692.534914][ T30] audit: type=1800 audit(1756516430.889:500): pid=10681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1959" name="file1" dev="loop0" ino=86 res=0 errno=0 [ 692.669374][T10688] loop2: detected capacity change from 0 to 128 [ 692.773726][T10688] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 692.875454][T10688] ext4 filesystem being mounted at /400/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 693.356254][ T5815] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 693.722473][T10703] bond0: option mode: unable to set because the bond device has slaves [ 694.445200][T10717] netlink: 'syz.3.1976': attribute type 3 has an invalid length. [ 694.453582][T10717] netlink: 'syz.3.1976': attribute type 1 has an invalid length. [ 694.462246][T10717] netlink: 193500 bytes leftover after parsing attributes in process `syz.3.1976'. [ 694.519878][T10718] loop0: detected capacity change from 0 to 512 [ 694.671660][T10718] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 694.680421][T10718] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 694.785777][T10718] EXT4-fs (loop0): 1 truncate cleaned up [ 694.794456][T10718] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 694.933775][T10718] EXT4-fs: group quota file already specified [ 695.184646][T10728] use of bytesused == 0 is deprecated and will be removed in the future, [ 695.193655][T10728] use the actual size instead. [ 695.285550][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 696.024967][T10739] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 697.308391][T10741] loop4: detected capacity change from 0 to 40427 [ 697.317843][T10741] F2FS-fs: heap/no_heap options were deprecated [ 697.326996][T10741] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(24) [ 697.335388][T10741] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 697.357014][T10741] F2FS-fs (loop4): Image doesn't support compression [ 697.406111][T10741] F2FS-fs (loop4): invalid crc value [ 697.696548][T10754] loop0: detected capacity change from 0 to 64 [ 697.786477][T10741] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 697.797724][T10741] F2FS-fs (loop4): Try to recover 1th superblock, ret: -30 [ 697.805638][T10741] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 698.257828][T10756] vlan2: entered promiscuous mode [ 698.263145][T10756] bridge0: entered promiscuous mode [ 698.497866][T10758] loop2: detected capacity change from 0 to 1024 [ 698.518381][T10758] EXT4-fs: Ignoring removed oldalloc option [ 698.529837][T10758] EXT4-fs: Ignoring removed orlov option [ 698.537301][T10758] EXT4-fs: Ignoring removed oldalloc option [ 698.543551][T10758] EXT4-fs: Ignoring removed nomblk_io_submit option [ 698.648802][T10758] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 699.074423][ T30] audit: type=1326 audit(1756516437.419:501): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10765 comm="syz.6.1997" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc64b58ebe9 code=0x0 [ 699.220152][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 700.176548][T10779] netdevsim netdevsim2: Firmware load for '/../file0' refused, path contains '..' component [ 702.555015][T10810] loop2: detected capacity change from 0 to 1024 [ 703.017926][ T1860] hfsplus: b-tree write err: -5, ino 4 [ 704.725380][T10836] ------------[ cut here ]------------ [ 704.731057][T10836] verifier bug: REG INVARIANTS VIOLATION (false_reg1): range bounds violation u64=[0x4000000, 0x0] s64=[0x4000000, 0x0] u32=[0x4000000, 0x0] s32=[0x4000000, 0x0] var_off=(0x0, 0x0)(1) [ 704.750656][T10836] WARNING: CPU: 1 PID: 10836 at kernel/bpf/verifier.c:2728 reg_bounds_sanity_check+0xb26/0x14b0 [ 704.761624][T10836] Modules linked in: [ 704.765985][T10836] CPU: 1 UID: 0 PID: 10836 Comm: syz.0.2028 Not tainted syzkaller #0 PREEMPT(none) [ 704.785271][T10836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 704.796249][T10836] RIP: 0010:reg_bounds_sanity_check+0xb26/0x14b0 [ 704.802938][T10836] Code: ff ff ff b5 20 ff ff ff ff b5 18 ff ff ff ff b5 48 ff ff ff ff b5 10 ff ff ff ff b5 08 ff ff ff e8 7f 1c 02 ff 48 83 c4 38 90 <0f> 0b 90 90 4c 8b bd 70 ff ff ff e9 83 f8 ff ff 8b 3a e8 23 54 79 [ 704.823587][T10836] RSP: 0018:ffff88805b562f58 EFLAGS: 00010282 [ 704.830338][T10836] RAX: ffffffff81207e75 RBX: ffff888024a8c2d0 RCX: 0000000000080000 [ 704.839668][T10836] RDX: ffffc90008802000 RSI: 0000000000004780 RDI: 0000000000004781 [ 704.853089][T10836] RBP: ffff88805b5630d8 R08: ffffea000000000f R09: 0000000000000000 [ 704.865263][T10836] R10: ffff888237b77028 R11: ffff88823f2635e0 R12: 0000000000000000 [ 704.880676][T10836] R13: ffff888115604ce0 R14: 0000000000000000 R15: 0000000000000000 [ 704.891413][T10836] FS: 00007f252c6256c0(0000) GS:ffff8881aa794000(0000) knlGS:0000000000000000 [ 704.901107][T10836] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 704.908090][T10836] CR2: 0000200000001940 CR3: 00000000308ba000 CR4: 00000000003526f0 [ 704.917099][T10836] Call Trace: [ 704.920570][T10836] [ 704.924370][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 704.930044][T10836] reg_set_min_max+0x3a8/0x440 [ 704.935289][T10836] check_cond_jmp_op+0x3187/0x4820 [ 704.940773][T10836] do_check+0x2374/0x15760 [ 704.945762][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 704.951199][T10836] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 704.958039][T10836] do_check_common+0x2482/0x3740 [ 704.963313][T10836] bpf_check+0x61f8/0x2a100 [ 704.968301][T10836] ? pcpu_block_refresh_hint+0x450/0x580 [ 704.974366][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 704.989386][T10836] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 704.995678][T10836] ? pcpu_block_update_hint_alloc+0x12df/0x1390 [ 705.002252][T10836] ? kmsan_get_metadata+0x150/0x160 [ 705.008099][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.013687][T10836] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 705.020671][T10836] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 705.027415][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.032934][T10836] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 705.039269][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.047613][T10836] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 705.053807][T10836] ? strncpy_from_user+0x71/0x470 [ 705.059530][T10836] ? stack_depot_save_flags+0x35/0x7b0 [ 705.065746][T10836] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 705.072384][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.085452][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.090914][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.098595][T10836] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 705.105393][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.110824][T10836] ? kmsan_get_metadata+0xfb/0x160 [ 705.116500][T10836] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 705.122619][T10836] bpf_prog_load+0x28e6/0x2e50 [ 705.128095][T10836] ? kmsan_internal_set_shadow_origin+0x79/0x110 [ 705.134882][T10836] ? kmsan_internal_unpoison_memory+0x14/0x20 [ 705.141333][T10836] ? security_bpf+0x88/0x620 [ 705.146444][T10836] ? _copy_from_user+0xcb/0x100 [ 705.151585][T10836] __sys_bpf+0x7f4/0xed0 [ 705.156384][T10836] __x64_sys_bpf+0xa4/0xf0 [ 705.161140][T10836] x64_sys_call+0x3550/0x3e20 [ 705.166353][T10836] do_syscall_64+0xd9/0x210 [ 705.171180][T10836] ? irqentry_exit+0x16/0x60 [ 705.176461][T10836] ? clear_bhb_loop+0x40/0x90 [ 705.188898][T10836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 705.197508][T10836] RIP: 0033:0x7f252b78ebe9 [ 705.202176][T10836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 705.222305][T10836] RSP: 002b:00007f252c625038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 705.231637][T10836] RAX: ffffffffffffffda RBX: 00007f252b9c5fa0 RCX: 00007f252b78ebe9 [ 705.240144][T10836] RDX: 0000000000000048 RSI: 00002000000054c0 RDI: 0000000000000005 [ 705.248597][T10836] RBP: 00007f252b811e19 R08: 0000000000000000 R09: 0000000000000000 [ 705.257129][T10836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 705.265470][T10836] R13: 00007f252b9c6038 R14: 00007f252b9c5fa0 R15: 00007ffda3390818 [ 705.273739][T10836] [ 705.277231][T10836] ---[ end trace 0000000000000000 ]--- [ 706.860903][T10862] loop2: detected capacity change from 0 to 512 [ 707.012638][T10862] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 707.030739][T10862] ext4 filesystem being mounted at /416/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 707.491370][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 708.812533][T10894] loop0: detected capacity change from 0 to 128 [ 709.294641][ T9] usb 4-1: new low-speed USB device number 9 using dummy_hcd [ 709.473132][T10902] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2058'. [ 709.489193][T10902] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2058'. [ 709.535144][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 709.545876][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 709.555299][ T9] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 709.646826][ T9] usb 4-1: string descriptor 0 read error: -22 [ 709.653784][ T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 709.663479][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 709.747564][T10896] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 709.805789][ T9] usb 4-1: 0:2 : does not exist [ 709.823625][T10907] loop2: detected capacity change from 0 to 256 [ 709.842676][T10907] exfat: Deprecated parameter 'namecase' [ 709.850455][T10907] exfat: Deprecated parameter 'utf8' [ 710.061934][T10907] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001ff53, chksum : 0xd72bb7d8, utbl_chksum : 0xe619d30d) [ 710.069061][ T1620] usb 4-1: USB disconnect, device number 9 [ 710.180555][T10911] loop4: detected capacity change from 0 to 512 [ 710.349241][T10911] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 710.396659][T10911] EXT4-fs (loop4): orphan cleanup on readonly fs [ 710.435711][T10911] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 710.445422][T10911] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 710.455917][T10911] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.2063: Failed to acquire dquot type 1 [ 710.480655][T10911] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2063: bg 0: block 40: padding at end of block bitmap is not set [ 710.513449][T10911] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 710.559616][T10911] EXT4-fs (loop4): 1 truncate cleaned up [ 710.568429][T10911] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 710.719993][T10911] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.2063: bad symlink. [ 710.773777][T10911] EXT4-fs error (device loop4): ext4_get_link:106: inode #16: comm syz.4.2063: bad symlink. [ 710.891036][T10918] loop6: detected capacity change from 0 to 256 [ 711.089594][T10918] exFAT-fs (loop6): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x46ae1815, utbl_chksum : 0xe619d30d) [ 711.108430][T10918] exFAT-fs (loop6): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 711.137138][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 711.669143][T10929] loop2: detected capacity change from 0 to 256 [ 711.830066][T10929] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f41, chksum : 0x2f9e4978, utbl_chksum : 0xe619d30d) [ 711.865684][ T30] audit: type=1326 audit(1756516450.219:502): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.0.2072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 711.888948][ T30] audit: type=1326 audit(1756516450.219:503): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.0.2072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 711.945701][ T30] audit: type=1326 audit(1756516450.289:504): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.0.2072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 711.968957][ T30] audit: type=1326 audit(1756516450.309:505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.0.2072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 711.992026][ T30] audit: type=1326 audit(1756516450.309:506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.0.2072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=278 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 712.015991][ T30] audit: type=1326 audit(1756516450.309:507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10931 comm="syz.0.2072" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 712.092401][T10935] loop3: detected capacity change from 0 to 256 [ 712.165528][T10935] exfat: Deprecated parameter 'utf8' [ 712.308598][T10935] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011d93, chksum : 0x4501cc6b, utbl_chksum : 0xe619d30d) [ 712.529351][T10939] sp0: Synchronizing with TNC [ 712.666701][T10938] [U] è` [ 712.769114][T10942] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2075'. [ 713.429326][ T9] kernel write not supported for file /amidi2 (pid: 9 comm: kworker/0:0) [ 714.113191][T10963] loop2: detected capacity change from 0 to 256 [ 714.352475][T10963] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 714.957716][T10968] tipc: Enabling of bearer rejected, failed to enable media [ 715.064989][T10966] loop6: detected capacity change from 0 to 32768 [ 715.157628][T10966] OCFS2: ERROR (device loop6): int ocfs2_validate_inode_block(struct super_block *, struct buffer_head *): Invalid dinode #71: signature = INO01 [ 715.173132][T10966] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 715.183960][T10966] OCFS2: File system is now read-only. [ 715.189880][T10966] (syz.6.2087,10966,0):ocfs2_read_locked_inode:597 ERROR: status = -30 [ 715.198814][T10966] (syz.6.2087,10966,0):_ocfs2_get_system_file_inode:144 ERROR: status = -30 [ 715.209350][T10966] (syz.6.2087,10966,0):ocfs2_init_global_system_inodes:465 ERROR: status = -30 [ 715.223073][T10966] (syz.6.2087,10966,0):ocfs2_init_global_system_inodes:467 ERROR: Unable to load system inode 4, possibly corrupt fs? [ 715.223311][T10966] (syz.6.2087,10966,0):ocfs2_init_global_system_inodes:476 ERROR: status = -30 [ 715.246866][T10966] (syz.6.2087,10966,0):ocfs2_initialize_super:2198 ERROR: status = -30 [ 715.256200][T10966] (syz.6.2087,10966,0):ocfs2_fill_super:1177 ERROR: status = -30 [ 715.906579][T10974] sg_write: data in/out 196608/32 bytes for SCSI command 0x2c-- guessing data in; [ 715.906579][T10974] program syz.2.2091 not setting count and/or reply_len properly [ 716.129683][T10981] loop0: detected capacity change from 0 to 1024 [ 716.198604][T10981] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 716.217646][T10981] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 716.227361][T10981] EXT4-fs (loop0): orphan cleanup on readonly fs [ 716.235831][T10981] Quota error (device loop0): v2_read_file_info: Can't read info structure [ 716.251207][T10981] EXT4-fs warning (device loop0): ext4_enable_quotas:7172: Failed to enable quota tracking (type=0, err=-5, ino=3). Please run e2fsck to fix. [ 716.266438][T10981] EXT4-fs (loop0): Cannot turn on quotas: error -5 [ 716.281959][T10981] EXT4-fs (loop0): 1 truncate cleaned up [ 716.290279][T10981] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 716.430756][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 716.737731][T10989] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2099'. [ 716.760005][T10990] loop6: detected capacity change from 0 to 512 [ 716.783442][T10990] EXT4-fs (loop6): Using encoding defined by superblock: utf8-12.1.0 with flags 0x0 [ 716.794031][T10990] EXT4-fs (loop6): feature flags set on rev 0 fs, running e2fsck is recommended [ 716.803752][T10990] EXT4-fs (loop6): Couldn't mount because of unsupported optional features (fffc1829) [ 716.814514][T10990] EXT4-fs (loop6): couldn't mount as ext2 due to feature incompatibilities [ 717.742768][T11002] loop0: detected capacity change from 0 to 512 [ 717.752236][T11005] tc_dump_action: action bad kind [ 717.924370][T11002] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846e02c, mo2=0002] [ 717.933286][T11002] System zones: 1-12 [ 718.061138][T11002] EXT4-fs error (device loop0): dx_probe:791: inode #2: comm syz.0.2104: Directory hole found for htree index block 0 [ 718.165549][T11002] EXT4-fs (loop0): Remounting filesystem read-only [ 718.172344][T11002] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -117 [ 718.256418][T11002] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 718.275379][T11002] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 718.545370][T11002] EXT4-fs (loop0): can't enable nombcache during remount [ 718.781874][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 719.421359][T11030] sch_tbf: burst 0 is lower than device veth1_virt_wifi mtu (1514) ! [ 721.235691][T11046] loop4: detected capacity change from 0 to 32768 [ 721.251498][T11046] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section journal_v2: journal bucket 255 past end of device (nbuckets 128) [ 721.251498][T11046] journal_v2 (size 40): [ 721.251498][T11046] Buckets: 249-256 24-25 [ 721.251498][T11046] [ 721.319629][T11046] bcachefs: bch2_fs_get_tree() error: invalid_sb_journal [ 721.329813][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 722.641782][T11068] loop4: detected capacity change from 0 to 164 [ 722.679899][T11068] Unable to read rock-ridge attributes [ 722.786595][T11068] Unable to read rock-ridge attributes [ 722.855577][T11068] iso9660: Corrupted directory entry in block 4 of inode 1792 [ 723.393057][T11078] netlink: 52 bytes leftover after parsing attributes in process `syz.4.2141'. [ 723.675750][T11082] loop2: detected capacity change from 0 to 2048 [ 723.832931][T11082] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 723.850345][T11082] ext4 filesystem being mounted at /438/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 724.496595][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 725.070479][T11101] loop4: detected capacity change from 0 to 16 [ 725.113685][T11101] erofs (device loop4): mounted with root inode @ nid 36. [ 726.227690][T11120] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2159'. [ 726.914914][ T9] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 727.139053][ T9] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 727.149428][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 727.156537][ T9] usb 4-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.00 [ 727.165997][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 727.236055][ T9] usb 4-1: config 0 descriptor?? [ 727.816392][T11140] loop2: detected capacity change from 0 to 256 [ 727.965033][ T1620] usb 4-1: USB disconnect, device number 10 [ 728.129735][ T30] audit: type=1326 audit(1756516466.489:508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 728.153010][ T30] audit: type=1326 audit(1756516466.509:509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 728.176487][ T30] audit: type=1326 audit(1756516466.529:510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f252b78d550 code=0x7ffc0000 [ 728.199600][ T30] audit: type=1326 audit(1756516466.529:511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f252b790417 code=0x7ffc0000 [ 728.226674][ T30] audit: type=1326 audit(1756516466.529:512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 728.250985][ T30] audit: type=1326 audit(1756516466.529:513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7f252b790417 code=0x7ffc0000 [ 728.274138][ T30] audit: type=1326 audit(1756516466.529:514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f252b78d84a code=0x7ffc0000 [ 728.296948][ T30] audit: type=1326 audit(1756516466.569:515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 728.320095][ T30] audit: type=1326 audit(1756516466.569:516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 728.347294][ T30] audit: type=1326 audit(1756516466.579:517): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11143 comm="syz.0.2172" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f252b78ebe9 code=0x7ffc0000 [ 729.458067][T11161] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2179'. [ 729.467668][T11161] tipc: Invalid UDP bearer configuration [ 729.467899][T11161] tipc: Enabling of bearer rejected, failed to enable media [ 730.037966][ T1620] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 730.048759][T11172] loop0: detected capacity change from 0 to 256 [ 730.094535][T11172] exfat: Deprecated parameter 'namecase' [ 730.100882][T11172] exfat: Deprecated parameter 'utf8' [ 730.234697][T11173] loop2: detected capacity change from 0 to 1024 [ 730.238402][ T1620] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 730.251736][ T1620] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.298901][T11172] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x22785e93, utbl_chksum : 0xe619d30d) [ 730.316736][ T1620] usb 5-1: config 0 descriptor?? [ 730.330038][ T1620] cp210x 5-1:0.0: cp210x converter detected [ 730.419289][T11173] hfsplus: bad catalog entry type [ 730.841626][ T9766] hfsplus: b-tree write err: -5, ino 4 [ 730.999783][ T1620] cp210x 5-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 731.009919][ T1620] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 731.081881][ T1620] usb 5-1: cp210x converter now attached to ttyUSB0 [ 731.132095][ T1620] usb 5-1: USB disconnect, device number 8 [ 731.156674][ T1620] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 731.166326][ T1620] cp210x 5-1:0.0: device disconnected [ 731.340154][T11186] loop2: detected capacity change from 0 to 256 [ 731.433257][T11186] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 733.114902][T11196] loop6: detected capacity change from 0 to 32768 [ 733.225944][T11196] XFS (loop6): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd [ 733.419989][T11196] XFS (loop6): Metadata corruption detected at xfs_inode_buf_verify+0x613/0x6b0, xfs_inode block 0x2280 xfs_inode_buf_verify [ 733.434009][T11196] XFS (loop6): Unmount and run xfs_repair [ 733.440055][T11196] XFS (loop6): First 128 bytes of corrupted metadata buffer: [ 733.454860][T11196] 00000000: 49 4e 00 00 03 00 00 00 00 00 00 00 00 00 00 00 IN.............. [ 733.464328][T11196] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 733.473527][T11196] 00000020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 733.482782][T11196] 00000030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 733.492303][T11196] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 733.501674][T11196] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 733.511248][T11196] 00000060: 40 00 00 00 cc f1 e3 c7 00 00 00 00 00 00 00 00 @............... [ 733.520508][T11196] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 733.529880][T11196] XFS (loop6): metadata I/O error in "xfs_imap_to_bp+0x128/0x2e0" at daddr 0x2280 len 64 error 117 [ 733.541404][T11196] XFS (loop6): Failed to read root inode 0x1140, error 117 [ 733.553411][T11196] XFS (loop6): Uncorrected metadata errors detected; please run xfs_repair. [ 735.338092][T11235] loop2: detected capacity change from 0 to 1024 [ 735.347226][T11238] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2212'. [ 735.376672][T11238] : entered promiscuous mode [ 735.465949][T11240] loop4: detected capacity change from 0 to 64 [ 735.486456][T11240] BFS-fs: bfs_fill_super(): loop4 is unclean, continuing [ 736.441996][T11252] netlink: 'syz.2.2219': attribute type 1 has an invalid length. [ 736.569829][T11252] 8021q: adding VLAN 0 to HW filter on device bond1 [ 736.674687][T11256] netlink: 766 bytes leftover after parsing attributes in process `syz.0.2221'. [ 737.310378][T11267] loop2: detected capacity change from 0 to 256 [ 738.394308][ T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 738.596096][T11272] loop0: detected capacity change from 0 to 32768 [ 738.608031][T11272] XFS: noikeep mount option is deprecated. [ 738.614494][T11272] XFS: attr2 mount option is deprecated. [ 738.726782][ T9] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 738.735988][ T9] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 738.745434][ T9] usb 4-1: config 220 has an invalid descriptor of length 235, skipping remainder of the config [ 738.756201][ T9] usb 4-1: config 220 has no interface number 2 [ 738.762748][ T9] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 738.781449][ T9] usb 4-1: config 220 interface 0 has no altsetting 0 [ 738.795639][ T9] usb 4-1: config 220 interface 76 has no altsetting 0 [ 738.802897][ T9] usb 4-1: config 220 interface 1 has no altsetting 0 [ 738.859024][T11272] XFS (loop0): Metadata CRC error detected at xfs_sb_read_verify+0x5c7/0x640, xfs_sb block 0x0 [ 738.877547][T11272] XFS (loop0): Unmount and run xfs_repair [ 738.887471][T11272] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 738.895410][T11272] 00000000: 58 46 53 42 00 00 04 00 00 00 00 00 00 00 20 00 XFSB.......... . [ 738.914232][T11272] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 738.926685][T11272] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 738.937185][T11272] 00000030: 00 00 00 00 00 00 00 20 00 00 00 00 00 00 24 40 ....... ......$@ [ 738.946534][T11272] 00000040: 00 00 00 00 00 00 24 41 00 00 00 00 00 00 24 42 ......$A......$B [ 738.952889][ T9] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 738.956002][T11272] 00000050: 00 00 00 02 00 00 20 00 00 00 00 01 00 00 00 00 ...... ......... [ 738.956131][T11272] 00000060: 00 00 12 00 b4 b5 02 00 04 00 00 02 00 00 00 00 ................ [ 738.956253][T11272] 00000070: 00 00 00 00 00 00 00 00 0b 09 0a 01 0d 00 00 32 ...............2 [ 738.956465][T11272] XFS (loop0): SB validate failed with error -74. [ 739.005848][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 739.014205][ T9] usb 4-1: Product: syz [ 739.018576][ T9] usb 4-1: Manufacturer: syz [ 739.023390][ T9] usb 4-1: SerialNumber: syz [ 739.366217][ T9] usb 4-1: selecting invalid altsetting 0 [ 739.372871][ T9] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 739.380397][ T9] usb 4-1: No valid video chain found. [ 739.701420][ T9] usb 4-1: selecting invalid altsetting 0 [ 739.708203][ T9] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 739.786490][ T9] usb 4-1: USB disconnect, device number 11 [ 741.182152][T11312] loop2: detected capacity change from 0 to 512 [ 741.745176][T11310] loop6: detected capacity change from 0 to 32768 [ 741.769950][T11310] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.2241 (11310) [ 741.823548][T11314] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2244'. [ 741.865708][T11310] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 741.876682][T11310] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm [ 741.886441][T11310] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2 [ 742.306205][T11310] BTRFS info (device loop6): rebuilding free space tree [ 742.340107][T11310] BTRFS info (device loop6): disabling free space tree [ 742.347792][T11310] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 742.364779][T11310] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 742.428957][T11310] BTRFS info (device loop6): enabling ssd optimizations [ 742.436551][T11310] BTRFS info (device loop6): turning off barriers [ 742.443209][T11310] BTRFS info (device loop6): disabling tree log [ 742.449933][T11310] BTRFS info (device loop6): turning on flush-on-commit [ 742.465681][T11310] BTRFS info (device loop6): turning on async discard [ 742.472884][T11310] BTRFS info (device loop6): enabling disk space caching [ 742.480724][T11310] BTRFS info (device loop6): force clearing of disk cache [ 742.488556][T11310] BTRFS info (device loop6): use lzo compression, level 0 [ 742.509680][T11310] BTRFS info (device loop6): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 743.200242][T11332] loop3: detected capacity change from 0 to 32768 [ 743.211198][T11332] XFS (loop3): invalid logbufsize: 3 [not 16k,32k,64k,128k or 256k] [ 744.553203][T11349] netlink: 504 bytes leftover after parsing attributes in process `syz.0.2253'. [ 744.665877][T11351] loop2: detected capacity change from 0 to 256 [ 744.676968][T11351] exfat: Deprecated parameter 'utf8' [ 744.873399][T11351] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 745.564499][T11362] loop2: detected capacity change from 0 to 128 [ 745.606353][T11362] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 745.742489][T11362] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 745.830676][T11369] loop3: detected capacity change from 0 to 1024 [ 747.946283][T11395] loop2: detected capacity change from 0 to 2048 [ 748.094736][T11402] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 748.218552][T11395] NILFS error (device loop2): nilfs_bmap_lookup_at_level: broken bmap (inode number=6) [ 748.278221][T11395] Remounting filesystem read-only [ 748.954218][T10137] Bluetooth: hci4: command tx timeout [ 749.868217][T11426] block nbd6: Attempted send on invalid socket [ 749.875279][T11426] I/O error, dev nbd6, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 749.885241][T11426] vxfs: unable to read disk superblock at 1 [ 749.891843][T11426] block nbd6: Attempted send on invalid socket [ 749.898471][T11426] I/O error, dev nbd6, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1 [ 749.908319][T11426] vxfs: unable to read disk superblock at 8 [ 749.914973][T11426] vxfs: can't find superblock. [ 751.146496][T11445] loop0: detected capacity change from 0 to 1024 [ 751.445776][T11450] netlink: 'syz.3.2301': attribute type 3 has an invalid length. [ 751.738848][T11446] loop2: detected capacity change from 0 to 4096 [ 752.006334][T11446] NILFS (loop2): invalid segment: Checksum error in segment payload [ 752.015357][T11446] NILFS (loop2): trying rollback from an earlier position [ 752.312220][T11446] NILFS (loop2): recovery complete [ 752.435620][T11457] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 752.501612][T11452] loop6: detected capacity change from 0 to 32768 [ 752.514606][T11452] Only 4K block size supported! [ 752.519819][T11452] Mount JFS Failure: -22 [ 752.524468][T11452] jfs_mount failed w/return code = -22 [ 753.485971][T11464] netlink: 108 bytes leftover after parsing attributes in process `syz.0.2307'. [ 754.172980][T11474] loop6: detected capacity change from 0 to 128 [ 755.306240][T11479] loop4: detected capacity change from 0 to 4096 [ 755.435914][T11491] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 755.575015][T11493] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 756.500780][T11503] loop0: detected capacity change from 0 to 1024 [ 756.503797][T11503] EXT4-fs: Ignoring removed bh option [ 756.504885][T11503] EXT4-fs: Ignoring removed nobh option [ 756.505036][T11503] EXT4-fs: inline encryption not supported [ 756.574667][T11503] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 756.745377][T11500] loop2: detected capacity change from 0 to 4096 [ 756.781610][T11500] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 756.983197][T11500] ntfs3(loop2): Mark volume as dirty due to NTFS errors [ 757.007292][T11500] ntfs3(loop2): Failed to load $Extend (-22). [ 757.007434][T11500] ntfs3(loop2): Failed to initialize $Extend. [ 757.222772][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 757.421320][T11514] loop3: detected capacity change from 0 to 64 [ 758.004808][T11515] loop4: detected capacity change from 0 to 4096 [ 758.215353][T11515] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 758.925720][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 759.379280][T11542] loop0: detected capacity change from 0 to 256 [ 760.005870][T11538] loop6: detected capacity change from 0 to 8192 [ 760.261278][T11555] loop0: detected capacity change from 0 to 1024 [ 760.839605][ T78] hfsplus: b-tree write err: -5, ino 4 [ 761.324798][T11567] loop3: detected capacity change from 0 to 512 [ 761.407026][T11567] EXT4-fs (loop3): Test dummy encryption mode enabled [ 761.521697][T11567] EXT4-fs (loop3): warning: mounting unchecked fs, running e2fsck is recommended [ 761.655734][T11567] EXT4-fs (loop3): Errors on filesystem, clearing orphan list. [ 761.666086][T11567] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 761.920989][ T5820] Bluetooth: hci4: command 0x0405 tx timeout [ 762.139050][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 762.699703][T11588] loop3: detected capacity change from 0 to 1024 [ 763.102636][T11595] netlink: 'syz.0.2367': attribute type 2 has an invalid length. [ 763.150482][ T9770] hfsplus: b-tree write err: -5, ino 4 [ 763.497794][T11601] netlink: 'syz.3.2369': attribute type 6 has an invalid length. [ 764.184900][T11612] netlink: 240 bytes leftover after parsing attributes in process `syz.6.2373'. [ 764.194659][T11612] NCSI netlink: No device for ifindex 1025 [ 764.322169][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 764.322264][ T30] audit: type=1326 audit(1756516502.669:519): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11615 comm="syz.0.2377" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f252b78ebe9 code=0x0 [ 764.956924][T11625] trusted_key: encrypted_key: key user:syz not found [ 766.823526][T11654] loop0: detected capacity change from 0 to 1024 [ 766.868232][T11654] EXT4-fs: Ignoring removed nomblk_io_submit option [ 767.017319][T11654] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 767.431833][T11667] netlink: 'syz.6.2399': attribute type 1 has an invalid length. [ 767.513488][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 769.754756][T11703] loop2: detected capacity change from 0 to 128 [ 770.486960][T11714] loop2: detected capacity change from 0 to 64 [ 771.443295][T11724] netlink: 'syz.2.2426': attribute type 3 has an invalid length. [ 771.717574][ T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 771.875722][ T5864] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 771.971497][ T9] usb 5-1: config 0 interface 0 has no altsetting 0 [ 771.979345][ T9] usb 5-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=f0.ee [ 771.989174][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 772.069289][ T9] usb 5-1: config 0 descriptor?? [ 772.090394][ T5864] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 772.102261][ T5864] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 772.248190][ T5864] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 772.263677][ T5864] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 772.274539][ T5864] usb 4-1: SerialNumber: syz [ 772.658342][ T9] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 772.887141][ T9] usb 5-1: USB disconnect, device number 9 [ 772.889759][ T5864] usb 4-1: 0:2 : does not exist [ 773.945346][ T5864] usb 4-1: USB disconnect, device number 12 [ 775.545136][T11810] loop4: detected capacity change from 0 to 512 [ 775.670369][T11810] EXT4-fs error (device loop4): ext4_xattr_inode_iget:433: comm syz.4.2436: Parent and EA inode have the same ino 15 [ 775.710202][T11810] EXT4-fs (loop4): 1 orphan inode deleted [ 775.718746][T11810] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 776.069537][T11819] loop0: detected capacity change from 0 to 256 [ 776.116401][T11819] exfat: Deprecated parameter 'namecase' [ 776.122472][T11819] exfat: Deprecated parameter 'utf8' [ 776.296274][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 776.508522][T11819] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x56600a7f, utbl_chksum : 0xe619d30d) [ 776.786453][T11825] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2444'. [ 776.796146][T11825] tc_dump_action: action bad kind [ 777.219870][T11823] loop2: detected capacity change from 0 to 40427 [ 777.244607][T11823] F2FS-fs (loop2): Wrong SIT boundary, start(1536) end(3825207808) blocks(1024) [ 777.254189][T11823] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 777.267208][T11823] F2FS-fs (loop2): invalid crc value [ 777.282122][T11823] F2FS-fs (loop2): invalid crc value [ 777.287931][T11823] F2FS-fs (loop2): Failed to get valid F2FS checkpoint [ 778.394412][T11835] loop6: detected capacity change from 0 to 1024 [ 778.618552][T11835] hfsplus: bad catalog entry type [ 779.005338][ T3781] hfsplus: b-tree write err: -5, ino 4 [ 779.275579][T11850] loop2: detected capacity change from 0 to 512 [ 779.441951][T11850] EXT4-fs error (device loop2): ext4_map_blocks:778: inode #2: block 3: comm syz.2.2454: lblock 0 mapped to illegal pblock 3 (length 1) [ 779.548089][T11850] EXT4-fs (loop2): Remounting filesystem read-only [ 779.561745][T11850] EXT4-fs warning (device loop2): dx_probe:791: inode #2: lblock 0: comm syz.2.2454: error -117 reading directory block [ 779.684163][T11850] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 779.696251][T11850] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 779.759082][T11855] loop6: detected capacity change from 0 to 2048 [ 779.771391][T11857] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 779.852807][T11855] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 779.877121][T11850] EXT4-fs warning (device loop2): ext4_empty_dir:3080: inode #2: lblock 0: comm syz.2.2454: error -117 reading directory block [ 780.358346][ T5815] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 781.215662][T11875] netlink: 'syz.3.2466': attribute type 1 has an invalid length. [ 781.223726][T11875] netlink: 228 bytes leftover after parsing attributes in process `syz.3.2466'. [ 781.416098][T11879] netlink: 6 bytes leftover after parsing attributes in process `syz.2.2468'. [ 782.336709][T11878] loop6: detected capacity change from 0 to 32768 [ 782.346854][T11878] bcachefs: bch2_fs_parse_param() Error parsing option fix_errors: option_value [ 782.752559][ T1288] ieee802154 phy0 wpan0: encryption failed: -22 [ 784.077033][T11901] loop3: detected capacity change from 0 to 1024 [ 784.463534][ T9773] hfsplus: b-tree write err: -5, ino 4 [ 784.760466][T11912] CIFS mount error: No usable UNC path provided in device string! [ 784.760466][T11912] [ 784.770999][T11912] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 784.809061][T11914] hsr0: entered promiscuous mode [ 785.340265][T11925] loop4: detected capacity change from 0 to 64 [ 785.511430][T11925] hfs: hfs: Invalid key length: 94 [ 785.925351][ T5811] hfs: node 4:3 still has 1 user(s)! [ 786.723174][T11937] loop2: detected capacity change from 0 to 4096 [ 786.936727][T11947] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 789.015946][T11982] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2516'. [ 789.092544][T11983] loop6: detected capacity change from 0 to 512 [ 789.142416][T11983] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 789.340886][T11983] EXT4-fs (loop6): 1 orphan inode deleted [ 789.347094][T11983] EXT4-fs (loop6): 1 truncate cleaned up [ 789.360125][T11983] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 789.598751][T11983] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 789.651521][T11983] EXT4-fs (loop6): Remounting filesystem read-only [ 789.835025][T10137] Bluetooth: hci1: command 0x0406 tx timeout [ 790.081844][T10136] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 790.102565][T11997] loop4: detected capacity change from 0 to 8 [ 790.199639][T11997] SQUASHFS error: lzo decompression failed, data probably corrupt [ 790.208430][T11997] SQUASHFS error: Failed to read block 0x91: -5 [ 790.219889][T11997] SQUASHFS error: Unable to read metadata cache entry [8f] [ 790.229230][T11997] SQUASHFS error: Unable to read inode 0x11f [ 790.617861][ T9] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 790.690980][T11998] loop0: detected capacity change from 0 to 4096 [ 790.707917][T11998] ntfs3(loop0): Different NTFS sector size (1024) and media sector size (512). [ 790.819256][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 129, changing to 11 [ 790.831212][ T9] usb 4-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 790.840751][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 790.935365][ T9] usb 4-1: config 0 descriptor?? [ 791.374436][ T5864] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 791.442889][ T9] kye 0003:0458:0138.000E: unbalanced delimiter at end of report description [ 791.481432][ T9] kye 0003:0458:0138.000E: parse failed [ 791.487976][ T9] kye 0003:0458:0138.000E: probe with driver kye failed with error -22 [ 791.585564][ T5864] usb 7-1: Using ep0 maxpacket: 16 [ 791.634877][ T5864] usb 7-1: config index 0 descriptor too short (expected 292, got 36) [ 791.643370][ T5864] usb 7-1: config 0 has an invalid interface number: 161 but max is 0 [ 791.647847][ T9] usb 4-1: USB disconnect, device number 13 [ 791.652254][ T5864] usb 7-1: config 0 has no interface number 0 [ 791.664623][ T5864] usb 7-1: config 0 interface 161 altsetting 13 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 791.677916][ T5864] usb 7-1: config 0 interface 161 altsetting 13 endpoint 0x81 has invalid wMaxPacketSize 0 [ 791.691593][ T5864] usb 7-1: config 0 interface 161 has no altsetting 0 [ 791.698955][ T5864] usb 7-1: New USB device found, idVendor=1b1c, idProduct=1b34, bcdDevice= 0.00 [ 791.714534][ T5864] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 791.880537][ T5864] usb 7-1: config 0 descriptor?? [ 791.891860][T12015] loop2: detected capacity change from 0 to 128 [ 792.073059][ T30] audit: type=1800 audit(1756516530.419:520): pid=12015 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2532" name="file2" dev="loop2" ino=1048829 res=0 errno=0 [ 792.139979][T12015] syz.2.2532: attempt to access beyond end of device [ 792.139979][T12015] loop2: rw=0, sector=2072, nr_sectors = 1 limit=128 [ 792.461272][T12019] snd_dummy snd_dummy.0: control 0:0:0:syz0:0 is already present [ 793.112771][T12017] loop4: detected capacity change from 0 to 32768 [ 793.670760][ T5864] corsair 0003:1B1C:1B34.000F: unknown main item tag 0x0 [ 793.678538][ T5864] corsair 0003:1B1C:1B34.000F: unknown main item tag 0x0 [ 793.689410][ T5864] corsair 0003:1B1C:1B34.000F: unknown main item tag 0x0 [ 793.697118][ T5864] corsair 0003:1B1C:1B34.000F: unknown main item tag 0x0 [ 793.704823][ T5864] corsair 0003:1B1C:1B34.000F: unknown main item tag 0x0 [ 793.718881][ T5864] corsair 0003:1B1C:1B34.000F: failed to start in urb: -90 [ 793.736812][ T5864] corsair 0003:1B1C:1B34.000F: hidraw0: USB HID v0.05 Device [HID 1b1c:1b34] on usb-dummy_hcd.6-1/input161 [ 793.836379][ T5864] usb 7-1: USB disconnect, device number 2 [ 795.037880][T12039] loop0: detected capacity change from 0 to 512 [ 795.069204][T12039] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 795.172072][T12039] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 795.185782][T12039] ext4 filesystem being mounted at /517/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 795.459151][ T30] audit: type=1800 audit(1756516533.819:521): pid=12039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.2543" name="file2" dev="loop0" ino=16 res=0 errno=0 [ 795.501207][T12039] EXT4-fs error (device loop0): __ext4_new_inode:1279: comm syz.0.2543: failed to insert inode 16: doubly allocated? [ 795.819028][T12054] binder: 12052:12054 ioctl c0306201 0 returned -14 [ 795.889210][T12054] binder: 12052:12054 ioctl c0306201 200000000080 returned -11 [ 795.917970][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 795.983046][T12056] : entered promiscuous mode [ 796.266514][T12058] loop4: detected capacity change from 0 to 8 [ 797.011474][T12068] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2557'. [ 797.709420][T12082] ipvlan2: entered promiscuous mode [ 797.723328][T12082] bridge0: port 3(ipvlan2) entered blocking state [ 797.730701][T12082] bridge0: port 3(ipvlan2) entered disabled state [ 797.738104][T12082] ipvlan2: entered allmulticast mode [ 797.743778][T12082] bridge0: entered allmulticast mode [ 797.762734][T12082] ipvlan2: left allmulticast mode [ 797.768408][T12082] bridge0: left allmulticast mode [ 798.015940][T12084] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2562'. [ 798.659194][T12092] loop0: detected capacity change from 0 to 128 [ 798.726267][T12095] loop3: detected capacity change from 0 to 128 [ 798.738007][T12092] ufs: You didn't specify the type of your ufs filesystem [ 798.738007][T12092] [ 798.738007][T12092] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 798.738007][T12092] [ 798.738007][T12092] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 798.823223][T12092] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2 [ 798.849316][T12095] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2568'. [ 798.859178][T12095] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2568'. [ 799.600930][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.609068][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.617241][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.625270][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.633098][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.641250][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.649174][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.657352][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.665242][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.673155][ T5864] hid-generic 0000:0002:0000.0010: unknown main item tag 0x0 [ 799.734989][ T5864] hid-generic 0000:0002:0000.0010: hidraw0: HID v0.00 Device [syz0] on syz0 [ 800.280182][T12117] loop4: detected capacity change from 0 to 512 [ 800.343230][T12117] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 800.429100][T12117] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 800.442922][T12117] ext4 filesystem being mounted at /550/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 800.598075][T12124] netlink: 16 bytes leftover after parsing attributes in process `syz.6.2581'. [ 801.004358][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 801.192757][T12130] loop6: detected capacity change from 0 to 512 [ 801.383111][T12130] Quota error (device loop6): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0 [ 801.395014][T12130] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0 [ 801.404954][T12130] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.2584: Failed to acquire dquot type 1 [ 801.429157][T12130] EXT4-fs (loop6): 1 truncate cleaned up [ 801.442166][T12130] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 801.456856][T12130] ext4 filesystem being mounted at /152/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 801.697005][T12130] EXT4-fs: Cannot change journaled quota options when quota turned on [ 802.226809][T10136] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 803.004509][T12157] loop3: detected capacity change from 0 to 128 [ 803.524884][T12164] [U] R5¡JCÒ°~V6“˜|‡7§¤Á…KXVZZËG—RÙÔ [ 803.564129][T12162] loop4: detected capacity change from 0 to 2048 [ 803.811083][T12162] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 804.045614][ T30] audit: type=1800 audit(1756516542.399:522): pid=12162 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2596" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 804.481768][T12175] loop6: detected capacity change from 0 to 1024 [ 804.492439][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 804.740967][T12175] hfsplus: bad catalog entry type [ 804.787143][T12171] loop3: detected capacity change from 0 to 4096 [ 805.115983][ T3781] hfsplus: b-tree write err: -5, ino 4 [ 805.530471][T12187] loop4: detected capacity change from 0 to 256 [ 805.714257][T12187] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x25fbf2c1, utbl_chksum : 0xe619d30d) [ 806.099041][T12195] loop3: detected capacity change from 0 to 256 [ 806.184743][T12198] loop0: detected capacity change from 0 to 128 [ 806.197323][T12198] EXT4-fs: Ignoring removed nomblk_io_submit option [ 806.264499][T12198] EXT4-fs (loop0): Test dummy encryption mode enabled [ 806.290441][ T30] audit: type=1800 audit(1756516544.649:523): pid=12195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2609" name="file3" dev="loop3" ino=1048833 res=0 errno=0 [ 806.385804][T12198] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 806.427340][T12198] ext4 filesystem being mounted at /532/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 806.907495][ T5808] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 807.046133][T12206] loop6: detected capacity change from 0 to 1024 [ 807.202207][T12203] loop4: detected capacity change from 0 to 4096 [ 807.225048][T12206] hfsplus: bad catalog entry type [ 807.567663][ T9766] hfsplus: b-tree write err: -5, ino 4 [ 807.875265][T12217] usb usb8: usbfs: process 12217 (syz.2.2621) did not claim interface 0 before use [ 808.655206][T12227] loop2: detected capacity change from 0 to 256 [ 809.184330][T12234] loop4: detected capacity change from 0 to 512 [ 809.215736][T12227] FAT-fs (loop2): Directory bread(block 64) failed [ 809.229882][T12227] FAT-fs (loop2): Directory bread(block 65) failed [ 809.239351][T12227] FAT-fs (loop2): Directory bread(block 66) failed [ 809.246577][T12227] FAT-fs (loop2): Directory bread(block 67) failed [ 809.253671][T12227] FAT-fs (loop2): Directory bread(block 68) failed [ 809.260852][T12227] FAT-fs (loop2): Directory bread(block 69) failed [ 809.268078][T12227] FAT-fs (loop2): Directory bread(block 70) failed [ 809.275230][T12227] FAT-fs (loop2): Directory bread(block 71) failed [ 809.282150][T12227] FAT-fs (loop2): Directory bread(block 72) failed [ 809.288165][T12234] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 809.289264][T12227] FAT-fs (loop2): Directory bread(block 73) failed [ 809.299040][T12234] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 809.395534][T12236] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2629'. [ 809.396443][T12234] EXT4-fs (loop4): warning: mounting unchecked fs, running e2fsck is recommended [ 809.405149][T12236] netlink: 28 bytes leftover after parsing attributes in process `syz.6.2629'. [ 809.560103][T12234] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 809.600145][T12234] System zones: 0-2, 18-18, 34-35 [ 809.646436][T12234] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 809.683657][T12239] loop0: detected capacity change from 0 to 64 [ 809.869390][T12234] EXT4-fs error (device loop4): ext4_validate_block_bitmap:441: comm syz.4.2628: bg 0: block 353: padding at end of block bitmap is not set [ 810.368711][ T5811] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 811.261109][T12260] loop3: detected capacity change from 0 to 2048 [ 811.356539][T12260] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 811.375440][T12260] ext4 filesystem being mounted at /554/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 811.404160][ T9] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 811.469127][T12260] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.2640: bg 0: block 345: padding at end of block bitmap is not set [ 811.495964][T12260] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem [ 811.522619][T12264] loop4: detected capacity change from 0 to 1024 [ 811.604999][ T9] usb 7-1: Using ep0 maxpacket: 16 [ 811.660443][ T9] usb 7-1: unable to get BOS descriptor or descriptor too short [ 811.692107][ T9] usb 7-1: config 13 has an invalid interface number: 50 but max is 0 [ 811.700960][ T9] usb 7-1: config 13 has no interface number 0 [ 811.707600][ T9] usb 7-1: config 13 interface 50 altsetting 167 bulk endpoint 0x8 has invalid maxpacket 16 [ 811.718222][ T9] usb 7-1: config 13 interface 50 has no altsetting 0 [ 811.832483][ T9] usb 7-1: New USB device found, idVendor=1aca, idProduct=b28e, bcdDevice=92.32 [ 811.842377][ T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 811.851100][ T9] usb 7-1: Product: syz [ 811.855690][ T9] usb 7-1: Manufacturer: syz [ 811.860851][ T9] usb 7-1: SerialNumber: syz [ 811.942664][ T5821] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 811.951455][T12262] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 812.012610][ T3530] hfsplus: b-tree write err: -5, ino 4 [ 812.418191][ T9] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 812.426557][ T9] usb 7-1: MIDIStreaming interface descriptor not found [ 812.673337][ T9] usb 7-1: USB disconnect, device number 3 [ 812.775951][T12278] loop4: detected capacity change from 0 to 2048 [ 812.881438][T12282] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2649'. [ 812.927121][T12284] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 813.148307][ T30] audit: type=1800 audit(1756516551.499:524): pid=12278 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2646" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 813.529688][T12284] NILFS (loop4): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 813.541090][T12284] NILFS error (device loop4): nilfs_bmap_propagate: broken bmap (inode number=4) [ 813.617302][T12284] Remounting filesystem read-only [ 813.640660][T12292] loop0: detected capacity change from 0 to 512 [ 813.650578][ T5811] NILFS (loop4): disposed unprocessed dirty file(s) when stopping log writer [ 813.766538][T12292] EXT4-fs warning (device loop0): dx_probe:861: inode #2: comm syz.0.2653: dx entry: limit 0 != root limit 125 [ 813.779136][T12292] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.2653: Corrupt directory, running e2fsck is recommended [ 813.944975][T12292] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117 [ 813.984547][T12298] nbd: must specify a size in bytes for the device [ 814.003536][T12292] EXT4-fs error (device loop0): ext4_iget_extra_inode:5104: inode #15: comm syz.0.2653: corrupted in-inode xattr: invalid ea_ino [ 814.085567][T12292] EXT4-fs (loop0): Remounting filesystem read-only [ 814.095356][T12292] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 814.466424][T12292] EXT4-fs warning (device loop0): ext4_empty_dir:3089: inode #2: comm syz.0.2653: directory missing '.' [ 814.720452][T12302] sp0: Synchronizing with TNC [ 815.089065][T12305] 9pnet_fd: Insufficient options for proto=fd [ 815.166832][ T5808] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 815.895357][T12310] netlink: 'syz.3.2661': attribute type 6 has an invalid length. [ 816.620684][T12290] ===================================================== [ 816.627936][T12290] BUG: KMSAN: uninit-value in aes_encrypt+0x126a/0x1960 [ 816.635172][T12290] aes_encrypt+0x126a/0x1960 [ 816.639986][T12290] aesti_encrypt+0x7d/0xf0 [ 816.644618][T12290] cipher_crypt_one+0x120/0x2e0 [ 816.649652][T12290] crypto_cipher_encrypt_one+0x33/0x40 [ 816.655305][T12290] drbg_ctr_update+0x19a9/0x3700 [ 816.660643][T12290] drbg_seed+0xb1b/0xe20 [ 816.665097][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 816.670366][T12290] crypto_rng_reset+0x193/0x250 [ 816.675418][T12290] rng_setkey+0x52/0x70 [ 816.679861][T12290] alg_setkey+0x265/0x3b0 [ 816.684492][T12290] alg_setsockopt+0x503/0x760 [ 816.689345][T12290] __sys_setsockopt+0x43b/0x580 [ 816.694412][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 816.699747][T12290] x64_sys_call+0x27c9/0x3e20 [ 816.704687][T12290] do_syscall_64+0xd9/0x210 [ 816.709447][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.715552][T12290] [ 816.718148][T12290] [ 816.718148][T12290] [ 816.727034][T12290] Uninit was stored to memory at: [ 816.732459][T12290] crypto_sha3_finup+0x136/0xe00 [ 816.737644][T12290] crypto_shash_finup+0x327/0xe80 [ 816.742987][T12290] jent_hash_time+0x247/0x590 [ 816.748005][T12290] jent_condition_data+0x4f0/0x510 [ 816.753374][T12290] jent_measure_jitter+0x547/0x770 [ 816.758755][T12290] jent_gen_entropy+0x209/0x450 [ 816.763852][T12290] jent_read_entropy+0x353/0xeb0 [ 816.769212][T12290] jent_kcapi_random+0x6c/0x250 [ 816.774420][T12290] drbg_seed+0x3f5/0xe20 [ 816.779031][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 816.784385][T12290] crypto_rng_reset+0x193/0x250 [ 816.789569][T12290] rng_setkey+0x52/0x70 [ 816.794209][T12290] alg_setkey+0x265/0x3b0 [ 816.798733][T12290] alg_setsockopt+0x503/0x760 [ 816.803692][T12290] __sys_setsockopt+0x43b/0x580 [ 816.808773][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 816.814126][T12290] x64_sys_call+0x27c9/0x3e20 [ 816.819089][T12290] do_syscall_64+0xd9/0x210 [ 816.823843][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.829966][T12290] [ 816.832435][T12290] Uninit was stored to memory at: [ 816.837767][T12290] crypto_shash_finup+0xc5a/0xe80 [ 816.843061][T12290] jent_hash_time+0x1de/0x590 [ 816.848415][T12290] jent_condition_data+0x4f0/0x510 [ 816.853937][T12290] jent_measure_jitter+0x547/0x770 [ 816.859371][T12290] jent_gen_entropy+0x209/0x450 [ 816.864472][T12290] jent_read_entropy+0x353/0xeb0 [ 816.869673][T12290] jent_kcapi_random+0x6c/0x250 [ 816.874803][T12290] drbg_seed+0x3f5/0xe20 [ 816.879387][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 816.884591][T12290] crypto_rng_reset+0x193/0x250 [ 816.889717][T12290] rng_setkey+0x52/0x70 [ 816.894112][T12290] alg_setkey+0x265/0x3b0 [ 816.898615][T12290] alg_setsockopt+0x503/0x760 [ 816.903480][T12290] __sys_setsockopt+0x43b/0x580 [ 816.908643][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 816.914000][T12290] x64_sys_call+0x27c9/0x3e20 [ 816.918920][T12290] do_syscall_64+0xd9/0x210 [ 816.923693][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 816.929812][T12290] [ 816.932268][T12290] Uninit was stored to memory at: [ 816.937635][T12290] crypto_sha3_finup+0xc98/0xe00 [ 816.942796][T12290] crypto_shash_finup+0x327/0xe80 [ 816.948091][T12290] jent_hash_time+0x247/0x590 [ 816.953021][T12290] jent_condition_data+0x4f0/0x510 [ 816.958409][T12290] jent_measure_jitter+0x547/0x770 [ 816.963771][T12290] jent_gen_entropy+0x209/0x450 [ 816.968855][T12290] jent_read_entropy+0x353/0xeb0 [ 816.974033][T12290] jent_kcapi_random+0x6c/0x250 [ 816.979174][T12290] drbg_seed+0x3f5/0xe20 [ 816.983623][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 816.988792][T12290] crypto_rng_reset+0x193/0x250 [ 816.993936][T12290] rng_setkey+0x52/0x70 [ 816.998292][T12290] alg_setkey+0x265/0x3b0 [ 817.002789][T12290] alg_setsockopt+0x503/0x760 [ 817.007901][T12290] __sys_setsockopt+0x43b/0x580 [ 817.012971][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 817.018323][T12290] x64_sys_call+0x27c9/0x3e20 [ 817.023292][T12290] do_syscall_64+0xd9/0x210 [ 817.028049][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.034176][T12290] [ 817.036604][T12290] Uninit was stored to memory at: [ 817.041855][T12290] keccakf+0x1efb/0x2110 [ 817.046311][T12290] crypto_sha3_finup+0x772/0xe00 [ 817.051464][T12290] crypto_shash_finup+0x327/0xe80 [ 817.056753][T12290] jent_hash_time+0x247/0x590 [ 817.061754][T12290] jent_condition_data+0x4f0/0x510 [ 817.067109][T12290] jent_measure_jitter+0x547/0x770 [ 817.072460][T12290] jent_gen_entropy+0x209/0x450 [ 817.077553][T12290] jent_read_entropy+0x353/0xeb0 [ 817.082801][T12290] jent_kcapi_random+0x6c/0x250 [ 817.087918][T12290] drbg_seed+0x3f5/0xe20 [ 817.092354][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 817.097505][T12290] crypto_rng_reset+0x193/0x250 [ 817.102546][T12290] rng_setkey+0x52/0x70 [ 817.106885][T12290] alg_setkey+0x265/0x3b0 [ 817.111399][T12290] alg_setsockopt+0x503/0x760 [ 817.116252][T12290] __sys_setsockopt+0x43b/0x580 [ 817.121313][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 817.126666][T12290] x64_sys_call+0x27c9/0x3e20 [ 817.131604][T12290] do_syscall_64+0xd9/0x210 [ 817.136358][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.142452][T12290] [ 817.144868][T12290] Uninit was stored to memory at: [ 817.150129][T12290] crypto_sha3_finup+0x5be/0xe00 [ 817.155288][T12290] crypto_shash_finup+0x327/0xe80 [ 817.160564][T12290] jent_hash_time+0x247/0x590 [ 817.165486][T12290] jent_condition_data+0x4f0/0x510 [ 817.170837][T12290] jent_measure_jitter+0x547/0x770 [ 817.176262][T12290] jent_gen_entropy+0x209/0x450 [ 817.181324][T12290] jent_read_entropy+0x353/0xeb0 [ 817.186482][T12290] jent_kcapi_random+0x6c/0x250 [ 817.191593][T12290] drbg_seed+0x3f5/0xe20 [ 817.196039][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 817.201188][T12290] crypto_rng_reset+0x193/0x250 [ 817.206230][T12290] rng_setkey+0x52/0x70 [ 817.210563][T12290] alg_setkey+0x265/0x3b0 [ 817.215071][T12290] alg_setsockopt+0x503/0x760 [ 817.219926][T12290] __sys_setsockopt+0x43b/0x580 [ 817.224988][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 817.230316][T12290] x64_sys_call+0x27c9/0x3e20 [ 817.235232][T12290] do_syscall_64+0xd9/0x210 [ 817.239959][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.246048][T12290] [ 817.248459][T12290] Uninit was stored to memory at: [ 817.253847][T12290] crypto_sha3_finup+0x136/0xe00 [ 817.259000][T12290] crypto_shash_finup+0x327/0xe80 [ 817.264267][T12290] jent_hash_time+0x247/0x590 [ 817.269185][T12290] jent_condition_data+0x4f0/0x510 [ 817.274525][T12290] jent_measure_jitter+0x547/0x770 [ 817.279908][T12290] jent_gen_entropy+0x209/0x450 [ 817.284976][T12290] jent_read_entropy+0x353/0xeb0 [ 817.290241][T12290] jent_kcapi_random+0x6c/0x250 [ 817.295322][T12290] drbg_seed+0x3f5/0xe20 [ 817.299774][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 817.304926][T12290] crypto_rng_reset+0x193/0x250 [ 817.309967][T12290] rng_setkey+0x52/0x70 [ 817.314387][T12290] alg_setkey+0x265/0x3b0 [ 817.318886][T12290] alg_setsockopt+0x503/0x760 [ 817.323731][T12290] __sys_setsockopt+0x43b/0x580 [ 817.328793][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 817.334114][T12290] x64_sys_call+0x27c9/0x3e20 [ 817.339022][T12290] do_syscall_64+0xd9/0x210 [ 817.343757][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.349839][T12290] [ 817.352270][T12290] Uninit was stored to memory at: [ 817.357597][T12290] crypto_shash_finup+0xc5a/0xe80 [ 817.362887][T12290] jent_hash_time+0x1de/0x590 [ 817.367820][T12290] jent_condition_data+0x4f0/0x510 [ 817.373183][T12290] jent_measure_jitter+0x547/0x770 [ 817.378652][T12290] jent_gen_entropy+0x209/0x450 [ 817.383782][T12290] jent_read_entropy+0x353/0xeb0 [ 817.388964][T12290] jent_kcapi_random+0x6c/0x250 [ 817.394049][T12290] drbg_seed+0x3f5/0xe20 [ 817.398497][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 817.403658][T12290] crypto_rng_reset+0x193/0x250 [ 817.408876][T12290] rng_setkey+0x52/0x70 [ 817.413232][T12290] alg_setkey+0x265/0x3b0 [ 817.417729][T12290] alg_setsockopt+0x503/0x760 [ 817.422582][T12290] __sys_setsockopt+0x43b/0x580 [ 817.427985][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 817.433311][T12290] x64_sys_call+0x27c9/0x3e20 [ 817.438267][T12290] do_syscall_64+0xd9/0x210 [ 817.443005][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.449133][T12290] [ 817.451549][T12290] Local variable intermediary created at: [ 817.457378][T12290] jent_hash_time+0x9b/0x590 [ 817.462194][T12290] jent_condition_data+0x4f0/0x510 [ 817.467525][T12290] [ 817.469984][T12290] CPU: 0 UID: 0 PID: 12290 Comm: syz.2.2652 Tainted: G W syzkaller #0 PREEMPT(none) [ 817.481159][T12290] Tainted: [W]=WARN [ 817.485086][T12290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 817.495304][T12290] ===================================================== [ 817.502352][T12290] Disabling lock debugging due to kernel taint [ 817.508643][T12290] Kernel panic - not syncing: kmsan.panic set ... [ 817.515242][T12290] CPU: 0 UID: 0 PID: 12290 Comm: syz.2.2652 Tainted: G B W syzkaller #0 PREEMPT(none) [ 817.526641][T12290] Tainted: [B]=BAD_PAGE, [W]=WARN [ 817.531802][T12290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 817.542025][T12290] Call Trace: [ 817.545425][T12290] [ 817.548478][T12290] __dump_stack+0x26/0x30 [ 817.553129][T12290] dump_stack_lvl+0x53/0x270 [ 817.557958][T12290] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 817.564143][T12290] dump_stack+0x1e/0x25 [ 817.568557][T12290] vpanic+0x361/0xc50 [ 817.572802][T12290] panic+0x15d/0x160 [ 817.576986][T12290] kmsan_report+0x31c/0x320 [ 817.581820][T12290] ? __msan_warning+0x1b/0x30 [ 817.586693][T12290] ? aes_encrypt+0x126a/0x1960 [ 817.591660][T12290] ? aesti_encrypt+0x7d/0xf0 [ 817.596459][T12290] ? cipher_crypt_one+0x120/0x2e0 [ 817.601767][T12290] ? crypto_cipher_encrypt_one+0x33/0x40 [ 817.607614][T12290] ? drbg_ctr_update+0x19a9/0x3700 [ 817.612964][T12290] ? drbg_seed+0xb1b/0xe20 [ 817.617606][T12290] ? drbg_kcapi_seed+0x19b2/0x1e40 [ 817.622941][T12290] ? crypto_rng_reset+0x193/0x250 [ 817.628181][T12290] ? rng_setkey+0x52/0x70 [ 817.632763][T12290] ? alg_setkey+0x265/0x3b0 [ 817.637461][T12290] ? alg_setsockopt+0x503/0x760 [ 817.642499][T12290] ? __sys_setsockopt+0x43b/0x580 [ 817.647742][T12290] ? __x64_sys_setsockopt+0xf4/0x1a0 [ 817.653243][T12290] ? x64_sys_call+0x27c9/0x3e20 [ 817.658361][T12290] ? do_syscall_64+0xd9/0x210 [ 817.663484][T12290] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.670031][T12290] ? crypto_sha3_finup+0xd11/0xe00 [ 817.675433][T12290] ? kmsan_get_metadata+0xfb/0x160 [ 817.680804][T12290] ? kmsan_internal_memmove_metadata+0x181/0x230 [ 817.687451][T12290] ? kmsan_get_metadata+0xfb/0x160 [ 817.692812][T12290] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 817.698942][T12290] ? kmsan_get_metadata+0xfb/0x160 [ 817.704296][T12290] __msan_warning+0x1b/0x30 [ 817.709106][T12290] aes_encrypt+0x126a/0x1960 [ 817.713928][T12290] ? kmsan_get_metadata+0xfb/0x160 [ 817.719309][T12290] aesti_encrypt+0x7d/0xf0 [ 817.723965][T12290] cipher_crypt_one+0x120/0x2e0 [ 817.729055][T12290] ? __pfx_aesti_encrypt+0x10/0x10 [ 817.734411][T12290] ? crypto_cipher_setkey+0x380/0x430 [ 817.740019][T12290] ? kmsan_get_metadata+0xfb/0x160 [ 817.745375][T12290] crypto_cipher_encrypt_one+0x33/0x40 [ 817.751140][T12290] drbg_ctr_update+0x19a9/0x3700 [ 817.756699][T12290] ? __pfx_drbg_ctr_update+0x10/0x10 [ 817.762238][T12290] drbg_seed+0xb1b/0xe20 [ 817.766914][T12290] ? __pfx_jent_kcapi_random+0x10/0x10 [ 817.772678][T12290] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 817.778861][T12290] drbg_kcapi_seed+0x19b2/0x1e40 [ 817.784042][T12290] ? kmsan_get_shadow_origin_ptr+0x4a/0xb0 [ 817.790117][T12290] ? __pfx_drbg_kcapi_seed+0x10/0x10 [ 817.795644][T12290] crypto_rng_reset+0x193/0x250 [ 817.800762][T12290] rng_setkey+0x52/0x70 [ 817.805124][T12290] ? __pfx_rng_setkey+0x10/0x10 [ 817.810177][T12290] alg_setkey+0x265/0x3b0 [ 817.814819][T12290] alg_setsockopt+0x503/0x760 [ 817.819712][T12290] ? __pfx_alg_setsockopt+0x10/0x10 [ 817.825112][T12290] __sys_setsockopt+0x43b/0x580 [ 817.830209][T12290] __x64_sys_setsockopt+0xf4/0x1a0 [ 817.835671][T12290] x64_sys_call+0x27c9/0x3e20 [ 817.840712][T12290] do_syscall_64+0xd9/0x210 [ 817.845571][T12290] ? irqentry_exit+0x16/0x60 [ 817.850397][T12290] ? clear_bhb_loop+0x40/0x90 [ 817.855384][T12290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 817.861498][T12290] RIP: 0033:0x7f077f18ebe9 [ 817.866069][T12290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 817.886068][T12290] RSP: 002b:00007f077ff55038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 817.894710][T12290] RAX: ffffffffffffffda RBX: 00007f077f3c5fa0 RCX: 00007f077f18ebe9 [ 817.902892][T12290] RDX: 0000000000000001 RSI: 0000000000000117 RDI: 0000000000000003 [ 817.911093][T12290] RBP: 00007f077f211e19 R08: 0000000000000000 R09: 0000000000000000 [ 817.919260][T12290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 817.927398][T12290] R13: 00007f077f3c6038 R14: 00007f077f3c5fa0 R15: 00007ffe15bb2bc8 [ 817.935598][T12290] [ 817.939064][T12290] Kernel Offset: disabled [ 817.943492][T12290] Rebooting in 86400 seconds..