last executing test programs: 5m53.088897932s ago: executing program 32 (id=9110): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWFLOWTABLE={0x44, 0x16, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_HOOK={0x18, 0x3, 0x0, 0x1, [@NFTA_FLOWTABLE_HOOK_NUM={0x8}, @NFTA_FLOWTABLE_HOOK_DEVS={0x4}, @NFTA_FLOWTABLE_HOOK_PRIORITY={0x8, 0x2, 0x1, 0x0, 0x6}]}]}], {0x14, 0x10}}, 0x8c}}, 0x0) 5m48.208099616s ago: executing program 4 (id=9159): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000015c0)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff2300000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010001010404000034000000b7030000000000006a0a00fe000000008500000032000000b700000001000000950000000000000075cdc4b57b0c65752a3ad50000007ddd0000cb450063dedba767ade51f7f1f66acd19100002000000000000000ff7f0000b52f17cee19d0001000000000000000000cb04fcbb4e4d0b9bafe3ba431351a58a885ba9918d37b056b9bbd11b6b9f6cf7db6d574620260000000000008062d77e85cef4a2ab938f65aac33c4d620de2c9b7dc10d7d313f9f57606b83b994fc4051ade12f41deff6df6a936b4ec3827c739bb39aad16cc75fe369258673b5df11cc2afb53611cc32a790bc0b80e80eae8f5e64be2c9d2d29db3d36dd0cf8f79a015c7bd3f15aa6aadbeab2a01685108e61aa00000000000000000000000000c67c6c6a06e828e5216f601b19db1af1b5d356d0f062137d866d11be4ba3f0151fdbbd4e97d62ecc645e143a60f10800000000000000826151e3b42bcae95239ef5ca2a730a00c87c493db0300e63fda97a296820000000001000000eecc952a3fd2c46f3c1cde71a19d1a2982492a210e00d2bfea3b8d188df2eff8d56aaae7d32a2e180022537395019f02ec4b85f6aad7faca088de9b26797a8446b16c28d85f225992dbdd5bb01ba51508951c7a7d6ca0916c3a12912715649c2b1c7192a4251b59d378d3f00000000000000665c8b7e89eddfc3783f6c9129a7c5f8ee5f50579e2f638f7eb12f63be72a3d81ab324d6e417b1c2cbfdcada0a16e31790e26cf19588a7e0496ee2782224cf30f810da86cf1a3204f4c9404f5d7321a4fefc4d1c9139ca4b65b99909950000006b42077ca60fdecb2717e21f8f187b1866108b6e8c71e2603217606637ece1fa89917e131f4034a8383e99c3568fd04201b37cd92ca6ebf94a2d8310f7032775cfd75652f87b039d5430b3c6643e9146d2478ce31344b554aca7670000000000000010c65608fda6ed5d08e7a796042aa127d874105787d0347aa37801faff5b9050803a19ff6205aa5c263e407a2f7de56f7a0000e094fa4e3f05528caab5a430c08dd810bc97204b767dd969721a26aa740000000000bc433fe2d0a6ef2a8a91cd3cb305aa80dadef8b0caca780000000000000000863e21db415a222bb1a7ab94bfe4a74157d794f9d0430c2c0eb563350559829865a3dd08fb31bd0801e09aa3ee45e61a56fc83076451cff7632e49a41eadb5044a0d5f73d6932161ae5e9ce218a35cd8e7b747887b1a74798982d0b492c3f0ff53189d80733eb04f8124877b648ff438f7d66c7efcc09a8f3330b6c22d14e80db8e5608bdeab9388b758a15f4ce70390c214bc6838798f5b9b0b500d4e8b5174f329b8501c6feb7a6982bcea74a0f2ced7fa2059234a8d10b7f0597151d5c9067d57d85f4ae933eaf5174ba122f3f702ef8695578d3c08562c9fc185f0f65d11b4c58ae52500cbe99cde3758a5cbe6093dd328ac820e2de309d25a324647aadffcecf0f3bbaeda7af4436d9ffbce1b240a2f5e346eba8812e6329e01b087bde7da4a6448f478102e90c8134f531de08d4cf4f6f35b15a202544c0ced0c1715fd3a90099f785a13a2412bedba2981dd22bd9d736c00000000000000000000000000000000eb6fec8d7d2f77f4d470a9caa5b1bfc00cd1d40830ac35f229f8ffe1c02a63d3c2d9"], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x2}, 0x8, 0x10, &(0x7f0000000100), 0x10}, 0x57) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x702, 0xe, 0x700, &(0x7f0000000540)="e460334470b8d480eb00c15286dd", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 5m47.931165402s ago: executing program 3 (id=9161): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$TIOCGWINSZ(r0, 0x545d, &(0x7f0000000340)) 5m47.833568513s ago: executing program 4 (id=9162): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x1468, 0x1170, 0x1170, 0x1398, 0x0, 0x1170, 0x1398, 0x1398, 0x1398, 0x1398, 0x1398, 0x3, 0x0, {[{{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], 'ip6tnl0\x00', 'veth0_to_hsr\x00', {}, {}, 0x6}, 0x0, 0x1128, 0x1170, 0x0, {}, [@common=@inet=@multiport={{0x50}}, @common=@unspec=@cgroup1={{0x1030}, {0x0, 0x2, 0x0, 0x0, './cgroup.net/syz0\x00'}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x1, {@ipv4=@multicast2, 'netpci0\x00'}}}, {{@uncond, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0x0, [], 0x0, 0x23, 0x0, [@empty, @local, @remote, @mcast2, @loopback, @rand_addr=' \x01\x00', @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @ipv4={'\x00', '\xff\xff', @local}, @mcast1, @loopback, @remote, @mcast2, @empty, @rand_addr=' \x01\x00', @mcast1, @remote]}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'snmp_trap\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x14c8) 5m47.678689356s ago: executing program 3 (id=9163): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$MRT6_DEL_MFC_PROXY(r0, 0x29, 0xd3, 0x0, 0x0) 5m47.634440178s ago: executing program 4 (id=9165): r0 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') preadv(r0, &(0x7f0000000840)=[{&(0x7f00000005c0)=""/85, 0x55}], 0x1, 0x6, 0x0) 5m47.504541499s ago: executing program 3 (id=9166): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2002, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x38) 5m47.421843751s ago: executing program 4 (id=9167): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20, 0xa0, 0x62}, {0x0, 0x1f}, {0x0, 0x0, 0x100000001}, 0xfffffffd, 0x0, 0x1, 0x1}}, 0xb8}}, 0x0) 5m47.286881294s ago: executing program 3 (id=9169): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) connect(r0, &(0x7f0000004040)=@hci={0x1f, 0x0, 0x2}, 0x80) 5m47.193630806s ago: executing program 4 (id=9170): r0 = openat$nci(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) read$nci(r0, 0x0, 0x0) 5m47.090750868s ago: executing program 3 (id=9172): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80000, 0x0) ioctl$TIOCSRS485(r0, 0x542f, 0x0) 5m46.875051382s ago: executing program 3 (id=9173): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x25dfdbfd, {0xa}, [@NDA_VNI={0x8, 0x7, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0) 5m46.813631743s ago: executing program 4 (id=9174): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800030090020000080004"], 0x44}, 0x1, 0xba01}, 0x0) 5m32.675898287s ago: executing program 33 (id=9146): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000f00)=ANY=[@ANYBLOB="300000001800dd8d0000000000000000020000000000000900000000060015000a0000000c001680080001"], 0x30}}, 0x0) 5m30.426931371s ago: executing program 34 (id=9173): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000018c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=@bridge_delneigh={0x24, 0x1e, 0x1, 0x0, 0x25dfdbfd, {0xa}, [@NDA_VNI={0x8, 0x7, 0x1}]}, 0x24}, 0x1, 0x0, 0x0, 0x84}, 0x0) 5m30.338327553s ago: executing program 35 (id=9174): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800b0001006272696467650000140002800800030090020000080004"], 0x44}, 0x1, 0xba01}, 0x0) 2m14.898342313s ago: executing program 6 (id=10816): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_GPARAMS(r0, 0x40485404, &(0x7f0000000040)={{0x3, 0x0, 0x0, 0x0, 0x4}, 0xb}) 2m14.53815044s ago: executing program 6 (id=10820): syz_mount_image$vfat(&(0x7f0000000080), &(0x7f00000000c0)='./file1\x00', 0x200000, &(0x7f0000000880)={[{@uni_xlate}, {@iocharset={'iocharset', 0x3d, 'cp949'}}, {@shortname_winnt}, {@fat=@codepage={'codepage', 0x3d, '950'}}, {@numtail}, {@iocharset={'iocharset', 0x3d, 'cp850'}}, {@uni_xlate}, {@fat=@usefree}, {@shortname_lower}, {@utf8no}, {@iocharset={'iocharset', 0x3d, 'cp1250'}}, {@fat=@nfs_stale_rw}, {@shortname_winnt}]}, 0x84, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 2m14.155714168s ago: executing program 6 (id=10824): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setrlimit(0x7, 0x0) 2m13.836561434s ago: executing program 6 (id=10828): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c}) 2m13.114556458s ago: executing program 5 (id=10835): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=@setlink={0x3c, 0x13, 0x1, 0x70bd2a, 0x0, {}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'dummy0\x00'}, @IFLA_CARRIER={0x5, 0x21, 0x2}]}, 0x3c}}, 0x0) 2m13.045406279s ago: executing program 6 (id=10838): r0 = syz_open_dev$vbi(&(0x7f0000000140), 0x2, 0x2) ioctl$VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000200)={0x4, @sdr={0x64737664, 0x3ff}}) 2m12.827726863s ago: executing program 5 (id=10840): r0 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0xf, 0x1, 0x1, "7e0efe3287fdaced3d4fd6e8c46a2ca55aab2500000000b482b200", 0x31363553}) 2m12.543912369s ago: executing program 5 (id=10845): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000180)={0x1f, 0x1, 0x3, "27625ba20900000000000000e302f5ffffff0054b5000000010100000000e4ff", 0xc9ff1448cab384aa}) 2m12.187782916s ago: executing program 5 (id=10849): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c}) 2m12.125674457s ago: executing program 6 (id=10850): r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x1) ioctl$CEC_ADAP_G_CAPS(r0, 0xc04c6100, &(0x7f00000000c0)) 2m11.506109929s ago: executing program 36 (id=10850): r0 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x1) ioctl$CEC_ADAP_G_CAPS(r0, 0xc04c6100, &(0x7f00000000c0)) 2m11.47924906s ago: executing program 5 (id=10852): r0 = syz_open_dev$cec(&(0x7f0000000180), 0x0, 0x0) ioctl$CEC_ADAP_S_LOG_ADDRS(r0, 0xc05c6104, &(0x7f00000001c0)={'Wc9\t', 0x0, 0x6, 0x3, 0x0, 0x0, "09000000e3ff00", "000200", "00ff0200", "798a202d", ["c2fffedbff00ffdfffffffff", "ffff08000000000000042371", "078d1600", "38a70ed483c99b9f1600d333"]}) 2m11.47533221s ago: executing program 7 (id=10854): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0xbc01) ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, 0x0) 2m11.253863564s ago: executing program 7 (id=10857): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0xffffffffffffffff, 0x49) 2m11.003682829s ago: executing program 7 (id=10860): r0 = socket$packet(0x11, 0x2, 0x300) getsockopt$packet_int(r0, 0x107, 0x11, 0x0, &(0x7f0000000080)) 2m10.913640011s ago: executing program 5 (id=10861): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000029008188e6b62aa73772cc9f1ba1f848430000005e140602000006020e00280010000700028000001294", 0x2e}], 0x1}, 0x0) 2m10.474457099s ago: executing program 37 (id=10861): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000000)="2e00000029008188e6b62aa73772cc9f1ba1f848430000005e140602000006020e00280010000700028000001294", 0x2e}], 0x1}, 0x0) 2m10.456848839s ago: executing program 7 (id=10863): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy") mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c}) 2m9.726365483s ago: executing program 7 (id=10868): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0xb173, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x49, 0x1, 0x0, "4749570000000000000000000e00000008000000000000001400", 0x64737664}) 2m8.968886058s ago: executing program 7 (id=10873): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x20000) 2m8.313684011s ago: executing program 38 (id=10873): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, 0x0, 0x20000) 3.239641407s ago: executing program 0 (id=12182): r0 = socket$unix(0x1, 0x5, 0x0) read(r0, &(0x7f0000000100)=""/94, 0x5e) 2.844846455s ago: executing program 0 (id=12186): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f00000005c0)={0x0, 0x1, @raw_data=[0x0, 0x0, 0x100b, 0x0, 0x0, 0x3]}) 2.57767997s ago: executing program 0 (id=12189): mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x29, 0x48, 0x99, 0x40, 0x46d, 0x821, 0x6259, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x6, 0x0, 0x60, 0x0, [{{0x9, 0x4, 0x6d, 0xfc, 0x1, 0xe, 0x1, 0x0, 0x0, [], [{{0x9, 0x5, 0x8, 0x3, 0x20, 0xe, 0x0, 0x7}}]}}]}}]}}, 0x0) 2.390439873s ago: executing program 1 (id=12190): r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup\x00', 0x0, 0x0) getdents64(r0, 0x0, 0x0) 2.189654147s ago: executing program 8 (id=12193): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) ioctl$SNDCTL_MIDI_PRETIME(r0, 0xc0046d00, &(0x7f0000000000)=0xfffffffe) 2.110046619s ago: executing program 1 (id=12194): r0 = socket(0x40000000015, 0x5, 0x0) sendmsg$NL80211_CMD_SET_CHANNEL(r0, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000100)={0x0, 0x44}, 0x1, 0x0, 0x0, 0x400}, 0x4000000) 1.770328475s ago: executing program 1 (id=12198): r0 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/time_for_children\x00') fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) 1.747016016s ago: executing program 2 (id=12199): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x200008004ee97ffd, 0x8e00) ioctl$EVIOCSMASK(r0, 0x40104593, 0x0) 1.588290239s ago: executing program 8 (id=12200): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$FS_IOC_GETFLAGS(r0, 0x5428, 0x0) 1.490681721s ago: executing program 1 (id=12201): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000f00)=[{{&(0x7f0000000300)={0xa, 0x0, 0x0, @local, 0x3}, 0x1c, &(0x7f00000002c0)=[{&(0x7f0000000440)="83", 0x1}], 0x1}}, {{&(0x7f0000000040)={0xa, 0x4e23, 0x4, @local}, 0x1c, &(0x7f0000000140)=[{&(0x7f0000000080)="b6", 0x1}], 0x1}}], 0x2, 0x0) 1.479119971s ago: executing program 9 (id=12202): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd4, &(0x7f0000000400), 0x4) 1.403620523s ago: executing program 2 (id=12203): r0 = socket(0x10, 0x80002, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'wlan1\x00', &(0x7f0000000080)=@ethtool_rxnfc={0x2e, 0x5, 0x3, {0x14, @ah_ip6_spec={@private1, @empty, 0x9, 0x6}, {0x0, @empty, 0x5, 0x9, [0x4, 0x2]}, @usr_ip4_spec={@empty, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x3, 0x2, 0x1, 0xa}, {0x0, @random="a1472b07c5b6", 0x1, 0x9, [0x0, 0x10001]}, 0x6, 0x200}}}) 1.220346386s ago: executing program 9 (id=12204): r0 = syz_open_dev$video(&(0x7f00000010c0), 0x0, 0x0) ioctl$VIDIOC_CROPCAP(r0, 0xc02c563a, &(0x7f0000000040)={0x8}) 1.170398247s ago: executing program 1 (id=12205): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000900)=@mangle={'mangle\x00', 0x44, 0x6, 0x510, 0x3a8, 0x210, 0x210, 0x0, 0x138, 0x478, 0x478, 0x478, 0x478, 0x478, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @empty, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x570) 1.168476907s ago: executing program 2 (id=12206): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xc, &(0x7f00000004c0)=0xffff0001, 0x4) 1.115207238s ago: executing program 8 (id=12207): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$VT_GETMODE(r0, 0x5601, 0xffffffffffffffff) 991.67828ms ago: executing program 9 (id=12208): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=@newtaction={0x44, 0x32, 0x1, 0x1, 0x0, {}, [{0x30, 0x1, [@m_nat={0x2c, 0x1, 0x0, 0x0, {{0x8}, {0x4}, {0x4}, {0xc}, {0xc, 0x3}}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x44}, 0x0) 935.459512ms ago: executing program 2 (id=12209): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x100083, 0x0) ioctl$TIOCGSOFTCAR(r0, 0x5416, &(0x7f0000001100)) 904.300132ms ago: executing program 1 (id=12210): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./bus\x00', 0x41, &(0x7f00000008c0)={[{@bsdgroups}, {@nodiscard}, {@noblock_validity}, {@nobarrier}, {@grpjquota}, {@orlov}, {@abort}, {@nombcache}, {@stripe={'stripe', 0x3d, 0x10}}]}, 0x64, 0x50a, &(0x7f0000000200)="$eJzs3VFrHFsdAPD/bHZr06Y3ueqDXvB6tZW0aHeTxrbBh1pB9Kmg1vcak00I2WRDdtM2oWiKH0AQUcEnffFF8AMIUvDFRxEK+qyoKKKtPvigncvuTtI03U227TabZn8/mMw5Z2b2f86GmZ0zc5gJYGC9FxHXI+JJmqYXImI0K89lU2y1psZ6jx/dm21MSaTpzX8mkWRl25+VZPPT2WYnI+JrX474ZvJ83NrG5tJMpVJey/Kl+vJqqbaxeXFxeWahvFBemZqavDJ9dfry9ERP2nkmIq598a8/+O7PvnTtV5+586dbfz//rUa1RrLlu9vxgvL7LWw1vdD8LnZvsPaSwY6ifLOFmeF2aww9V3L/NdcJAID2Guf4H4yIT0bEhRiNof1PZwEAAIA3UPr5kfhfEpG2d6JDOQAAAPAGyTXHwCa5YjYWYCRyuWKxNYb3w3EqV6nW6p+er66vzLXGyo5FITe/WClPZGOFx6KQNPKTzfTT/KU9+amIeDsivj863MwXZ6uVuX5f/AAAAIABcXpP//8/o63+PwAAAHDMjPW7AgAAAMBrp/8PAAAAx5/+PwAAABxrX7lxozGl2++/nru9sb5UvX1xrlxbKi6vzxZnq2urxYVqdaH5zL7lgz6vUq2ufjZW1u+W6uVavVTb2Ly1XF1fqd9afOYV2AAAAMAhevvjD/6QRMTW54abU8OJ7jbtcjXgqMrvpJJs3ma3/uNbrflfDqlSwKEY6ncFgL7J97sCQN8U+l0BoO+SA5Z3HLzz22z+id7WBwAA6L3xj3a+/5/bd8ut/RcDR56dGAaX+/8wuJr3/7sdyetkAY6VgjMAGHivfP//QGn6QhUCAAB6bqQ5JblidnlvJHK5YjHiTPO1AIVkfrFSnoiItyLi96OFDzTyk80tkwP7DAAAAAAAAAAAAAAAAAAAAAAAAABAS5omkQIAAADHWkTub8mvW8/yHx89N7L3+sCJ5L+jkb0i9M6Pb/7w7ky9vjbZKP/XTnn9R1n5pX5cwQAAAICB8EIv8N/up2/34wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACglx4/uje7PR1m3H98ISLG2sXPx8nm/GQUIuLUv5PI79ouiYihHsQfbvz5SLv4SaNaOyHbxR/uQfyt+/vGj7HsW2gX/3QP4sMge9A4/lxvt//l4r3mvP3+l494Jv+yOh//Yuf4N9Rh/z/TZYx3Hv6i1DH+/Yh38u2PP9vxkw7xz3YZ/xtf39zstCz9ScR429+f5JlYpfryaqm2sXlxcXlmobxQXpmamrwyfXX68vREaX6xUs7+to3xvY/98sl+7T/VIf7YAe0/12X7///w7qMPtZKFdvHPn20T/zc/zdZ4Pn4u++37VJZuLB/fTm+10ru9+/Pfvbtf++c6tP+g///5Ltt/4avf+XOXqwIAh6C2sbk0U6mU145totFLPwLVkDiCiW/39APTNE0b+9QrfE4SR+FraSb6fWQCAAB67elJf79rAgAAAAAAAAAAAAAAAAAAAIPrMB4ntjfm1k4q6cUjtAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeuL9AAAA//+GAdlV") syz_mount_image$msdos(&(0x7f0000000f40), &(0x7f0000000f00)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000)) 772.456135ms ago: executing program 0 (id=12211): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi0\x00', 0x8080, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000000)={'dac02\x00', [0x5, 0xe, 0x0, 0xb, 0x0, 0x9, 0xcc96, 0x3, 0x1008b, 0x0, 0x3e, 0x8, 0xbfe, 0x4, 0x9, 0xfffffffd, 0x0, 0x5, 0x4, 0x8, 0x2, 0x4, 0x3ff, 0x5, 0x1, 0x4, 0x2, 0xc005, 0x57, 0x8008, 0x4]}) 751.132935ms ago: executing program 9 (id=12212): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x4, 0x10, &(0x7f00000008c0)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000000000000850000001c00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 725.321346ms ago: executing program 8 (id=12213): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000050000000900010073797a30000000002c000000030a01010000000000000000050000000900010073797a30000000000900030069087a300000000060000000060a010400000000000000000500400008000b400000000038000480340001800b00010074756e6e656c0000240002800800034000000000080001400000000908000340000000f5080002400000000c0900010073797a30"], 0xd4}}, 0x0) 503.25085ms ago: executing program 2 (id=12214): r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000580)=ANY=[@ANYBLOB="12000000400000000800000001"], 0x48) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r0, &(0x7f0000000200), 0x0}, 0x20) 438.953291ms ago: executing program 9 (id=12215): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r0, 0x107, 0x2, 0x0, 0x0) 349.726143ms ago: executing program 8 (id=12216): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x220, 0xd0, 0x720d, 0x148, 0x0, 0x148, 0x188, 0x240, 0x240, 0x188, 0x240, 0x7fffffe, 0x0, {[{{@ip={@multicast1, @rand_addr=0x64010100, 0xff, 0xff000000, 'veth1_to_hsr\x00', 'dvmrp1\x00', {0xff}, {}, 0xff, 0x1, 0x30}, 0x0, 0x70, 0xd0}, @common=@SET={0x60, 'SET\x00', 0x0, {{0xffffffffffffffff, [0x1, 0x1e01, 0x2, 0x3], 0x0, 0x2}, {0xffffffffffffffff, [0x7, 0xb2cc575b459b5b36, 0x4, 0x4], 0x6, 0x7}}}}, {{@ip={@broadcast, @multicast1, 0xff000000, 0xffffffff, 'sit0\x00', 'vlan1\x00', {0xff}, {0xff}, 0x1, 0x3, 0x40}, 0x0, 0x98, 0xb8, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) 345.606653ms ago: executing program 0 (id=12217): r0 = syz_open_procfs(0x0, &(0x7f0000000340)='fd\x00') getdents64(r0, 0x0, 0x0) 240.112305ms ago: executing program 9 (id=12218): syz_mount_image$hfs(&(0x7f0000000040), &(0x7f0000000680)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100cc9a, &(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x1, 0x2af, &(0x7f0000000240)="$eJzs3UFr1E4Yx/HfJNvt/v8tNbYVQTxVBU+lrRcRRJF9B148idrdQnGpoBXUi9Vz8eCxd9+CL8KTeBa8efIFFDxEZpI0yW6S3XbZxq3fD3TJJvMk83SyyTwLSwTgn3Wv/ePTjZ/2z0i+fKkpyZPUkhqSLuhi6+XO7vZur9up2pHvIuyfURRpBtps7nSLQm2ci4gF9l1D85l1zeIgjKv1/dghPv/8s8eEYRgWrPek2exon5WR36u7AzUzhzrUbN29AADUzc3+o4m/L/nz8fzd86Rr8W3fbk/v/9N7A/0dRuruR63c/f+VFpLKKzR2fM+5TWm950o4u91LqsTKnXrFq5vxNj/XgWFVpeuL99/Wdq+7uvms1/H0XndimWbL7rWTP3i2t+8Gd71SUJtWGCn3I28zJ9acy2HG5rBR0v+l8Y/ozJRu6RsV88V8NQ9NoAN13PhbjdDYYXIjFfSNVNT/NeWL9AyXZRC1KsnyvIu+lC/kK7P01deNrGa8z0Y2+SDtZ0XUYl8WUXbrQ6KWCqM2hkQt90elZ3N55KSZD+aBWdEvfVb7aPztWeJHl/rhn0zbxrWMz4zKfBquZeDuJ/Gnbu9yYcuSqwcmYl9PdFMLL16/efq41+s+Z2G0heQ6+7f050QLyUlw6kf33cJHSXXkvr96e8um7dYonuJO9KAazNTXiOGNcY6e3HdO3vkarkk4demgHzOweCqI6eO5r/9d/ZepV9bcZM2+BBXz9KFFdGaP6yW1waJ7/b+8gssx7quHufIKbtSa68p16WrJEdsHA7sN4n5OtbtKvsIxbX3To8z8HwAAAAAAAAAAAAAAAAAAAFNhvJ83hGH684aWyhrXnSMAAAAAAAAAAAAAAAAAAAAAANNu8Pm/ulXr83/vK3qXf/4vgAn4EwAA////Xngs") truncate(&(0x7f0000000280)='./file1\x00', 0x1fefff) 228.469636ms ago: executing program 2 (id=12219): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101b01) ioctl$USBDEVFS_CLEAR_HALT(r0, 0x80045515, &(0x7f0000000040)={0x1, 0x1}) 500.63µs ago: executing program 8 (id=12220): r0 = openat$capi20(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$CAPI_NCCI_GETUNIT(r0, 0x80044327, 0x0) 0s ago: executing program 0 (id=12221): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000880)={0x1c, 0x5e, 0xe25, 0x0, 0x0, "", [@typed={0x8, 0x0, 0x0, 0x0, @fd}, @nested={0x4}]}, 0x1c}], 0x1}, 0x0) kernel console output (not intermixed with test programs): arms(): no params data found [ 1320.037263][T30306] loop2: detected capacity change from 0 to 1024 [ 1320.060836][T25420] Bluetooth: hci0: command 0x0409 tx timeout [ 1320.325017][ T57] hfsplus: b-tree write err: -5, ino 4 [ 1320.554647][T25250] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1320.568848][T25250] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1320.588715][T25250] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1320.602146][T25250] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1320.609953][T25250] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1320.617719][T25250] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1320.900486][T30241] bridge0: port 1(bridge_slave_0) entered blocking state [ 1320.913480][T30241] bridge0: port 1(bridge_slave_0) entered disabled state [ 1320.953580][T30241] device bridge_slave_0 entered promiscuous mode [ 1320.992229][T30241] bridge0: port 2(bridge_slave_1) entered blocking state [ 1320.999399][T30241] bridge0: port 2(bridge_slave_1) entered disabled state [ 1321.034902][T30241] device bridge_slave_1 entered promiscuous mode [ 1321.187195][T30241] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1321.239522][T30241] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1321.268883][T25250] Bluetooth: hci1: command 0x0409 tx timeout [ 1321.316953][T30241] team0: Port device team_slave_0 added [ 1321.409550][T30241] team0: Port device team_slave_1 added [ 1321.578450][T30241] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1321.610949][T30241] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1321.689569][T30241] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1321.809773][T30268] chnl_net:caif_netlink_parms(): no params data found [ 1321.840793][T30241] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1321.874424][T30241] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1321.930372][T30241] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1321.963528][T25765] device hsr_slave_0 left promiscuous mode [ 1321.969155][T30331] loop8: detected capacity change from 0 to 32768 [ 1321.982181][T25765] device hsr_slave_1 left promiscuous mode [ 1321.998339][T30331] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 1322.007037][T25765] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1322.013323][T30331] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 1322.022583][T25765] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1322.051967][T25765] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1322.062711][T30331] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 1322.102680][T25765] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1322.115994][T25765] device bridge_slave_1 left promiscuous mode [ 1322.122420][T25765] bridge0: port 2(bridge_slave_1) entered disabled state [ 1322.172308][T25765] device bridge_slave_0 left promiscuous mode [ 1322.192629][T25765] bridge0: port 1(bridge_slave_0) entered disabled state [ 1322.205528][T30331] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 1322.284638][T25250] Bluetooth: hci0: command 0x041b tx timeout [ 1322.331117][T25765] device veth0_macvtap left promiscuous mode [ 1322.337334][T25765] device veth1_vlan left promiscuous mode [ 1322.358960][T25765] device veth0_vlan left promiscuous mode [ 1322.694638][T25765] bond3 (unregistering): Released all slaves [ 1322.805083][T25250] Bluetooth: hci3: command 0x0409 tx timeout [ 1322.904379][T25765] bond2 (unregistering): Released all slaves [ 1322.914777][T25765] bond1 (unregistering): Released all slaves [ 1323.426609][T25765] team0 (unregistering): Port device team_slave_1 removed [ 1323.482052][T25250] Bluetooth: hci1: command 0x041b tx timeout [ 1323.488210][T25765] team0 (unregistering): Port device team_slave_0 removed [ 1323.544198][T25765] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1323.605110][T25765] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1324.256751][T25765] bond0 (unregistering): Released all slaves [ 1324.511768][T25420] Bluetooth: hci0: command 0x040f tx timeout [ 1324.747825][T30241] device hsr_slave_0 entered promiscuous mode [ 1324.760387][T30241] device hsr_slave_1 entered promiscuous mode [ 1324.765506][T30372] loop2: detected capacity change from 0 to 64 [ 1324.778376][T30241] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1324.819473][T30241] Cannot create hsr debugfs directory [ 1324.857469][T30375] loop8: detected capacity change from 0 to 512 [ 1324.893511][T30375] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 1325.014436][T30375] FAT-fs (loop8): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1325.032054][T25420] Bluetooth: hci3: command 0x041b tx timeout [ 1325.050900][T30268] bridge0: port 1(bridge_slave_0) entered blocking state [ 1325.070135][T30268] bridge0: port 1(bridge_slave_0) entered disabled state [ 1325.078503][T30268] device bridge_slave_0 entered promiscuous mode [ 1325.148252][T30268] bridge0: port 2(bridge_slave_1) entered blocking state [ 1325.171491][T30268] bridge0: port 2(bridge_slave_1) entered disabled state [ 1325.179812][T30268] device bridge_slave_1 entered promiscuous mode [ 1325.443572][T30268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1325.475336][ T26] audit: type=1326 audit(32760886.389:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30385 comm="syz.8.10901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1325.502920][T30268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1325.563839][ T26] audit: type=1326 audit(32760886.389:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30385 comm="syz.8.10901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=135 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1325.679577][T30268] team0: Port device team_slave_0 added [ 1325.699839][ T26] audit: type=1326 audit(32760886.389:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30385 comm="syz.8.10901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1325.727214][T25420] Bluetooth: hci1: command 0x040f tx timeout [ 1325.741497][T30320] chnl_net:caif_netlink_parms(): no params data found [ 1325.788487][T30268] team0: Port device team_slave_1 added [ 1325.862933][ T26] audit: type=1326 audit(32760886.389:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30385 comm="syz.8.10901" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1325.973258][T30268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1325.981584][T30268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1326.036811][T30268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1326.127544][T30268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1326.153839][T30268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1326.245080][T30268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1326.441691][ T4349] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1326.584106][T30424] ieee802154 phy0 wpan0: encryption failed: -22 [ 1326.634436][ T4349] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1326.702154][T30268] device hsr_slave_0 entered promiscuous mode [ 1326.739650][T25420] Bluetooth: hci0: command 0x0419 tx timeout [ 1326.752366][T30268] device hsr_slave_1 entered promiscuous mode [ 1326.765663][T30268] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1326.773773][T30268] Cannot create hsr debugfs directory [ 1326.797124][T30320] bridge0: port 1(bridge_slave_0) entered blocking state [ 1326.804267][T30320] bridge0: port 1(bridge_slave_0) entered disabled state [ 1326.812197][T30320] device bridge_slave_0 entered promiscuous mode [ 1326.823209][T30320] bridge0: port 2(bridge_slave_1) entered blocking state [ 1326.830590][T30320] bridge0: port 2(bridge_slave_1) entered disabled state [ 1326.839232][T30320] device bridge_slave_1 entered promiscuous mode [ 1326.856545][T30241] netdevsim netdevsim9 netdevsim0: renamed from eth0 [ 1326.920300][ T4349] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1326.999054][T20663] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 1327.021515][T30241] netdevsim netdevsim9 netdevsim1: renamed from eth1 [ 1327.049677][T30320] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1327.090710][ T4349] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1327.121338][T30241] netdevsim netdevsim9 netdevsim2: renamed from eth2 [ 1327.140253][T30320] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1327.160544][T30241] netdevsim netdevsim9 netdevsim3: renamed from eth3 [ 1327.201007][T20663] usb 3-1: Using ep0 maxpacket: 8 [ 1327.213585][T20663] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 1327.243618][T20663] usb 3-1: config 179 has no interface number 0 [ 1327.250441][T25250] Bluetooth: hci3: command 0x040f tx timeout [ 1327.270072][T20663] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 64, changing to 10 [ 1327.280119][T30320] team0: Port device team_slave_0 added [ 1327.281959][T20663] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 1029, setting to 1024 [ 1327.299068][T20663] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1327.310566][T20663] usb 3-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1327.321238][T20663] usb 3-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1327.325757][T30443] netlink: 'syz.8.10921': attribute type 4 has an invalid length. [ 1327.334816][T20663] usb 3-1: config 179 interface 65 has no altsetting 0 [ 1327.334860][T20663] usb 3-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 1327.334885][T20663] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1327.371259][T30428] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1327.392349][T30443] netlink: 3657 bytes leftover after parsing attributes in process `syz.8.10921'. [ 1327.396404][T20663] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input92 [ 1327.442770][T30320] team0: Port device team_slave_1 added [ 1327.599118][T30320] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1327.606132][T30320] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1327.698055][T30320] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1327.834518][T20663] usb 3-1: USB disconnect, device number 124 [ 1327.840604][ C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1327.864392][T30320] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1327.865826][T20663] xpad 3-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 1327.874341][T30320] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1327.920925][T30320] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1327.931679][T25250] Bluetooth: hci1: command 0x0419 tx timeout [ 1328.430503][T30320] device hsr_slave_0 entered promiscuous mode [ 1328.448965][T30448] loop8: detected capacity change from 0 to 32768 [ 1328.456071][T30320] device hsr_slave_1 entered promiscuous mode [ 1328.495999][T30320] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1328.503629][T30320] Cannot create hsr debugfs directory [ 1328.515620][T30448] ocfs2: Slot 0 on device (7,8) was already allocated to this node! [ 1328.562149][T30241] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1328.575872][T30448] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 1328.696203][T30448] (syz.8.10922,30448,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=0, inode=65, rec_len=16, name_len=9 [ 1328.720572][T30448] (syz.8.10922,30448,0):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 1328.750613][T30448] (syz.8.10922,30448,0):ocfs2_mknod:298 ERROR: status = -2 [ 1328.766995][ T4349] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1328.778602][T30448] (syz.8.10922,30448,0):ocfs2_mknod:502 ERROR: status = -2 [ 1328.863173][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1328.877323][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1328.894935][T25415] ocfs2: Unmounting device (7,8) on (node local) [ 1328.926940][T30241] 8021q: adding VLAN 0 to HW filter on device team0 [ 1329.032937][ T4349] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.085962][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1329.107551][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1329.121346][T25765] bridge0: port 1(bridge_slave_0) entered blocking state [ 1329.128546][T25765] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1329.173170][ T4349] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.206606][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1329.216910][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1329.234206][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1329.243818][T25765] bridge0: port 2(bridge_slave_1) entered blocking state [ 1329.251003][T25765] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1329.268050][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1329.306606][T30472] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 1329.361405][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1329.389462][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1329.434094][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1329.479295][T25420] Bluetooth: hci3: command 0x0419 tx timeout [ 1329.535067][ T4349] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1329.594296][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1329.611008][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1329.641587][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1329.710785][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1329.730825][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1329.776400][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1329.790093][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1329.824884][T30241] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1330.124926][T30494] loop2: detected capacity change from 0 to 256 [ 1330.183189][T30494] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1330.867234][T30488] loop8: detected capacity change from 0 to 32768 [ 1330.940864][T30241] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1330.968009][T30488] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 1330.983054][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1330.997592][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1331.259270][T25415] ocfs2: Unmounting device (7,8) on (node local) [ 1331.748880][T30526] vivid-007: disconnect [ 1331.758505][T30525] vivid-007: reconnect [ 1332.261709][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1332.281099][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1332.625862][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1332.648841][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1332.752345][T30241] device veth0_vlan entered promiscuous mode [ 1333.001173][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1333.019657][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1333.237170][T30241] device veth1_vlan entered promiscuous mode [ 1333.298833][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1333.308174][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1333.340903][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1333.357950][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1333.406151][T30241] device veth0_macvtap entered promiscuous mode [ 1333.551035][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1333.580081][T30241] device veth1_macvtap entered promiscuous mode [ 1333.668440][T30562] loop2: detected capacity change from 0 to 4096 [ 1333.775218][T30562] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1334.099476][ T4314] EXT4-fs (loop2): unmounting filesystem. [ 1334.479538][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.514624][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.524521][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.537170][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.557376][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.579467][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.627677][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1334.661928][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.687328][T30241] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1334.702866][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1334.740872][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1334.785863][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.813791][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.834608][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.877981][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.909484][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.928428][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1334.952748][T30241] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1334.963625][T30241] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1335.008556][T30241] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1335.398722][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1335.413704][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1335.446188][T30241] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.454984][T30241] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.487121][T30241] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1335.499157][T30241] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1336.632743][ T26] audit: type=1400 audit(32760896.828:167): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name=":(%#{//(@\)//&@},['%%&\#*" pid=30610 comm="syz.2.10981" [ 1336.677606][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1336.738957][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1336.762955][ T4407] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1336.797529][ T4407] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1336.871972][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1336.894773][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1337.054680][T30268] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1337.093694][ T4349] device hsr_slave_0 left promiscuous mode [ 1337.130597][ T4349] device hsr_slave_1 left promiscuous mode [ 1337.146141][ T4349] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1337.153642][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1337.163678][T30619] loop8: detected capacity change from 0 to 256 [ 1337.187594][ T4349] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1337.202255][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1337.220318][ T4349] device bridge_slave_1 left promiscuous mode [ 1337.237556][ T4349] bridge0: port 2(bridge_slave_1) entered disabled state [ 1337.244476][T30619] FAT-fs (loop8): Directory bread(block 64) failed [ 1337.267011][ T4349] device bridge_slave_0 left promiscuous mode [ 1337.267424][T30619] FAT-fs (loop8): Directory bread(block 65) failed [ 1337.289595][ T4349] bridge0: port 1(bridge_slave_0) entered disabled state [ 1337.291125][T30619] FAT-fs (loop8): Directory bread(block 66) failed [ 1337.312988][T30619] FAT-fs (loop8): Directory bread(block 67) failed [ 1337.321091][T30619] FAT-fs (loop8): Directory bread(block 68) failed [ 1337.328360][T30619] FAT-fs (loop8): Directory bread(block 69) failed [ 1337.337992][ T4349] device hsr_slave_0 left promiscuous mode [ 1337.347616][T30619] FAT-fs (loop8): Directory bread(block 70) failed [ 1337.354353][T30619] FAT-fs (loop8): Directory bread(block 71) failed [ 1337.365759][ T4349] device hsr_slave_1 left promiscuous mode [ 1337.369674][T30619] FAT-fs (loop8): Directory bread(block 72) failed [ 1337.378897][T30619] FAT-fs (loop8): Directory bread(block 73) failed [ 1337.387002][ T4349] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1337.405676][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1337.430189][ T4349] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1337.453431][ T4349] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1337.471214][ T4349] device bridge_slave_1 left promiscuous mode [ 1337.481219][ T4349] bridge0: port 2(bridge_slave_1) entered disabled state [ 1337.495453][ T4349] device bridge_slave_0 left promiscuous mode [ 1337.514529][ T4349] bridge0: port 1(bridge_slave_0) entered disabled state [ 1337.640115][ T4349] device veth1_macvtap left promiscuous mode [ 1337.646346][ T4349] device veth0_macvtap left promiscuous mode [ 1337.663508][ T4349] device veth1_vlan left promiscuous mode [ 1337.669559][ T4349] device veth0_vlan left promiscuous mode [ 1337.688342][ T4349] device veth1_macvtap left promiscuous mode [ 1337.701798][ T4349] device veth0_macvtap left promiscuous mode [ 1337.721899][ T4349] device veth1_vlan left promiscuous mode [ 1338.238108][ T4349] bond1 (unregistering): Released all slaves [ 1338.511206][ T9] smc: removing ib device syz0 [ 1339.329230][T30657] loop9: detected capacity change from 0 to 2048 [ 1339.375675][T30657] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1339.810907][ T4349] team0 (unregistering): Port device team_slave_1 removed [ 1339.930576][ T4349] team0 (unregistering): Port device team_slave_0 removed [ 1340.011246][ T4349] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1340.088403][ T4349] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1340.896860][ T41] usb 10-1: new high-speed USB device number 2 using dummy_hcd [ 1340.972296][ T4349] bond0 (unregistering): Released all slaves [ 1341.146045][ T41] usb 10-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1341.156652][ T41] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1341.165333][ T41] usb 10-1: Product: syz [ 1341.170940][ T41] usb 10-1: Manufacturer: syz [ 1341.177813][ T41] usb 10-1: SerialNumber: syz [ 1341.184458][ T41] usb 10-1: config 0 descriptor?? [ 1341.194581][ T41] ch341 10-1:0.0: ch341-uart converter detected [ 1341.283249][ T4349] bond1 (unregistering): Released all slaves [ 1341.540529][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1341.547715][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1341.647577][ T41] usb 10-1: failed to send control message: -71 [ 1341.657096][ T41] ch341-uart: probe of ttyUSB0 failed with error -71 [ 1341.665646][ T41] usb 10-1: USB disconnect, device number 2 [ 1341.674404][ T41] ch341 10-1:0.0: device disconnected [ 1341.851296][ T4349] team0 (unregistering): Port device team_slave_1 removed [ 1341.916194][ T4349] team0 (unregistering): Port device team_slave_0 removed [ 1341.973500][ T4349] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1342.030140][ T4349] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1342.944226][T30701] usb usb8: usbfs: process 30701 (syz.9.11025) did not claim interface 8 before use [ 1343.019076][ T4349] bond0 (unregistering): Released all slaves [ 1343.155699][T30268] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1343.169451][T30635] netlink: 40 bytes leftover after parsing attributes in process `syz.8.10992'. [ 1343.267403][T30268] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1343.281967][T30268] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1343.604564][T30268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1343.617838][T30320] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1343.665196][T30320] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1343.735879][T30320] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1343.790118][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1343.829885][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1343.876467][T30320] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1343.921847][T30731] netlink: 24 bytes leftover after parsing attributes in process `syz.8.11037'. [ 1343.950915][T30268] 8021q: adding VLAN 0 to HW filter on device team0 [ 1344.095728][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1344.129338][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1344.163215][ T40] bridge0: port 1(bridge_slave_0) entered blocking state [ 1344.170454][ T40] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1344.199828][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1344.268362][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1344.301105][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1344.310572][ T40] bridge0: port 2(bridge_slave_1) entered blocking state [ 1344.317779][ T40] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1344.327205][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1344.352000][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1344.425898][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1344.446810][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1344.469031][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1344.520392][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1344.612266][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1344.645115][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1344.721691][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1344.788497][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1344.797113][ T4407] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1344.834339][T30268] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1344.968053][T30758] loop9: detected capacity change from 0 to 64 [ 1345.010320][T30761] loop8: detected capacity change from 0 to 256 [ 1345.085764][T30320] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1345.155202][T30761] FAT-fs (loop8): Directory bread(block 64) failed [ 1345.202135][T30761] FAT-fs (loop8): Directory bread(block 65) failed [ 1345.229663][T30761] FAT-fs (loop8): Directory bread(block 66) failed [ 1345.236588][T30761] FAT-fs (loop8): Directory bread(block 67) failed [ 1345.270807][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 1345.302720][T30761] FAT-fs (loop8): Directory bread(block 68) failed [ 1345.303435][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 1345.309344][T30761] FAT-fs (loop8): Directory bread(block 69) failed [ 1345.364076][T30320] 8021q: adding VLAN 0 to HW filter on device team0 [ 1345.384322][T30761] FAT-fs (loop8): Directory bread(block 70) failed [ 1345.421711][T30761] FAT-fs (loop8): Directory bread(block 71) failed [ 1345.428960][T30761] FAT-fs (loop8): Directory bread(block 72) failed [ 1345.454561][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 1345.476318][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1345.503938][T30761] FAT-fs (loop8): Directory bread(block 73) failed [ 1345.535809][T13039] bridge0: port 1(bridge_slave_0) entered blocking state [ 1345.543033][T13039] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1345.621105][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 1345.640516][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 1345.662461][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 1345.681533][T13039] bridge0: port 2(bridge_slave_1) entered blocking state [ 1345.688750][T13039] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1345.710287][T30772] loop9: detected capacity change from 0 to 16 [ 1345.717338][T30772] MTD: Attempt to mount non-MTD device "/dev/loop9" [ 1345.763163][ T26] audit: type=1800 audit(32760905.368:168): pid=30761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.11049" name="file1" dev="loop8" ino=1048705 res=0 errno=0 [ 1345.793595][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 1345.839171][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 1345.861590][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 1345.889893][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1345.900829][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 1345.943853][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1345.998482][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1346.025643][T30320] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 1346.074698][T30320] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1346.119925][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 1346.135584][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 1346.145373][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 1346.174432][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 1346.208878][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 1346.236300][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1346.247195][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1346.291567][T30268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1346.309139][T30786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11058'. [ 1346.403212][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1346.414410][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1346.454056][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1346.479758][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1346.494119][T30781] loop8: detected capacity change from 0 to 4096 [ 1346.503834][T30268] device veth0_vlan entered promiscuous mode [ 1346.521781][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1346.543017][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1346.589693][T30268] device veth1_vlan entered promiscuous mode [ 1346.608000][T30781] ntfs3: loop8: Mark volume as dirty due to NTFS errors [ 1346.668028][T30781] ntfs3: loop8: Failed to load $Extend. [ 1346.753943][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1346.772643][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1346.789924][T30268] device veth0_macvtap entered promiscuous mode [ 1346.824644][T30268] device veth1_macvtap entered promiscuous mode [ 1346.965590][T30268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1347.022240][T30268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1347.054368][T30268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1347.072168][T30268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1347.082874][T30268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1347.112734][T30268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1347.146200][T30268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1347.180241][T30801] device tunl0 entered promiscuous mode [ 1347.197586][T30801] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check. [ 1347.299885][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1347.323317][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 1347.364301][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1347.385544][T13039] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1347.401540][T30805] loop9: detected capacity change from 0 to 512 [ 1347.427263][T30268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1347.471576][T30268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1347.495782][T30805] EXT4-fs (loop9): mounting ext2 file system using the ext4 subsystem [ 1347.505680][T30268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1347.556945][T30268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1347.566839][T30268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1347.591973][T30805] EXT4-fs error (device loop9): ext4_orphan_get:1400: inode #15: comm syz.9.11067: iget: bad i_size value: 360287970189639680 [ 1347.664547][T30268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1347.675473][T30805] EXT4-fs error (device loop9): ext4_orphan_get:1405: comm syz.9.11067: couldn't read orphan inode 15 (err -117) [ 1347.678933][T30268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1347.704588][T30805] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 1347.705078][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1347.782317][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1347.824603][T30805] EXT4-fs error (device loop9): ext4_get_first_dir_block:3591: inode #12: block 13: comm syz.9.11067: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=12, rec_len=0, size=4096 fake=1 [ 1347.826319][T30268] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1347.860734][T30268] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1347.871269][T30268] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1347.882144][T30268] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1347.916842][T30805] EXT4-fs error (device loop9): ext4_get_first_dir_block:3594: inode #12: comm syz.9.11067: directory missing '.' [ 1347.938241][T30320] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1347.960902][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1347.992155][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1348.130736][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 1348.171249][T25765] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 1348.186393][T30241] EXT4-fs (loop9): unmounting filesystem. [ 1348.273777][T25571] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1348.295038][T25571] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1348.305535][ T6896] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 1348.397689][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1348.419077][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 1348.449490][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 1348.483581][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 1348.513398][ T6896] usb 3-1: Using ep0 maxpacket: 32 [ 1348.529249][ T6896] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1348.551527][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 1348.560512][ T6896] usb 3-1: config 11 has an invalid interface number: 4 but max is 0 [ 1348.581388][ T6896] usb 3-1: config 11 has no interface number 0 [ 1348.601083][T25571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1348.608109][T30320] device veth0_vlan entered promiscuous mode [ 1348.622071][ T6896] usb 3-1: config 11 interface 4 altsetting 4 endpoint 0x4 has invalid maxpacket 1088, setting to 64 [ 1348.636069][T25571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1348.653776][ T6896] usb 3-1: config 11 interface 4 has no altsetting 0 [ 1348.685391][T30320] device veth1_vlan entered promiscuous mode [ 1348.708451][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 1348.715315][ T6896] usb 3-1: New USB device found, idVendor=0e8d, idProduct=0043, bcdDevice=63.58 [ 1348.734005][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1348.743791][ T6896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1348.762779][ T6896] usb 3-1: Product: syz [ 1348.793846][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 1348.803426][ T6896] usb 3-1: Manufacturer: syz [ 1348.804917][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 1348.810739][ T6896] usb 3-1: SerialNumber: syz [ 1348.838500][ T57] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 1348.916207][T30320] device veth0_macvtap entered promiscuous mode [ 1348.962603][T30320] device veth1_macvtap entered promiscuous mode [ 1349.047145][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1349.068029][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.096654][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1349.105118][ T6896] option 3-1:11.4: GSM modem (1-port) converter detected [ 1349.133327][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.156343][ T6896] usb 3-1: USB disconnect, device number 125 [ 1349.181432][ T6896] option 3-1:11.4: device disconnected [ 1349.187297][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1349.247084][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.288154][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1349.317947][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.363283][T30320] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1349.401266][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 1349.421586][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 1349.426231][T30848] loop8: detected capacity change from 0 to 1024 [ 1349.455411][T25571] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 1349.489963][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1349.514364][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.563008][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1349.606456][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.646156][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1349.661375][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.672532][T30320] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1349.685684][T30320] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1349.697734][T25765] hfsplus: b-tree write err: -5, ino 4 [ 1349.736889][T30320] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1349.778214][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 1349.803942][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 1349.838987][T30320] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1349.861858][T30320] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1349.889667][T30320] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1349.917166][T30320] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1350.136573][ T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1350.155974][ T41] usb 9-1: new high-speed USB device number 10 using dummy_hcd [ 1350.163868][ T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1350.225755][ T26] audit: type=1326 audit(32760909.531:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30862 comm="syz.9.11088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09a38ebe9 code=0x7ffc0000 [ 1350.253464][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 1350.259760][T25571] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1350.262620][T30867] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 1350.276335][T25571] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1350.320773][ T26] audit: type=1326 audit(32760909.531:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30862 comm="syz.9.11088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7fb09a38ebe9 code=0x7ffc0000 [ 1350.383309][ T4349] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 1350.392953][ T41] usb 9-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1350.411335][ T41] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1350.441571][ T41] usb 9-1: Product: syz [ 1350.463164][ T26] audit: type=1326 audit(32760909.531:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30862 comm="syz.9.11088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09a38ebe9 code=0x7ffc0000 [ 1350.498338][ T41] usb 9-1: Manufacturer: syz [ 1350.503006][ T41] usb 9-1: SerialNumber: syz [ 1350.532843][ T41] usb 9-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1350.562938][ T26] audit: type=1326 audit(32760909.531:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30862 comm="syz.9.11088" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb09a38ebe9 code=0x7ffc0000 [ 1350.596471][ T41] usb 9-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1350.622798][T30874] loop2: detected capacity change from 0 to 1024 [ 1350.758780][T30870] loop9: detected capacity change from 0 to 4096 [ 1350.808702][T30870] ntfs: (device loop9): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1350.929537][T30870] ntfs: (device loop9): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 1351.031314][T30870] ntfs: (device loop9): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1351.069316][T30870] ntfs: (device loop9): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 1351.140308][ T7353] usb 9-1: USB disconnect, device number 10 [ 1351.173795][T30870] ntfs: (device loop9): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1351.252151][T30870] ntfs: volume version 3.1. [ 1351.282146][T30870] ntfs: (device loop9): load_and_init_quota(): Failed to find inode number for $Quota. [ 1351.320073][T30870] ntfs: (device loop9): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 1351.569306][T30899] loop0: detected capacity change from 0 to 128 [ 1351.639444][T30899] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 1351.734419][T30904] loop2: detected capacity change from 0 to 512 [ 1351.800399][ T41] ath9k_htc 9-1:1.0: ath9k_htc: Target is unresponsive [ 1351.819021][ T41] ath9k_htc: Failed to initialize the device [ 1351.838893][ T7353] usb 9-1: ath9k_htc: USB layer deinitialized [ 1351.868649][T30904] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1351.962752][T30320] EXT4-fs (loop0): unmounting filesystem. [ 1351.971464][T30904] EXT4-fs error (device loop2): ext4_xattr_block_get:546: inode #15: comm syz.2.11100: corrupted xattr block 33 [ 1351.995578][T30904] fscrypt (loop2, inode 15): Error -117 getting encryption context [ 1352.157645][T30915] loop9: detected capacity change from 0 to 764 [ 1352.198483][ T4314] EXT4-fs (loop2): unmounting filesystem. [ 1352.205235][T30918] cgroup: Unknown subsys name 'pcr' [ 1352.250714][T30915] rock: corrupted directory entry. extent=32, offset=2044, size=237 [ 1352.900973][T30930] 9pnet: Could not find request transport: f [ 1352.987270][T30944] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11116'. [ 1353.052215][T30944] (unnamed net_device) (uninitialized): option resend_igmp: invalid value (511) [ 1353.120692][T30944] (unnamed net_device) (uninitialized): option resend_igmp: allowed values 0 - 255 [ 1353.206435][T30952] netlink: 8 bytes leftover after parsing attributes in process `syz.9.11120'. [ 1354.672800][T30994] loop9: detected capacity change from 0 to 4096 [ 1354.788424][T30994] ntfs: volume version 3.1. [ 1355.445492][T31016] loop9: detected capacity change from 0 to 4096 [ 1355.506585][T31020] loop0: detected capacity change from 0 to 4096 [ 1355.649797][ T6896] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1355.739499][T31016] ntfs3: loop9: ino=1e, "file1" attr_set_size [ 1355.780273][T31032] loop1: detected capacity change from 0 to 1024 [ 1355.787592][T31016] ntfs3: loop9: Mark volume as dirty due to NTFS errors [ 1355.845180][T31032] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1355.862544][ T6896] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1355.893619][ T6896] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1355.926721][ T6896] usb 3-1: Product: syz [ 1355.952636][ T6896] usb 3-1: SerialNumber: syz [ 1355.970313][T31032] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1355.992759][ T6896] usb 3-1: config 0 descriptor?? [ 1356.015175][T31032] EXT4-fs (loop1): re-mounted. Quota mode: none. [ 1356.222060][ T6896] hso 3-1:0.0: Failed to find BULK IN ep [ 1356.251641][T30268] EXT4-fs (loop1): unmounting filesystem. [ 1356.386464][T31050] netlink: 'syz.0.11158': attribute type 1 has an invalid length. [ 1356.427108][T31050] netlink: 'syz.0.11158': attribute type 2 has an invalid length. [ 1356.456225][T31050] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11158'. [ 1356.461118][ T6896] usb 3-1: USB disconnect, device number 126 [ 1356.740242][ T41] usb 9-1: new high-speed USB device number 11 using dummy_hcd [ 1356.760022][T31059] loop1: detected capacity change from 0 to 1024 [ 1356.831646][T31059] syz.1.11161: attempt to access beyond end of device [ 1356.831646][T31059] loop1: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 1356.868525][T31059] Buffer I/O error on dev loop1, logical block 100663296, async page read [ 1356.912690][T31059] hfsplus: unable to mark blocks free: error -5 [ 1356.923885][T31059] hfsplus: can't free extent [ 1356.954300][ T41] usb 9-1: Using ep0 maxpacket: 32 [ 1356.970068][ T41] usb 9-1: config index 0 descriptor too short (expected 35577, got 27) [ 1356.997113][ T41] usb 9-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1357.050586][ T41] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1357.060762][ T41] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1357.136630][ T41] usb 9-1: config 1 has no interface number 0 [ 1357.184958][ T41] usb 9-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1357.208303][T31047] loop9: detected capacity change from 0 to 32768 [ 1357.210940][ T41] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1357.270075][ T41] snd_usb_pod 9-1:1.1: Line 6 Pocket POD found [ 1357.299731][T31071] loop1: detected capacity change from 0 to 512 [ 1357.314621][T31071] EXT4-fs: Ignoring removed bh option [ 1357.350034][T31047] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode. [ 1357.373662][T31071] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 1357.411536][T31071] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 1357.431069][T31047] (syz.9.11155,31047,0):ocfs2_symlink:2065 ERROR: status = -2 [ 1357.487921][ T41] snd_usb_pod 9-1:1.1: endpoint not available, using fallback values [ 1357.520882][ T41] snd_usb_pod 9-1:1.1: invalid control EP [ 1357.526723][ T41] snd_usb_pod 9-1:1.1: cannot start listening: -22 [ 1357.540905][ T41] snd_usb_pod 9-1:1.1: Line 6 Pocket POD now disconnected [ 1357.548731][ T41] snd_usb_pod: probe of 9-1:1.1 failed with error -22 [ 1357.558024][T31071] EXT4-fs (loop1): warning: mounting unchecked fs, running e2fsck is recommended [ 1357.589950][T30241] (syz-executor,30241,1):ocfs2_inode_is_valid_to_delete:852 ERROR: Skipping delete of root inode. [ 1357.592625][T31071] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=c002e01c, mo2=0006] [ 1357.641764][T31071] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 1357.660985][T30241] ocfs2: Unmounting device (7,9) on (node local) [ 1357.732581][T31077] loop2: detected capacity change from 0 to 4096 [ 1357.761202][ T41] usb 9-1: USB disconnect, device number 11 [ 1357.798274][T31077] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 1357.904908][T30268] EXT4-fs (loop1): unmounting filesystem. [ 1358.033865][T31077] ntfs3: loop2: failed to convert "c46c" to macgreek [ 1358.456557][T31101] comedi comedi0: Minor 14 could not be opened [ 1358.740306][T31110] loop2: detected capacity change from 0 to 256 [ 1358.813583][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1358.857087][T31110] FAT-fs (loop2): Filesystem has been set read-only [ 1358.868091][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1358.915851][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1358.935952][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1359.037297][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1359.148754][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1359.220467][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1359.262169][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1359.333453][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1359.370829][T31110] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 1359.446384][ T26] audit: type=1800 audit(32760918.165:173): pid=31110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.11178" name="file1" dev="loop2" ino=1048712 res=0 errno=0 [ 1359.466416][ C1] vkms_vblank_simulate: vblank timer overrun [ 1359.473675][T31131] netlink: 'syz.1.11187': attribute type 1 has an invalid length. [ 1359.830003][ T6896] usb 9-1: new high-speed USB device number 12 using dummy_hcd [ 1360.033062][ T6896] usb 9-1: Using ep0 maxpacket: 16 [ 1360.046080][ T6896] usb 9-1: config 1 interface 0 altsetting 235 endpoint 0x81 has an invalid bInterval 167, changing to 11 [ 1360.058929][T31153] loop9: detected capacity change from 0 to 2048 [ 1360.097042][ T6896] usb 9-1: config 1 interface 0 altsetting 235 bulk endpoint 0x82 has invalid maxpacket 1023 [ 1360.107405][ T6896] usb 9-1: config 1 interface 0 altsetting 235 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1360.108027][T31153] UDF-fs: error (device loop9): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1360.205753][ T6896] usb 9-1: config 1 interface 0 has no altsetting 0 [ 1360.217327][ T6896] usb 9-1: New USB device found, idVendor=0525, idProduct=0800, bcdDevice= 0.00 [ 1360.249187][ T6896] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1360.282709][ T6896] usb 9-1: Product: syz [ 1360.286956][ T6896] usb 9-1: Manufacturer: syz [ 1360.327703][ T6896] usb 9-1: SerialNumber: syz [ 1360.363403][T31135] raw-gadget.0 gadget.8: fail, usb_ep_enable returned -22 [ 1360.390057][ T6896] cdc_ether: probe of 9-1:1.0 failed with error -22 [ 1360.669395][T10251] usb 9-1: USB disconnect, device number 12 [ 1361.134746][T31193] netlink: 'syz.0.11211': attribute type 1 has an invalid length. [ 1361.203432][T31195] netlink: 212 bytes leftover after parsing attributes in process `syz.2.11212'. [ 1361.674117][ T26] audit: type=1326 audit(32760920.241:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31208 comm="syz.8.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1361.755634][T31213] deleting an unspecified loop device is not supported. [ 1361.798448][ T26] audit: type=1326 audit(32760920.260:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31208 comm="syz.8.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1361.923456][ T26] audit: type=1326 audit(32760920.260:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31208 comm="syz.8.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1361.923498][ T26] audit: type=1326 audit(32760920.260:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31208 comm="syz.8.11219" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1362.337278][T31190] loop9: detected capacity change from 0 to 32768 [ 1362.532718][ T26] audit: type=1326 audit(32760921.046:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31235 comm="syz.0.11229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x7ffc0000 [ 1362.610791][T31238] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1362.663750][ T26] audit: type=1326 audit(32760921.046:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31235 comm="syz.0.11229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f43a638ebe9 code=0x7ffc0000 [ 1362.814676][ T26] audit: type=1326 audit(32760921.046:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31235 comm="syz.0.11229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x7ffc0000 [ 1362.941066][ T26] audit: type=1326 audit(32760921.046:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31235 comm="syz.0.11229" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x7ffc0000 [ 1363.298173][T31260] loop0: detected capacity change from 0 to 256 [ 1363.497782][T31263] loop8: detected capacity change from 0 to 512 [ 1363.542056][T31263] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256 [ 1363.978112][T31268] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1364.015618][T31251] loop2: detected capacity change from 0 to 32768 [ 1364.125751][T31231] loop1: detected capacity change from 0 to 40427 [ 1364.134380][T31251] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 1364.170345][T31231] F2FS-fs (loop1): build fault injection attr: rate: 771, type: 0x3ffff [ 1364.219142][T31231] F2FS-fs (loop1): invalid crc value [ 1364.290918][T31231] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1364.534211][T31231] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1364.600061][ T4314] ocfs2: Unmounting device (7,2) on (node local) [ 1365.011187][T31296] x_tables: ip_tables: osf match: only valid for protocol 6 [ 1365.492898][T31310] loop9: detected capacity change from 0 to 1024 [ 1365.528495][T31312] netlink: 256 bytes leftover after parsing attributes in process `syz.1.11257'. [ 1365.637104][T31273] loop8: detected capacity change from 0 to 32768 [ 1365.754279][T31310] syz.9.11254: attempt to access beyond end of device [ 1365.754279][T31310] loop9: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 1365.865174][T31310] Buffer I/O error on dev loop9, logical block 100663296, async page read [ 1365.923021][ T26] audit: type=1326 audit(32760924.217:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1365.932998][T31310] syz.9.11254: attempt to access beyond end of device [ 1365.932998][T31310] loop9: rw=0, sector=201326592, nr_sectors = 2 limit=1024 [ 1366.041881][ T26] audit: type=1326 audit(32760924.263:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1366.084083][T31310] Buffer I/O error on dev loop9, logical block 100663296, async page read [ 1366.126091][ T26] audit: type=1326 audit(32760924.263:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1366.233635][ T26] audit: type=1326 audit(32760924.263:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1366.274716][T31327] loop1: detected capacity change from 0 to 1024 [ 1366.328464][ T26] audit: type=1326 audit(32760924.263:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1366.350776][ C1] vkms_vblank_simulate: vblank timer overrun [ 1366.358535][T31327] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 1366.460312][T31327] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a800e11d, mo2=0002] [ 1366.470329][ T26] audit: type=1326 audit(32760924.263:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1366.492681][ C1] vkms_vblank_simulate: vblank timer overrun [ 1366.501067][T31327] System zones: 0-1, 2-3, 4-36, 98-101, 102-102 [ 1366.508523][T31327] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1366.543330][ T26] audit: type=1326 audit(32760924.263:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1366.653738][ T26] audit: type=1326 audit(32760924.263:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31320 comm="syz.1.11260" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fa65698ebe9 code=0x7ffc0000 [ 1366.963700][T31343] loop9: detected capacity change from 0 to 16 [ 1367.152414][T30268] EXT4-fs (loop1): unmounting filesystem. [ 1367.158685][T31343] erofs: (device loop9): mounted with root inode @ nid 36. [ 1367.207436][T31343] erofs: (device loop9): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 1367.215344][T31336] syz.2.11266 (31336): drop_caches: 2 [ 1367.223725][T31343] erofs: (device loop9): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 1367.261292][T31343] erofs: (device loop9): z_erofs_do_map_blocks: inconsistent algorithmtype 0 for nid 36 [ 1367.309124][T31343] erofs: (device loop9): z_erofs_fill_inode_lazy: invalid tail-packing pclustersize 65535 [ 1367.394213][T31343] erofs: (device loop9): z_erofs_read_folio: failed to read, err [-117] [ 1367.982240][T31372] netlink: 48 bytes leftover after parsing attributes in process `syz.2.11276'. [ 1368.038677][T31372] tc_dump_action: action bad kind [ 1368.289751][T31384] loop1: detected capacity change from 0 to 128 [ 1368.396127][T31387] netlink: 'syz.2.11283': attribute type 10 has an invalid length. [ 1368.418820][T31384] FAT-fs (loop1): error, fat_free_clusters: deleting FAT entry beyond EOF [ 1368.479928][T31384] FAT-fs (loop1): Filesystem has been set read-only [ 1368.624674][T31387] device veth0_vlan left promiscuous mode [ 1368.670459][T31387] device veth0_vlan entered promiscuous mode [ 1368.714065][T31387] team0: Device veth0_vlan failed to register rx_handler [ 1369.829231][T31437] vivid-004: disconnect [ 1369.854159][T31436] vivid-004: reconnect [ 1370.300672][T31453] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11310'. [ 1370.330512][T31453] device bridge_slave_1 left promiscuous mode [ 1370.340747][T31453] bridge0: port 2(bridge_slave_1) entered disabled state [ 1370.413076][T31453] device bridge_slave_0 left promiscuous mode [ 1370.423549][T31453] bridge0: port 1(bridge_slave_0) entered disabled state [ 1370.926897][ T7353] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 1371.038430][T31480] ip6t_srh: unknown srh invflags 7863 [ 1371.040145][T31481] loop8: detected capacity change from 0 to 256 [ 1371.077393][T31481] exfat: Deprecated parameter 'utf8' [ 1371.147097][ T7353] usb 2-1: Using ep0 maxpacket: 16 [ 1371.154987][ T7353] usb 2-1: config 254 has an invalid interface number: 235 but max is 0 [ 1371.198479][T31481] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 1371.204557][ T7353] usb 2-1: config 254 has no interface number 0 [ 1371.261580][ T7353] usb 2-1: config 254 interface 235 altsetting 2 bulk endpoint 0x6 has invalid maxpacket 32 [ 1371.302209][ T7353] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x82 has an invalid bInterval 97, changing to 7 [ 1371.351728][ T7353] usb 2-1: config 254 interface 235 altsetting 2 endpoint 0x82 has invalid maxpacket 24929, setting to 1024 [ 1371.394430][ T7353] usb 2-1: config 254 interface 235 has no altsetting 0 [ 1371.445371][ T7353] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=2b.f1 [ 1371.499206][ T7353] usb 2-1: New USB device strings: Mfr=1, Product=251, SerialNumber=3 [ 1371.533582][ T7353] usb 2-1: Product: syz [ 1371.550270][ T7353] usb 2-1: Manufacturer: syz [ 1371.566016][ T7353] usb 2-1: SerialNumber: syz [ 1371.593849][T31469] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1371.644691][T31487] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11325'. [ 1371.828146][ T7353] usbtest 2-1:254.235: couldn't get endpoints, -71 [ 1371.834767][ T7353] usbtest: probe of 2-1:254.235 failed with error -71 [ 1371.889040][ T7353] usb 2-1: USB disconnect, device number 124 [ 1372.072005][T31501] loop2: detected capacity change from 0 to 4096 [ 1372.128558][T31501] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 1372.244807][T31501] ntfs3: loop2: failed to convert "c46c" to maccroatian [ 1372.565818][T31512] loop2: detected capacity change from 0 to 1024 [ 1372.695250][T31494] loop0: detected capacity change from 0 to 32768 [ 1372.873683][T31494] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode. [ 1372.908089][T31497] loop8: detected capacity change from 0 to 32768 [ 1372.964115][T31497] BTRFS error: device /dev/loop8 already registered with a higher generation, found 8 expect 10 [ 1373.114204][T31494] OCFS2: ERROR (device loop0): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #17056 has bit count 57088 but max bitmap bits of 2048 [ 1373.270887][T31494] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 1373.372556][T31494] OCFS2: File system is now read-only. [ 1373.378595][T31494] (syz.0.11327,31494,1):ocfs2_search_chain:1761 ERROR: status = -30 [ 1373.402736][T31494] (syz.0.11327,31494,1):ocfs2_search_chain:1871 ERROR: status = -30 [ 1373.428137][T26068] BTRFS error: device /dev/loop8 already registered with a higher generation, found 8 expect 10 [ 1373.429563][T31494] (syz.0.11327,31494,1):ocfs2_claim_suballoc_bits:1940 ERROR: status = -30 [ 1373.512221][T31494] (syz.0.11327,31494,1):ocfs2_claim_suballoc_bits:1983 ERROR: status = -30 [ 1373.583308][T31536] netlink: 'syz.8.11342': attribute type 2 has an invalid length. [ 1373.590246][T31494] (syz.0.11327,31494,1):ocfs2_claim_new_inode:2216 ERROR: status = -30 [ 1373.622710][T31536] netlink: 'syz.8.11342': attribute type 8 has an invalid length. [ 1373.642157][T31536] netlink: 132 bytes leftover after parsing attributes in process `syz.8.11342'. [ 1373.653256][T31494] (syz.0.11327,31494,1):ocfs2_claim_new_inode:2231 ERROR: status = -30 [ 1373.661570][T31494] (syz.0.11327,31494,1):ocfs2_mknod_locked:639 ERROR: status = -30 [ 1373.727637][T31494] (syz.0.11327,31494,1):ocfs2_mknod:385 ERROR: status = -30 [ 1373.757300][T31494] (syz.0.11327,31494,1):ocfs2_mknod:502 ERROR: status = -30 [ 1373.802553][T31494] (syz.0.11327,31494,1):ocfs2_mkdir:659 ERROR: status = -30 [ 1373.980885][T30320] ocfs2: Unmounting device (7,0) on (node local) [ 1375.032255][T31580] loop1: detected capacity change from 0 to 4096 [ 1375.092150][T31580] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 1375.281583][T31580] ntfs3: loop1: failed to convert "c46c" to maccroatian [ 1375.928411][T31619] comedi comedi3: comedi_config --init_data is deprecated [ 1376.228567][T31632] loop9: detected capacity change from 0 to 512 [ 1376.402898][T31632] EXT4-fs error (device loop9): ext4_expand_extra_isize_ea:2768: inode #11: comm syz.9.11382: corrupted xattr block 95 [ 1376.518344][T31632] EXT4-fs error (device loop9): ext4_validate_block_bitmap:429: comm syz.9.11382: bg 0: block 7: invalid block bitmap [ 1376.540973][T31632] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6165: Corrupt filesystem [ 1376.553662][T31639] loop8: detected capacity change from 0 to 2048 [ 1376.576307][T31632] EXT4-fs error (device loop9): ext4_xattr_delete_inode:2934: inode #11: comm syz.9.11382: corrupted xattr block 95 [ 1376.636783][T31639] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1376.646997][T31632] EXT4-fs warning (device loop9): ext4_evict_inode:299: xattr delete (err -117) [ 1376.662070][T31632] EXT4-fs (loop9): 1 orphan inode deleted [ 1376.671421][T31632] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 1377.004358][T30241] EXT4-fs (loop9): unmounting filesystem. [ 1377.196555][T31663] loop2: detected capacity change from 0 to 8 [ 1377.271869][T31663] SQUASHFS error: Failed to read block 0x4de: -5 [ 1377.307083][T31663] SQUASHFS error: Failed to read block 0x4de: -5 [ 1377.332099][T31663] SQUASHFS error: Failed to read block 0x4de: -5 [ 1377.336882][T31669] loop0: detected capacity change from 0 to 8 [ 1377.384039][T31663] SQUASHFS error: Failed to read block 0x4de: -5 [ 1377.393732][T31663] SQUASHFS error: Failed to read block 0x4de: -5 [ 1377.450607][T31669] SQUASHFS error: Failed to read block 0x6e6: -5 [ 1377.457573][T31669] SQUASHFS error: Unable to read metadata cache entry [6e4] [ 1377.464315][ T26] audit: type=1800 audit(32760935.011:190): pid=31663 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.11394" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 1377.527904][T31669] SQUASHFS error: Unable to read directory block [631:26] [ 1377.602180][T31675] netlink: 12 bytes leftover after parsing attributes in process `syz.9.11398'. [ 1377.943023][T31686] netlink: 'syz.9.11403': attribute type 10 has an invalid length. [ 1378.101711][T31695] netlink: 48 bytes leftover after parsing attributes in process `syz.0.11407'. [ 1378.130703][T31686] device veth0_vlan left promiscuous mode [ 1378.184909][T31686] device veth0_vlan entered promiscuous mode [ 1378.211684][T31686] team0: Device veth0_vlan failed to register rx_handler [ 1378.647979][T25250] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 1378.998312][ T41] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 1379.092916][T31729] kAFS: unable to lookup cell '\/' [ 1379.233251][ T41] usb 1-1: Using ep0 maxpacket: 32 [ 1379.240978][ T41] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1379.293189][T31736] loop1: detected capacity change from 0 to 256 [ 1379.308348][ T41] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1379.341883][ T41] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1379.353697][ T41] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1379.370751][ T41] usb 1-1: config 0 descriptor?? [ 1379.412844][ T41] hub 1-1:0.0: USB hub found [ 1379.425489][T31736] FAT-fs (loop1): Directory bread(block 64) failed [ 1379.443246][T31736] FAT-fs (loop1): Directory bread(block 65) failed [ 1379.522285][T31736] FAT-fs (loop1): Directory bread(block 66) failed [ 1379.575404][T31736] FAT-fs (loop1): Directory bread(block 67) failed [ 1379.593124][T31736] FAT-fs (loop1): Directory bread(block 68) failed [ 1379.608521][T31745] netlink: 'syz.8.11425': attribute type 10 has an invalid length. [ 1379.615777][T31736] FAT-fs (loop1): Directory bread(block 69) failed [ 1379.623278][ T41] hub 1-1:0.0: 31 ports detected [ 1379.631408][T31747] loop2: detected capacity change from 0 to 64 [ 1379.639534][ T41] hub 1-1:0.0: insufficient power available to use all downstream ports [ 1379.659905][T31736] FAT-fs (loop1): Directory bread(block 70) failed [ 1379.677479][T31736] FAT-fs (loop1): Directory bread(block 71) failed [ 1379.721158][T31736] FAT-fs (loop1): Directory bread(block 72) failed [ 1379.746490][T31736] FAT-fs (loop1): Directory bread(block 73) failed [ 1379.833962][T31745] device veth0_vlan left promiscuous mode [ 1379.847688][ T41] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 1379.861525][ T41] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 1379.891579][T31745] device veth0_vlan entered promiscuous mode [ 1379.934717][ T41] usbhid 1-1:0.0: can't add hid device: -71 [ 1379.940259][T31745] team0: Device veth0_vlan failed to register rx_handler [ 1379.953162][ T41] usbhid: probe of 1-1:0.0 failed with error -71 [ 1380.046603][ T41] usb 1-1: USB disconnect, device number 93 [ 1380.118692][T31755] loop9: detected capacity change from 0 to 256 [ 1380.379569][ T6894] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 1380.593093][ T6894] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1380.623047][ T6894] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1380.673010][ T6894] usb 3-1: config 0 descriptor?? [ 1380.711135][ T6894] cp210x 3-1:0.0: cp210x converter detected [ 1380.886158][T31780] netlink: 12 bytes leftover after parsing attributes in process `syz.8.11441'. [ 1380.931567][ T6894] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1380.951436][T31781] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 1381.018877][T31781] overlayfs: conflicting options: userxattr,redirect_dir=off [ 1381.160427][ T6894] usb 3-1: USB disconnect, device number 127 [ 1381.177825][ T6894] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1381.212456][ T6894] cp210x 3-1:0.0: device disconnected [ 1381.919380][T31814] loop0: detected capacity change from 0 to 2048 [ 1381.962000][T31814] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 129: 0x32 != 0x7d [ 1382.002388][ T41] usb 10-1: new high-speed USB device number 3 using dummy_hcd [ 1382.030236][T31814] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1382.057256][ T26] audit: type=1326 audit(32760939.314:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31820 comm="syz.8.11457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1382.145231][ T26] audit: type=1326 audit(32760939.342:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31820 comm="syz.8.11457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=139 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1382.214222][ T26] audit: type=1326 audit(32760939.342:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31820 comm="syz.8.11457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1382.237543][ T41] usb 10-1: Using ep0 maxpacket: 32 [ 1382.249814][ T41] usb 10-1: config 0 has an invalid interface number: 51 but max is 0 [ 1382.258058][ T41] usb 10-1: config 0 has no interface number 0 [ 1382.259641][ T26] audit: type=1326 audit(32760939.342:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31820 comm="syz.8.11457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1382.286684][ T41] usb 10-1: config 0 interface 51 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1382.286717][ T41] usb 10-1: config 0 interface 51 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1382.288984][ T41] usb 10-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1382.430494][ T41] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1382.453203][T31830] i2c i2c-0: Invalid block write size 72 [ 1382.460295][ T41] usb 10-1: Product: syz [ 1382.471082][ T41] usb 10-1: Manufacturer: syz [ 1382.478308][ T41] usb 10-1: SerialNumber: syz [ 1382.509099][ T41] usb 10-1: config 0 descriptor?? [ 1382.557600][ T41] quatech2 10-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1382.740619][ T41] usb 10-1: qt2_setup_urbs - submit read urb failed -90 [ 1382.747805][ T41] quatech2: probe of 10-1:0.51 failed with error -90 [ 1382.825382][T31842] loop1: detected capacity change from 0 to 256 [ 1383.047199][ T6896] usb 10-1: USB disconnect, device number 3 [ 1383.192343][T31851] loop8: detected capacity change from 0 to 256 [ 1383.262867][T31851] FAT-fs (loop8): Directory bread(block 64) failed [ 1383.271057][T31819] loop2: detected capacity change from 0 to 32768 [ 1383.282749][T31851] FAT-fs (loop8): Directory bread(block 65) failed [ 1383.299236][T31855] netlink: 'syz.1.11469': attribute type 1 has an invalid length. [ 1383.314423][T31819] XFS: attr2 mount option is deprecated. [ 1383.337127][T31851] FAT-fs (loop8): Directory bread(block 66) failed [ 1383.362974][T31851] FAT-fs (loop8): Directory bread(block 67) failed [ 1383.399282][T31851] FAT-fs (loop8): Directory bread(block 68) failed [ 1383.430231][T31851] FAT-fs (loop8): Directory bread(block 69) failed [ 1383.456391][T31819] XFS (loop2): Mounting V5 Filesystem [ 1383.463304][T31851] FAT-fs (loop8): Directory bread(block 70) failed [ 1383.488311][T31851] FAT-fs (loop8): Directory bread(block 71) failed [ 1383.498275][T31819] XFS (loop2): Ending clean mount [ 1383.505168][T31851] FAT-fs (loop8): Directory bread(block 72) failed [ 1383.519161][T31819] XFS (loop2): Quotacheck needed: Please wait. [ 1383.536889][T31851] FAT-fs (loop8): Directory bread(block 73) failed [ 1383.631784][T31819] XFS (loop2): Quotacheck: Done. [ 1383.837251][T31870] loop0: detected capacity change from 0 to 256 [ 1383.893285][ T4314] XFS (loop2): Unmounting Filesystem [ 1383.906090][T31870] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001034b, chksum : 0x6322ccb6, utbl_chksum : 0xe619d30d) [ 1384.377602][T31884] netlink: 'syz.8.11478': attribute type 2 has an invalid length. [ 1384.385596][T31884] netlink: 164 bytes leftover after parsing attributes in process `syz.8.11478'. [ 1384.525623][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1384.561050][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1384.588025][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1384.769220][T31897] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 1384.912782][T31894] loop8: detected capacity change from 0 to 4096 [ 1385.144341][T31890] infiniband syz1: set active [ 1385.149331][ T6894] vcan0 speed is unknown, defaulting to 1000 [ 1385.230768][T31890] infiniband syz1: added vcan0 [ 1385.483119][T31890] RDS/IB: syz1: added [ 1385.501679][T31919] mmap: syz.2.11491 (31919): VmData 37466112 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data. [ 1385.516886][T31890] smc: adding ib device syz1 with port count 1 [ 1385.554124][T31890] smc: ib device syz1 port 1 has pnetid [ 1385.643124][ T6894] vcan0 speed is unknown, defaulting to 1000 [ 1385.655753][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1385.824525][T31929] loop9: detected capacity change from 0 to 512 [ 1385.947739][T31929] EXT4-fs (loop9): Test dummy encryption mode enabled [ 1385.957912][T31929] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode [ 1386.056155][T31929] EXT4-fs (loop9): 1 truncate cleaned up [ 1386.072814][T31929] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 1386.162043][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1386.467497][T31908] loop0: detected capacity change from 0 to 32768 [ 1386.576552][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1386.582889][T31908] XFS (loop0): Mounting V5 Filesystem [ 1386.656035][T31908] XFS (loop0): Ending clean mount [ 1386.675889][T31908] XFS (loop0): Quotacheck needed: Please wait. [ 1386.820998][T31908] XFS (loop0): Quotacheck: Done. [ 1386.911472][T30241] EXT4-fs (loop9): unmounting filesystem. [ 1387.107127][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1387.138073][T30320] XFS (loop0): Unmounting Filesystem [ 1387.208182][T31931] loop8: detected capacity change from 0 to 32768 [ 1387.292924][T31931] (syz.8.11495,31931,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1387.378379][T31931] (syz.8.11495,31931,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1387.485246][T31931] JBD2: Ignoring recovery information on journal [ 1387.567501][T31890] vcan0 speed is unknown, defaulting to 1000 [ 1387.605497][T31931] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode. [ 1387.703340][T31970] loop9: detected capacity change from 0 to 2048 [ 1387.752307][T31970] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1388.110399][T25415] ocfs2: Unmounting device (7,8) on (node local) [ 1388.675863][T31997] netlink: 'syz.0.11511': attribute type 10 has an invalid length. [ 1388.787872][T31997] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 1388.889450][T31996] loop1: detected capacity change from 0 to 4096 [ 1388.948551][T31996] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 1389.114210][T31996] ntfs3: loop1: failed to convert "c46c" to cp865 [ 1389.329574][T31982] loop9: detected capacity change from 0 to 32768 [ 1389.373951][T31982] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 scanned by syz.9.11507 (31982) [ 1389.461036][T31982] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1389.472647][T32009] loop2: detected capacity change from 0 to 4096 [ 1389.502266][T32006] xt_CT: No such helper "pptp" [ 1389.540450][T31982] BTRFS info (device loop9): using sha256 (sha256-avx2) checksum algorithm [ 1389.549209][T31982] BTRFS info (device loop9): using free space tree [ 1389.805658][ T26] audit: type=1400 audit(32760946.554:195): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=32028 comm="syz.1.11521" [ 1390.009818][T31982] BTRFS info (device loop9): enabling ssd optimizations [ 1390.352226][T30241] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1390.411375][T32058] netlink: 'syz.8.11528': attribute type 30 has an invalid length. [ 1390.802471][T32071] netlink: 'syz.0.11534': attribute type 1 has an invalid length. [ 1391.861510][T32097] nvme_fabrics: missing parameter 'transport=%s' [ 1391.868936][T32097] nvme_fabrics: missing parameter 'nqn=%s' [ 1392.563177][T32083] loop0: detected capacity change from 0 to 32768 [ 1392.629063][T32130] netlink: 'syz.8.11556': attribute type 21 has an invalid length. [ 1392.659647][T32130] IPv6: NLM_F_CREATE should be specified when creating new route [ 1393.300477][T32153] loop2: detected capacity change from 0 to 164 [ 1393.361296][T32111] loop1: detected capacity change from 0 to 32768 [ 1393.453992][T32111] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1393.494855][T32111] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1393.503593][T32111] BTRFS info (device loop1): using free space tree [ 1393.967938][T32111] BTRFS info (device loop1): enabling ssd optimizations [ 1394.265190][T30268] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1394.437729][T32198] netlink: 'syz.0.11577': attribute type 1 has an invalid length. [ 1394.666763][T32149] loop9: detected capacity change from 0 to 32768 [ 1394.786875][T32149] jfs_lookup: iget failed on inum 32 [ 1394.810621][T32149] jfs_lookup: iget failed on inum 32 [ 1395.260554][T32219] comedi comedi3: pcl816: I/O port conflict (0xcf7,16) [ 1395.261060][T32220] loop2: detected capacity change from 0 to 256 [ 1396.316488][T32254] ieee802154 phy0 wpan0: encryption failed: -22 [ 1396.668950][T32268] loop2: detected capacity change from 0 to 128 [ 1396.743191][T32268] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 1396.796558][T32261] loop0: detected capacity change from 0 to 4096 [ 1396.815936][T32268] EXT4-fs warning (device loop2): ext4_dirblock_csum_verify:406: inode #2: comm syz.2.11604: No space for directory leaf checksum. Please run e2fsck -D. [ 1396.886876][T32268] EXT4-fs error (device loop2): __ext4_find_entry:1696: inode #2: comm syz.2.11604: checksumming directory block 0 [ 1397.068328][ T4314] EXT4-fs (loop2): unmounting filesystem. [ 1397.144532][T32240] loop8: detected capacity change from 0 to 32768 [ 1397.243184][T32240] [ 1397.243184][T32240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1397.243184][T32240] [ 1397.443115][T32282] loop1: detected capacity change from 0 to 4096 [ 1397.448864][T32240] [ 1397.448864][T32240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1397.448864][T32240] [ 1397.490080][T32282] ntfs: (device loop1): parse_options(): Invalid uid option argument: 0xffffffffffffffff [ 1397.565641][T32240] [ 1397.565641][T32240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1397.565641][T32240] [ 1397.685262][T32240] [ 1397.685262][T32240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1397.685262][T32240] [ 1397.741425][T32240] [ 1397.741425][T32240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1397.741425][T32240] [ 1397.809505][T32240] [ 1397.809505][T32240] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1397.809505][T32240] [ 1397.902069][ T107] [ 1397.902069][ T107] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1397.902069][ T107] [ 1398.006190][T25415] [ 1398.006190][T25415] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1398.006190][T25415] [ 1398.070250][T25415] [ 1398.070250][T25415] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 1398.070250][T25415] [ 1398.905903][T32336] netlink: 'syz.8.11632': attribute type 29 has an invalid length. [ 1399.030723][T32342] loop9: detected capacity change from 0 to 512 [ 1399.109150][T32336] netlink: 'syz.8.11632': attribute type 29 has an invalid length. [ 1399.175167][T32342] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: writeback. [ 1399.240289][T32342] EXT4-fs error (device loop9): ext4_xattr_block_get:546: inode #15: comm syz.9.11633: corrupted xattr block 33 [ 1399.451551][T30241] EXT4-fs (loop9): unmounting filesystem. [ 1399.695404][T32365] netlink: 12 bytes leftover after parsing attributes in process `syz.8.11643'. [ 1399.759554][T32365] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11643'. [ 1399.768566][T32365] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11643'. [ 1400.066639][T32376] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11647'. [ 1400.120604][T32384] unsupported nla_type 39 [ 1400.140838][T32383] netlink: 124 bytes leftover after parsing attributes in process `syz.8.11650'. [ 1400.250279][T32387] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11651'. [ 1400.395715][T32395] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11654'. [ 1400.968411][T32412] loop9: detected capacity change from 0 to 16 [ 1401.008350][T32412] cramfs: empty filesystem [ 1401.285827][T32419] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11664'. [ 1401.339262][T32419] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11664'. [ 1401.362849][T32419] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11664'. [ 1401.679388][T32434] netlink: 'syz.0.11669': attribute type 1 has an invalid length. [ 1401.743027][T32432] loop2: detected capacity change from 0 to 1024 [ 1401.789593][T32432] EXT4-fs: Ignoring removed orlov option [ 1401.819848][T32432] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1401.937949][T32432] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1401.949613][T32430] loop8: detected capacity change from 0 to 8192 [ 1401.981323][T32430] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1402.315305][ T4314] EXT4-fs (loop2): unmounting filesystem. [ 1402.619730][T32463] netlink: 'syz.1.11680': attribute type 1 has an invalid length. [ 1402.898475][T32473] loop9: detected capacity change from 0 to 16 [ 1402.934897][T32474] netlink: 'syz.8.11684': attribute type 1 has an invalid length. [ 1402.999474][T32473] erofs: (device loop9): mounted with root inode @ nid 36. [ 1403.961003][T20663] usb 10-1: new high-speed USB device number 4 using dummy_hcd [ 1404.187346][T20663] usb 10-1: Using ep0 maxpacket: 32 [ 1404.205404][T20663] usb 10-1: config 0 has an invalid interface number: 9 but max is 0 [ 1404.228024][T32481] loop0: detected capacity change from 0 to 32768 [ 1404.236419][T20663] usb 10-1: config 0 has no interface number 0 [ 1404.271550][T20663] usb 10-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 1404.323449][T20663] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1404.377757][T20663] usb 10-1: Product: syz [ 1404.382106][T20663] usb 10-1: Manufacturer: syz [ 1404.387232][T20663] usb 10-1: SerialNumber: syz [ 1404.399283][T32481] XFS (loop0): Mounting V5 Filesystem [ 1404.406152][T20663] usb 10-1: config 0 descriptor?? [ 1404.414819][T20663] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 1404.559587][T32481] XFS (loop0): Ending clean mount [ 1404.833641][T30320] XFS (loop0): Unmounting Filesystem [ 1404.848721][T20663] gspca_topro: reg_w err -71 [ 1404.895463][T20663] gspca_topro: Sensor soi763a [ 1404.913974][T20663] usb 10-1: USB disconnect, device number 4 [ 1406.162761][T32581] __nla_validate_parse: 4 callbacks suppressed [ 1406.162780][T32581] netlink: 8 bytes leftover after parsing attributes in process `syz.8.11725'. [ 1406.607325][T32603] netlink: 300 bytes leftover after parsing attributes in process `syz.9.11734'. [ 1406.729634][ T22] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 1406.969855][ T22] usb 3-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 1407.011575][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1407.056142][T32618] xt_TCPMSS: Only works on TCP SYN packets [ 1407.070326][ T22] usb 3-1: Product: syz [ 1407.081106][ T22] usb 3-1: Manufacturer: syz [ 1407.095929][ T22] usb 3-1: SerialNumber: syz [ 1407.112851][ T22] usb 3-1: config 0 descriptor?? [ 1407.134891][ T22] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 1407.174919][T32624] loop9: detected capacity change from 0 to 64 [ 1407.214097][ T1278] ieee802154 phy0 wpan0: encryption failed: -22 [ 1407.220688][ T1278] ieee802154 phy1 wpan1: encryption failed: -22 [ 1407.268919][T32624] MINIX-fs: mounting file system with errors, running fsck is recommended [ 1407.350028][T32624] Trying to free block not in datazone [ 1407.360401][ T52] block nbd8: Attempted send on invalid socket [ 1407.360419][T32624] Trying to free block not in datazone [ 1407.366597][ T52] I/O error, dev nbd8, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1407.381891][T32628] vxfs: unable to read disk superblock at 1 [ 1407.392559][T32630] loop0: detected capacity change from 0 to 256 [ 1407.404655][T32624] Trying to free block not in datazone [ 1407.410172][T32624] Trying to free block not in datazone [ 1407.415899][T32624] Trying to free block not in datazone [ 1407.421562][T32624] Trying to free block not in datazone [ 1407.423983][ T1199] block nbd8: Attempted send on invalid socket [ 1407.427396][T32624] Trying to free block not in datazone [ 1407.433487][ T1199] I/O error, dev nbd8, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 1407.449133][T32628] vxfs: unable to read disk superblock at 8 [ 1407.449232][T32624] Trying to free block not in datazone [ 1407.455256][T32628] vxfs: can't find superblock. [ 1407.473614][T32630] FAT-fs (loop0): Directory bread(block 64) failed [ 1407.511146][T32630] FAT-fs (loop0): Directory bread(block 65) failed [ 1407.518492][T32630] FAT-fs (loop0): Directory bread(block 66) failed [ 1407.525567][T32630] FAT-fs (loop0): Directory bread(block 67) failed [ 1407.535990][T32630] FAT-fs (loop0): Directory bread(block 68) failed [ 1407.550001][T32630] FAT-fs (loop0): Directory bread(block 69) failed [ 1407.557024][T32630] FAT-fs (loop0): Directory bread(block 70) failed [ 1407.564284][T32630] FAT-fs (loop0): Directory bread(block 71) failed [ 1407.571118][T32630] FAT-fs (loop0): Directory bread(block 72) failed [ 1407.579525][ T22] gspca_sunplus: reg_r err -71 [ 1407.589335][ T22] sunplus: probe of 3-1:0.0 failed with error -71 [ 1407.596347][T32630] FAT-fs (loop0): Directory bread(block 73) failed [ 1407.615717][ T22] usb 3-1: USB disconnect, device number 2 [ 1408.024130][T32642] comedi comedi0: dt2801: I/O port conflict (0x3,2) [ 1408.094926][T32646] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1408.102253][T32646] IPv6: NLM_F_CREATE should be set when creating new route [ 1408.109599][T32646] IPv6: NLM_F_CREATE should be set when creating new route [ 1409.055292][T32677] loop9: detected capacity change from 0 to 4096 [ 1409.115497][T32690] netlink: 16 bytes leftover after parsing attributes in process `syz.1.11769'. [ 1409.218550][T32677] ntfs3: loop9: ino=5, "/" directory corrupted [ 1409.542479][T32700] netlink: 744 bytes leftover after parsing attributes in process `syz.2.11773'. [ 1409.951029][T32720] netlink: 28 bytes leftover after parsing attributes in process `syz.8.11782'. [ 1410.003520][T32720] netlink: 28 bytes leftover after parsing attributes in process `syz.8.11782'. [ 1410.313297][T32729] netlink: 1010 bytes leftover after parsing attributes in process `syz.8.11786'. [ 1410.396423][T32729] bridge: RTM_NEWNEIGH with invalid state 0x1 [ 1410.407664][T32735] bond0: option all_slaves_active: invalid value (223) [ 1410.822006][T32750] loop1: detected capacity change from 0 to 256 [ 1411.139925][T32759] loop8: detected capacity change from 0 to 2048 [ 1411.185669][T32752] xt_CT: No such helper "netbios-ns" [ 1411.224272][T32759] UDF-fs: warning (device loop8): udf_load_vrs: No anchor found [ 1411.263054][T32759] UDF-fs: Scanning with blocksize 512 failed [ 1411.374841][T32759] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1411.469509][ T305] loop0: detected capacity change from 0 to 512 [ 1411.564045][ T305] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1411.570679][ T305] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 1411.640193][ T305] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1097: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 1411.657808][ T305] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.11804: attempt to clear invalid blocks 2 len 1 [ 1411.706853][ T313] comedi comedi3: ni_at_a2150: I/O port conflict (0xffff,28) [ 1411.722233][ T305] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.11804: invalid indirect mapped block 1819239214 (level 0) [ 1411.870991][ T305] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.11804: invalid indirect mapped block 1819239214 (level 1) [ 1411.953122][ T305] EXT4-fs (loop0): 1 truncate cleaned up [ 1411.985673][ T305] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1412.047934][ T305] EXT4-fs (loop0): warning: mounting fs with errors, running e2fsck is recommended [ 1412.126206][ T305] EXT4-fs error (device loop0): __ext4_remount:6625: comm syz.0.11804: Abort forced by user [ 1412.176889][ T305] EXT4-fs (loop0): Remounting filesystem read-only [ 1412.224762][ T305] EXT4-fs (loop0): re-mounted. Quota mode: writeback. [ 1412.227026][ T328] loop9: detected capacity change from 0 to 1764 [ 1412.251219][ T326] loop8: detected capacity change from 0 to 2048 [ 1412.254002][ T333] loop1: detected capacity change from 0 to 64 [ 1412.304447][ T326] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1412.338078][ T328] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 1412.402964][T30320] EXT4-fs (loop0): unmounting filesystem. [ 1412.423820][ T335] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1412.470281][ T336] device gre0 entered promiscuous mode [ 1412.588002][ T326] syz.8.11812: attempt to access beyond end of device [ 1412.588002][ T326] loop8: rw=0, sector=262216, nr_sectors = 2 limit=2048 [ 1412.688571][ T326] NILFS (loop8): I/O error reading meta-data file (ino=6, block-offset=1) [ 1412.712717][ T341] IPv6: Can't replace route, no match found [ 1413.049128][ T350] netlink: 16 bytes leftover after parsing attributes in process `syz.9.11823'. [ 1413.117284][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1413.174916][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 1413.177861][ T355] loop8: detected capacity change from 0 to 64 [ 1413.204547][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1413.217877][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1413.251737][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 1413.311591][ T352] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 1414.309600][ T388] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 1414.318373][ T388] overlayfs: missing 'lowerdir' [ 1414.573060][ T396] loop0: detected capacity change from 0 to 512 [ 1414.638305][ T396] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 1414.704799][ T396] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 1414.770001][ T396] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 1414.784150][ T403] loop8: detected capacity change from 0 to 512 [ 1414.836672][ T396] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 1414.893013][ T403] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1414.923476][ T396] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c042e01c, mo2=0000] [ 1415.005303][ T396] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1415.042203][ T413] loop9: detected capacity change from 0 to 65 [ 1415.075129][ T413] BFS-fs: bfs_fill_super(): NOTE: filesystem loop9 was created with 512 inodes, the real maximum is 511, mounting anyway [ 1415.094471][ T396] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.11840: bg 0: block 34: padding at end of block bitmap is not set [ 1415.159375][ T403] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 1415.171962][ T396] Quota error (device loop0): write_blk: dquota write failed [ 1415.189432][ T396] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 1415.210643][ T396] EXT4-fs error (device loop0): ext4_acquire_dquot:6816: comm syz.0.11840: Failed to acquire dquot type 1 [ 1415.229965][ T403] EXT4-fs error (device loop8): ext4_get_verity_descriptor_location:337: inode #15: comm syz.8.11843: verity file corrupted; can't find descriptor [ 1415.235910][ T374] loop2: detected capacity change from 0 to 32768 [ 1415.257867][ T403] EXT4-fs (loop8): Remounting filesystem read-only [ 1415.293982][ T396] EXT4-fs (loop0): 1 truncate cleaned up [ 1415.320105][ T403] fs-verity (loop8, inode 15): Error -117 getting verity descriptor size [ 1415.339300][ T396] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 1415.362391][ T374] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop2 scanned by syz.2.11832 (374) [ 1415.465871][ T374] BTRFS info (device loop2): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1415.527974][ T374] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 1415.552252][T30320] EXT4-fs (loop0): unmounting filesystem. [ 1415.572181][ T374] BTRFS info (device loop2): turning on flush-on-commit [ 1415.590283][T25415] EXT4-fs (loop8): unmounting filesystem. [ 1415.614766][ T374] BTRFS info (device loop2): turning off barriers [ 1415.676313][ T374] BTRFS info (device loop2): turning on sync discard [ 1415.733944][ T374] BTRFS info (device loop2): using free space tree [ 1415.736113][ T418] loop1: detected capacity change from 0 to 4096 [ 1415.807378][ T418] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 1415.947647][ T418] ntfs3: loop1: ntfs_evict_inode r=3 failed, -22. [ 1415.976963][ T418] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1415.983984][ T418] ntfs3: loop1: ntfs_set_state r=3 failed, -22. [ 1416.053623][ T442] netlink: 44 bytes leftover after parsing attributes in process `syz.9.11853'. [ 1416.095133][ T442] netlink: 12 bytes leftover after parsing attributes in process `syz.9.11853'. [ 1416.105784][ T442] netlink: 20 bytes leftover after parsing attributes in process `syz.9.11853'. [ 1416.117900][ T442] netlink: 20 bytes leftover after parsing attributes in process `syz.9.11853'. [ 1416.240944][ T452] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11854'. [ 1416.458449][ T4314] BTRFS info (device loop2): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1417.045544][T25631] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop2 scanned by udevd (25631) [ 1417.145084][ T479] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11866'. [ 1417.548469][ T6894] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 1417.768314][ T6894] usb 1-1: Using ep0 maxpacket: 16 [ 1417.775627][ T6894] usb 1-1: config 0 has no interfaces? [ 1417.805840][ T6894] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1417.848272][ T6894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1417.858161][ T6894] usb 1-1: Product: syz [ 1417.872721][ T6894] usb 1-1: Manufacturer: syz [ 1417.890528][ T6894] usb 1-1: SerialNumber: syz [ 1417.936267][ T6894] r8152-cfgselector 1-1: config 0 descriptor?? [ 1418.045988][ T510] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1418.149730][ T514] loop1: detected capacity change from 0 to 512 [ 1418.168159][ T6894] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 1418.176326][ T514] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1418.217883][ T514] EXT4-fs: Ignoring removed i_version option [ 1418.267995][ T514] EXT4-fs (loop1): 1 orphan inode deleted [ 1418.273812][ T514] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1418.405767][T30268] EXT4-fs (loop1): unmounting filesystem. [ 1418.439287][T20663] usb 1-1: USB disconnect, device number 94 [ 1418.797864][ T537] netlink: 16 bytes leftover after parsing attributes in process `syz.8.11888'. [ 1419.534008][ T565] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 1419.577713][ T565] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 1419.603055][ T565] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 1419.663603][ T565] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 1419.687049][ T565] device geneve2 entered promiscuous mode [ 1419.936663][ T581] netlink: 'syz.8.11905': attribute type 30 has an invalid length. [ 1419.965834][ T575] loop2: detected capacity change from 0 to 4096 [ 1420.092216][ T575] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 1420.354382][ T4314] EXT4-fs (loop2): unmounting filesystem. [ 1420.393330][ T596] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1420.651438][ T603] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 1420.705587][ T603] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 1420.742785][ T603] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 1420.803367][ T609] loop0: detected capacity change from 0 to 8 [ 1420.859403][ T609] SQUASHFS error: Failed to read block 0x2d7: -5 [ 1420.863988][ T603] device bond1 left promiscuous mode [ 1420.889923][ T609] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 1420.962116][ T609] SQUASHFS error: Failed to read block 0x8f: -5 [ 1421.021911][ T26] audit: type=1800 audit(32760975.757:196): pid=609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.11918" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 1421.475399][ T594] loop1: detected capacity change from 0 to 32768 [ 1421.530743][ T594] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 scanned by syz.1.11911 (594) [ 1421.549152][ T630] netlink: 'syz.9.11926': attribute type 15 has an invalid length. [ 1421.635312][ T594] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1421.685025][ T594] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 1421.745333][ T594] BTRFS info (device loop1): using free space tree [ 1422.123334][ T655] loop2: detected capacity change from 0 to 4096 [ 1422.274254][ T663] loop9: detected capacity change from 0 to 4096 [ 1422.294802][ T594] BTRFS info (device loop1): enabling ssd optimizations [ 1422.306503][ T655] ntfs3: Cannot use different iocharset when remounting! [ 1422.606197][T30268] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 1423.009299][ T676] loop0: detected capacity change from 0 to 4096 [ 1423.110283][ T687] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1423.198949][T26072] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 9 /dev/loop1 scanned by udevd (26072) [ 1423.351418][ T692] loop8: detected capacity change from 0 to 16 [ 1423.395721][ T692] erofs: (device loop8): mounted with root inode @ nid 36. [ 1423.451227][ T692] syz.8.11943: attempt to access beyond end of device [ 1423.451227][ T692] loop8: rw=524288, sector=7864328, nr_sectors = 8 limit=16 [ 1423.562268][ T692] syz.8.11943: attempt to access beyond end of device [ 1423.562268][ T692] loop8: rw=0, sector=7864328, nr_sectors = 8 limit=16 [ 1423.676920][ T26] audit: type=1800 audit(32760978.245:197): pid=692 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.8.11943" name="file3" dev="loop8" ino=89 res=0 errno=0 [ 1424.001820][ T701] loop2: detected capacity change from 0 to 4096 [ 1424.226140][ T709] loop9: detected capacity change from 0 to 2048 [ 1424.337887][ T712] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1424.446523][ T709] syz.9.11948: attempt to access beyond end of device [ 1424.446523][ T709] loop9: rw=0, sector=281474976710722, nr_sectors = 2 limit=2048 [ 1424.547359][ T720] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1424.556629][ T709] NILFS (loop9): I/O error reading b-tree node block (ino=16, blocknr=15) [ 1424.630112][ T709] NILFS (loop9): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0 [ 1424.746130][ T709] NILFS error (device loop9): nilfs_bmap_last_key: broken bmap (inode number=16) [ 1424.859713][ T709] Remounting filesystem read-only [ 1424.871651][ T709] NILFS (loop9): error -5 truncating bmap (ino=16) [ 1425.123978][ T739] loop2: detected capacity change from 0 to 128 [ 1425.143758][T30241] NILFS (loop9): disposed unprocessed dirty file(s) when detaching log writer [ 1425.682699][ T761] netlink: 200 bytes leftover after parsing attributes in process `syz.9.11969'. [ 1425.893817][ T769] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 1426.534870][ T791] loop2: detected capacity change from 0 to 2048 [ 1426.537706][ T795] netlink: 12 bytes leftover after parsing attributes in process `syz.9.11983'. [ 1426.579173][ T795] netlink: 'syz.9.11983': attribute type 2 has an invalid length. [ 1426.608192][ T795] netlink: 'syz.9.11983': attribute type 1 has an invalid length. [ 1426.624243][ T791] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1426.632657][ T795] netlink: 120 bytes leftover after parsing attributes in process `syz.9.11983'. [ 1426.781953][ T802] netlink: 'syz.1.11985': attribute type 15 has an invalid length. [ 1426.913498][ T6894] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 1427.132877][ T6894] usb 1-1: Using ep0 maxpacket: 16 [ 1427.159331][ T6894] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 1427.189200][ T6894] usb 1-1: config 0 has no interface number 0 [ 1427.221546][ T6894] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1427.262861][ T6894] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1427.297033][ T6894] usb 1-1: config 0 interface 41 has no altsetting 0 [ 1427.325636][ T6894] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1427.369664][ T6894] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1427.407814][ T6894] usb 1-1: Product: syz [ 1427.423080][ T6894] usb 1-1: Manufacturer: syz [ 1427.442647][ T6894] usb 1-1: SerialNumber: syz [ 1427.474059][ T6894] usb 1-1: config 0 descriptor?? [ 1427.480103][ T798] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1427.488097][ T798] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1427.780410][ T6894] CoreChips: probe of 1-1:0.41 failed with error -71 [ 1427.804882][ T6894] usb 1-1: USB disconnect, device number 95 [ 1427.859486][ T837] loop9: detected capacity change from 0 to 164 [ 1428.552991][ T818] loop8: detected capacity change from 0 to 32768 [ 1428.744700][ T818] XFS (loop8): Mounting V5 Filesystem [ 1428.816275][ T6894] usb 10-1: new high-speed USB device number 5 using dummy_hcd [ 1428.924390][ T818] XFS (loop8): Ending clean mount [ 1428.988711][ T818] XFS (loop8): Quotacheck needed: Please wait. [ 1429.030211][ T6894] usb 10-1: Using ep0 maxpacket: 16 [ 1429.037450][ T6894] usb 10-1: config 0 has no interfaces? [ 1429.069095][ T6894] usb 10-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1429.124331][ T6894] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1429.142628][ T6894] usb 10-1: Product: syz [ 1429.157804][ T6894] usb 10-1: Manufacturer: syz [ 1429.162263][ T895] netlink: 'syz.2.12019': attribute type 1 has an invalid length. [ 1429.168585][ T6894] usb 10-1: SerialNumber: syz [ 1429.216342][ T895] netlink: 224 bytes leftover after parsing attributes in process `syz.2.12019'. [ 1429.218442][ T6894] r8152-cfgselector 10-1: config 0 descriptor?? [ 1429.244961][ T818] XFS (loop8): Quotacheck: Done. [ 1429.408125][T25415] XFS (loop8): Unmounting Filesystem [ 1429.482583][ T6894] usbip-host 10-1: 10-1 is not in match_busid table... skip! [ 1429.750327][ T5142] usb 10-1: USB disconnect, device number 5 [ 1430.594004][ T936] loop8: detected capacity change from 0 to 4096 [ 1430.646620][ T936] ntfs3: loop8: ino=3, Correct links count -> 2. [ 1431.054720][ T960] loop1: detected capacity change from 0 to 2048 [ 1431.103667][ T960] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1431.457159][ T6894] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 1431.495205][ T26] audit: type=1326 audit(32760985.551:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=976 comm="syz.2.12046" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f81cd18ebe9 code=0x0 [ 1431.672574][ T6894] usb 2-1: config 0 has an invalid descriptor of length 110, skipping remainder of the config [ 1431.713666][ T6894] usb 2-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 1431.755402][ T6894] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1431.794498][ T6894] usb 2-1: config 0 descriptor?? [ 1431.842412][ T6894] usb 2-1: bad CDC descriptors [ 1431.861999][ T6894] usb 2-1: bad CDC descriptors [ 1432.079252][ T6894] usb 2-1: USB disconnect, device number 125 [ 1432.132346][ T1006] loop2: detected capacity change from 0 to 1764 [ 1432.981930][ T1037] loop8: detected capacity change from 0 to 4096 [ 1433.041413][ T1037] ntfs3: loop8: Different NTFS' sector size (2048) and media sector size (512) [ 1433.238465][ T1057] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1433.732763][ T1071] loop2: detected capacity change from 0 to 1024 [ 1433.764377][ T26] audit: type=1326 audit(32760987.674:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1072 comm="syz.8.12077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1433.770888][ T1064] loop9: detected capacity change from 0 to 4096 [ 1433.850502][ T1064] ntfs: (device loop9): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1433.862228][ T26] audit: type=1326 audit(32760987.674:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1072 comm="syz.8.12077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1433.991427][ T26] audit: type=1326 audit(32760987.712:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1072 comm="syz.8.12077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1433.991844][ T1071] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 1434.014412][ T26] audit: type=1326 audit(32760987.712:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1072 comm="syz.8.12077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1434.045458][ T26] audit: type=1326 audit(32760987.712:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1072 comm="syz.8.12077" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f26c5d8ebe9 code=0x7ffc0000 [ 1434.133975][ T1064] ntfs: volume version 3.1. [ 1434.511331][ T4314] EXT4-fs (loop2): unmounting filesystem. [ 1434.593003][ C1] sd 0:0:1:0: [sda] tag#3732 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1434.603505][ C1] sd 0:0:1:0: [sda] tag#3732 CDB: Read(6) 08 00 00 00 03 44 [ 1434.834928][ T1098] loop8: detected capacity change from 0 to 256 [ 1435.013312][ T1066] loop1: detected capacity change from 0 to 32768 [ 1435.148441][ T1108] x_tables: ip_tables: rpfilter match: used from hooks FORWARD, but only valid from PREROUTING [ 1435.544562][ T1115] loop2: detected capacity change from 0 to 4096 [ 1435.688621][ T1115] ntfs: volume version 3.1. [ 1435.859344][ T1127] netlink: 'syz.1.12094': attribute type 21 has an invalid length. [ 1435.911177][ T1127] netlink: 'syz.1.12094': attribute type 6 has an invalid length. [ 1435.957931][ T1127] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12094'. [ 1436.286842][ T1133] loop9: detected capacity change from 0 to 2048 [ 1436.353233][ T1133] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1436.547329][ T1102] loop0: detected capacity change from 0 to 32768 [ 1436.683697][ T1102] XFS (loop0): Mounting V5 Filesystem [ 1436.919429][ T1102] XFS (loop0): Ending clean mount [ 1437.171655][T30320] XFS (loop0): Unmounting Filesystem [ 1437.655347][ T1180] SET target dimension over the limit! [ 1438.213383][T10251] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 1438.401801][ T1196] loop0: detected capacity change from 0 to 4096 [ 1438.442636][T10251] usb 3-1: Using ep0 maxpacket: 32 [ 1438.470214][T10251] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 1438.471486][ T1174] loop9: detected capacity change from 0 to 32768 [ 1438.493758][ T1196] ntfs: volume version 3.1. [ 1438.509207][T10251] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1438.553364][T10251] usb 3-1: config 0 has no interface number 0 [ 1438.592595][T10251] usb 3-1: config 0 interface 35 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1438.598467][ T1174] ERROR: (device loop9): diAllocAG: error reading iag [ 1438.598467][ T1174] [ 1438.660106][T10251] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 1438.700610][T10251] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1438.725123][ T1174] ialloc: diAlloc returned -5! [ 1438.730706][T10251] usb 3-1: Product: syz [ 1438.734927][T10251] usb 3-1: Manufacturer: syz [ 1438.764649][T10251] usb 3-1: SerialNumber: syz [ 1438.802759][T10251] usb 3-1: config 0 descriptor?? [ 1438.839666][T10251] radio-si470x 3-1:0.35: could not find interrupt in endpoint [ 1438.886905][T10251] radio-si470x: probe of 3-1:0.35 failed with error -5 [ 1439.057932][T10251] radio-raremono 3-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 1439.110750][ T1210] netlink: 'syz.9.12123': attribute type 1 has an invalid length. [ 1439.186625][ T1210] netlink: 'syz.9.12123': attribute type 2 has an invalid length. [ 1439.281560][T10251] radio-raremono 3-1:0.35: raremono_cmd_main failed (-71) [ 1439.311028][T10251] radio-raremono 3-1:0.35: V4L2 device registered as radio48 [ 1439.366954][T10251] usb 3-1: USB disconnect, device number 3 [ 1439.421868][T10251] radio-raremono 3-1:0.35: Thanko's Raremono disconnected [ 1439.685086][ T1222] loop1: detected capacity change from 0 to 2048 [ 1439.753852][ T1222] loop1: p1 < > p3 [ 1439.759850][ T1222] loop1: p3 size 134217728 extends beyond EOD, truncated [ 1439.837185][ T1231] loop0: detected capacity change from 0 to 1024 [ 1440.174659][T25631] udevd[25631]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory [ 1440.176318][ T40] hfsplus: b-tree write err: -5, ino 4 [ 1440.209621][T26072] udevd[26072]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 1440.369375][ T26] audit: type=1326 audit(32760993.857:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1440.373650][ T1239] comedi comedi0: comedi_parport: I/O port conflict (0xffffffff80000000,3) [ 1440.478554][ T1249] netlink: 132 bytes leftover after parsing attributes in process `syz.1.12137'. [ 1440.508880][ T26] audit: type=1326 audit(32760993.857:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1440.572624][ T26] audit: type=1326 audit(32760993.857:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1440.650799][ T26] audit: type=1326 audit(32760993.857:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1440.750722][ T26] audit: type=1326 audit(32760993.857:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1440.851309][ T1258] netlink: 'syz.1.12140': attribute type 1 has an invalid length. [ 1440.875276][ T26] audit: type=1326 audit(32760993.857:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1440.999142][ T26] audit: type=1326 audit(32760993.857:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1441.099991][ T26] audit: type=1326 audit(32760993.857:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1441.185001][ T26] audit: type=1326 audit(32760993.857:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1441.288433][ T26] audit: type=1326 audit(32760993.857:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1245 comm="syz.0.12135" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f43a638ebe9 code=0x50000 [ 1441.651472][ T1285] loop9: detected capacity change from 0 to 16 [ 1441.709338][ T1285] erofs: (device loop9): mounted with root inode @ nid 36. [ 1441.790805][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 3 @ nid 89 [ 1441.838296][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 1441.857776][ T1285] erofs: (device loop9): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89 [ 1441.888832][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 1 @ nid 89 [ 1441.947221][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 11 @ nid 89 [ 1441.983664][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 10 @ nid 89 [ 1442.021771][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 9 @ nid 89 [ 1442.052920][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 8 @ nid 89 [ 1442.092840][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 7 @ nid 89 [ 1442.132239][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 6 @ nid 89 [ 1442.170116][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 5 @ nid 89 [ 1442.207935][ T1285] erofs: (device loop9): z_erofs_readahead: readahead error at page 4 @ nid 89 [ 1442.265267][ T1285] erofs: (device loop9): z_erofs_pcluster_readmore: readmore error at page 4 @ nid 89 [ 1442.274935][ T1285] erofs: (device loop9): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89 [ 1442.457220][ T1285] erofs: (device loop9): z_erofs_extent_lookback: invalid lookback distance 0 @ nid 89 [ 1442.540023][ T1285] erofs: (device loop9): z_erofs_read_folio: failed to read, err [-117] [ 1442.620756][ T1311] loop8: detected capacity change from 0 to 64 [ 1443.087521][ T1320] loop1: detected capacity change from 0 to 16 [ 1443.127990][ T1320] erofs: (device loop1): mounted with root inode @ nid 36. [ 1443.210580][ T1320] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 1443.273877][ T1320] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851] [ 1443.334652][ T1320] erofs: (device loop1): z_erofs_read_folio: failed to read, err [-117] [ 1443.718319][ T1333] loop9: detected capacity change from 0 to 128 [ 1443.769404][ T1333] affs: Error parsing options [ 1444.356711][ T1345] loop1: detected capacity change from 0 to 4096 [ 1444.416644][ T1345] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 1444.507451][ T1345] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1444.636760][ T1353] loop0: detected capacity change from 0 to 4096 [ 1445.046697][ T1375] loop2: detected capacity change from 0 to 164 [ 1445.055765][ T1373] netlink: 'syz.1.12180': attribute type 3 has an invalid length. [ 1445.106299][ T1375] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1445.118737][ T1373] netlink: 216 bytes leftover after parsing attributes in process `syz.1.12180'. [ 1445.307728][ T1362] loop8: detected capacity change from 0 to 4096 [ 1445.513006][ T1362] ntfs3: loop8: Mark volume as dirty due to NTFS errors [ 1445.515245][ T1385] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.12185'. [ 1445.778313][ T1392] cgroup: none used incorrectly [ 1446.113925][ T6894] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 1446.340362][ T6894] usb 1-1: config 6 has an invalid interface number: 109 but max is 0 [ 1446.348628][ T6894] usb 1-1: config 6 has no interface number 0 [ 1446.400425][ T6894] usb 1-1: config 6 interface 109 has no altsetting 0 [ 1446.424093][ T6894] usb 1-1: New USB device found, idVendor=046d, idProduct=0821, bcdDevice=62.59 [ 1446.444146][ T6894] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1446.538898][ T6894] usb 1-1: Found UVC 0.00 device (046d:0821) [ 1446.584127][ T1428] xt_TCPMSS: Only works on TCP SYN packets [ 1446.584166][ T6894] usb 1-1: No valid video chain found. [ 1446.804895][ T6894] usb 1-1: USB disconnect, device number 96 [ 1447.345388][ T1452] netlink: 'syz.9.12208': attribute type 3 has an invalid length. [ 1447.463027][ T1456] loop1: detected capacity change from 0 to 512 [ 1447.470490][ T1456] EXT4-fs: Ignoring removed orlov option [ 1447.535605][ T1456] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1447.585539][ T1456] EXT4-fs (loop1): orphan cleanup on readonly fs [ 1447.703531][ T1456] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.12210: bg 0: block 248: padding at end of block bitmap is not set [ 1447.718935][ T1463] comedi comedi0: dac02: I/O port conflict (0x5,8) [ 1447.800639][ T1456] __quota_error: 1728 callbacks suppressed [ 1447.800658][ T1456] Quota error (device loop1): write_blk: dquota write failed [ 1447.862356][ T1456] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 1447.915783][ T1456] EXT4-fs error (device loop1): ext4_acquire_dquot:6816: comm syz.1.12210: Failed to acquire dquot type 1 [ 1447.982887][ T1456] EXT4-fs (loop1): 1 truncate cleaned up [ 1448.021493][ T1456] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 1448.153845][ T1478] loop9: detected capacity change from 0 to 64 [ 1448.158627][ T1456] EXT4-fs: Ignoring removed orlov option [ 1448.165854][ T1456] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1448.177957][ T1479] usb usb8: usbfs: process 1479 (syz.2.12219) did not claim interface 0 before use [ 1448.213915][ T1456] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 1448.333521][ T1456] EXT4-fs error (device loop1): __ext4_remount:6625: comm syz.1.12210: Abort forced by user [ 1448.341554][ T1478] [ 1448.346009][ T1478] ====================================================== [ 1448.353058][ T1478] WARNING: possible circular locking dependency detected [ 1448.360182][ T1478] syzkaller #0 Not tainted [ 1448.364622][ T1478] ------------------------------------------------------ [ 1448.371653][ T1478] syz.9.12218/1478 is trying to acquire lock: [ 1448.377912][ T1478] ffff888053189478 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xd7/0x1280 [ 1448.388749][ T1478] [ 1448.388749][ T1478] but task is already holding lock: [ 1448.396142][ T1478] ffff88807b40a0b0 (&tree->tree_lock#2/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 1448.405684][ T1478] [ 1448.405684][ T1478] which lock already depends on the new lock. [ 1448.405684][ T1478] [ 1448.416199][ T1478] [ 1448.416199][ T1478] the existing dependency chain (in reverse order) is: [ 1448.425240][ T1478] [ 1448.425240][ T1478] -> #1 (&tree->tree_lock#2/1){+.+.}-{3:3}: [ 1448.433377][ T1478] __mutex_lock+0x120/0xaf0 [ 1448.438442][ T1478] hfs_find_init+0x15b/0x1d0 [ 1448.443564][ T1478] hfs_get_block+0x518/0xbd0 [ 1448.448683][ T1478] block_read_full_folio+0x3c9/0xed0 [ 1448.454495][ T1478] filemap_read_folio+0x160/0x760 [ 1448.460045][ T1478] do_read_cache_folio+0x2a0/0x760 [ 1448.465691][ T1478] do_read_cache_page+0x32/0x220 [ 1448.471152][ T1478] __hfs_bnode_create+0x4a5/0x790 [ 1448.476710][ T1478] hfs_bnode_find+0x21e/0xcc0 [ 1448.481910][ T1478] hfs_brec_find+0x156/0x500 [ 1448.487024][ T1478] hfs_brec_read+0x20/0x100 [ 1448.492052][ T1478] hfs_cat_find_brec+0x159/0x3f0 [ 1448.497512][ T1478] hfs_fill_super+0xecc/0x1410 [ 1448.502807][ T1478] mount_bdev+0x287/0x3c0 [ 1448.507666][ T1478] legacy_get_tree+0xe6/0x180 [ 1448.512862][ T1478] vfs_get_tree+0x88/0x270 [ 1448.517796][ T1478] do_new_mount+0x24a/0xa40 [ 1448.522817][ T1478] __se_sys_mount+0x2d6/0x3c0 [ 1448.528008][ T1478] do_syscall_64+0x4c/0xa0 [ 1448.532944][ T1478] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1448.539363][ T1478] [ 1448.539363][ T1478] -> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}: [ 1448.548587][ T1478] __lock_acquire+0x2cf8/0x7c50 [ 1448.553963][ T1478] lock_acquire+0x1b4/0x490 [ 1448.558989][ T1478] __mutex_lock+0x120/0xaf0 [ 1448.564012][ T1478] hfs_extend_file+0xd7/0x1280 [ 1448.569296][ T1478] hfs_bmap_reserve+0x103/0x420 [ 1448.574675][ T1478] __hfs_ext_write_extent+0x1fa/0x470 [ 1448.580592][ T1478] __hfs_ext_cache_extent+0x6b/0x9b0 [ 1448.586507][ T1478] hfs_extend_file+0x313/0x1280 [ 1448.592081][ T1478] hfs_get_block+0x3d4/0xbd0 [ 1448.597213][ T1478] __block_write_begin_int+0x54b/0x1a70 [ 1448.603287][ T1478] block_write_begin+0x96/0x1e0 [ 1448.608662][ T1478] cont_write_begin+0x5c4/0x7d0 [ 1448.614122][ T1478] hfs_write_begin+0x87/0xd0 [ 1448.619240][ T1478] cont_write_begin+0x2a9/0x7d0 [ 1448.624612][ T1478] hfs_write_begin+0x87/0xd0 [ 1448.629734][ T1478] hfs_file_truncate+0x18d/0x9b0 [ 1448.635194][ T1478] hfs_inode_setattr+0x4ab/0x6f0 [ 1448.640658][ T1478] notify_change+0xc74/0xf40 [ 1448.645771][ T1478] do_truncate+0x197/0x220 [ 1448.650709][ T1478] vfs_truncate+0x262/0x2f0 [ 1448.655731][ T1478] do_sys_truncate+0xdc/0x190 [ 1448.660925][ T1478] do_syscall_64+0x4c/0xa0 [ 1448.665861][ T1478] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1448.672365][ T1478] [ 1448.672365][ T1478] other info that might help us debug this: [ 1448.672365][ T1478] [ 1448.682592][ T1478] Possible unsafe locking scenario: [ 1448.682592][ T1478] [ 1448.690038][ T1478] CPU0 CPU1 [ 1448.695403][ T1478] ---- ---- [ 1448.700766][ T1478] lock(&tree->tree_lock#2/1); [ 1448.705630][ T1478] lock(&HFS_I(tree->inode)->extents_lock); [ 1448.714126][ T1478] lock(&tree->tree_lock#2/1); [ 1448.721501][ T1478] lock(&HFS_I(tree->inode)->extents_lock); [ 1448.727482][ T1478] [ 1448.727482][ T1478] *** DEADLOCK *** [ 1448.727482][ T1478] [ 1448.735619][ T1478] 4 locks held by syz.9.12218/1478: [ 1448.740903][ T1478] #0: ffff888053756460 (sb_writers#25){.+.+}-{0:0}, at: mnt_want_write+0x3d/0x90 [ 1448.750143][ T1478] #1: ffff8880531882a8 (&sb->s_type->i_mutex_key#38){+.+.}-{3:3}, at: do_truncate+0x183/0x220 [ 1448.760501][ T1478] #2: ffff8880531880f8 (&HFS_I(inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xd7/0x1280 [ 1448.771201][ T1478] #3: ffff88807b40a0b0 (&tree->tree_lock#2/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 1448.781130][ T1478] [ 1448.781130][ T1478] stack backtrace: [ 1448.787015][ T1478] CPU: 1 PID: 1478 Comm: syz.9.12218 Not tainted syzkaller #0 [ 1448.794470][ T1478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1448.804526][ T1478] Call Trace: [ 1448.807818][ T1478] [ 1448.810754][ T1478] dump_stack_lvl+0x168/0x22e [ 1448.815440][ T1478] ? load_image+0x3b0/0x3b0 [ 1448.819953][ T1478] ? show_regs_print_info+0x12/0x12 [ 1448.825159][ T1478] ? print_circular_bug+0x12b/0x1a0 [ 1448.830373][ T1478] check_noncircular+0x274/0x310 [ 1448.835319][ T1478] ? add_chain_block+0x940/0x940 [ 1448.840259][ T1478] ? lockdep_lock+0xdc/0x1e0 [ 1448.844872][ T1478] ? _find_first_zero_bit+0xcf/0x100 [ 1448.850188][ T1478] __lock_acquire+0x2cf8/0x7c50 [ 1448.855064][ T1478] ? kernel_text_address+0x9c/0xd0 [ 1448.860209][ T1478] ? unwind_get_return_address+0x49/0x80 [ 1448.865848][ T1478] ? arch_stack_walk+0xf2/0x140 [ 1448.870701][ T1478] ? verify_lock_unused+0x140/0x140 [ 1448.875938][ T1478] ? stack_trace_save+0x98/0xe0 [ 1448.880792][ T1478] ? stack_trace_snprint+0xf0/0xf0 [ 1448.885908][ T1478] ? check_noncircular+0x16f/0x310 [ 1448.891030][ T1478] lock_acquire+0x1b4/0x490 [ 1448.895548][ T1478] ? hfs_extend_file+0xd7/0x1280 [ 1448.900496][ T1478] ? __might_sleep+0xd0/0xd0 [ 1448.905127][ T1478] ? __lock_acquire+0x28b5/0x7c50 [ 1448.910156][ T1478] ? read_lock_is_recursive+0x10/0x10 [ 1448.915546][ T1478] __mutex_lock+0x120/0xaf0 [ 1448.920053][ T1478] ? hfs_extend_file+0xd7/0x1280 [ 1448.924999][ T1478] ? hfs_extend_file+0xd7/0x1280 [ 1448.929940][ T1478] ? verify_lock_unused+0x140/0x140 [ 1448.935141][ T1478] ? mutex_lock_nested+0x10/0x10 [ 1448.940118][ T1478] hfs_extend_file+0xd7/0x1280 [ 1448.944892][ T1478] ? hfs_get_block+0xbd0/0xbd0 [ 1448.949659][ T1478] ? hfs_write_begin+0x87/0xd0 [ 1448.954424][ T1478] ? __mutex_trylock_common+0x14f/0x250 [ 1448.959973][ T1478] ? trace_raw_output_contention_end+0xd0/0xd0 [ 1448.966139][ T1478] ? rcu_is_watching+0x11/0xa0 [ 1448.970914][ T1478] ? trace_contention_end+0x5f/0x170 [ 1448.976203][ T1478] ? hfs_brec_find+0x18b/0x500 [ 1448.980971][ T1478] ? __mutex_lock+0x19e/0xaf0 [ 1448.985653][ T1478] hfs_bmap_reserve+0x103/0x420 [ 1448.990511][ T1478] __hfs_ext_write_extent+0x1fa/0x470 [ 1448.995889][ T1478] __hfs_ext_cache_extent+0x6b/0x9b0 [ 1449.001194][ T1478] ? hfs_find_init+0x15b/0x1d0 [ 1449.005963][ T1478] hfs_extend_file+0x313/0x1280 [ 1449.010907][ T1478] ? filemap_get_folios+0xe6/0x750 [ 1449.016035][ T1478] ? hfs_get_block+0xbd0/0xbd0 [ 1449.020800][ T1478] ? filemap_get_folios+0xe6/0x750 [ 1449.025917][ T1478] ? find_lock_entries+0xb90/0xb90 [ 1449.031033][ T1478] ? clean_bdev_aliases+0x649/0x730 [ 1449.036236][ T1478] hfs_get_block+0x3d4/0xbd0 [ 1449.040831][ T1478] ? hfs_free_extents+0x430/0x430 [ 1449.045864][ T1478] ? do_raw_spin_unlock+0x11d/0x230 [ 1449.051070][ T1478] ? create_page_buffers+0x24f/0x4a0 [ 1449.056361][ T1478] __block_write_begin_int+0x54b/0x1a70 [ 1449.061944][ T1478] ? filemap_add_folio+0x188/0x3c0 [ 1449.067060][ T1478] ? xas_load+0x127/0x140 [ 1449.071399][ T1478] ? hfs_free_extents+0x430/0x430 [ 1449.076426][ T1478] ? page_zero_new_buffers+0x650/0x650 [ 1449.081892][ T1478] ? PageHeadHuge+0x8f/0x1c0 [ 1449.086492][ T1478] ? hfs_free_extents+0x430/0x430 [ 1449.091519][ T1478] block_write_begin+0x96/0x1e0 [ 1449.096394][ T1478] ? hfs_free_extents+0x430/0x430 [ 1449.101447][ T1478] cont_write_begin+0x5c4/0x7d0 [ 1449.106409][ T1478] ? generic_cont_expand_simple+0x1f0/0x1f0 [ 1449.112329][ T1478] ? __block_commit_write+0x2d4/0x400 [ 1449.117712][ T1478] ? put_page+0xea/0x270 [ 1449.121968][ T1478] hfs_write_begin+0x87/0xd0 [ 1449.126571][ T1478] ? hfs_free_extents+0x430/0x430 [ 1449.131605][ T1478] cont_write_begin+0x2a9/0x7d0 [ 1449.136466][ T1478] ? generic_cont_expand_simple+0x1f0/0x1f0 [ 1449.142368][ T1478] ? __lock_acquire+0x7c50/0x7c50 [ 1449.147403][ T1478] ? truncate_inode_pages_range+0x34d/0xff0 [ 1449.153313][ T1478] hfs_write_begin+0x87/0xd0 [ 1449.157907][ T1478] ? hfs_free_extents+0x430/0x430 [ 1449.162946][ T1478] hfs_file_truncate+0x18d/0x9b0 [ 1449.167929][ T1478] ? unmap_mapping_range+0x91/0x100 [ 1449.173152][ T1478] ? __up_read+0x27c/0x660 [ 1449.177670][ T1478] ? hfs_extend_file+0x1280/0x1280 [ 1449.182805][ T1478] ? preempt_count_add+0x8d/0x190 [ 1449.187839][ T1478] ? unmap_mapping_range+0x91/0x100 [ 1449.193054][ T1478] hfs_inode_setattr+0x4ab/0x6f0 [ 1449.198009][ T1478] ? security_inode_setattr+0xd8/0x140 [ 1449.203472][ T1478] ? try_break_deleg+0x79/0x120 [ 1449.208329][ T1478] ? hfs_evict_inode+0x100/0x100 [ 1449.213275][ T1478] notify_change+0xc74/0xf40 [ 1449.217876][ T1478] do_truncate+0x197/0x220 [ 1449.222380][ T1478] ? put_page_bootmem+0x2c0/0x2c0 [ 1449.227423][ T1478] ? bpf_lsm_path_truncate+0x5/0x10 [ 1449.232625][ T1478] vfs_truncate+0x262/0x2f0 [ 1449.237135][ T1478] do_sys_truncate+0xdc/0x190 [ 1449.241816][ T1478] ? break_lease+0xd0/0xd0 [ 1449.246239][ T1478] ? lockdep_hardirqs_on+0x94/0x140 [ 1449.251444][ T1478] do_syscall_64+0x4c/0xa0 [ 1449.255865][ T1478] ? clear_bhb_loop+0x60/0xb0 [ 1449.260562][ T1478] ? clear_bhb_loop+0x60/0xb0 [ 1449.265238][ T1478] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1449.271139][ T1478] RIP: 0033:0x7fb09a38ebe9 [ 1449.275554][ T1478] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1449.295165][ T1478] RSP: 002b:00007fb09b2db038 EFLAGS: 00000246 ORIG_RAX: 000000000000004c [ 1449.303584][ T1478] RAX: ffffffffffffffda RBX: 00007fb09a5c5fa0 RCX: 00007fb09a38ebe9 [ 1449.311560][ T1478] RDX: 0000000000000000 RSI: 00000000001fefff RDI: 0000200000000280 [ 1449.319531][ T1478] RBP: 00007fb09a411e19 R08: 0000000000000000 R09: 0000000000000000 [ 1449.327501][ T1478] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1449.335471][ T1478] R13: 00007fb09a5c6038 R14: 00007fb09a5c5fa0 R15: 00007ffcc62d39d8 [ 1449.343448][ T1478] [ 1449.354136][ T1456] EXT4-fs (loop1): Remounting filesystem read-only [ 1449.377659][ T1456] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 1449.480553][T30268] EXT4-fs (loop1): unmounting filesystem. [ 1449.495111][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.495111][ T40] loop9: rw=1, sector=417, nr_sectors = 1 limit=64 [ 1449.516846][ T40] Buffer I/O error on dev loop9, logical block 417, lost async page write [ 1449.527415][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.527415][ T40] loop9: rw=1, sector=420, nr_sectors = 1 limit=64 [ 1449.540724][ T40] Buffer I/O error on dev loop9, logical block 420, lost async page write [ 1449.552067][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.552067][ T40] loop9: rw=1, sector=421, nr_sectors = 1 limit=64 [ 1449.566554][ T40] Buffer I/O error on dev loop9, logical block 421, lost async page write [ 1449.588148][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.588148][ T40] loop9: rw=1, sector=422, nr_sectors = 1 limit=64 [ 1449.612906][ T40] Buffer I/O error on dev loop9, logical block 422, lost async page write [ 1449.621563][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.621563][ T40] loop9: rw=1, sector=423, nr_sectors = 1 limit=64 [ 1449.635269][ T40] Buffer I/O error on dev loop9, logical block 423, lost async page write [ 1449.644040][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.644040][ T40] loop9: rw=1, sector=424, nr_sectors = 1 limit=64 [ 1449.657350][ T40] Buffer I/O error on dev loop9, logical block 424, lost async page write [ 1449.666092][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.666092][ T40] loop9: rw=1, sector=425, nr_sectors = 1 limit=64 [ 1449.680493][ T40] Buffer I/O error on dev loop9, logical block 425, lost async page write [ 1449.689457][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.689457][ T40] loop9: rw=1, sector=426, nr_sectors = 1 limit=64 [ 1449.707400][ T40] Buffer I/O error on dev loop9, logical block 426, lost async page write [ 1449.716006][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.716006][ T40] loop9: rw=1, sector=427, nr_sectors = 8 limit=64 [ 1449.731316][ T40] kworker/u4:2: attempt to access beyond end of device [ 1449.731316][ T40] loop9: rw=1, sector=435, nr_sectors = 1 limit=64 [ 1449.744746][ T40] Buffer I/O error on dev loop9, logical block 435, lost async page write [ 1449.754856][ T40] Buffer I/O error on dev loop9, logical block 436, lost async page write [ 1453.223028][T25420] Bluetooth: hci0: command 0x0406 tx timeout [ 1453.229120][T25420] Bluetooth: hci3: command 0x0406 tx timeout [ 1453.232509][T25250] Bluetooth: hci1: command 0x0406 tx timeout