last executing test programs: 1.492686313s ago: executing program 0 (id=13231): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000040)={0x0, 0xffffffffffffff8a, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000010008104687da3aa7143a0b8c81d080b25000000e8fe55a11800150006001425000000120800030043000040a8002b000a00014006046109d67f6f94007134cf6ee0a000a0e408e8d8ef52a9d7c7c0b7a196e6f66112c88a2ddddbbb219c6c09136dd481c4a918d1bcf0f938baa5d060a517898516277ce06bbace80177ccbec4c2ee5a7cef4260027836b0d17a58af5d6d93424841f468430dfe1d9d322fe7c0aaa16b8ddc64193071e9f8775730d16a4683f785025ccc89e00360db70100000040fad95667e006dcabced7ad654fac9609f4fb", 0xd8}], 0x1}, 0x4004) 1.467381566s ago: executing program 3 (id=13232): r0 = request_key(&(0x7f0000000000)='keyring\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)='binder\x00', 0xfffffffffffffffc) keyctl$set_timeout(0xf, r0, 0x1) 1.336462119s ago: executing program 3 (id=13234): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x550, 0x40, 0x1000, 0x0, 0x20, 0x0, {0x0, 0x9416}, {0x350, 0xfffffffd}, {0xf4ef}, {0x0, 0x0, 0xffe}, 0x1, 0x100, 0x0, 0xd614, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0x0, 0xb}) 1.266969646s ago: executing program 0 (id=13236): r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x8, 0x0) preadv(r0, &(0x7f00000003c0)=[{&(0x7f0000000140)=""/119, 0x77}], 0x1, 0x7, 0x0) 1.092455342s ago: executing program 2 (id=13239): syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x1, &(0x7f00000000c0)={[{@errors_remount}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb") mount$afs(&(0x7f00000000c0)=ANY=[@ANYBLOB='#'], &(0x7f000009df40)='.\x00', &(0x7f000009df80), 0x14000, &(0x7f000009dfc0)={[{@dyn}]}) 1.055878247s ago: executing program 0 (id=13240): r0 = socket(0x22, 0x2, 0x2) bind$bt_hci(r0, &(0x7f0000000180)={0x22, 0x4, 0x3}, 0x6) 985.836673ms ago: executing program 1 (id=13241): symlink(&(0x7f0000000000)='.\x00', &(0x7f0000000040)='./file0\x00') openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0/file0/..\x00', &(0x7f0000000300)={0x0, 0x0, 0x10}, 0x18) 851.085947ms ago: executing program 3 (id=13242): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x2a500}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_MLD_VERSION={0x5, 0x2c, 0x2}, @IFLA_BR_AGEING_TIME={0x8, 0x4, 0x80000000}]}}}]}, 0x44}}, 0x0) 844.390277ms ago: executing program 0 (id=13243): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000dc0)=@newsa={0xf0, 0x10, 0x1, 0x0, 0x0, {{@in6=@private1, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x30, 0x33}, {@in=@empty, 0x0, 0x32}, @in6=@private1, {0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0x7}, {}, 0x0, 0x0, 0x2, 0x0, 0x0, 0xcd}}, 0xf0}, 0x1, 0x0, 0x0, 0x4014840}, 0x0) 834.882838ms ago: executing program 1 (id=13244): r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000000)={0x14, 0x1, 0x1, "a90037e7f30f000080df4832c305f70000000000004840080000000000008300", 0x50313459}) 794.837502ms ago: executing program 2 (id=13245): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000540)=@newtaction={0x68, 0x30, 0x9, 0x0, 0x25dfdbff, {}, [{0x54, 0x1, [@m_bpf={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS={0xc, 0x5, [{}]}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x0, 0x80000000, 0xffffffffffffffff}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 665.466784ms ago: executing program 0 (id=13246): r0 = socket(0x40000000015, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2715, &(0x7f0000000580)=""/102393, &(0x7f0000000400)=0x18ff9) 636.191308ms ago: executing program 1 (id=13247): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="020e"], 0xfe0f}}, 0x40000) 600.832131ms ago: executing program 3 (id=13248): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000006c0)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) fcntl$lock(r0, 0x24, &(0x7f00000000c0)={0x1, 0x0, 0x15c3, 0xffffffffffffffee}) 522.118738ms ago: executing program 2 (id=13249): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000000)={'erspan0\x00', &(0x7f0000005a80)=@ethtool_eeprom={0xb, 0x1000, 0xceca}}) 480.474343ms ago: executing program 0 (id=13250): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000036571a20cd0c8000fe67010203010902120001000000000904"], 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000000c0)={0x34, &(0x7f0000000340)={0x40, 0x15, 0x8, "5e57f93aeb9a4780"}, 0x0, 0x0, 0x0, 0x0, 0x0}) 454.613945ms ago: executing program 3 (id=13251): capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x0, 0x2}) clock_settime(0x0, &(0x7f0000000000)={0x77359400}) 400.249661ms ago: executing program 1 (id=13252): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_TREAD_OLD(r0, 0x40045402, &(0x7f0000000040)=0x1) 322.011418ms ago: executing program 2 (id=13253): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)={0x2c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}, @NFQA_CFG_MASK={0x8, 0x4, 0x1, 0x0, 0x20}, @NFQA_CFG_FLAGS={0x8, 0x5, 0x1, 0x0, 0x9}]}, 0x2c}}, 0x0) 297.83152ms ago: executing program 3 (id=13254): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@quota}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ") chown(&(0x7f0000000200)='./file0\x00', 0x0, 0x0) 169.881603ms ago: executing program 1 (id=13255): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x4, 0x1}, 0xe) 165.737314ms ago: executing program 2 (id=13256): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000700)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000180100002020642500000000202020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000004c0)={r0, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000240)="d2ff03076003008cb89e08f086dd", 0x0, 0xd5b1, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 90.058901ms ago: executing program 1 (id=13257): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, 0x5, r0}, 0x38) 0s ago: executing program 2 (id=13258): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'lo\x00'}) syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) kernel console output (not intermixed with test programs): erial bus timeout: status=0x00 [ 1252.023004][ T6144] gspca_stk1135: Sensor read failed [ 1252.031662][ T6144] gspca_stk1135: serial bus timeout: status=0x00 [ 1252.056822][ T6144] gspca_stk1135: Sensor read failed [ 1252.067607][ T6144] gspca_stk1135: Detected sensor type unknown (0x0) [ 1252.083749][ T6144] gspca_stk1135: serial bus timeout: status=0x00 [ 1252.099489][ T6144] gspca_stk1135: Sensor read failed [ 1252.119529][ T6144] gspca_stk1135: serial bus timeout: status=0x00 [ 1252.139153][ T6144] gspca_stk1135: Sensor read failed [ 1252.163546][ T6144] gspca_stk1135: serial bus timeout: status=0x00 [ 1252.176354][ T6144] gspca_stk1135: Sensor write failed [ 1252.199737][ T6144] gspca_stk1135: serial bus timeout: status=0x00 [ 1252.217238][ T6144] gspca_stk1135: Sensor write failed [ 1252.226760][ T6144] stk1135: probe of 3-1:0.0 failed with error -71 [ 1252.260472][T30571] loop1: detected capacity change from 0 to 256 [ 1252.269961][ T6144] usb 3-1: USB disconnect, device number 76 [ 1252.353842][T30571] FAT-fs (loop1): Directory bread(block 64) failed [ 1252.373820][T30571] FAT-fs (loop1): Directory bread(block 65) failed [ 1252.392495][T30571] FAT-fs (loop1): Directory bread(block 66) failed [ 1252.422070][T30571] FAT-fs (loop1): Directory bread(block 67) failed [ 1252.428744][T30571] FAT-fs (loop1): Directory bread(block 68) failed [ 1252.467150][T30571] FAT-fs (loop1): Directory bread(block 69) failed [ 1252.474646][T30571] FAT-fs (loop1): Directory bread(block 70) failed [ 1252.481289][T30571] FAT-fs (loop1): Directory bread(block 71) failed [ 1252.496122][T30571] FAT-fs (loop1): Directory bread(block 72) failed [ 1252.502692][T30571] FAT-fs (loop1): Directory bread(block 73) failed [ 1252.647057][T30582] loop0: detected capacity change from 0 to 1024 [ 1252.677533][T30582] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1252.752219][T30582] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1252.792281][T30582] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 1252.850017][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1253.104846][T30598] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11052'. [ 1253.207749][T30601] netlink: 'syz.2.11054': attribute type 10 has an invalid length. [ 1253.232676][T30601] netlink: 40 bytes leftover after parsing attributes in process `syz.2.11054'. [ 1253.274312][T30601] bridge0: port 3(dummy0) entered blocking state [ 1253.290792][T30601] bridge0: port 3(dummy0) entered disabled state [ 1253.312212][T30601] dummy0: entered allmulticast mode [ 1253.319678][T30601] dummy0: entered promiscuous mode [ 1253.337479][T30601] bridge0: port 3(dummy0) entered blocking state [ 1253.344647][T30601] bridge0: port 3(dummy0) entered forwarding state [ 1253.457485][T30610] loop3: detected capacity change from 0 to 256 [ 1253.464718][T30610] exfat: Deprecated parameter 'namecase' [ 1253.480681][T30610] exfat: Deprecated parameter 'namecase' [ 1253.533878][T30610] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 1255.050197][T30661] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11082'. [ 1255.148160][T30642] loop0: detected capacity change from 0 to 32768 [ 1255.219602][T30642] XFS (loop0): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 1255.563004][T30642] XFS (loop0): Starting recovery (logdev: internal) [ 1255.657371][T30642] XFS (loop0): Ending recovery (logdev: internal) [ 1255.942600][T30694] loop1: detected capacity change from 0 to 256 [ 1255.956884][ T6568] XFS (loop0): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4 [ 1255.963898][T30689] loop3: detected capacity change from 0 to 4096 [ 1256.037113][T30689] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1256.052801][T30689] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1256.105658][T30689] ntfs: volume version 3.1. [ 1256.119843][T30697] netlink: 'syz.2.11097': attribute type 5 has an invalid length. [ 1256.154631][T30689] __ntfs_error: 5 callbacks suppressed [ 1256.154650][T30689] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1256.249015][T30689] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1256.313177][T30689] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1256.369283][T30689] ntfs: (device loop3): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute name is placed after the attribute value. [ 1256.397628][T30689] ntfs: (device loop3): ntfs_read_locked_index_inode(): Failed with error code -5 while reading index inode (mft_no 0x18, name_len 2. [ 1256.455837][T30689] ntfs: (device loop3): load_and_init_quota(): Failed to load $Quota/$Q index. [ 1256.501988][T30689] ntfs: (device loop3): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 1256.711485][T30689] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1256.761494][T30689] ntfs: (device loop3): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 1256.856815][T30711] netlink: 64 bytes leftover after parsing attributes in process `syz.2.11103'. [ 1257.248335][T30721] xt_policy: too many policy elements [ 1258.170570][T30760] netlink: 'syz.0.11126': attribute type 1 has an invalid length. [ 1258.772896][T30781] loop3: detected capacity change from 0 to 1764 [ 1258.866856][T30781] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1259.139367][T30794] loop0: detected capacity change from 0 to 22 [ 1259.164184][T30794] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 1259.188890][T30794] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 1259.483876][T30801] loop1: detected capacity change from 0 to 256 [ 1259.546900][T30801] FAT-fs (loop1): Directory bread(block 64) failed [ 1259.558870][T30802] loop3: detected capacity change from 0 to 64 [ 1259.569369][T30801] FAT-fs (loop1): Directory bread(block 65) failed [ 1259.597574][T30801] FAT-fs (loop1): Directory bread(block 66) failed [ 1259.629112][T30801] FAT-fs (loop1): Directory bread(block 67) failed [ 1259.635814][T30801] FAT-fs (loop1): Directory bread(block 68) failed [ 1259.659945][T30801] FAT-fs (loop1): Directory bread(block 69) failed [ 1259.688462][T30801] FAT-fs (loop1): Directory bread(block 70) failed [ 1259.699272][T30802] Bad inode number on dev loop3: 6 is out of range [ 1259.709870][T30801] FAT-fs (loop1): Directory bread(block 71) failed [ 1259.732635][T30801] FAT-fs (loop1): Directory bread(block 72) failed [ 1259.739217][T30801] FAT-fs (loop1): Directory bread(block 73) failed [ 1261.408177][T30865] bridge3: entered promiscuous mode [ 1262.185218][ T27] audit: type=1326 audit(526589.170:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30894 comm="syz.2.11190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1262.278242][ T27] audit: type=1326 audit(526589.170:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30894 comm="syz.2.11190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1262.327582][ T27] audit: type=1326 audit(526589.226:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30894 comm="syz.2.11190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=162 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1262.373142][ T27] audit: type=1326 audit(526589.357:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30894 comm="syz.2.11190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1262.415826][ T27] audit: type=1326 audit(526589.366:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30894 comm="syz.2.11190" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1262.466493][T30898] loop1: detected capacity change from 0 to 4096 [ 1262.542498][T30898] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1262.568642][T30898] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1262.632211][T30898] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1262.684542][T30898] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1262.725134][T30898] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1262.766751][T30898] ntfs: volume version 3.1. [ 1262.907809][T30911] overlayfs: conflicting options: userxattr,redirect_dir=on [ 1262.933207][T30913] loop0: detected capacity change from 0 to 256 [ 1263.032532][T30913] FAT-fs (loop0): Directory bread(block 64) failed [ 1263.043487][T30913] FAT-fs (loop0): Directory bread(block 65) failed [ 1263.075557][T30913] FAT-fs (loop0): Directory bread(block 66) failed [ 1263.088457][T30913] FAT-fs (loop0): Directory bread(block 67) failed [ 1263.121650][T30913] FAT-fs (loop0): Directory bread(block 68) failed [ 1263.128238][T30913] FAT-fs (loop0): Directory bread(block 69) failed [ 1263.157958][T30913] FAT-fs (loop0): Directory bread(block 70) failed [ 1263.179136][T30913] FAT-fs (loop0): Directory bread(block 71) failed [ 1263.203790][T30913] FAT-fs (loop0): Directory bread(block 72) failed [ 1263.221702][T30913] FAT-fs (loop0): Directory bread(block 73) failed [ 1263.633050][T30930] autofs4:pid:30930:autofs_fill_super: called with bogus options [ 1263.645115][T30932] loop1: detected capacity change from 0 to 128 [ 1263.657341][T30932] EXT4-fs: Ignoring removed nobh option [ 1263.716146][T30932] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1263.778683][T30932] EXT4-fs error (device loop1): ext4_validate_inode_bitmap:106: comm syz.1.11209: Corrupt inode bitmap - block_group = 0, inode_bitmap = 19 [ 1263.827149][T30940] netlink: 'syz.0.11210': attribute type 5 has an invalid length. [ 1263.876173][ T6569] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1264.158520][T30944] loop1: detected capacity change from 0 to 2048 [ 1264.238672][T30949] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1264.301719][T30944] NILFS error (device loop1): nilfs_lookup: deleted inode referenced: 12 [ 1264.351066][T30944] Remounting filesystem read-only [ 1264.961582][T30976] netlink: 88 bytes leftover after parsing attributes in process `syz.0.11228'. [ 1265.049685][T30979] netlink: 76 bytes leftover after parsing attributes in process `syz.2.11230'. [ 1265.096225][T30982] loop0: detected capacity change from 0 to 164 [ 1265.259664][T30986] netlink: 'syz.2.11233': attribute type 3 has an invalid length. [ 1265.345231][ T6505] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 1265.457760][T30991] netlink: 36 bytes leftover after parsing attributes in process `syz.3.11235'. [ 1265.483672][T30991] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11235'. [ 1265.570511][ T6505] usb 2-1: Using ep0 maxpacket: 16 [ 1265.599739][ T6505] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1265.641507][ T6505] usb 2-1: config 0 has no interface number 0 [ 1265.682830][ T6505] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 1265.699297][ T6505] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1265.722253][T31000] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (5), value rounded to 5 ms [ 1265.737063][ T6505] usb 2-1: Product: syz [ 1265.741507][ T6505] usb 2-1: Manufacturer: syz [ 1265.746128][ T6505] usb 2-1: SerialNumber: syz [ 1265.751597][T31000] (unnamed net_device) (uninitialized): option use_carrier: invalid value (6) [ 1265.776485][ T6505] usb 2-1: config 0 descriptor?? [ 1265.908671][T31008] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11243'. [ 1266.000242][ T6505] usb 2-1: selecting invalid altsetting 1 [ 1266.006295][ T6505] speedtch 2-1:0.1: speedtch_bind: setting interface to 1 failed (-22)! [ 1266.040546][ T6505] speedtch 2-1:0.1: usbatm_usb_probe: bind failed: -22! [ 1266.048782][ T6505] speedtch: probe of 2-1:0.1 failed with error -22 [ 1266.083178][ T6505] usb 2-1: USB disconnect, device number 86 [ 1266.288065][T31021] netlink: 'syz.0.11250': attribute type 3 has an invalid length. [ 1267.196255][T31030] loop3: detected capacity change from 0 to 32768 [ 1267.210442][T31030] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop3 scanned by syz.3.11253 (31030) [ 1267.226728][ T6505] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 1267.261020][T31030] BTRFS info (device loop3): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1267.288004][T31030] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 1267.298240][T31030] BTRFS info (device loop3): force zlib compression, level 3 [ 1267.307930][T31030] BTRFS info (device loop3): force clearing of disk cache [ 1267.324016][T31030] BTRFS info (device loop3): setting nodatasum [ 1267.332765][T31030] BTRFS info (device loop3): use zlib compression, level 3 [ 1267.376470][T31030] BTRFS info (device loop3): allowing degraded mounts [ 1267.388971][T31030] BTRFS info (device loop3): enabling disk space caching [ 1267.406907][T31030] BTRFS info (device loop3): disk space caching is enabled [ 1267.429862][ T6505] usb 2-1: Using ep0 maxpacket: 16 [ 1267.448997][ T6505] usb 2-1: New USB device found, idVendor=06b9, idProduct=4061, bcdDevice= 1.88 [ 1267.480211][ T6505] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1267.518540][ T6505] usb 2-1: Product: syz [ 1267.522756][ T6505] usb 2-1: Manufacturer: syz [ 1267.557213][T31030] BTRFS info (device loop3): enabling ssd optimizations [ 1267.576322][ T6505] usb 2-1: SerialNumber: syz [ 1267.588539][T31030] BTRFS info (device loop3): auto enabling async discard [ 1267.600280][ T6505] usb 2-1: config 0 descriptor?? [ 1267.649543][T31030] BTRFS info (device loop3): rebuilding free space tree [ 1267.701815][T31030] BTRFS info (device loop3): disabling free space tree [ 1267.721000][T31030] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1267.738350][T31030] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1267.871870][ T6505] speedtch 2-1:0.0: speedtch_bind: data interface not found! [ 1267.903329][ T6505] speedtch 2-1:0.0: usbatm_usb_probe: bind failed: -19! [ 1267.922751][T31030] BTRFS info (device loop3): balance: start -f -susage=49..0,drange=9..0,limit=8,stripes=0..253 [ 1267.935480][ T6144] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 1267.963167][T31030] BTRFS info (device loop3): balance: ended with status: 0 [ 1268.089714][ T6554] usb 2-1: USB disconnect, device number 87 [ 1268.122246][ T6576] BTRFS info (device loop3): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1268.156472][ T6144] usb 1-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55 [ 1268.170565][ T6144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1268.192682][ T6144] usb 1-1: Product: syz [ 1268.196956][ T6144] usb 1-1: Manufacturer: syz [ 1268.206196][ T6144] usb 1-1: SerialNumber: syz [ 1268.215669][ T6144] usb 1-1: config 0 descriptor?? [ 1268.248122][ T6144] gspca_main: sonixb-2.14.0 probing 0c45:608f [ 1268.538478][T31089] netlink: 28 bytes leftover after parsing attributes in process `syz.3.11275'. [ 1268.756867][ T6554] usb 1-1: USB disconnect, device number 71 [ 1269.014895][T31105] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11281'. [ 1269.416907][T31121] loop3: detected capacity change from 0 to 8 [ 1269.444445][T31124] netlink: 'syz.1.11292': attribute type 8 has an invalid length. [ 1269.449390][T31121] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1269.470450][ T5775] udevd[5775]: incorrect cramfs checksum on /dev/loop3 [ 1269.487119][T31124] bridge3: entered promiscuous mode [ 1269.499380][T31121] cramfs: bad data blocksize 4293972856 [ 1269.501477][T31126] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1269.531813][T31121] cramfs: bad data blocksize 4293972856 [ 1269.572477][ T5775] udevd[5775]: incorrect cramfs checksum on /dev/loop3 [ 1269.611169][T31128] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11293'. [ 1269.659431][T31128] veth2: entered promiscuous mode [ 1269.717642][T31128] veth2: entered allmulticast mode [ 1270.045191][T31142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11300'. [ 1270.094812][T31142] netlink: 32 bytes leftover after parsing attributes in process `syz.1.11300'. [ 1270.403403][T31158] mmap: syz.2.11308 (31158): VmData 175878144 exceed data ulimit 10. Update limits or use boot option ignore_rlimit_data. [ 1270.579894][T31167] __nla_validate_parse: 3 callbacks suppressed [ 1270.579909][T31167] netlink: 44 bytes leftover after parsing attributes in process `syz.2.11313'. [ 1271.140090][T31192] loop1: detected capacity change from 0 to 256 [ 1271.335295][T31198] netlink: 'syz.3.11327': attribute type 2 has an invalid length. [ 1271.434905][T31200] tmpfs: Bad value for 'mpol' [ 1271.705298][T31211] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11334'. [ 1271.739178][T31213] loop3: detected capacity change from 0 to 1024 [ 1272.023407][T31223] loop0: detected capacity change from 0 to 1024 [ 1272.042513][T31223] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1272.116277][T31223] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1272.515696][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1272.752355][T31248] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11350'. [ 1272.776060][T31246] loop0: detected capacity change from 0 to 4096 [ 1272.784122][T31246] __ntfs_warning: 11 callbacks suppressed [ 1272.784138][T31246] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1272.878528][T31246] ntfs: (device loop0): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 1272.921807][T31246] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1272.933869][T31246] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 1272.947457][T31246] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1273.004299][T31246] ntfs: volume version 3.1. [ 1273.041784][T31246] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index buffer (VCN 0x0) of directory inode 0x5 has a size (24) differing from the directory specified size (4096). Directory inode is corrupt or driver bug. [ 1273.085153][T31246] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1273.111522][T31246] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1273.172432][T31246] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index buffer (VCN 0x0) of directory inode 0x5 has a size (24) differing from the directory specified size (4096). Directory inode is corrupt or driver bug. [ 1273.213714][T31246] ntfs: (device loop0): ntfs_lookup(): ntfs_lookup_ino_by_name() failed with error code 5. [ 1273.832447][T31288] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11369'. [ 1274.058015][ T6554] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1274.247639][T31300] loop1: detected capacity change from 0 to 1764 [ 1274.266825][ T6554] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1274.277359][ T6554] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1274.309309][ T6554] usb 3-1: config 0 descriptor?? [ 1274.436677][T31305] netlink: 'syz.3.11378': attribute type 39 has an invalid length. [ 1274.446833][T31305] veth0_macvtap: left allmulticast mode [ 1274.452826][T31305] veth0_macvtap: left promiscuous mode [ 1274.600243][T31294] loop0: detected capacity change from 0 to 32768 [ 1274.632040][T31294] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 1274.679866][T31294] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1274.762846][ T6554] usb 3-1: Cannot set MAC address [ 1274.770915][T31294] (syz.0.11371,31294,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 1274.792000][ T6554] MOSCHIP usb-ethernet driver: probe of 3-1:0.0 failed with error -71 [ 1274.793856][T31315] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 1274.808290][T31315] [U] J"—e:ÀÆ" [ 1274.816552][T31294] (syz.0.11371,31294,0):ocfs2_xattr_block_find:2831 ERROR: status = -12 [ 1274.852197][ T6554] usb 3-1: USB disconnect, device number 77 [ 1274.887345][T31318] binder: 31317:31318 unknown command 0 [ 1274.905287][T31318] binder: 31317:31318 ioctl c0306201 200000000480 returned -22 [ 1274.949937][ T6568] ocfs2: Unmounting device (7,0) on (node local) [ 1274.974640][T31320] sctp: [Deprecated]: syz.3.11384 (pid 31320) Use of int in max_burst socket option. [ 1274.974640][T31320] Use struct sctp_assoc_value instead [ 1275.356125][T31332] loop1: detected capacity change from 0 to 256 [ 1275.417112][T31332] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x07bb551f, utbl_chksum : 0xe619d30d) [ 1275.554662][T31341] netlink: 'syz.2.11394': attribute type 3 has an invalid length. [ 1275.686099][ T6554] usb 1-1: new full-speed USB device number 72 using dummy_hcd [ 1275.891174][T31353] ieee802154 phy0 wpan0: encryption failed: -22 [ 1275.901784][ T6554] usb 1-1: config index 0 descriptor too short (expected 69, got 36) [ 1275.918247][ T6554] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1275.947860][ T6554] usb 1-1: New USB device found, idVendor=093a, idProduct=2622, bcdDevice=b7.89 [ 1275.966749][ T6554] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1275.998640][ T6554] usb 1-1: Product: syz [ 1276.002868][ T6554] usb 1-1: Manufacturer: syz [ 1276.039347][ T6554] usb 1-1: SerialNumber: syz [ 1276.054683][ T6554] usb 1-1: config 0 descriptor?? [ 1276.075235][ T6554] gspca_main: gspca_pac7302-2.14.0 probing 093a:2622 [ 1276.513797][ T6554] gspca_pac7302: reg_w() failed i: 78 v: 00 error -71 [ 1276.534831][ T6554] gspca_pac7302: probe of 1-1:0.0 failed with error -71 [ 1276.570509][ T6554] usb 1-1: USB disconnect, device number 72 [ 1276.752176][ T6796] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1276.781986][T31381] netlink: 129384 bytes leftover after parsing attributes in process `syz.3.11414'. [ 1276.949820][ T6796] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1276.960863][ T6796] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1276.967453][T31389] trusted_key: encrypted_key: hex blob is missing [ 1276.986854][ T6796] usb 2-1: Product: syz [ 1276.994438][ T6796] usb 2-1: Manufacturer: syz [ 1277.001597][ T6796] usb 2-1: SerialNumber: syz [ 1277.012066][ T6796] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1277.048288][T21888] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1277.379194][T31371] random: crng reseeded on system resumption [ 1277.846503][T31415] netlink: 'syz.0.11431': attribute type 32 has an invalid length. [ 1278.062244][T31419] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11432'. [ 1278.142123][ T6554] usb 2-1: USB disconnect, device number 88 [ 1278.227637][T21888] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 1278.245813][T21888] ath9k_htc: Failed to initialize the device [ 1278.271308][ T6554] usb 2-1: ath9k_htc: USB layer deinitialized [ 1278.324896][T31427] ipt_rpfilter: unknown options [ 1278.591846][T31436] xt_recent: hitcount (4294967293) is larger than allowed maximum (255) [ 1278.932458][T31445] netlink: 52 bytes leftover after parsing attributes in process `syz.1.11445'. [ 1279.321287][T31461] netlink: 9 bytes leftover after parsing attributes in process `syz.1.11453'. [ 1279.557643][T31472] --map-set only usable from mangle table [ 1280.228892][T31500] netlink: 'syz.0.11472': attribute type 7 has an invalid length. [ 1280.270069][T31500] netlink: 'syz.0.11472': attribute type 8 has an invalid length. [ 1280.277355][T31502] netlink: 'syz.2.11473': attribute type 1 has an invalid length. [ 1280.457598][T31506] loop3: detected capacity change from 0 to 4096 [ 1280.487209][T31506] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 1281.235147][T31539] loop0: detected capacity change from 0 to 512 [ 1281.282749][T31539] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 1281.306310][T31539] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -2 [ 1281.317860][T31539] EXT4-fs (loop0): 1 truncate cleaned up [ 1281.324753][T31539] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1281.371153][T31539] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1281.723175][T31554] netlink: 20 bytes leftover after parsing attributes in process `syz.0.11497'. [ 1281.755234][T31554] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1281.762492][T31554] IPv6: NLM_F_CREATE should be set when creating new route [ 1281.769865][T31554] IPv6: NLM_F_CREATE should be set when creating new route [ 1281.873188][T31559] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1282.054305][T31538] loop3: detected capacity change from 0 to 32768 [ 1282.087798][T31538] (syz.3.11488,31538,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1282.133434][T31538] (syz.3.11488,31538,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1282.230533][T31538] JBD2: Ignoring recovery information on journal [ 1282.400646][T31538] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1282.708422][T31580] [U]  [ 1282.754204][ T6576] ocfs2: Unmounting device (7,3) on (node local) [ 1283.193007][T31574] loop1: detected capacity change from 0 to 32768 [ 1283.294177][T31574] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1283.552597][ T27] kauditd_printk_skb: 9 callbacks suppressed [ 1283.552611][ T27] audit: type=1326 audit(526609.178:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1283.612701][T31574] XFS (loop1): Ending clean mount [ 1283.668837][ T27] audit: type=1326 audit(526609.178:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1283.732740][T31574] XFS: no-recovery mounts must be read-only. [ 1283.739073][ T27] audit: type=1326 audit(526609.178:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1283.816868][ T27] audit: type=1326 audit(526609.197:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1283.839197][ C0] vkms_vblank_simulate: vblank timer overrun [ 1283.846508][ T27] audit: type=1326 audit(526609.197:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1283.873125][ T27] audit: type=1326 audit(526609.197:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1283.889346][ T6569] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1283.895115][ C0] vkms_vblank_simulate: vblank timer overrun [ 1283.952206][ T27] audit: type=1326 audit(526609.197:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1284.029184][ T27] audit: type=1326 audit(526609.197:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1284.146039][ T27] audit: type=1326 audit(526609.197:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31602 comm="syz.0.11516" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1284.793901][T31639] netlink: 'syz.2.11533': attribute type 7 has an invalid length. [ 1284.808180][T31639] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11533'. [ 1284.815301][T31641] loop1: detected capacity change from 0 to 1764 [ 1284.833175][T31639] netlink: 4 bytes leftover after parsing attributes in process `syz.2.11533'. [ 1284.865449][T31641] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1285.142742][T31650] loop1: detected capacity change from 0 to 1024 [ 1285.371115][T31662] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1285.571652][T31667] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 1285.996040][T31656] loop3: detected capacity change from 0 to 32768 [ 1286.104019][T31656] ea_get: invalid extended attribute [ 1286.127855][T31656] ffff8880589ae8f0: 04 00 00 00 .... [ 1286.421328][T31696] QAT: failed to copy from user cfg_data. [ 1286.593507][T31701] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1286.624401][T31701] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1286.843737][T31712] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11568'. [ 1286.871006][T31713] cgroup: release_agent respecified [ 1287.074079][ T27] audit: type=1326 audit(526612.461:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=31720 comm="syz.2.11571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1287.708553][T31750] loop0: detected capacity change from 0 to 256 [ 1287.819030][T31750] FAT-fs (loop0): Directory bread(block 64) failed [ 1287.846704][T31750] FAT-fs (loop0): Directory bread(block 65) failed [ 1287.859761][T31756] delete_channel: no stack [ 1287.861937][T31750] FAT-fs (loop0): Directory bread(block 66) failed [ 1287.884512][T31750] FAT-fs (loop0): Directory bread(block 67) failed [ 1287.913722][T31750] FAT-fs (loop0): Directory bread(block 68) failed [ 1287.935393][T31750] FAT-fs (loop0): Directory bread(block 69) failed [ 1287.946078][T31750] FAT-fs (loop0): Directory bread(block 70) failed [ 1287.952772][T31750] FAT-fs (loop0): Directory bread(block 71) failed [ 1287.961711][T31750] FAT-fs (loop0): Directory bread(block 72) failed [ 1287.968894][T31750] FAT-fs (loop0): Directory bread(block 73) failed [ 1288.030593][ T6796] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1288.255557][ T6796] usb 3-1: Using ep0 maxpacket: 8 [ 1288.276910][ T6796] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1288.322160][ T6796] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1288.341561][T31771] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11599'. [ 1288.364830][ T6796] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1288.393933][ T6796] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1288.414784][ T6796] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1288.447564][ T6796] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1288.456744][ T6796] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1288.488472][ T6796] usb 3-1: config 0 descriptor?? [ 1288.499247][T31753] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1288.547124][T31779] ax25_connect(): syz.0.11602 uses autobind, please contact jreuter@yaina.de [ 1288.691186][T31785] misc userio: Invalid payload size [ 1288.991255][T19278] usb 3-1: USB disconnect, device number 78 [ 1288.994027][T28859] Bluetooth: hci4: Opcode 0x0c03 failed: -71 [ 1289.123869][T31801] netlink: 'syz.3.11612': attribute type 2 has an invalid length. [ 1289.124023][T31794] loop1: detected capacity change from 0 to 4096 [ 1289.146863][T31794] __ntfs_error: 4 callbacks suppressed [ 1289.146878][T31794] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1289.170347][T31794] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1289.193406][T31794] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1289.205185][T31794] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1289.232016][T31794] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1289.242843][T31804] loop0: detected capacity change from 0 to 64 [ 1289.287390][T31794] ntfs: volume version 3.1. [ 1289.295396][T31794] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1289.313969][T31794] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1289.348430][T31794] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1289.391867][T31794] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1289.451982][T31794] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1289.954905][ T6554] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1290.028904][T31828] vlan0: entered promiscuous mode [ 1290.076540][T31820] loop1: detected capacity change from 0 to 8192 [ 1290.105478][T31820] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1290.136605][T31820] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 1290.146116][T31820] REISERFS (device loop1): using ordered data mode [ 1290.153234][T31820] reiserfs: using flush barriers [ 1290.167334][ T6554] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1290.168737][T31820] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1290.193444][T31820] REISERFS (device loop1): checking transaction log (loop1) [ 1290.203330][ T6554] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1290.240027][T31820] REISERFS (device loop1): Using rupasov hash to sort names [ 1290.243542][ T6554] usb 4-1: Product: syz [ 1290.262088][ T6554] usb 4-1: Manufacturer: syz [ 1290.276382][ T6554] usb 4-1: SerialNumber: syz [ 1290.308807][ T6554] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1290.356735][ T6144] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1290.425680][T31835] xt_addrtype: input interface limitation not valid in POSTROUTING and OUTPUT [ 1290.729574][T31815] random: crng reseeded on system resumption [ 1291.483853][ T6144] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 1291.491047][ T6144] ath9k_htc: Failed to initialize the device [ 1291.595750][ T6144] usb 4-1: ath9k_htc: USB layer deinitialized [ 1291.628033][ T6796] usb 4-1: USB disconnect, device number 87 [ 1291.674182][T31869] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11646'. [ 1291.722785][T31871] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11647'. [ 1292.031297][T31883] loop0: detected capacity change from 0 to 64 [ 1292.281708][T31891] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11657'. [ 1292.634834][T31899] loop3: detected capacity change from 0 to 8192 [ 1292.661519][T31899] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1292.690922][T31899] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 1292.701847][T31899] REISERFS (device loop3): using ordered data mode [ 1292.708844][T31899] reiserfs: using flush barriers [ 1292.719691][T31899] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1292.796645][T31899] REISERFS (device loop3): checking transaction log (loop3) [ 1292.856788][T31899] REISERFS (device loop3): Using rupasov hash to sort names [ 1292.978088][ T5775] I/O error, dev loop3, sector 8064 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1294.000685][T31943] loop1: detected capacity change from 0 to 4096 [ 1294.129332][T31923] loop0: detected capacity change from 0 to 32768 [ 1294.219330][T31943] ntfs3: loop1: ino=5, "/" directory corrupted [ 1294.229582][T31923] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 1294.244670][T31943] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1294.295961][T31923] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1294.394374][ T1146] (kworker/u4:10,1146,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214 [ 1294.438165][T31923] (syz.0.11671,31923,0):ocfs2_read_blocks:239 ERROR: status = -12 [ 1294.487671][T31923] (syz.0.11671,31923,0):ocfs2_xattr_block_find:2831 ERROR: status = -12 [ 1294.624359][T31942] loop3: detected capacity change from 0 to 32768 [ 1294.634216][ T6568] ocfs2: Unmounting device (7,0) on (node local) [ 1294.819332][T31942] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1295.077587][T31942] XFS (loop3): Ending clean mount [ 1295.108245][ T6144] XFS (loop3): Corruption warning: Metadata has LSN (2:128) ahead of current LSN (1:640). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 1295.163708][ T6144] XFS (loop3): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xd0, xfs_finobt block 0x10 [ 1295.206234][ T6144] XFS (loop3): Unmount and run xfs_repair [ 1295.240459][ T6144] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 1295.268825][ T6144] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 1295.277725][ T6144] 00000010: 00 00 00 00 00 00 00 10 00 00 00 02 00 00 00 80 ................ [ 1295.305102][ T6144] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 1295.305759][T31973] loop1: detected capacity change from 0 to 128 [ 1295.325901][ T6144] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 1295.348400][ T6144] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 1295.364703][ T6144] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1295.377354][T31973] VFS: Found a Xenix FS (block size = 1024) on device loop1 [ 1295.416844][ T6144] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1295.448192][ T6144] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1295.474915][T31942] XFS (loop3): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x10 len 4 error 74 [ 1295.492722][T31942] XFS (loop3): Failed to initialize disk quotas. [ 1295.583678][ T6576] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1295.813031][ T6569] sysv_free_block: flc_count > flc_size [ 1295.824284][ T6569] sysv_free_block: flc_count > flc_size [ 1295.856493][ T6569] sysv_free_block: flc_count > flc_size [ 1295.877467][ T6569] sysv_free_block: flc_count > flc_size [ 1295.889375][ T6569] sysv_free_block: flc_count > flc_size [ 1295.941602][ T6569] sysv_free_block: flc_count > flc_size [ 1295.947202][ T6569] sysv_free_block: flc_count > flc_size [ 1295.973655][ T6569] sysv_free_block: flc_count > flc_size [ 1295.979247][ T6569] sysv_free_block: flc_count > flc_size [ 1296.016651][ T6569] sysv_free_block: flc_count > flc_size [ 1296.024901][ T6569] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 1296.187683][T31983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11695'. [ 1296.225082][T31983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11695'. [ 1296.332010][T31987] netlink: 40 bytes leftover after parsing attributes in process `syz.0.11699'. [ 1296.584347][T31995] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11703'. [ 1297.088435][T32019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11713'. [ 1297.107325][T32019] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11713'. [ 1297.140828][T32019] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11713'. [ 1297.522817][T32005] loop0: detected capacity change from 0 to 32768 [ 1297.572980][T32005] (syz.0.11708,32005,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1297.624658][T32005] (syz.0.11708,32005,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1297.668639][T32005] JBD2: Ignoring recovery information on journal [ 1297.726589][T32040] netlink: 92 bytes leftover after parsing attributes in process `syz.2.11722'. [ 1297.889491][T32005] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1298.056194][ T27] kauditd_printk_skb: 6 callbacks suppressed [ 1298.056209][ T27] audit: type=1326 audit(526622.732:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa274f8efc9 code=0x7ffc0000 [ 1298.106539][ T27] audit: type=1326 audit(526622.732:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa274f8efc9 code=0x7ffc0000 [ 1298.138023][ T27] audit: type=1326 audit(526622.751:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa274f8d810 code=0x7ffc0000 [ 1298.173677][ T27] audit: type=1326 audit(526622.751:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa274f8ebcb code=0x7ffc0000 [ 1298.182980][ T6568] ocfs2: Unmounting device (7,0) on (node local) [ 1298.215195][ T27] audit: type=1326 audit(526622.751:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa274f8ebcb code=0x7ffc0000 [ 1298.311242][ T27] audit: type=1326 audit(526622.751:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa274f8ebcb code=0x7ffc0000 [ 1298.357929][T21888] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 1298.395537][ T27] audit: type=1326 audit(526622.751:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa274f8ebcb code=0x7ffc0000 [ 1298.464867][ T27] audit: type=1326 audit(526623.031:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa274f8ebcb code=0x7ffc0000 [ 1298.527907][ T27] audit: type=1326 audit(526623.031:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa274f8ebcb code=0x7ffc0000 [ 1298.584098][T21888] usb 2-1: Using ep0 maxpacket: 8 [ 1298.604634][T21888] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1298.615072][ T27] audit: type=1326 audit(526623.237:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=32049 comm="syz.1.11726" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fa274f8ebcb code=0x7ffc0000 [ 1298.621260][T21888] usb 2-1: config 9 has an invalid interface number: 5 but max is 0 [ 1298.661429][T21888] usb 2-1: config 9 has no interface number 0 [ 1298.688788][T21888] usb 2-1: config 9 interface 5 has no altsetting 0 [ 1298.712723][T21888] usb 2-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8 [ 1298.734601][T21888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.754896][T21888] usb 2-1: Product: syz [ 1298.763073][T21888] usb 2-1: Manufacturer: syz [ 1298.778143][T21888] usb 2-1: SerialNumber: syz [ 1299.063085][T21888] usb 2-1: USB disconnect, device number 89 [ 1299.173277][T32075] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11738'. [ 1299.366366][T32081] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1299.374740][T32081] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1299.383532][T32063] loop0: detected capacity change from 0 to 32768 [ 1299.465331][T32063] ocfs2: Slot 0 on device (7,0) was already allocated to this node! [ 1299.494783][T32063] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 1299.532999][T32063] (syz.0.11728,32063,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=0, inode=281474976710721, rec_len=32768, name_len=1 [ 1299.552076][T32063] (syz.0.11728,32063,0):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 1299.563214][T32063] (syz.0.11728,32063,0):ocfs2_mknod:298 ERROR: status = -2 [ 1299.605490][T32063] (syz.0.11728,32063,1):ocfs2_mknod:502 ERROR: status = -2 [ 1299.656619][T32089] loop3: detected capacity change from 0 to 512 [ 1299.663935][T32063] (syz.0.11728,32063,0):ocfs2_create:676 ERROR: status = -2 [ 1299.694996][T32089] EXT4-fs: Ignoring removed oldalloc option [ 1299.715479][T32089] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 1299.754559][T32089] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.11745: invalid indirect mapped block 4294967295 (level 0) [ 1299.783865][T32089] EXT4-fs (loop3): Remounting filesystem read-only [ 1299.817169][T32089] EXT4-fs (loop3): 1 orphan inode deleted [ 1299.830395][T32089] EXT4-fs (loop3): 1 truncate cleaned up [ 1299.837441][ T6568] ocfs2: Unmounting device (7,0) on (node local) [ 1299.838040][T32089] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1299.982628][ T6144] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 1300.067357][ T6576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1300.193591][ T6144] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1300.205880][T32103] loop3: detected capacity change from 0 to 64 [ 1300.212562][ T6144] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1300.235335][ T6144] usb 3-1: Product: syz [ 1300.244162][ T6144] usb 3-1: Manufacturer: syz [ 1300.248794][ T6144] usb 3-1: SerialNumber: syz [ 1300.275349][ T6144] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1300.303475][T21888] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1300.309843][ T6669] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1300.517707][T21888] usb 2-1: Using ep0 maxpacket: 16 [ 1300.533959][T21888] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1300.543601][T21888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1300.570637][T21888] usb 2-1: Product: syz [ 1300.574881][T21888] usb 2-1: Manufacturer: syz [ 1300.599155][T21888] usb 2-1: SerialNumber: syz [ 1300.619575][T32091] random: crng reseeded on system resumption [ 1300.619735][T21888] usb 2-1: config 0 descriptor?? [ 1300.663269][T21888] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 1300.911801][T21888] usb 2-1: clie_3_5_startup: get config number bad return length: 0 [ 1300.934257][T21888] visor: probe of 2-1:0.0 failed with error -5 [ 1301.234497][ T6144] usb 3-1: USB disconnect, device number 79 [ 1301.273038][T19278] usb 2-1: USB disconnect, device number 90 [ 1301.437461][T32121] loop3: detected capacity change from 0 to 32768 [ 1301.463718][T32121] (syz.3.11759,32121,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1301.478703][T32121] (syz.3.11759,32121,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 1301.490282][ T6669] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1301.502002][ T6669] ath9k_htc: Failed to initialize the device [ 1301.503564][T32121] (syz.3.11759,32121,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xcfdff595, computed 0xefed4a20. Applying ECC. [ 1301.511523][ T6144] usb 3-1: ath9k_htc: USB layer deinitialized [ 1301.532393][T32126] loop0: detected capacity change from 0 to 8192 [ 1301.548770][T32121] JBD2: Ignoring recovery information on journal [ 1301.594358][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.612016][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.620993][T32121] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1301.621142][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.640177][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.648998][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.658378][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.667342][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.680886][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.691112][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.710513][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.719863][T32126] FAT-fs (loop0): error, fat_bmap_cluster: request beyond EOF (i_pos 1043) [ 1301.803928][ T6576] ocfs2: Unmounting device (7,3) on (node local) [ 1302.020633][T32133] loop0: detected capacity change from 0 to 512 [ 1302.110628][T32133] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1302.166803][T32138] netlink: 'syz.3.11762': attribute type 62 has an invalid length. [ 1302.242648][T32141] netlink: 'syz.1.11767': attribute type 10 has an invalid length. [ 1302.260873][T32133] EXT4-fs error (device loop0): ext4_xattr_block_get:600: inode #15: comm syz.0.11763: corrupted xattr block 13: invalid checksum [ 1302.265243][T32142] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11766'. [ 1302.308033][T32141] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1302.322807][T32142] netlink: 56 bytes leftover after parsing attributes in process `syz.2.11766'. [ 1302.464421][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1302.471278][T32146] loop1: detected capacity change from 0 to 164 [ 1303.047734][T32168] loop0: detected capacity change from 0 to 128 [ 1303.086399][T32168] EXT4-fs (loop0): Test dummy encryption mode enabled [ 1303.121366][T32168] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c118, mo2=0002] [ 1303.251512][T32168] System zones: 1-3, 19-19, 35-36 [ 1303.283543][T32168] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1303.579902][T32168] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 1303.631246][T32168] EXT4-fs error (device loop0): ext4_validate_block_bitmap:421: comm syz.0.11779: bg 0: bad block bitmap checksum [ 1303.753178][T32190] netlink: 'syz.1.11788': attribute type 1 has an invalid length. [ 1303.770190][T32190] netlink: 224 bytes leftover after parsing attributes in process `syz.1.11788'. [ 1303.770642][ T6568] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1303.968452][T32194] loop0: detected capacity change from 0 to 64 [ 1304.071766][T32197] loop3: detected capacity change from 0 to 256 [ 1304.097773][T32197] exfat: Deprecated parameter 'utf8' [ 1304.123628][T32197] exfat: Deprecated parameter 'namecase' [ 1304.230074][T32197] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d) [ 1304.538512][T32212] loop3: detected capacity change from 0 to 128 [ 1304.575388][T32212] EXT4-fs (loop3): Test dummy encryption mode enabled [ 1304.613973][T32212] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c118, mo2=0002] [ 1304.627176][T32212] System zones: 1-3, 19-19, 35-36 [ 1304.655804][T32212] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1304.699204][T32212] EXT4-fs error (device loop3): ext4_validate_block_bitmap:421: comm syz.3.11798: bg 0: bad block bitmap checksum [ 1304.829474][ T6576] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1304.865093][T32223] (null): rxe_set_mtu: Set mtu to 1024 [ 1305.385506][T32245] netlink: 'syz.0.11814': attribute type 11 has an invalid length. [ 1305.456835][T32223] infiniband syz!: set active [ 1305.462148][T32223] infiniband syz!: added team_slave_0 [ 1305.583956][T32249] tmpfs: Bad value for 'grpquota_inode_hardlimit' [ 1305.667333][T32223] RDS/IB: syz!: added [ 1305.687158][T32223] smc: adding ib device syz! with port count 1 [ 1305.724127][T32223] smc: ib device syz! port 1 has pnetid [ 1306.019730][T32264] loop1: detected capacity change from 0 to 1764 [ 1306.412398][T32276] netlink: 'syz.1.11829': attribute type 6 has an invalid length. [ 1306.694599][T32268] loop0: detected capacity change from 0 to 32768 [ 1306.731622][T32268] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.11825 (32268) [ 1306.759889][T32268] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1306.821886][T32268] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1306.861708][T32268] BTRFS info (device loop0): using free space tree [ 1306.924630][T32289] loop1: detected capacity change from 0 to 256 [ 1306.943197][T32289] exfat: Deprecated parameter 'utf8' [ 1306.986259][T32289] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 1307.124084][T32268] BTRFS info (device loop0): enabling ssd optimizations [ 1307.131094][T32268] BTRFS info (device loop0): auto enabling async discard [ 1307.163967][T32308] loop3: detected capacity change from 0 to 512 [ 1307.331598][ T6568] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1307.378821][T32312] kernel read not supported for file / œÏüÔ¢W)ëS“§Ç-ë (pid: 32312 comm: syz.1.11840) [ 1307.444640][ T27] kauditd_printk_skb: 27 callbacks suppressed [ 1307.444654][ T27] audit: type=1800 audit(526631.515:141): pid=32312 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.11840" name=20019CCFFCD4A25729EB5393A7C72DEB dev="mqueue" ino=81409 res=0 errno=0 [ 1307.689316][T32316] netlink: 'syz.0.11839': attribute type 10 has an invalid length. [ 1307.827530][T32316] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1307.876814][T32324] ip6tnl1: entered promiscuous mode [ 1308.099096][T32326] netlink: 12 bytes leftover after parsing attributes in process `syz.1.11846'. [ 1308.433200][T32340] loop1: detected capacity change from 0 to 16 [ 1308.466245][T32340] erofs: (device loop1): mounted with root inode @ nid 36. [ 1308.506326][T32344] loop0: detected capacity change from 0 to 1024 [ 1308.520657][T32344] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1308.534637][T32340] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 1308.565193][T32344] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1308.596516][T32340] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -21 in[56, 4040] out[1851] [ 1308.633028][T32344] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1308.652163][T32344] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1308.655404][T32340] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 1308.691361][T32344] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1308.813364][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1309.277030][T32372] sctp: [Deprecated]: syz.3.11868 (pid 32372) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1309.277030][T32372] Use struct sctp_sack_info instead [ 1309.445218][T32379] loop3: detected capacity change from 0 to 256 [ 1309.452822][T32379] exfat: Deprecated parameter 'namecase' [ 1309.507235][T32379] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xf4419509, utbl_chksum : 0xe619d30d) [ 1309.551033][T19278] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1309.788812][T19278] usb 2-1: Using ep0 maxpacket: 16 [ 1309.808055][T32390] loop0: detected capacity change from 0 to 256 [ 1309.810835][T19278] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1309.851396][T19278] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1309.859433][T19278] usb 2-1: Product: syz [ 1309.903149][T19278] usb 2-1: Manufacturer: syz [ 1309.904284][T32390] FAT-fs (loop0): Directory bread(block 64) failed [ 1309.918755][T19278] usb 2-1: SerialNumber: syz [ 1309.946845][T32390] FAT-fs (loop0): Directory bread(block 65) failed [ 1309.949083][T19278] r8152-cfgselector 2-1: config 0 descriptor?? [ 1309.975186][T32390] FAT-fs (loop0): Directory bread(block 66) failed [ 1309.999847][T32390] FAT-fs (loop0): Directory bread(block 67) failed [ 1310.006521][T32390] FAT-fs (loop0): Directory bread(block 68) failed [ 1310.046857][T32390] FAT-fs (loop0): Directory bread(block 69) failed [ 1310.057199][T32390] FAT-fs (loop0): Directory bread(block 70) failed [ 1310.065606][T32390] FAT-fs (loop0): Directory bread(block 71) failed [ 1310.072353][T32390] FAT-fs (loop0): Directory bread(block 72) failed [ 1310.080087][T32390] FAT-fs (loop0): Directory bread(block 73) failed [ 1310.086745][T32396] kAFS: unparsable volume name [ 1310.472963][T19278] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1310.493859][T19278] r8152-cfgselector 2-1: USB disconnect, device number 91 [ 1311.180516][T32432] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11899'. [ 1311.191952][T32432] netlink: 132 bytes leftover after parsing attributes in process `syz.2.11899'. [ 1311.203260][T32432] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 1311.299359][T32430] loop3: detected capacity change from 0 to 4096 [ 1311.349726][T19278] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 1311.360239][T32430] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1311.381670][T32430] ntfs3: loop3: Failed to load $Extend (-22). [ 1311.387805][T32430] ntfs3: loop3: Failed to initialize $Extend. [ 1311.561195][T19278] usb 1-1: Using ep0 maxpacket: 16 [ 1311.569108][T32444] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11904'. [ 1311.583848][T19278] usb 1-1: config 0 has an invalid interface number: 145 but max is 0 [ 1311.592601][T19278] usb 1-1: config 0 has no interface number 0 [ 1311.607422][T19278] usb 1-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 1311.624684][T19278] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1311.643003][T19278] usb 1-1: Product: syz [ 1311.657856][T19278] usb 1-1: Manufacturer: syz [ 1311.674669][T19278] usb 1-1: SerialNumber: syz [ 1311.701386][T19278] usb 1-1: config 0 descriptor?? [ 1311.724093][T19278] hub 1-1:0.145: bad descriptor, ignoring hub [ 1311.730250][T19278] hub: probe of 1-1:0.145 failed with error -5 [ 1311.774097][T19278] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.145/input/input99 [ 1311.903617][T32452] i2c i2c-0: Invalid block read size 255 [ 1312.096970][T32456] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11909'. [ 1312.106212][T32456] netlink: 132 bytes leftover after parsing attributes in process `syz.1.11909'. [ 1312.116031][T32456] A link change request failed with some changes committed already. Interface veth0_to_bond may have been left with an inconsistent configuration, please check. [ 1312.199306][ T6669] usb 1-1: USB disconnect, device number 73 [ 1313.100052][ T27] audit: type=1400 audit(526636.782:142): apparmor="DENIED" operation="setprocattr" info="exec" error=-22 profile="unconfined" pid=32491 comm="syz.3.11928" [ 1313.317535][T32504] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 1313.402474][T32507] loop1: detected capacity change from 0 to 764 [ 1313.447682][T32507] rock: directory entry would overflow storage [ 1313.457691][T32507] rock: sig=0x4654, size=5, remaining=4 [ 1313.804004][T32521] loop1: detected capacity change from 0 to 1024 [ 1313.841940][T32521] EXT4-fs: Ignoring removed orlov option [ 1313.925738][T32521] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1314.215478][ T6569] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1314.229039][T32542] cgroup: name respecified [ 1314.556843][T32555] netlink: 'syz.0.11957': attribute type 5 has an invalid length. [ 1314.893129][T32547] loop3: detected capacity change from 0 to 32768 [ 1314.907283][T32547] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.11955 (32547) [ 1314.974937][T32547] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1314.986045][T32547] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1314.998424][T32547] BTRFS info (device loop3): using free space tree [ 1315.117338][T32572] netlink: 'syz.2.11964': attribute type 1 has an invalid length. [ 1315.185417][T32547] BTRFS info (device loop3): enabling ssd optimizations [ 1315.220912][T32547] BTRFS info (device loop3): auto enabling async discard [ 1315.415737][ T6576] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1315.471659][T32592] xt_hashlimit: size too large, truncated to 1048576 [ 1315.484908][T32592] xt_hashlimit: max too large, truncated to 1048576 [ 1315.723391][ T5775] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 9 /dev/loop3 scanned by udevd (5775) [ 1316.372753][T32622] netlink: 20 bytes leftover after parsing attributes in process `syz.2.11982'. [ 1316.381178][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1316.392796][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1316.437931][T32622] netlink: 16 bytes leftover after parsing attributes in process `syz.2.11982'. [ 1316.482253][T32625] loop0: detected capacity change from 0 to 64 [ 1317.002067][ T6796] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1317.223795][ T6796] usb 2-1: too many configurations: 37, using maximum allowed: 8 [ 1317.323551][ T6796] usb 2-1: string descriptor 0 read error: -71 [ 1317.329894][ T6796] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1317.365527][ T6796] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1317.404929][ T6796] usb 2-1: can't set config #1, error -71 [ 1317.424220][ T6796] usb 2-1: USB disconnect, device number 92 [ 1318.336835][T32695] netlink: 32 bytes leftover after parsing attributes in process `syz.1.12017'. [ 1318.366519][T32695] netlink: 204 bytes leftover after parsing attributes in process `syz.1.12017'. [ 1318.463675][T32695] team0: Port device macvlan1 removed [ 1318.480072][T32695] netlink: 204 bytes leftover after parsing attributes in process `syz.1.12017'. [ 1319.913982][T32760] loop0: detected capacity change from 0 to 1024 [ 1320.333026][ T304] loop3: detected capacity change from 0 to 4096 [ 1320.355777][ T304] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 1320.467829][ T27] audit: type=1326 audit(526643.704:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=313 comm="syz.1.12058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa274f8efc9 code=0x7ffc0000 [ 1320.558676][ T304] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1320.562021][ T27] audit: type=1326 audit(526643.704:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=313 comm="syz.1.12058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa274f8efc9 code=0x7ffc0000 [ 1320.641230][ T27] audit: type=1326 audit(526643.704:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=313 comm="syz.1.12058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7fa274f8efc9 code=0x7ffc0000 [ 1320.663161][ C1] vkms_vblank_simulate: vblank timer overrun [ 1320.720458][ T320] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 1320.723530][ T27] audit: type=1326 audit(526643.704:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=313 comm="syz.1.12058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa274f8efc9 code=0x7ffc0000 [ 1320.746899][ T320] overlayfs: conflicting options: metacopy=off,verity=require [ 1320.786109][ T27] audit: type=1326 audit(526643.704:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=313 comm="syz.1.12058" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa274f8efc9 code=0x7ffc0000 [ 1320.808074][ C1] vkms_vblank_simulate: vblank timer overrun [ 1320.823401][ T325] netlink: 'syz.1.12064': attribute type 1 has an invalid length. [ 1322.022150][ T366] netlink: 'syz.3.12083': attribute type 6 has an invalid length. [ 1322.215671][ T343] loop1: detected capacity change from 0 to 32768 [ 1322.251635][ T343] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 9 [ 1323.342065][ T403] netlink: 12 bytes leftover after parsing attributes in process `syz.3.12102'. [ 1323.351363][ T403] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1323.506965][ T409] loop0: detected capacity change from 0 to 256 [ 1323.529439][ T409] exfat: Deprecated parameter 'namecase' [ 1323.546113][ T409] exfat: Deprecated parameter 'namecase' [ 1323.594572][ T409] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 1323.713094][ T409] fuse: Bad value for 'fd' [ 1324.099053][ T429] loop3: detected capacity change from 0 to 256 [ 1324.114310][ T431] loop0: detected capacity change from 0 to 256 [ 1324.148929][ T431] FAT-fs (loop0): Directory bread(block 64) failed [ 1324.165627][ T431] FAT-fs (loop0): Directory bread(block 65) failed [ 1324.172428][ T431] FAT-fs (loop0): Directory bread(block 66) failed [ 1324.183677][ T431] FAT-fs (loop0): Directory bread(block 67) failed [ 1324.187164][ T429] exfat: Deprecated parameter 'utf8' [ 1324.190322][ T6505] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1324.195479][ T429] exfat: Deprecated parameter 'utf8' [ 1324.222034][ T431] FAT-fs (loop0): Directory bread(block 68) failed [ 1324.238491][ T431] FAT-fs (loop0): Directory bread(block 69) failed [ 1324.258061][ T431] FAT-fs (loop0): Directory bread(block 70) failed [ 1324.264965][ T431] FAT-fs (loop0): Directory bread(block 71) failed [ 1324.284288][ T429] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xd67973f8, utbl_chksum : 0xe619d30d) [ 1324.296648][ T431] FAT-fs (loop0): Directory bread(block 72) failed [ 1324.303211][ T431] FAT-fs (loop0): Directory bread(block 73) failed [ 1324.367614][ T429] exFAT-fs (loop3): error, found bogus dentry(12) beyond unused empty group(11) (start_clu : 5, cur_clu : 5) [ 1324.443120][ T6505] usb 2-1: Using ep0 maxpacket: 16 [ 1324.450515][ T6505] usb 2-1: config 0 has an invalid interface number: 145 but max is 0 [ 1324.465242][ T6505] usb 2-1: config 0 has no interface number 0 [ 1324.495609][ T6505] usb 2-1: New USB device found, idVendor=05ac, idProduct=0291, bcdDevice=43.25 [ 1324.519411][ T6505] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1324.527471][ T6505] usb 2-1: Product: syz [ 1324.577355][ T6505] usb 2-1: Manufacturer: syz [ 1324.582866][ T6505] usb 2-1: SerialNumber: syz [ 1324.603785][ T6505] usb 2-1: config 0 descriptor?? [ 1324.618567][ T6505] hub 2-1:0.145: bad descriptor, ignoring hub [ 1324.642227][ T6505] hub: probe of 2-1:0.145 failed with error -5 [ 1324.666474][ T6505] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.145/input/input100 [ 1324.678780][ T439] netlink: 'syz.0.12121': attribute type 10 has an invalid length. [ 1324.687359][ T442] netlink: 40 bytes leftover after parsing attributes in process `syz.2.12122'. [ 1324.700019][ T439] batman_adv: batadv0: Adding interface: wlan0 [ 1324.706199][ T439] batman_adv: batadv0: The MTU of interface wlan0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1324.738221][ T439] batman_adv: batadv0: Interface activated: wlan0 [ 1325.636711][ T477] netlink: 'syz.0.12139': attribute type 1 has an invalid length. [ 1325.649180][ T477] netlink: 'syz.0.12139': attribute type 1 has an invalid length. [ 1326.098476][ T489] loop3: detected capacity change from 0 to 2048 [ 1326.167971][ T493] loop1: detected capacity change from 0 to 1024 [ 1326.188943][ T489] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 1326.229879][ T489] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1326.244549][ T495] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 1327.110640][ T527] No source specified [ 1328.550830][ T574] netlink: 'syz.0.12188': attribute type 3 has an invalid length. [ 1328.632065][ T579] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12189'. [ 1328.793630][ T584] netlink: 20 bytes leftover after parsing attributes in process `syz.0.12191'. [ 1328.924742][ T590] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12195'. [ 1328.985263][ T594] loop0: detected capacity change from 0 to 1024 [ 1329.121814][ T594] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 1329.136496][ T604] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1329.180910][ T601] netlink: 209860 bytes leftover after parsing attributes in process `syz.2.12200'. [ 1329.345395][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 1329.601948][ T5144] usb 2-1: reset high-speed USB device number 93 using dummy_hcd [ 1329.609853][ T615] SET target dimension over the limit! [ 1329.649280][ T5144] usb 2-1: device reset changed ep0 maxpacket size! [ 1329.684664][ T6554] usb 2-1: USB disconnect, device number 93 [ 1329.856502][ T605] loop3: detected capacity change from 0 to 32768 [ 1329.909001][ T6554] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1330.151803][ T6554] usb 2-1: config 0 has an invalid interface number: 120 but max is 0 [ 1330.172955][ T6554] usb 2-1: config 0 has no interface number 0 [ 1330.179150][ T6554] usb 2-1: config 0 interface 120 has no altsetting 0 [ 1330.229198][ T6554] usb 2-1: New USB device found, idVendor=13d8, idProduct=0010, bcdDevice=8f.72 [ 1330.247688][ T6554] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1330.269094][ T6554] usb 2-1: Product: syz [ 1330.273307][ T6554] usb 2-1: Manufacturer: syz [ 1330.295735][ T6554] usb 2-1: SerialNumber: syz [ 1330.332884][ T6554] usb 2-1: config 0 descriptor?? [ 1330.597076][ T6554] comedi comedi5: could not switch to alternate setting 1 [ 1330.621064][ T6554] usbduxfast 2-1:0.120: driver 'usbduxfast' failed to auto-configure device. [ 1330.640887][ T6554] usb 2-1: USB disconnect, device number 94 [ 1331.012416][ T660] loop3: detected capacity change from 0 to 8 [ 1331.055539][ T660] SQUASHFS error: Unable to read inode 0xe3 [ 1331.519946][ T6554] usb 4-1: new full-speed USB device number 88 using dummy_hcd [ 1331.688764][ T680] loop0: detected capacity change from 0 to 2048 [ 1331.724938][ T6554] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1331.744756][ T680] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1331.748670][ T6554] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 1331.781029][ T6554] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1331.808662][ T6554] usb 4-1: Product: syz [ 1331.816721][ T6554] usb 4-1: Manufacturer: syz [ 1331.827619][ T6554] usb 4-1: SerialNumber: syz [ 1331.849470][ T6554] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 1332.301444][ T6554] usb 4-1: dvb_usb_v2: this USB2.0 device cannot be run on a USB1.1 port (it lacks a hardware PID filter) [ 1332.346654][ T6554] usb 4-1: USB disconnect, device number 88 [ 1332.667526][ T712] netlink: 'syz.1.12254': attribute type 1 has an invalid length. [ 1334.272802][ T765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12279'. [ 1334.445869][ T767] netlink: 44 bytes leftover after parsing attributes in process `syz.1.12280'. [ 1334.491292][ T767] netlink: 43 bytes leftover after parsing attributes in process `syz.1.12280'. [ 1334.511702][ T767] netlink: 'syz.1.12280': attribute type 5 has an invalid length. [ 1334.544110][ T767] netlink: 43 bytes leftover after parsing attributes in process `syz.1.12280'. [ 1334.899054][ T740] loop3: detected capacity change from 0 to 65536 [ 1334.998781][ T740] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 1335.122524][ T740] XFS (loop3): Ending clean mount [ 1335.156392][ T740] XFS (loop3): Quotacheck needed: Please wait. [ 1335.256297][ T740] XFS (loop3): Quotacheck: Done. [ 1335.293161][ T804] netlink: 24 bytes leftover after parsing attributes in process `syz.1.12291'. [ 1335.517380][ T6576] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 1337.479339][ T868] loop3: detected capacity change from 0 to 512 [ 1337.486791][ T6554] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 1337.538817][ T868] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 1337.575684][ T868] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 1337.611653][ T868] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1337.640784][ T868] EXT4-fs error (device loop3): ext4_orphan_get:1425: comm syz.3.12295: bad orphan inode 267 [ 1337.682604][ T868] EXT4-fs (loop3): Remounting filesystem read-only [ 1337.689446][ T6554] usb 1-1: Using ep0 maxpacket: 32 [ 1337.691964][ T868] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 1337.713160][ T6554] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1337.754393][ T6554] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 1337.774362][ T868] EXT4-fs warning (device loop3): dx_probe:893: inode #2: comm syz.3.12295: dx entry: limit 0 != root limit 125 [ 1337.799977][ T6554] usb 1-1: New USB device found, idVendor=ae6f, idProduct=79f4, bcdDevice=8f.99 [ 1337.805958][ T868] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.12295: Corrupt directory, running e2fsck is recommended [ 1337.813490][ T6554] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1337.860657][ T6554] usb 1-1: Product: syz [ 1337.868055][ T6554] usb 1-1: Manufacturer: syz [ 1337.882954][ T6554] usb 1-1: SerialNumber: syz [ 1337.931636][ T6554] usb 1-1: config 0 descriptor?? [ 1337.988450][ T6576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 1337.999149][ T884] (unnamed net_device) (uninitialized): option lacp_rate: mode dependency failed, not supported in mode balance-rr(0) [ 1338.295632][ T6554] usb 1-1: USB disconnect, device number 74 [ 1338.630219][ T6669] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1338.836002][ T6669] usb 2-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1338.875188][ T6669] usb 2-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1338.905933][ T6669] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1338.955349][ T6669] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1339.068408][ T935] loop0: detected capacity change from 0 to 1024 [ 1339.126714][ T935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1339.230797][ T935] EXT4-fs warning (device loop0): ext4_empty_dir:3147: inode #11: comm syz.0.12347: directory missing '.' [ 1339.359120][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1339.775637][ T962] program syz.0.12359 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1339.821144][ T964] netlink: 72 bytes leftover after parsing attributes in process `syz.2.12360'. [ 1339.835589][ T964] netlink: 36 bytes leftover after parsing attributes in process `syz.2.12360'. [ 1340.101089][ T974] netlink: 'syz.0.12365': attribute type 15 has an invalid length. [ 1340.148040][ T6669] stv0680 2-1:4.0: STV(e): camera ping failed!! [ 1340.295440][ T982] netlink: 'syz.0.12369': attribute type 9 has an invalid length. [ 1340.364579][ T6669] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 1340.384812][ T6669] stv0680 2-1:4.0: last error: 0, command = 0x0 [ 1340.396200][ T6669] usb 2-1: USB disconnect, device number 95 [ 1340.442844][ T987] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1341.018421][ T1007] netlink: 404 bytes leftover after parsing attributes in process `syz.2.12381'. [ 1341.052985][ T1007] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12381'. [ 1341.082566][ T1007] netlink: 28 bytes leftover after parsing attributes in process `syz.2.12381'. [ 1341.106591][ T1007] netlink: 72 bytes leftover after parsing attributes in process `syz.2.12381'. [ 1341.352321][ T6554] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 1341.583882][ T6554] usb 1-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 1341.618105][ T6554] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1341.640093][ T6554] usb 1-1: Product: syz [ 1341.646858][ T6554] usb 1-1: Manufacturer: syz [ 1341.651893][ T6554] usb 1-1: SerialNumber: syz [ 1341.676507][ T6554] usb 1-1: config 0 descriptor?? [ 1341.731342][ T1039] (unnamed net_device) (uninitialized): down delay (128) is not a multiple of miimon (7), value rounded to 126 ms [ 1341.776061][ T1039] (unnamed net_device) (uninitialized): peer notification delay (5) is not a multiple of miimon (7), value rounded to 0 ms [ 1341.940951][ T1039] bond4: entered allmulticast mode [ 1341.954205][ T6554] int51x1: probe of 1-1:0.0 failed with error -22 [ 1341.958835][ T1051] loop3: detected capacity change from 0 to 64 [ 1341.998509][ T1051] Trying to free block not in datazone [ 1342.187512][ T6554] usb 1-1: USB disconnect, device number 75 [ 1342.261580][ T1060] netlink: 'syz.1.12400': attribute type 21 has an invalid length. [ 1343.953043][ T1121] netlink: 4 bytes leftover after parsing attributes in process `syz.0.12428'. [ 1343.981114][ T1121] bridge0: port 1(bridge_slave_0) entered disabled state [ 1344.584276][ T1147] netlink: 180 bytes leftover after parsing attributes in process `syz.3.12441'. [ 1344.619251][ T27] audit: type=1326 audit(526666.294:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1344.641251][ C1] vkms_vblank_simulate: vblank timer overrun [ 1344.712196][ T27] audit: type=1326 audit(526666.322:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1344.791637][ T27] audit: type=1326 audit(526666.322:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1344.854617][ T27] audit: type=1326 audit(526666.322:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1344.861850][ T1159] netlink: 20 bytes leftover after parsing attributes in process `syz.3.12446'. [ 1344.944003][ T27] audit: type=1326 audit(526666.331:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1345.032862][ T27] audit: type=1326 audit(526666.331:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1345.116416][ T27] audit: type=1326 audit(526666.331:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1345.154546][ T1169] loop3: detected capacity change from 0 to 136 [ 1345.195066][ T1169] syz.3.12452: attempt to access beyond end of device [ 1345.195066][ T1169] loop3: rw=524288, sector=164, nr_sectors = 64 limit=136 [ 1345.205367][ T27] audit: type=1326 audit(526666.331:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1345.248988][ T1169] syz.3.12452: attempt to access beyond end of device [ 1345.248988][ T1169] loop3: rw=524288, sector=228, nr_sectors = 128 limit=136 [ 1345.311565][ T27] audit: type=1326 audit(526666.331:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1148 comm="syz.2.12442" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f90a1d8efc9 code=0x7ffc0000 [ 1345.315643][ T1169] syz.3.12452: attempt to access beyond end of device [ 1345.315643][ T1169] loop3: rw=0, sector=164, nr_sectors = 8 limit=136 [ 1345.386852][ T27] audit: type=1800 audit(526666.986:157): pid=1169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.12452" name="file0" dev="loop3" ino=1542 res=0 errno=0 [ 1345.406345][ C1] vkms_vblank_simulate: vblank timer overrun [ 1345.772181][ T1188] bond0: (slave netdevsim0): Releasing backup interface [ 1345.798508][ T1188] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1345.842178][ T1190] netlink: 'syz.3.12462': attribute type 6 has an invalid length. [ 1346.697998][ T1230] loop0: detected capacity change from 0 to 512 [ 1346.801376][ T1230] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1346.864827][ T1230] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1346.904992][ T1230] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 1346.930399][ T1230] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e128, mo2=0002] [ 1346.957273][ T1230] System zones: 0-1, 15-15, 18-18, 34-34 [ 1346.963374][ T1230] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1346.970046][ T1230] EXT4-fs warning (device loop0): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 1346.984798][ T1230] EXT4-fs (loop0): Cannot turn on quotas: error -22 [ 1347.005550][ T1230] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.12479: bg 0: block 40: padding at end of block bitmap is not set [ 1347.043510][ T1230] EXT4-fs (loop0): Remounting filesystem read-only [ 1347.050181][ T1230] EXT4-fs (loop0): 1 truncate cleaned up [ 1347.076043][ T1230] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1347.283351][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1347.480684][ T1258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12494'. [ 1347.534777][ T1258] netlink: 28 bytes leftover after parsing attributes in process `syz.1.12494'. [ 1347.651763][ T1256] loop0: detected capacity change from 0 to 4096 [ 1347.800929][ T1256] ntfs: volume version 3.1. [ 1347.917384][ T1272] loop3: detected capacity change from 0 to 16 [ 1347.955773][ T1272] erofs: (device loop3): mounted with root inode @ nid 36. [ 1348.642737][ T1302] x_tables: ip6_tables: icmp6 match: only valid for protocol 58 [ 1348.871822][ T1308] netlink: 16 bytes leftover after parsing attributes in process `syz.0.12513'. [ 1349.062150][ T1312] netlink: zone id is out of range [ 1349.223810][ T1323] loop3: detected capacity change from 0 to 64 [ 1349.718914][ T1343] netlink: 8 bytes leftover after parsing attributes in process `syz.3.12531'. [ 1349.883726][ T1347] binder: 1346:1347 ioctl c00c620f 0 returned -14 [ 1349.993505][ T1353] netlink: 52 bytes leftover after parsing attributes in process `syz.0.12536'. [ 1350.085058][ T1357] usb usb8: usbfs: process 1357 (syz.1.12538) did not claim interface 0 before use [ 1350.271404][ T1363] netlink: 'syz.0.12540': attribute type 46 has an invalid length. [ 1350.279367][ T1363] netlink: 'syz.0.12540': attribute type 28 has an invalid length. [ 1350.327679][ T1369] netlink: 16 bytes leftover after parsing attributes in process `syz.1.12544'. [ 1350.504283][ T1375] CIFS: VFS: Malformed UNC in devname [ 1350.680853][ T1383] netlink: 'syz.1.12550': attribute type 6 has an invalid length. [ 1350.697802][ T1383] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.12550'. [ 1350.752372][ T6144] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1350.968795][ T6144] usb 4-1: New USB device found, idVendor=046d, idProduct=08b6, bcdDevice=ca.8e [ 1350.987493][ T6144] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1351.034420][ T6144] pwc: Logitech/Cisco VT Camera webcam detected. [ 1351.126035][ T1397] geneve3: entered promiscuous mode [ 1351.463713][ T6144] pwc: send_video_command error -71 [ 1351.470378][ T6144] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 1351.494726][ T6144] Philips webcam: probe of 4-1:127.0 failed with error -71 [ 1351.524440][ T6144] usb 4-1: USB disconnect, device number 89 [ 1352.665996][ T1447] x_tables: duplicate underflow at hook 2 [ 1353.009828][ T1457] openvswitch: netlink: Missing valid actions attribute. [ 1353.027850][ T1457] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1353.181406][ T1441] loop3: detected capacity change from 0 to 32768 [ 1353.283740][ T1441] ERROR: (device loop3): diAllocBit: iag inconsistent [ 1353.283740][ T1441] [ 1353.299075][ T1441] ERROR: (device loop3): remounting filesystem as read-only [ 1353.320735][ T1441] ialloc: diAlloc returned -5! [ 1353.580221][ T1465] ip6gre1: entered allmulticast mode [ 1353.596328][ T1467] netlink: 596 bytes leftover after parsing attributes in process `syz.2.12594'. [ 1353.828847][ T1476] comedi comedi3: pcl726: I/O port conflict (0x3,16) [ 1353.829610][ T1477] trusted_key: encrypted_key: key description must be 16 hexadecimal characters long [ 1354.055747][ T6796] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1354.132268][ T1490] netlink: 8 bytes leftover after parsing attributes in process `syz.0.12605'. [ 1354.259090][ T6796] usb 3-1: Using ep0 maxpacket: 16 [ 1354.284908][ T6796] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1354.298169][ T6796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1354.307970][ T6796] usb 3-1: Product: syz [ 1354.312496][ T6796] usb 3-1: Manufacturer: syz [ 1354.317117][ T6796] usb 3-1: SerialNumber: syz [ 1354.332323][ T6796] r8152-cfgselector 3-1: config 0 descriptor?? [ 1354.494224][ T6554] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 1354.692243][ T6554] usb 1-1: Using ep0 maxpacket: 32 [ 1354.715144][ T6554] usb 1-1: config 0 has an invalid interface number: 228 but max is 0 [ 1354.734724][ T6554] usb 1-1: config 0 has no interface number 0 [ 1354.746914][ T6554] usb 1-1: config 0 interface 228 has no altsetting 0 [ 1354.757165][ T6554] usb 1-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice= 0.02 [ 1354.786767][ T6796] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1354.787088][ T6554] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1354.810061][ T6796] r8152-cfgselector 3-1: USB disconnect, device number 80 [ 1354.840063][ T6554] usb 1-1: Product: syz [ 1354.844307][ T6554] usb 1-1: Manufacturer: syz [ 1354.879650][ T6554] usb 1-1: SerialNumber: syz [ 1354.902550][ T6554] usb 1-1: config 0 descriptor?? [ 1355.152197][ T6554] net1080 1-1:0.228 usb0: register 'net1080' at usb-dummy_hcd.0-1, NetChip TurboCONNECT, 6e:a9:4e:35:ab:af [ 1355.353602][ T6554] usb 1-1: USB disconnect, device number 76 [ 1355.385756][ T6554] net1080 1-1:0.228 usb0: unregister 'net1080' usb-dummy_hcd.0-1, NetChip TurboCONNECT [ 1355.838879][ T1552] ip6gre1: entered allmulticast mode [ 1357.988026][ T1651] loop0: detected capacity change from 0 to 64 [ 1358.121302][ T1655] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 1358.300290][ T6554] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1358.513693][ T6554] usb 4-1: Using ep0 maxpacket: 16 [ 1358.521354][ T6554] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 1358.547237][ T49] hfsplus: b-tree write err: -5, ino 4 [ 1358.556498][ T6554] usb 4-1: config 0 has no interface number 0 [ 1358.562636][ T6554] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 208, changing to 11 [ 1358.603840][ T6554] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid maxpacket 25296, setting to 1024 [ 1358.644131][ T6554] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 1358.655133][ T6554] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 1358.663973][ T6554] usb 4-1: Product: syz [ 1358.668168][ T6554] usb 4-1: SerialNumber: syz [ 1358.680566][ T6554] usb 4-1: config 0 descriptor?? [ 1358.719618][ T6554] cm109 4-1:0.8: invalid payload size 1024, expected 4 [ 1358.735240][ T6554] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input102 [ 1358.770640][T21888] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1358.998087][T21888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1359.014624][T21888] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 1359.035439][T21888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1359.050041][T21888] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 1359.067248][T21888] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 1359.077077][T21888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1359.104396][T21888] usb 2-1: Product: syz [ 1359.108633][T21888] usb 2-1: Manufacturer: syz [ 1359.118617][T21888] usb 2-1: SerialNumber: syz [ 1359.150527][T21888] usb 2-1: config 0 descriptor?? [ 1359.161683][T21888] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 1359.237271][ C0] cm109 4-1:0.8: cm109_urb_irq_callback: urb status -71 [ 1359.244547][ C0] cm109_urb_ctl_callback: 5 callbacks suppressed [ 1359.244570][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.258107][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.265426][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.272755][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.279967][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.293647][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.299956][ T1692] overlayfs: disabling nfs_export due to verity=require [ 1359.301469][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.309746][ T1692] overlayfs: conflicting options: userxattr,verity=require [ 1359.315520][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.329348][ T6669] usb 4-1: USB disconnect, device number 90 [ 1359.336252][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 1359.343238][ C0] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 1359.393771][ T6669] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 1359.408728][T21888] scsi host1: usb-storage 2-1:0.0 [ 1359.458705][T21888] usb 2-1: USB disconnect, device number 96 [ 1359.857898][ T1708] loop0: detected capacity change from 0 to 2048 [ 1359.878703][ T1708] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1359.905525][ T1708] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.12697: bg 0: block 345: padding at end of block bitmap is not set [ 1359.924866][ T6796] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 1359.955569][ T6568] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1360.149796][ T6796] usb 3-1: Using ep0 maxpacket: 16 [ 1360.214460][ T6796] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1360.224477][ T6796] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1360.252911][ T6796] usb 3-1: Product: syz [ 1360.266934][ T6796] usb 3-1: Manufacturer: syz [ 1360.271584][ T6796] usb 3-1: SerialNumber: syz [ 1360.312699][ T6796] r8152-cfgselector 3-1: config 0 descriptor?? [ 1360.673986][ T1737] netlink: 100 bytes leftover after parsing attributes in process `syz.1.12710'. [ 1360.816096][ T6796] r8152-cfgselector 3-1: Unknown version 0x0000 [ 1360.856618][ T6796] r8152-cfgselector 3-1: USB disconnect, device number 81 [ 1360.927865][ T1747] netlink: 'syz.0.12715': attribute type 21 has an invalid length. [ 1360.950234][ T1747] netlink: 128 bytes leftover after parsing attributes in process `syz.0.12715'. [ 1361.004038][ T1747] netlink: 'syz.0.12715': attribute type 4 has an invalid length. [ 1361.077995][ T1751] netlink: 4 bytes leftover after parsing attributes in process `syz.1.12717'. [ 1361.149841][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 1361.149856][ T27] audit: type=1326 audit(526681.746:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.212335][ T27] audit: type=1326 audit(526681.746:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.248952][ T27] audit: type=1326 audit(526681.746:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.288726][ T27] audit: type=1326 audit(526681.746:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.355206][ T27] audit: type=1326 audit(526681.746:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.416475][ T27] audit: type=1326 audit(526681.746:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.443401][ T27] audit: type=1326 audit(526681.746:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.539145][ T27] audit: type=1326 audit(526681.746:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1361.653488][ T27] audit: type=1326 audit(526681.746:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1752 comm="syz.0.12718" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1362.095154][ T1789] dlm: Unknown command passed to DLM device : 11 [ 1362.095154][ T1789] [ 1363.657615][ T6669] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1363.901518][ T6669] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1363.924671][ T6669] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1363.955314][ T6669] usb 4-1: config 1 interface 1 has no altsetting 1 [ 1363.968350][ T6669] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1363.977655][ T6669] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1363.985686][ T6669] usb 4-1: Product: syz [ 1363.996366][ T1857] netlink: 'syz.0.12769': attribute type 1 has an invalid length. [ 1364.008763][ T6669] usb 4-1: Manufacturer: syz [ 1364.013399][ T6669] usb 4-1: SerialNumber: syz [ 1364.026764][ T1857] netlink: 232 bytes leftover after parsing attributes in process `syz.0.12769'. [ 1364.042582][ T1859] kcapi: manufacturer command 52776558133248 unknown. [ 1364.045518][ T6669] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 1364.078596][ T6669] cdc_ncm 4-1:1.0: bind() failure [ 1364.116170][ T6669] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 1364.123034][ T6669] cdc_ncm 4-1:1.1: bind() failure [ 1364.275143][ T6796] usb 4-1: USB disconnect, device number 91 [ 1364.597602][ T1879] netlink: 'syz.1.12780': attribute type 3 has an invalid length. [ 1364.849712][ T1889] netlink: 'syz.0.12785': attribute type 1 has an invalid length. [ 1364.951913][ T1896] netlink: 8 bytes leftover after parsing attributes in process `syz.2.12787'. [ 1364.986967][ T1893] ip6gre1: entered promiscuous mode [ 1366.128763][ T1944] program syz.0.12812 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1366.683853][ T1958] netlink: 8 bytes leftover after parsing attributes in process `syz.1.12819'. [ 1366.839647][ T1940] loop3: detected capacity change from 0 to 32768 [ 1366.872507][ T1940] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop3 scanned by syz.3.12810 (1940) [ 1366.914331][ T1940] BTRFS info (device loop3): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1366.980064][ T1940] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 1367.004411][ T1940] BTRFS info (device loop3): turning on flush-on-commit [ 1367.011623][ T1940] BTRFS info (device loop3): turning off barriers [ 1367.041143][ T1940] BTRFS info (device loop3): turning on sync discard [ 1367.073887][ T1940] BTRFS info (device loop3): using free space tree [ 1367.459600][ T6576] BTRFS info (device loop3): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1368.420273][ T2019] netlink: 'syz.3.12841': attribute type 10 has an invalid length. [ 1368.479076][ T2019] bridge0: port 2(bridge_slave_1) entered disabled state [ 1368.486832][ T2019] bridge0: port 1(bridge_slave_0) entered disabled state [ 1368.517357][ T2019] bridge0: port 2(bridge_slave_1) entered blocking state [ 1368.524642][ T2019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1368.532222][ T2019] bridge0: port 1(bridge_slave_0) entered blocking state [ 1368.539391][ T2019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1368.555885][ T2019] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1368.574997][ T1992] loop0: detected capacity change from 0 to 40427 [ 1368.604464][ T1992] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 1368.618743][ T1992] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 1368.649992][ T1992] F2FS-fs (loop0): invalid crc_offset: 33558524 [ 1368.715395][ T1992] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1368.876821][ T1992] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 1368.895541][ T1992] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1369.831145][ T2048] loop0: detected capacity change from 0 to 32768 [ 1369.836396][ T6554] usb 2-1: new full-speed USB device number 97 using dummy_hcd [ 1369.849486][ T2048] (syz.0.12849,2048,1):ocfs2_journal_addressable:1991 ERROR: The journal cannot address the entire volume. Enable the 'block64' journal option with tunefs.ocfs2 [ 1369.849522][ T2048] (syz.0.12849,2048,1):ocfs2_check_volume:2488 ERROR: status = -27 [ 1369.873876][ T2048] (syz.0.12849,2048,1):ocfs2_mount_volume:1820 ERROR: status = -27 [ 1369.883757][ T2048] (syz.0.12849,2048,1):ocfs2_fill_super:1178 ERROR: status = -27 [ 1369.935648][ T2048] erofs: (device loop0): erofs_read_superblock: cannot find valid erofs superblock [ 1370.065035][ T6554] usb 2-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 1370.088310][ T6554] usb 2-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 1370.113120][ T6554] usb 2-1: Product: syz [ 1370.122617][ T6554] usb 2-1: Manufacturer: syz [ 1370.137683][ T6554] usb 2-1: SerialNumber: syz [ 1370.168801][ T6554] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 1370.275142][ T2068] netlink: 'syz.3.12862': attribute type 21 has an invalid length. [ 1370.283212][ T2068] netlink: 164 bytes leftover after parsing attributes in process `syz.3.12862'. [ 1370.551117][ T2077] netlink: 76 bytes leftover after parsing attributes in process `syz.3.12866'. [ 1370.566661][ T2077] netlink: 72 bytes leftover after parsing attributes in process `syz.3.12866'. [ 1370.604435][ T2077] netlink: 'syz.3.12866': attribute type 3 has an invalid length. [ 1370.614303][ T6554] vp7045: USB control message 'in' went wrong. [ 1370.626260][ T6554] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1370.647598][ T2077] netlink: 11 bytes leftover after parsing attributes in process `syz.3.12866'. [ 1370.656757][ T6554] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 1370.737167][ T6554] usb 2-1: USB disconnect, device number 97 [ 1371.229566][ T2097] loop3: detected capacity change from 0 to 256 [ 1371.656411][ T2110] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma? [ 1371.716335][ T2112] netlink: 'syz.2.12882': attribute type 10 has an invalid length. [ 1371.751229][ T2112] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 1371.771676][ T2112] team0: Port device virt_wifi0 added [ 1371.806726][ T2116] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1372.157117][ T2130] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.12891'. [ 1372.747929][ T2146] tmpfs: Unknown parameter 'func' [ 1373.096392][ T2156] syz.3.12904 uses obsolete (PF_INET,SOCK_PACKET) [ 1373.245578][ T2159] netlink: 'syz.2.12906': attribute type 1 has an invalid length. [ 1373.804028][ T2184] loop3: detected capacity change from 0 to 16 [ 1373.828713][ T2184] erofs: (device loop3): mounted with root inode @ nid 36. [ 1373.977899][ T2186] loop0: detected capacity change from 0 to 4096 [ 1374.067093][ T2190] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1374.115023][ T2186] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 1374.190559][ T2186] Remounting filesystem read-only [ 1374.339190][ T2197] netlink: 28 bytes leftover after parsing attributes in process `syz.3.12924'. [ 1374.362857][ T6568] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 1374.382801][ T6568] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 1374.840853][ T2215] netlink: 'syz.1.12933': attribute type 10 has an invalid length. [ 1374.913411][ T2215] bridge0: port 2(bridge_slave_1) entered disabled state [ 1374.921141][ T2215] bridge0: port 1(bridge_slave_0) entered disabled state [ 1374.961523][ T2215] bridge0: port 2(bridge_slave_1) entered blocking state [ 1374.968801][ T2215] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1374.976331][ T2215] bridge0: port 1(bridge_slave_0) entered blocking state [ 1374.977048][ T2221] loop3: detected capacity change from 0 to 64 [ 1374.983559][ T2215] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1375.001803][ T2215] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 1375.391784][ C1] sd 0:0:1:0: [sda] tag#3718 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 1375.402340][ C1] sd 0:0:1:0: [sda] tag#3718 CDB: Read(6) 08 00 9f d1 fe de [ 1376.837717][ T2279] (unnamed net_device) (uninitialized): option arp_all_targets: invalid value (18446744073709551615) [ 1377.500377][T21888] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 1377.609588][ T2277] loop3: detected capacity change from 0 to 40427 [ 1377.630552][ T2277] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 1377.648427][ T2277] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 1377.673686][ T2277] F2FS-fs (loop3): invalid crc value [ 1377.720171][T21888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 1377.740903][T21888] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 1377.752859][ T2277] F2FS-fs (loop3): Found nat_bits in checkpoint [ 1377.764045][T21888] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1377.794395][T21888] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 1377.825115][T21888] usb 1-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 1377.842619][T21888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1377.863848][T21888] usb 1-1: Product: syz [ 1377.868067][T21888] usb 1-1: Manufacturer: syz [ 1377.894377][T21888] usb 1-1: SerialNumber: syz [ 1377.907460][T21888] usb 1-1: config 0 descriptor?? [ 1377.918269][T21888] ums-isd200 1-1:0.0: USB Mass Storage device detected [ 1377.951462][ T2277] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 1377.959854][ T2277] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 1378.087463][ T2277] syz.3.12964: attempt to access beyond end of device [ 1378.087463][ T2277] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 1378.216054][ T2312] 9pnet_fd: Insufficient options for proto=fd [ 1378.277305][T21888] ums-isd200: probe of 1-1:0.0 failed with error -22 [ 1378.427796][ T6669] usb 1-1: USB disconnect, device number 77 [ 1379.553065][T21888] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1379.712815][ T2357] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13000'. [ 1379.792222][T21888] usb 2-1: Using ep0 maxpacket: 8 [ 1379.809759][T21888] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1379.828111][T21888] usb 2-1: New USB device found, idVendor=0e8d, idProduct=2000, bcdDevice=21.c6 [ 1379.848349][T21888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1379.880128][T21888] usb 2-1: config 0 descriptor?? [ 1379.993510][ T27] audit: type=1326 audit(526699.388:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.015533][ C1] vkms_vblank_simulate: vblank timer overrun [ 1380.044586][ T27] audit: type=1326 audit(526699.407:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.103018][ T27] audit: type=1326 audit(526699.416:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.125025][ C1] vkms_vblank_simulate: vblank timer overrun [ 1380.141924][ T27] audit: type=1326 audit(526699.416:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.190714][ T6554] usb 2-1: USB disconnect, device number 98 [ 1380.199000][ T27] audit: type=1326 audit(526699.416:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.256690][ T27] audit: type=1326 audit(526699.416:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.296182][ T27] audit: type=1326 audit(526699.416:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.320490][ T27] audit: type=1326 audit(526699.416:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.412226][ T27] audit: type=1326 audit(526699.416:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2362 comm="syz.3.13003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fbd2c98efc9 code=0x7ffc0000 [ 1380.982271][ T2397] libceph: resolve '. [ 1380.982271][ T2397] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 1380.982271][ T2397] ' (ret=-3): failed [ 1381.386568][ T2426] loop3: detected capacity change from 0 to 512 [ 1381.435024][ T2426] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1381.639180][ T6576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1382.070734][ T1280] ieee802154 phy0 wpan0: encryption failed: -22 [ 1382.077909][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 1382.491566][ T2473] netlink: 'syz.0.13045': attribute type 9 has an invalid length. [ 1382.500148][ T2473] netlink: 911 bytes leftover after parsing attributes in process `syz.0.13045'. [ 1382.768344][ T2480] loop3: detected capacity change from 0 to 2048 [ 1382.823574][ T2480] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1383.183443][ T2495] xt_addrtype: ipv6 BLACKHOLE matching not supported [ 1383.551830][ T2516] sctp: [Deprecated]: syz.3.13062 (pid 2516) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1383.551830][ T2516] Use struct sctp_sack_info instead [ 1384.072625][ T2542] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.13073'. [ 1384.569461][ T2564] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1385.179038][ T2586] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1385.464773][ T6796] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1385.517889][ T2575] loop0: detected capacity change from 0 to 32768 [ 1385.570766][ T2575] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1385.678817][ T6796] usb 4-1: Using ep0 maxpacket: 16 [ 1385.720311][ T6796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 97, changing to 7 [ 1385.741885][ T2575] XFS (loop0): Ending clean mount [ 1385.753302][ T6796] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 24929, setting to 1024 [ 1385.777515][ T2575] XFS (loop0): Quotacheck needed: Please wait. [ 1385.792705][ T6796] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1385.813146][ T6796] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1385.836844][ T6796] usb 4-1: Product: syz [ 1385.845435][ T6796] usb 4-1: Manufacturer: syz [ 1385.861431][ T6796] usb 4-1: SerialNumber: syz [ 1385.888618][ T6796] usb 4-1: config 0 descriptor?? [ 1385.901793][ T6796] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1385.957129][ T6796] em28xx 4-1:0.0: DVB interface 0 found: isoc [ 1385.988120][ T2575] XFS (loop0): Quotacheck: Done. [ 1386.205007][ T6796] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 1386.239714][ T2620] netlink: 8 bytes leftover after parsing attributes in process `syz.2.13100'. [ 1386.303294][ T6796] em28xx 4-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1386.335591][ T6796] em28xx 4-1:0.0: board has no eeprom [ 1386.384130][ T6568] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1386.448456][ T6796] em28xx 4-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1386.465626][ T6796] em28xx 4-1:0.0: dvb set to isoc mode. [ 1386.480505][ T6505] em28xx 4-1:0.0: Binding DVB extension [ 1386.513275][ T6796] usb 4-1: USB disconnect, device number 92 [ 1386.562095][ T6796] em28xx 4-1:0.0: Disconnecting em28xx [ 1386.663466][ T6505] em28xx 4-1:0.0: Registering input extension [ 1386.673140][ T6796] em28xx 4-1:0.0: Closing input extension [ 1386.762313][ T6796] em28xx 4-1:0.0: Freeing device [ 1387.171775][ T2653] loop3: detected capacity change from 0 to 512 [ 1387.178243][ T27] audit: type=1326 audit(526706.104:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2652 comm="syz.0.13111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1387.230952][ T27] audit: type=1326 audit(526706.104:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2652 comm="syz.0.13111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1387.341802][ T27] audit: type=1326 audit(526706.132:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2652 comm="syz.0.13111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1387.369207][ T2653] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1387.456745][ T2653] EXT4-fs error (device loop3): ext4_empty_dir:3136: inode #12: comm syz.3.13113: invalid size [ 1387.508307][ T27] audit: type=1326 audit(526706.132:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2652 comm="syz.0.13111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1387.529235][ T2653] EXT4-fs (loop3): Remounting filesystem read-only [ 1387.581452][ T27] audit: type=1326 audit(526706.132:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2652 comm="syz.0.13111" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c44b8efc9 code=0x7ffc0000 [ 1387.732552][ T6576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1387.779515][ T1146] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1387.817639][ T1146] Quota error (device loop3): write_blk: dquota write failed [ 1387.825075][ T1146] Quota error (device loop3): free_dqentry: Can't write quota data block 5 [ 1387.878416][ T1146] EXT4-fs (loop3): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 1387.908874][ T1146] Quota error (device loop3): write_blk: dquota write failed [ 1387.959634][ T1146] Quota error (device loop3): free_dqentry: Can't write quota data block 5 [ 1388.754259][ T2697] mac80211_hwsim hwsim10 wlan0: entered promiscuous mode [ 1388.812492][ T6669] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 1388.862643][ T2697] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1388.888885][ T2705] loop0: detected capacity change from 0 to 22 [ 1388.918761][ T2705] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 1388.956734][ T2705] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 1389.043949][ T6669] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.075532][ T6669] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 1389.092447][ T6669] usb 3-1: New USB device found, idVendor=0000, idProduct=0000, bcdDevice= 0.00 [ 1389.131550][ T6669] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1389.174717][ T6669] usb 3-1: config 0 descriptor?? [ 1389.200539][ T6669] gspca_main: spca501-2.14.0 probing 0000:0000 [ 1389.270318][ T2720] loop3: detected capacity change from 0 to 1024 [ 1389.309254][ T2720] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1389.371710][ T2720] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1389.443198][ T2720] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1389.487111][ T2720] Quota error (device loop3): v2_read_file_info: Block with free entry 1283 out of range (1, 6). [ 1389.538729][ T2720] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 1389.587966][ T2720] EXT4-fs (loop3): Cannot turn on quotas: error -117 [ 1389.597308][ T2720] EXT4-fs error (device loop3): ext4_free_blocks:6676: comm syz.3.13138: Freeing blocks not in datazone - block = 0, count = 4096 [ 1389.624626][ T2720] EXT4-fs (loop3): 1 orphan inode deleted [ 1389.639162][ T2720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1389.650226][ T6669] gspca_spca501: reg write: error -71 [ 1389.670677][ T6669] spca501 3-1:0.0: Reg write failed for 0x02,0xa048,0x00 [ 1389.688345][ T6669] spca501: probe of 3-1:0.0 failed with error -22 [ 1389.708309][ T6669] usb 3-1: USB disconnect, device number 82 [ 1389.753470][ T2720] EXT4-fs error (device loop3): ext4_lookup:1858: inode #15: comm syz.3.13138: iget: bad extended attribute block 6 [ 1389.839568][ T6576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1389.930266][ T2745] netlink: 'syz.3.13147': attribute type 28 has an invalid length. [ 1389.940033][ T2745] netlink: 'syz.3.13147': attribute type 29 has an invalid length. [ 1389.948553][ T2745] netlink: 132 bytes leftover after parsing attributes in process `syz.3.13147'. [ 1390.221125][ T2738] loop0: detected capacity change from 0 to 32768 [ 1390.240565][ T2738] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.13145 (2738) [ 1390.271375][ T2738] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1390.300976][ T2738] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 1390.302817][ T2753] netlink: 'syz.3.13151': attribute type 21 has an invalid length. [ 1390.316446][ T2738] BTRFS info (device loop0): force zlib compression, level 3 [ 1390.344000][ T2738] BTRFS info (device loop0): force clearing of disk cache [ 1390.387231][ T2738] BTRFS info (device loop0): setting nodatasum [ 1390.425249][ T2738] BTRFS info (device loop0): allowing degraded mounts [ 1390.437447][ T2738] BTRFS info (device loop0): enabling disk space caching [ 1390.464161][ T2738] BTRFS info (device loop0): disk space caching is enabled [ 1390.706941][ T2738] BTRFS info (device loop0): auto enabling async discard [ 1390.735532][ T2738] BTRFS info (device loop0): rebuilding free space tree [ 1390.787252][ T2738] BTRFS info (device loop0): disabling free space tree [ 1390.816357][ T2738] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 1390.827164][ T2738] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 1390.925205][ T2792] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13158'. [ 1390.965084][ T2792] netlink: 312 bytes leftover after parsing attributes in process `syz.3.13158'. [ 1391.114315][ T6568] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1391.366024][ T2803] batadv0: entered promiscuous mode [ 1391.529387][ T2814] netlink: 44 bytes leftover after parsing attributes in process `syz.0.13164'. [ 1391.555747][ T2814] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1391.873957][ T2828] loop0: detected capacity change from 0 to 64 [ 1392.725942][ T2865] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 1393.426478][ T2894] netlink: 'syz.2.13201': attribute type 32 has an invalid length. [ 1393.800500][ T2885] loop0: detected capacity change from 0 to 32768 [ 1393.864870][ T2885] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop0 scanned by syz.0.13197 (2885) [ 1393.926757][ T2885] BTRFS info (device loop0): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1393.945037][ T2885] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1393.996067][ T2885] BTRFS info (device loop0): turning on flush-on-commit [ 1394.003091][ T2885] BTRFS info (device loop0): turning off barriers [ 1394.040086][ T2885] BTRFS info (device loop0): turning on sync discard [ 1394.046824][ T2885] BTRFS info (device loop0): using free space tree [ 1394.090603][ T2913] loop3: detected capacity change from 0 to 8 [ 1394.101687][ T2913] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 1394.134220][T17923] udevd[17923]: incorrect cramfs checksum on /dev/loop3 [ 1394.146101][ T6796] usb 2-1: new full-speed USB device number 99 using dummy_hcd [ 1394.173654][ T2913] cramfs: Error -3 while decompressing! [ 1394.188269][ T2913] cramfs: ffffffff96fdd368(26)->ffff88804fb70000(4096) [ 1394.195309][ T2913] cramfs: bad data blocksize 524314 [ 1394.202043][ T2913] cramfs: bad data blocksize 4294442596 [ 1394.207829][ T2913] cramfs: Error -3 while decompressing! [ 1394.217435][ T2913] cramfs: ffffffff96fdd368(26)->ffff88804fb70000(4096) [ 1394.406321][ T6796] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 1394.434086][ T6796] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1394.434451][ T2935] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 1394.463667][ T6796] usb 2-1: config 0 has no interface number 0 [ 1394.481444][ T6796] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1394.506033][ T6568] BTRFS info (device loop0): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 1394.513598][ T6796] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1394.526677][ T6796] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1394.594743][ T6796] usb 2-1: config 0 interface 52 has no altsetting 0 [ 1394.632628][ T6796] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1394.657290][ T6796] usb 2-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 1394.690724][ T6796] usb 2-1: Manufacturer: syz [ 1394.708592][ T6796] usb 2-1: config 0 descriptor?? [ 1394.737844][ T6796] hub 2-1:0.52: bad descriptor, ignoring hub [ 1394.743913][ T6796] hub: probe of 2-1:0.52 failed with error -5 [ 1394.842223][ T2943] netlink: 'syz.2.13219': attribute type 2 has an invalid length. [ 1394.960258][ T6796] synaptics_usb 2-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 1394.977625][ T2945] IPv6: Can't replace route, no match found [ 1394.996760][ T6796] synaptics_usb: probe of 2-1:0.52 failed with error -5 [ 1395.343145][ T6796] usb 2-1: USB disconnect, device number 99 [ 1395.369627][ T2957] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13226'. [ 1395.441804][ T2961] cgroup: noprefix used incorrectly [ 1395.696565][ T2970] C: renamed from team_slave_0 (while UP) [ 1395.722964][ T2970] netlink: 'syz.0.13231': attribute type 1 has an invalid length. [ 1395.735398][ T2970] netlink: 152 bytes leftover after parsing attributes in process `syz.0.13231'. [ 1395.745061][ T2970] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 1396.323062][ T2991] bridge3: entered promiscuous mode [ 1396.471898][ T2997] netlink: 'syz.2.13245': attribute type 5 has an invalid length. [ 1396.854968][ T3015] loop3: detected capacity change from 0 to 512 [ 1396.966175][ T3015] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1396.978849][ T6144] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 1397.104917][ T3015] [ 1397.107301][ T3015] ====================================================== [ 1397.114329][ T3015] WARNING: possible circular locking dependency detected [ 1397.121373][ T3015] syzkaller #0 Not tainted [ 1397.125804][ T3015] ------------------------------------------------------ [ 1397.132837][ T3015] syz.3.13254/3015 is trying to acquire lock: [ 1397.138911][ T3015] ffff88806a1df228 (&dquot->dq_lock){+.+.}-{3:3}, at: dqget+0x6fc/0xeb0 [ 1397.147294][ T3015] [ 1397.147294][ T3015] but task is already holding lock: [ 1397.154669][ T3015] ffff88806a1ec6c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_setattr+0x86b/0x1c90 [ 1397.163671][ T3015] [ 1397.163671][ T3015] which lock already depends on the new lock. [ 1397.163671][ T3015] [ 1397.174084][ T3015] [ 1397.174084][ T3015] the existing dependency chain (in reverse order) is: [ 1397.183114][ T3015] [ 1397.183114][ T3015] -> #5 (&ei->xattr_sem){++++}-{3:3}: [ 1397.190693][ T3015] down_read+0x46/0x2e0 [ 1397.195400][ T3015] ext4_setattr+0x86b/0x1c90 [ 1397.200540][ T3015] notify_change+0xb0d/0xe10 [ 1397.205681][ T3015] chown_common+0x3f9/0x5a0 [ 1397.210814][ T3015] do_fchownat+0x168/0x270 [ 1397.215767][ T3015] __x64_sys_chown+0x82/0x90 [ 1397.220896][ T3015] do_syscall_64+0x55/0xb0 [ 1397.225855][ T3015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1397.232295][ T3015] [ 1397.232295][ T3015] -> #4 (jbd2_handle){++++}-{0:0}: [ 1397.239621][ T3015] start_this_handle+0x1e9d/0x20c0 [ 1397.245267][ T3015] jbd2__journal_start+0x2bb/0x5b0 [ 1397.250916][ T3015] jbd2_journal_start+0x2a/0x40 [ 1397.256307][ T3015] ocfs2_start_trans+0x376/0x6c0 [ 1397.261787][ T3015] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 1397.268043][ T3015] ocfs2_mount_volume+0x12bc/0x14d0 [ 1397.273776][ T3015] ocfs2_fill_super+0x3462/0x4d90 [ 1397.279342][ T3015] mount_bdev+0x22b/0x2d0 [ 1397.284208][ T3015] legacy_get_tree+0xea/0x180 [ 1397.289424][ T3015] vfs_get_tree+0x8c/0x280 [ 1397.294376][ T3015] do_new_mount+0x24b/0xa40 [ 1397.299408][ T3015] __se_sys_mount+0x2da/0x3c0 [ 1397.304616][ T3015] do_syscall_64+0x55/0xb0 [ 1397.309568][ T3015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1397.315996][ T3015] [ 1397.315996][ T3015] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 1397.324529][ T3015] down_read+0x46/0x2e0 [ 1397.329224][ T3015] ocfs2_start_trans+0x36a/0x6c0 [ 1397.334698][ T3015] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 1397.340960][ T3015] ocfs2_mount_volume+0x12bc/0x14d0 [ 1397.346698][ T3015] ocfs2_fill_super+0x3462/0x4d90 [ 1397.352249][ T3015] mount_bdev+0x22b/0x2d0 [ 1397.357094][ T3015] legacy_get_tree+0xea/0x180 [ 1397.362291][ T3015] vfs_get_tree+0x8c/0x280 [ 1397.367229][ T3015] do_new_mount+0x24b/0xa40 [ 1397.372238][ T3015] __se_sys_mount+0x2da/0x3c0 [ 1397.377422][ T3015] do_syscall_64+0x55/0xb0 [ 1397.382342][ T3015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1397.388741][ T3015] [ 1397.388741][ T3015] -> #2 (sb_internal#4){.+.+}-{0:0}: [ 1397.396196][ T3015] ocfs2_start_trans+0x26b/0x6c0 [ 1397.401647][ T3015] ocfs2_acquire_dquot+0x67b/0xaf0 [ 1397.407280][ T3015] dqget+0x77c/0xeb0 [ 1397.411685][ T3015] dquot_get_next_dqblk+0xb4/0x380 [ 1397.417306][ T3015] quota_getnextquota+0x2b2/0x490 [ 1397.422842][ T3015] __se_sys_quotactl+0x27b/0x950 [ 1397.428288][ T3015] do_syscall_64+0x55/0xb0 [ 1397.433224][ T3015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1397.439621][ T3015] [ 1397.439621][ T3015] -> #1 (&ocfs2_quota_ip_alloc_sem_key){++++}-{3:3}: [ 1397.448474][ T3015] down_write+0x97/0x1f0 [ 1397.453233][ T3015] ocfs2_create_local_dquot+0x1a4/0x1790 [ 1397.459815][ T3015] ocfs2_acquire_dquot+0x7cf/0xaf0 [ 1397.465433][ T3015] dqget+0x77c/0xeb0 [ 1397.469855][ T3015] dquot_get_next_dqblk+0xb4/0x380 [ 1397.475491][ T3015] quota_getnextquota+0x2b2/0x490 [ 1397.481037][ T3015] __se_sys_quotactl+0x27b/0x950 [ 1397.486489][ T3015] do_syscall_64+0x55/0xb0 [ 1397.491416][ T3015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1397.497816][ T3015] [ 1397.497816][ T3015] -> #0 (&dquot->dq_lock){+.+.}-{3:3}: [ 1397.505445][ T3015] __lock_acquire+0x2ddb/0x7c80 [ 1397.510807][ T3015] lock_acquire+0x197/0x410 [ 1397.515811][ T3015] __mutex_lock+0x129/0xcc0 [ 1397.520836][ T3015] dqget+0x6fc/0xeb0 [ 1397.525245][ T3015] dquot_transfer+0x4b9/0x6d0 [ 1397.530431][ T3015] ext4_setattr+0x87d/0x1c90 [ 1397.535529][ T3015] notify_change+0xb0d/0xe10 [ 1397.540631][ T3015] chown_common+0x3f9/0x5a0 [ 1397.545639][ T3015] do_fchownat+0x168/0x270 [ 1397.550555][ T3015] __x64_sys_chown+0x82/0x90 [ 1397.555645][ T3015] do_syscall_64+0x55/0xb0 [ 1397.560576][ T3015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1397.566969][ T3015] [ 1397.566969][ T3015] other info that might help us debug this: [ 1397.566969][ T3015] [ 1397.577189][ T3015] Chain exists of: [ 1397.577189][ T3015] &dquot->dq_lock --> jbd2_handle --> &ei->xattr_sem [ 1397.577189][ T3015] [ 1397.589806][ T3015] Possible unsafe locking scenario: [ 1397.589806][ T3015] [ 1397.597241][ T3015] CPU0 CPU1 [ 1397.602592][ T3015] ---- ---- [ 1397.607961][ T3015] rlock(&ei->xattr_sem); [ 1397.612368][ T3015] lock(jbd2_handle); [ 1397.618968][ T3015] lock(&ei->xattr_sem); [ 1397.625796][ T3015] lock(&dquot->dq_lock); [ 1397.630193][ T3015] [ 1397.630193][ T3015] *** DEADLOCK *** [ 1397.630193][ T3015] [ 1397.638317][ T3015] 3 locks held by syz.3.13254/3015: [ 1397.643493][ T3015] #0: ffff88801b7fc418 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 1397.652614][ T3015] #1: ffff88806a1eca10 (&type->i_mutex_dir_key#3){++++}-{3:3}, at: chown_common+0x313/0x5a0 [ 1397.662775][ T3015] #2: ffff88806a1ec6c8 (&ei->xattr_sem){++++}-{3:3}, at: ext4_setattr+0x86b/0x1c90 [ 1397.672186][ T3015] [ 1397.672186][ T3015] stack backtrace: [ 1397.678070][ T3015] CPU: 0 PID: 3015 Comm: syz.3.13254 Not tainted syzkaller #0 [ 1397.685521][ T3015] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1397.695572][ T3015] Call Trace: [ 1397.698861][ T3015] [ 1397.701796][ T3015] dump_stack_lvl+0x16c/0x230 [ 1397.706523][ T3015] ? load_image+0x3b0/0x3b0 [ 1397.711025][ T3015] ? show_regs_print_info+0x20/0x20 [ 1397.716232][ T3015] ? print_circular_bug+0x12b/0x1a0 [ 1397.721418][ T3015] check_noncircular+0x2bd/0x3c0 [ 1397.726345][ T3015] ? look_up_lock_class+0x75/0x140 [ 1397.731441][ T3015] ? print_deadlock_bug+0x5d0/0x5d0 [ 1397.736635][ T3015] ? lockdep_lock+0xe0/0x220 [ 1397.741214][ T3015] ? _find_first_zero_bit+0xd3/0x100 [ 1397.746489][ T3015] __lock_acquire+0x2ddb/0x7c80 [ 1397.751330][ T3015] ? lockdep_hardirqs_on+0x98/0x150 [ 1397.756516][ T3015] ? mark_lock+0x94/0x320 [ 1397.760829][ T3015] ? verify_lock_unused+0x140/0x140 [ 1397.766009][ T3015] ? __lock_acquire+0x1334/0x7c80 [ 1397.771022][ T3015] lock_acquire+0x197/0x410 [ 1397.775507][ T3015] ? dqget+0x6fc/0xeb0 [ 1397.779568][ T3015] ? __might_sleep+0xe0/0xe0 [ 1397.784144][ T3015] ? read_lock_is_recursive+0x20/0x20 [ 1397.789497][ T3015] ? mark_lock+0x94/0x320 [ 1397.793813][ T3015] ? lockdep_hardirqs_on_prepare+0x400/0x760 [ 1397.799786][ T3015] __mutex_lock+0x129/0xcc0 [ 1397.804281][ T3015] ? dqget+0x6fc/0xeb0 [ 1397.808343][ T3015] ? percpu_counter_add_batch+0x1d9/0x280 [ 1397.814047][ T3015] ? lockdep_hardirqs_on+0x98/0x150 [ 1397.819233][ T3015] ? percpu_counter_add_batch+0x22b/0x280 [ 1397.824937][ T3015] ? dqget+0x6fc/0xeb0 [ 1397.828990][ T3015] ? mutex_lock_nested+0x20/0x20 [ 1397.833912][ T3015] ? percpu_counter_set+0x1a0/0x1a0 [ 1397.839094][ T3015] ? make_kgid+0x640/0x640 [ 1397.843496][ T3015] ? do_raw_spin_unlock+0x121/0x230 [ 1397.848681][ T3015] dqget+0x6fc/0xeb0 [ 1397.852563][ T3015] dquot_transfer+0x4b9/0x6d0 [ 1397.857227][ T3015] ? __dquot_transfer+0x22f0/0x22f0 [ 1397.862412][ T3015] ? down_read+0x1ac/0x2e0 [ 1397.866821][ T3015] ext4_setattr+0x87d/0x1c90 [ 1397.871401][ T3015] ? inode_set_ctime_current+0x2d0/0x2d0 [ 1397.877034][ T3015] ? apparmor_path_chown+0x239/0x2d0 [ 1397.882338][ T3015] ? evm_inode_setattr+0x94/0x6a0 [ 1397.887349][ T3015] ? bpf_lsm_inode_setattr+0x9/0x10 [ 1397.892531][ T3015] ? try_break_deleg+0x79/0x120 [ 1397.897364][ T3015] ? ext4_write_inode+0x550/0x550 [ 1397.902377][ T3015] notify_change+0xb0d/0xe10 [ 1397.906956][ T3015] chown_common+0x3f9/0x5a0 [ 1397.911452][ T3015] ? __ia32_sys_chmod+0x70/0x70 [ 1397.916285][ T3015] ? rcu_read_lock_any_held+0xb4/0x120 [ 1397.921728][ T3015] ? __mnt_want_write+0x223/0x2a0 [ 1397.926741][ T3015] do_fchownat+0x168/0x270 [ 1397.931218][ T3015] ? chown_common+0x5a0/0x5a0 [ 1397.935896][ T3015] __x64_sys_chown+0x82/0x90 [ 1397.940478][ T3015] do_syscall_64+0x55/0xb0 [ 1397.944886][ T3015] ? clear_bhb_loop+0x40/0x90 [ 1397.949565][ T3015] ? clear_bhb_loop+0x40/0x90 [ 1397.954241][ T3015] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1397.960137][ T3015] RIP: 0033:0x7fbd2c98efc9 [ 1397.964539][ T3015] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1397.984145][ T3015] RSP: 002b:00007fbd2d846038 EFLAGS: 00000246 ORIG_RAX: 000000000000005c [ 1397.992543][ T3015] RAX: ffffffffffffffda RBX: 00007fbd2cbe5fa0 RCX: 00007fbd2c98efc9 [ 1398.000512][ T3015] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000200 [ 1398.008473][ T3015] RBP: 00007fbd2ca11f91 R08: 0000000000000000 R09: 0000000000000000 [ 1398.016436][ T3015] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1398.024392][ T3015] R13: 00007fbd2cbe6038 R14: 00007fbd2cbe5fa0 R15: 00007fff6160b678 [ 1398.032357][ T3015] [ 1398.068887][ T6144] usb 1-1: Using ep0 maxpacket: 32 [ 1398.077481][ T6144] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=67.fe [ 1398.086810][ T6144] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1398.094881][ T6144] usb 1-1: Product: syz [ 1398.096528][ T6576] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1398.099031][ T6144] usb 1-1: Manufacturer: syz [ 1398.112710][ T6144] usb 1-1: SerialNumber: syz [ 1398.119384][ T6144] usb 1-1: config 0 descriptor?? [ 1398.346591][ T6144] snd-usb-6fire 1-1:0.0: unknown device firmware state received from device: [ 1398.355557][ T6144] 5e 57 f9 3a eb 9a 47 80 [ 1398.360249][ T6144] snd-usb-6fire: probe of 1-1:0.0 failed with error -5 [ 1398.578718][ T6505] usb 1-1: USB disconnect, device number 78