last executing test programs: 3.667285374s ago: executing program 1 (id=3452): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000000c0)={0x3, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x2, 0x9, 0xfc, 0x2, 0x2}, 0x10}, 0x1, 0x7}, 0x0) 3.523315561s ago: executing program 1 (id=3456): r0 = syz_usb_connect(0x2, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="31010000dccd5e08cb0603000000000023010902240001000064000904340102d469e70009058acf"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) 1.677479709s ago: executing program 1 (id=3492): r0 = socket$inet_icmp(0x2, 0x2, 0x1) close(r0) 1.516080466s ago: executing program 1 (id=3497): r0 = gettid() wait4(r0, 0x0, 0x20000000, 0x0) 1.344387043s ago: executing program 1 (id=3500): symlinkat(&(0x7f0000000000)='.\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00') mount$overlay(0x0, &(0x7f0000000180)='./file1\x00', &(0x7f0000000b80), 0x200048, &(0x7f00000004c0)={[{@userxattr}, {@metacopy_on}]}) 1.18416839s ago: executing program 1 (id=3503): syz_mount_image$ocfs2(&(0x7f0000004740), &(0x7f0000004780)='./file0\x00', 0x100000a, &(0x7f00000000c0)=ANY=[@ANYBLOB="6a6f75726e616c5f6173796e635f636f6d6d69742c6865617274626561743d6e6f6e652c67727071756f74612c696e6f646536342c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c00a5ac95942a38e6bfeea96108fa50b58440ef6041bea5aa31e2dd2532458d802e41aa4599ba680aa7bd6d04004258b7a8902f078e686e0ad0017a9f40cab7e8ed9483c468cbe8b5111b52c62ae7bd99dde7768746459302ef1adff359935a901d9a93c2ee3190699fae61911c9956efa1b72ad683a0acc6d36539173f0f11dd2011263c662522d12cca07a4a3d593ee6ca5954cd0b5674f92faa9f828438f930b721d144e46001a56724219f14c2c58ef31aee3852b15bddc24bade32ed8f3cba254e2dbc6baf27"], 0x0, 0x4703, &(0x7f0000004800)="$eJzs212IXFcBB/BzJ6vZpMl2P9ImafoxSQQXLcumT9X6ENeqjabNh7bVVFlnN9vN6uzMujujBYPUIIiCoARBxQ+qQulLLYiBvtQiFPxAWoVSUbS+iBSq4INBG+jKzNybnXtntneyk7S0/f2gnb3n3nPumf3vPXfOPZNCrHZqYaW4sFIsVYrV2ftXbil+rlquL86FwqvktT4/vbkSOcn+tXPkfR/4yD23hPCHY1/70Orq6mpoGA5dHWj7+fy/T8+2vyYKmTqNdru31vLH+iMv/fwtr3REnhMhhB0d/WrYFEL42C9C2BxCGInLRuPXLSGEbSGEKITw6G/+9ePBfrrQ5uy9Lzx37MzhfWemHn/smQvzR9c9MArhu+XdN88vvrh/023Pv+MynR4AAF7RB48fufvo5IHwZBSGzg10fl7fGb8mn4/vfNun7np4YG3/Kr3Z9CqGCgAAABlr8//h6OUu63XJylqyJPjEAyfufipa229i+/p26K4jt79/8kC8/ht17L81Lvrnezc111Cz677Z9d+RTP3u679r53n4q8/+svLWjfc/6V9y3uEQFSZS24XCxEQIx6Za27uirYVydaX2zvur9crJjZ/3jSKdf3b1fm1Bv9f8RzPV89b/d3/i8z/bMtDPOxgL2b/axnax80+ZLtL5rz+W/+RLUU/5j2Xq5eV/x9Pbz/9qcz/vIHtGLkU6/9aFuK/9gGJrAGjk/82B/Px3ZNrPy//7U+cePbGB7/80xpnhqNHXwdQI8HJcvs5XmMhI598KIjV0xr/I9a7//2XyvybTfl7+d1b/8bu/9XH/X2/8H5/qp803j3T+rSCKqSPWrv+RQv71f22m/bz8f3vqz89+sq97dWf+jf6Pu//3JJ1/fCNOD57N32Sv4//OTPt5+e8au++hhQ30+8Nb4n4ORWGs7Vun5xq3sKG19ermlKaxe2kDJ3kTSOff+q2lLp2h1kvz+h/OH/93ZdrPy/+hPV9/z+m+vv/bffyfNP73JJ3/lmbZpeT/Uib/3Zn28/L/4em//+W+yzz+N7YPyr8n6fy3duxfe/5T6Gn+d12mft7zn32jTz3y1z7m/0n/kvMmz3+S5xDjUev5D92l879q3eN6vf/vydTLu/6/9Z/nn97fz/gfDXoC0Id0/ttahV0mgL3mf32m/bz8v3DPlz/+pw3M/5qf+AaT/Nvm/5tb5UeN/z1J57+9VZj6x1APNv/fvP9Hnbn/N5P/DZn28/K/cGhi4CuX+f7f6P94l0fZdErnP7TucY38f9/D/f/GTL28/L+496cv3tzX5/8QJs31Nyyd/9XrHte8/gfz878pUy8v/+9849dPPNhH/9/eR12y+bfu9anLKf5s3uv8v5hpPy//H42fP7v/Csz/bnX/70k6/9aq+aXkn53/7820n5f/9478YHngCjz/uUP+AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGzIavw6HqDCR2i4UJiZCGIu3d4Wt0Uzp5PRMuTr7mZUQdsTlxTAazZerM6Xy9EKlenJuulQuV2dDuCbevyMMRivlam16sbR07cW2tkSn5krLtZm5Ui2EsDMuvz5sT9qaWagtlpaaxyZ1ropKn61Xa6WJ+srccth9sXxbUj6/XK0vXXexrasL1eWlU6XK9MmF5XdPTk5Ohj0X+zwSzT1Qm6vUWr1t7W3USeoOR21vprn7hrbzfbpaX66Uys3yG9vqlKuzpXJbnZvazldbrldmS7W56XJ1Pjlfsa1u23tr7t4b7xsPI6n3l9TNOhi/3n7o+EePHz7Qsb8YpfOu1BfnJrd3/5sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4I3rydve9e0QwkBrqxBCOJj8EMX/pZy994Xnjp05vO/M1OOPPXNh/mi3YwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4PztwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYuZ+XKro4DsBnxve+FkgpbYRcBoaI6E7Cgn4RSeU1smWb1kGtEjIoCgwjWhYEQVC7qCBoFVT+BVELl62qTS1aGERQMTqTlzvCDS90zHkeGM4Mc++ZLwzcO3M+hwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALB+nN2x2JW1l3ZtXtq6+0PozM/9H0IYTZb3P+/tCD0hhK9fZk6HVdpCT1P/bybnxstXTX7v7R9/eH00WXv9xXeL63aHJB1qON6ZpOnQ0Nr736juDD6bHkxCSGMXQhQLY0/O1EIIHbELIYqfH+cvZr/v/8UuhCj6P9ztyu5/LXYhRLF196e+Wv6MR/Wcr18YbPzvb/UI3sYjOuvQ25NX3qVuauW9zN//k3zzPlgNsyeOvH8euwiimZ2bOhq7BgAA4O861yL/D1uW9+9fTkJPdzn3/9aU//c29b96/r/i3vYbYzNthRDbSmOT2fHwvnb63PhODVy9/bpmvKeq5P/VJv+vNvl/tcn/q03+X23yfzKv5P+V9PjmnsUXsYsgGvk/AABUz6HjE1P14ZHs5X/Tj85yXt+Xt/U8T39wa3rgUcO4kfzw33b42MSBg8Mj+X0vDwiurP+QLp39ns/3aG4Lk03zLlqt/9D7dGH+Wmf5E/U/nL9R1Fdc1/oPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAvdueehkEwCsPod1sRtdGqaMLCT4IPNDAiACnMaEAHEwZgIAQUMJBzlnuTZ3kBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA5/tXeV18f2mM9Foj0lR22bV/jqfZz9y3w/I+e9y4FQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADZ24EAGAAAAQJi/dR7tBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KkAAAD//8Oayzs=") removexattr(&(0x7f0000000580)='./file0\x00', &(0x7f0000000640)=@known='system.posix_acl_default\x00') 1.000568428s ago: executing program 2 (id=3506): r0 = syz_open_dev$tty1(0xc, 0x4, 0x4) ioctl$VT_RESIZEX(r0, 0x560a, &(0x7f0000000000)={0x5, 0xc, 0x8009, 0x0, 0x9}) 998.640868ms ago: executing program 3 (id=3507): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback={0xffffffffffff0000}, 0x800, 0x0, 0x1, 0x3, 0x7, 0x1}, 0x20) 822.147825ms ago: executing program 0 (id=3508): r0 = fsopen(&(0x7f0000000080)='nfs\x00', 0x0) fsetxattr$security_ima(r0, &(0x7f0000000240), 0x0, 0x0, 0x2) 821.535845ms ago: executing program 3 (id=3509): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x340, 0x0, 0x4c, 0x1a, 0x190, 0x73, 0x270, 0x258, 0x258, 0x270, 0x258, 0x3, 0x0, {[{{@ipv6={@rand_addr=' \x01\x00', @mcast2, [], [], 'netdevsim0\x00', 'macvlan1\x00'}, 0x0, 0x160, 0x190, 0x0, {}, [@common=@inet=@ecn={{0x28}, {0x2}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @rand_addr=' \x01\x00', @dev}}]}, @common=@inet=@SET2={0x30}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3a0) 742.262279ms ago: executing program 0 (id=3510): r0 = syz_open_dev$vbi(&(0x7f00000001c0), 0x2, 0x2) ioctl$VIDIOC_G_SLICED_VBI_CAP(r0, 0xc0745645, &(0x7f0000000000)={0x8, [0x5, 0x6, 0x6, 0x2d, 0xffc0, 0x3, 0xc55, 0x3, 0x3, 0x4, 0x2, 0xb5f, 0x3, 0x4, 0xfff8, 0x9699, 0x380, 0x8, 0x0, 0xa, 0x64, 0xcd0, 0x4, 0x5, 0x0, 0x2, 0x7, 0x7ff, 0x4, 0x1, 0x1, 0x6, 0x9, 0x8a, 0xc83, 0x5, 0x9df8, 0x0, 0x81, 0x8000, 0x5, 0x5, 0x80, 0x6, 0x61a, 0x8, 0x3, 0x5], 0x5}) 708.7241ms ago: executing program 2 (id=3511): r0 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000002740), 0x2, 0x0) ioctl$VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000002780)={0x5, 0x33424752, 0x1, @stepwise={0x8, 0xa, 0x2, 0xcf64, 0x6, 0x2}}) 632.210763ms ago: executing program 3 (id=3512): r0 = syz_open_dev$sndctrl(&(0x7f00000001c0), 0x0, 0x800) ioctl$SNDRV_CTL_IOCTL_TLV_COMMAND(r0, 0xc008551c, &(0x7f0000000200)=ANY=[]) 576.703846ms ago: executing program 0 (id=3513): r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000000)='source', &(0x7f0000000180)=':00:\x00\x8e\xf7\xd4\t\xe1\xae\x19\xe5\xf7c\x84\x9c\x06\x00\x00\a\x11\x01\xf2 \xec\xbe#\'S\xc4\xbd\xb5\x1e\x98MM\x06\x1a\x7f5U\x18\x90\x99\xb2\xfa\')Z\x9ew\xae\xe8\xdd\b\t\xf0\xc4\xbfj\xb6\x88/)~\x93E\x1d4\xa7\xcb\xeb\x0f\xd4(\xb6>\x87\xc3\t\xb0\x80\xf7\xe6\x8b?\xa4\xb3\b\x00\x81\xbe\xea\x1f\xfe\xed\x9d\x1a\x8aQ\xafQ\x06\x0fJ\xc0\xc0=}\x7f\xaeB\xb1\xed\xa4\xf3c#\xbe\b\x1f\xa4L[\xfa\x01Uu\xe0\x8b\x94E\xda\xd9j\x93\xc8~\xd9\x82\x8f\xcam\x17\xa2\xed\xf3\xc3_h\xfc6\t\x96@\xaf\xe6\xd0!)\xc3\xcfe\xe1g\xe7\xe5F\xbdC\xd9$\x9b@\xaf\xc2j1p\xa9\xb2d\x92\x8fo\xcbg\x9fZ\xd7\xef\xb2z\xf5\x0fq\x7f\b\xc2\xa7\x90\xc5\xf5Y\xbc\xf1s\x93X\xb6\xeb\x86&\xa7\x14%B', 0x0) 526.063598ms ago: executing program 2 (id=3514): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCMSET(r0, 0x5418, &(0x7f00000000c0)=0xffffbdfd) 497.065419ms ago: executing program 3 (id=3515): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="c80000000002010400000000010000000a0000033c0003800c00028005000100000000002c00018014000300fe80000000000000000000000000002414000400000000000000000000000000000000003c0002802c00018014000300fc00000000000000000000000000000014000400fc0100000000000000000000000000010c00028005000100000000003c0001800c000280040001003a0000002c00018014000300fc010000000000000000000000000000140004"], 0xc8}, 0x1, 0x0, 0x0, 0x10}, 0x8000) 473.15489ms ago: executing program 0 (id=3516): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000280)={0x0, 0x0}) setsockopt$sock_attach_bpf(r0, 0x10f, 0xb, 0x0, 0x0) 367.422865ms ago: executing program 0 (id=3517): r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f00000033c0)={0x53, 0x0, 0x5, 0xfa, @scatter={0x0, 0x0, 0x0}, &(0x7f0000000000)="1c35130000", 0x0, 0x0, 0x0, 0x0, 0x0}) 337.058896ms ago: executing program 2 (id=3518): r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_int(r0, 0x0, 0x32, 0x0, &(0x7f0000000100)) 283.302468ms ago: executing program 3 (id=3519): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=@newtaction={0x90, 0x30, 0xb, 0x0, 0x0, {}, [{0x7c, 0x1, [@m_skbmod={0x78, 0x1, 0x0, 0x0, {{0xb}, {0x4c, 0x2, 0x0, 0x1, [@TCA_SKBMOD_PARMS={0x24, 0x2, {{0x0, 0x0, 0x0, 0x4}}}, @TCA_SKBMOD_ETYPE={0x0, 0x5, 0x8}]}, {0x4e}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}]}]}, 0x90}, 0x1, 0x0, 0x0, 0x8000}, 0x4000800) 159.246043ms ago: executing program 2 (id=3520): r0 = socket$kcm(0x29, 0x5, 0x0) sendmmsg$inet(r0, &(0x7f0000001880)=[{{0x0, 0x0, &(0x7f00000010c0)=[{&(0x7f00000000c0)="c8", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000001800)=[{&(0x7f0000001280)=',', 0x1}], 0x11}}], 0x2, 0x0) 128.756274ms ago: executing program 0 (id=3521): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@can_delroute={0x1c, 0x19, 0x1, 0x70bd2b, 0x25dfdbfe, {0x1d, 0x1, 0x8}, [@CGW_LIM_HOPS={0x5, 0xd, 0x1}]}, 0x1c}}, 0x40) 94.048066ms ago: executing program 2 (id=3522): r0 = socket(0x22, 0x2, 0x2) recvmsg(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x41c0) 0s ago: executing program 3 (id=3523): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000240)={0x4c, 0x0, 0x0, 0x4, 0x0, &(0x7f0000000440)="97713b46"}) kernel console output (not intermixed with test programs): ttributes in process `syz.3.1455'. [ 165.813161][ T9254] sctp: [Deprecated]: syz.2.1454 (pid 9254) Use of int in max_burst socket option deprecated. [ 165.813161][ T9254] Use struct sctp_assoc_value instead [ 165.996094][ T9261] overlayfs: conflicting options: nfs_export=on,index=off [ 167.039296][ T9310] loop1: detected capacity change from 0 to 256 [ 167.140853][ T9310] FAT-fs (loop1): Directory bread(block 64) failed [ 167.164818][ T9310] FAT-fs (loop1): Directory bread(block 65) failed [ 167.177851][ T9310] FAT-fs (loop1): Directory bread(block 66) failed [ 167.202584][ T9310] FAT-fs (loop1): Directory bread(block 67) failed [ 167.210827][ T9310] FAT-fs (loop1): Directory bread(block 68) failed [ 167.228916][ T9310] FAT-fs (loop1): Directory bread(block 69) failed [ 167.261324][ T9310] FAT-fs (loop1): Directory bread(block 70) failed [ 167.270606][ T9317] loop3: detected capacity change from 0 to 8 [ 167.292718][ T9310] FAT-fs (loop1): Directory bread(block 71) failed [ 167.299392][ T9310] FAT-fs (loop1): Directory bread(block 72) failed [ 167.331816][ T9310] FAT-fs (loop1): Directory bread(block 73) failed [ 167.376729][ T9317] SQUASHFS error: lzo decompression failed, data probably corrupt [ 167.412700][ T9317] SQUASHFS error: Failed to read block 0x1dd: -5 [ 167.419083][ T9317] SQUASHFS error: Unable to read metadata cache entry [1db] [ 167.452633][ T9317] SQUASHFS error: Unable to read inode 0xa7 [ 167.720074][ T9333] loop1: detected capacity change from 0 to 8 [ 167.729310][ T9330] loop0: detected capacity change from 0 to 1024 [ 167.738593][ T9330] hfsplus: Filesystem is marked locked, mounting read-only. [ 167.773647][ T9333] MTD: Attempt to mount non-MTD device "/dev/loop1" [ 167.790975][ T9330] hfsplus: filesystem is marked locked, leaving read-only. [ 167.800368][ T9334] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1493'. [ 167.834000][ T5776] udevd[5776]: incorrect cramfs checksum on /dev/loop1 [ 167.836625][ T9334] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1493'. [ 167.910632][ T5776] udevd[5776]: incorrect cramfs checksum on /dev/loop1 [ 167.914186][ T9333] cramfs: Error -3 while decompressing! [ 167.958766][ T9333] cramfs: ffffffff96fde388(26)->ffff888055861000(4096) [ 167.973228][ T9333] cramfs: Error -3 while decompressing! [ 167.979862][ T9333] cramfs: ffffffff96fde388(26)->ffff888055861000(4096) [ 168.275012][ T9351] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1499'. [ 168.471226][ T9359] loop3: detected capacity change from 0 to 1764 [ 168.876322][ T9374] loop0: detected capacity change from 0 to 256 [ 169.180646][ T9390] x_tables: duplicate underflow at hook 2 [ 169.901198][ T27] kauditd_printk_skb: 20 callbacks suppressed [ 169.901219][ T27] audit: type=1326 audit(1763981552.603:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7642b8f749 code=0x7ffc0000 [ 170.007444][ T27] audit: type=1326 audit(1763981552.603:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7642b8f749 code=0x7ffc0000 [ 170.092934][ T9430] netlink: 'syz.3.1539': attribute type 1 has an invalid length. [ 170.113272][ T27] audit: type=1326 audit(1763981552.623:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=292 compat=0 ip=0x7f7642b8f749 code=0x7ffc0000 [ 170.135429][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.183155][ T27] audit: type=1326 audit(1763981552.623:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7642b8f749 code=0x7ffc0000 [ 170.208611][ T27] audit: type=1326 audit(1763981552.623:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9421 comm="syz.1.1536" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7642b8f749 code=0x7ffc0000 [ 170.252744][ T9434] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1542'. [ 170.719730][ T9452] overlay: Unknown parameter '\' [ 170.803614][ T27] audit: type=1326 audit(1763981553.503:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9455 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 170.872647][ T27] audit: type=1326 audit(1763981553.503:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9455 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 170.937546][ T9424] loop2: detected capacity change from 0 to 32768 [ 170.963173][ T27] audit: type=1326 audit(1763981553.513:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9455 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 170.985252][ C0] vkms_vblank_simulate: vblank timer overrun [ 171.039534][ T9424] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 171.082595][ T27] audit: type=1326 audit(1763981553.513:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9455 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 171.168642][ T27] audit: type=1326 audit(1763981553.513:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9455 comm="syz.0.1552" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 171.346197][ T9424] XFS (loop2): Ending clean mount [ 171.367612][ T9424] XFS (loop2): Quotacheck needed: Please wait. [ 171.469877][ T9424] XFS (loop2): Quotacheck: Done. [ 171.612656][ T788] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 171.624981][ T5784] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 171.625219][ T9491] netlink: 'syz.0.1566': attribute type 1 has an invalid length. [ 171.648939][ T9491] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1566'. [ 171.833525][ T788] usb 4-1: config 0 has an invalid interface number: 117 but max is 0 [ 171.849934][ T788] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 171.882758][ T788] usb 4-1: config 0 has no interface number 0 [ 171.888926][ T788] usb 4-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 171.931556][ T788] usb 4-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 171.974041][ T788] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 171.983365][ T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.991380][ T788] usb 4-1: Product: syz [ 172.005962][ T788] usb 4-1: Manufacturer: syz [ 172.010597][ T788] usb 4-1: SerialNumber: syz [ 172.027252][ T788] usb 4-1: config 0 descriptor?? [ 172.102742][ T787] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 172.149060][ T9503] loop1: detected capacity change from 0 to 8 [ 172.255825][ T9503] SQUASHFS error: xz decompression failed, data probably corrupt [ 172.267214][ T9503] SQUASHFS error: Failed to read block 0xa8: -5 [ 172.294943][ T9503] SQUASHFS error: xz decompression failed, data probably corrupt [ 172.303336][ T9503] SQUASHFS error: Failed to read block 0xa8: -5 [ 172.310862][ T787] usb 1-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=b5.55 [ 172.322685][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.341209][ T787] usb 1-1: Product: syz [ 172.350480][ T787] usb 1-1: Manufacturer: syz [ 172.362723][ T787] usb 1-1: SerialNumber: syz [ 172.375143][ T787] usb 1-1: config 0 descriptor?? [ 172.392893][ T787] gspca_main: sonixb-2.14.0 probing 0c45:60a8 [ 172.453892][ T788] usb 4-1: USB disconnect, device number 8 [ 172.711348][ T9517] loop2: detected capacity change from 0 to 4096 [ 172.796103][ T9517] ntfs3: loop2: ino=5, "/" directory corrupted [ 172.802870][ T9517] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 172.811729][ T787] sonixb 1-1:0.0: Error writing register 01: -71 [ 172.823708][ T787] sonixb: probe of 1-1:0.0 failed with error -71 [ 172.850752][ T787] usb 1-1: USB disconnect, device number 6 [ 173.098707][ T9529] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1585'. [ 173.491335][ T9546] netlink: 'syz.2.1593': attribute type 1 has an invalid length. [ 174.439351][ T9552] loop1: detected capacity change from 0 to 40427 [ 174.471989][ T9583] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1611'. [ 174.497544][ T9552] F2FS-fs (loop1): invalid crc value [ 174.515296][ T9584] loop3: detected capacity change from 0 to 256 [ 174.531142][ T9552] F2FS-fs (loop1): Found nat_bits in checkpoint [ 174.566688][ T9584] exfat: Deprecated parameter 'namecase' [ 174.573764][ T9584] exfat: Deprecated parameter 'utf8' [ 174.612806][ T9584] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 174.702031][ T9552] F2FS-fs (loop1): Start checkpoint disabled! [ 174.725707][ T9552] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 175.536632][ T9621] loop0: detected capacity change from 0 to 1024 [ 175.568330][ T9621] EXT4-fs: Ignoring removed nomblk_io_submit option [ 175.599383][ T9621] EXT4-fs: Ignoring removed nomblk_io_submit option [ 175.639490][ T9621] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 175.683038][ T9621] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 175.733157][ T9627] netlink: 'syz.2.1632': attribute type 3 has an invalid length. [ 175.786024][ T9621] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 175.894931][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 176.227518][ T9652] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1642'. [ 176.402177][ T9656] loop0: detected capacity change from 0 to 2048 [ 176.451166][ T9656] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 176.731601][ T5823] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 176.740191][ T9670] loop1: detected capacity change from 0 to 512 [ 176.774564][ T9670] EXT4-fs: Ignoring removed mblk_io_submit option [ 176.844738][ T9670] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 176.894729][ T9670] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.1652: attempt to clear invalid blocks 2 len 1 [ 176.903310][ T9678] loop0: detected capacity change from 0 to 256 [ 176.915554][ T5823] usb 3-1: Using ep0 maxpacket: 8 [ 176.923354][ T5823] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 176.931686][ T5823] usb 3-1: config 0 has no interface number 0 [ 176.951349][ T5823] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 176.960849][ T9670] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 176.970971][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.985231][ T5823] usb 3-1: Product: syz [ 176.989757][ T5823] usb 3-1: Manufacturer: syz [ 176.996898][ T5823] usb 3-1: SerialNumber: syz [ 177.006588][ T9678] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x421408f7, utbl_chksum : 0xe619d30d) [ 177.010914][ T5823] usb 3-1: config 0 descriptor?? [ 177.032353][ T9670] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1652: invalid indirect mapped block 1819239214 (level 0) [ 177.040629][ T9678] exFAT-fs (loop0): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 177.089869][ T9670] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.1652: invalid indirect mapped block 1819239214 (level 1) [ 177.110143][ T9670] EXT4-fs (loop1): 1 truncate cleaned up [ 177.118258][ T9670] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 177.157515][ T9681] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 177.190581][ T9681] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 177.201318][ T9681] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 177.210844][ T9681] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 177.221175][ T9681] geneve2: entered promiscuous mode [ 177.237553][ T9681] geneve2: entered allmulticast mode [ 177.248855][ T5823] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 177.266519][ T9681] netdevsim netdevsim3 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 177.279503][ T5823] usb 3-1: No valid video chain found. [ 177.289205][ T5823] usb 3-1: USB disconnect, device number 10 [ 177.296375][ T9681] netdevsim netdevsim3 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 177.307660][ T9681] netdevsim netdevsim3 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 177.318860][ T9681] netdevsim netdevsim3 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 177.330671][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 177.862852][ T5823] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 177.911674][ T9705] loop2: detected capacity change from 0 to 764 [ 178.074695][ T5823] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 178.112645][ T5823] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 178.152671][ T5823] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 178.182110][ T5823] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 178.212316][ T9690] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 178.220992][ T9690] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 178.247306][ T5823] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 178.383357][ T9721] loop3: detected capacity change from 0 to 512 [ 178.411637][ T9721] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 178.472481][ T9721] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 178.564702][ T9721] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.1677: bg 0: block 248: padding at end of block bitmap is not set [ 178.637257][ T9721] __quota_error: 1 callbacks suppressed [ 178.637272][ T9721] Quota error (device loop3): write_blk: dquota write failed [ 178.658265][ T9721] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 178.689668][ T9721] EXT4-fs error (device loop3): ext4_acquire_dquot:6933: comm syz.3.1677: Failed to acquire dquot type 1 [ 178.709854][ T9721] EXT4-fs (loop3): 1 truncate cleaned up [ 178.717220][ T9721] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 178.767635][ T788] usb 2-1: USB disconnect, device number 10 [ 178.943944][ T9739] loop2: detected capacity change from 0 to 4096 [ 178.947150][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 178.960666][ T999] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-5 [ 178.963023][ T9739] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 178.973228][ T999] EXT4-fs error (device loop3): ext4_release_dquot:6969: comm kworker/u4:6: Failed to release dquot type 1 [ 179.100891][ T9744] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1687'. [ 179.599865][ T9762] loop1: detected capacity change from 0 to 512 [ 179.647949][ T9762] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.819967][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.946418][ T9780] loop3: detected capacity change from 0 to 64 [ 180.377987][ T9794] loop2: detected capacity change from 0 to 4096 [ 180.410344][ T9794] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 180.563977][ T9794] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 180.711335][ T9794] ntfs3: loop2: failed to convert "c46c" to cp874 [ 180.783413][ T9810] loop0: detected capacity change from 0 to 512 [ 180.845192][ T9810] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 180.886674][ T9810] ext4 filesystem being mounted at /469/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 181.171149][ T9828] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1726'. [ 181.183602][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.366500][ T9837] loop3: detected capacity change from 0 to 1764 [ 181.538541][ T9841] loop2: detected capacity change from 0 to 4096 [ 181.605310][ T9841] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 181.627456][ T9846] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1736'. [ 181.898780][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.151196][ T9864] comedi comedi0: aio_iiro_16: a I/O base address must be specified [ 182.155795][ T9858] loop1: detected capacity change from 0 to 4096 [ 182.178004][ T9858] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 182.245000][ T9858] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 182.272306][ T9858] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 182.333516][ T9858] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 182.368470][ T9858] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 182.431772][ T9858] ntfs: volume version 3.1. [ 182.452409][ T9858] ntfs: (device loop1): load_and_init_quota(): Failed to find inode number for $Quota. [ 182.491159][ T9858] ntfs: (device loop1): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 182.607258][ T9878] loop2: detected capacity change from 0 to 512 [ 182.651775][ T9878] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 182.701295][ T9878] ext4 filesystem being mounted at /421/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.725531][ T9878] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.1751: Failed to acquire dquot type 0 [ 182.759770][ T9878] EXT4-fs (loop2): Remounting filesystem read-only [ 182.894340][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 183.575982][ T9913] loop1: detected capacity change from 0 to 512 [ 183.605225][ T9913] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 183.684302][ T9913] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 183.731445][ T9913] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.1767: bg 0: block 248: padding at end of block bitmap is not set [ 183.753744][ T9913] __quota_error: 2 callbacks suppressed [ 183.753759][ T9913] Quota error (device loop1): write_blk: dquota write failed [ 183.777178][ T9913] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 183.787831][ T9913] EXT4-fs error (device loop1): ext4_acquire_dquot:6933: comm syz.1.1767: Failed to acquire dquot type 1 [ 183.799189][ T9919] netlink: 209844 bytes leftover after parsing attributes in process `syz.0.1769'. [ 183.822746][ T9913] EXT4-fs (loop1): 1 truncate cleaned up [ 183.829598][ T9913] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 183.957179][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 183.994080][ T11] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 184.018099][ T11] EXT4-fs error (device loop1): ext4_release_dquot:6969: comm kworker/u4:0: Failed to release dquot type 1 [ 184.147545][ T9905] loop2: detected capacity change from 0 to 32768 [ 184.636251][ T9941] binder: 9940:9941 ioctl c018620c 2000000002c0 returned -1 [ 184.851698][ T9952] 9pnet_fd: p9_fd_create_unix (9952): problem connecting socket: ./file0: -111 [ 184.972622][ T5849] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 185.010371][ T9958] loop3: detected capacity change from 0 to 256 [ 185.169773][ T9961] loop1: detected capacity change from 0 to 64 [ 185.195498][ T5849] usb 3-1: config 0 has an invalid interface number: 50 but max is 0 [ 185.211919][ T9964] loop0: detected capacity change from 0 to 64 [ 185.214113][ T5849] usb 3-1: config 0 has no interface number 0 [ 185.248301][ T5849] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 185.266256][ T5849] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 185.278158][ T9964] hfs: filesystem is marked locked, mounting read-only. [ 185.286662][ T5849] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.296382][ T5849] usb 3-1: Product: syz [ 185.306786][ T5849] usb 3-1: Manufacturer: syz [ 185.311696][ T5849] usb 3-1: SerialNumber: syz [ 185.328017][ T5849] usb 3-1: config 0 descriptor?? [ 185.342936][ T9964] hfs: filesystem is marked locked, leaving read-only. [ 185.379086][ T5849] yurex 3-1:0.50: USB YUREX device now attached to Yurex #0 [ 185.868906][ T787] usb 3-1: USB disconnect, device number 11 [ 185.903948][ T787] yurex 3-1:0.50: USB YUREX #0 now disconnected [ 186.185980][ T51] Bluetooth: hci0: command 0x0406 tx timeout [ 186.186849][ T5104] Bluetooth: hci2: command 0x0406 tx timeout [ 186.192064][ T51] Bluetooth: hci1: command 0x0406 tx timeout [ 186.204641][ T51] Bluetooth: hci3: command 0x0406 tx timeout [ 186.359208][T10004] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1812'. [ 186.371819][T10004] netlink: 'syz.1.1812': attribute type 1 has an invalid length. [ 186.411483][T10004] netlink: 'syz.1.1812': attribute type 2 has an invalid length. [ 186.421654][T10004] netlink: 120 bytes leftover after parsing attributes in process `syz.1.1812'. [ 186.785716][T10022] xt_cgroup: xt_cgroup: no path or classid specified [ 187.111093][ T27] audit: type=1326 audit(1763981569.813:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10031 comm="syz.3.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 187.123394][T10034] tmpfs: Bad value for 'grpquota_block_hardlimit' [ 187.182912][ T27] audit: type=1326 audit(1763981569.813:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10031 comm="syz.3.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 187.264894][ T27] audit: type=1326 audit(1763981569.863:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10031 comm="syz.3.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 187.324854][ T27] audit: type=1326 audit(1763981569.863:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10031 comm="syz.3.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 187.392738][ T27] audit: type=1326 audit(1763981569.863:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10031 comm="syz.3.1825" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 188.014214][T10015] syz.2.1815 (10015): drop_caches: 2 [ 188.049877][T10036] loop1: detected capacity change from 0 to 32768 [ 188.058027][T10054] loop0: detected capacity change from 0 to 256 [ 188.083030][T10036] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1827 (10036) [ 188.137321][T10036] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 188.171995][T10036] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 188.179048][T10054] FAT-fs (loop0): Directory bread(block 64) failed [ 188.192902][T10036] BTRFS info (device loop1): using free space tree [ 188.208879][ T27] audit: type=1326 audit(1763981570.913:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10055 comm="syz.2.1837" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f945d98f749 code=0x0 [ 188.224228][T10054] FAT-fs (loop0): Directory bread(block 65) failed [ 188.238489][T10054] FAT-fs (loop0): Directory bread(block 66) failed [ 188.245068][T10054] FAT-fs (loop0): Directory bread(block 67) failed [ 188.252823][T10054] FAT-fs (loop0): Directory bread(block 68) failed [ 188.259484][T10054] FAT-fs (loop0): Directory bread(block 69) failed [ 188.271031][T10054] FAT-fs (loop0): Directory bread(block 70) failed [ 188.299030][T10054] FAT-fs (loop0): Directory bread(block 71) failed [ 188.332682][T10054] FAT-fs (loop0): Directory bread(block 72) failed [ 188.383784][T10054] FAT-fs (loop0): Directory bread(block 73) failed [ 188.391057][T10036] BTRFS info (device loop1): enabling ssd optimizations [ 188.431612][T10036] BTRFS info (device loop1): auto enabling async discard [ 188.454010][T10078] C: renamed from team_slave_0 (while UP) [ 188.496450][T10078] netlink: 'syz.2.1839': attribute type 3 has an invalid length. [ 188.542671][T10078] netlink: 152 bytes leftover after parsing attributes in process `syz.2.1839'. [ 188.552269][T10078] A link change request failed with some changes committed already. Interface C may have been left with an inconsistent configuration, please check. [ 188.673450][ T5781] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 188.924488][T10089] netlink: 'syz.2.1846': attribute type 21 has an invalid length. [ 188.953136][T10089] netlink: 132 bytes leftover after parsing attributes in process `syz.2.1846'. [ 189.484312][T10112] unsupported nla_type 33542 [ 189.637521][T10121] misc userio: The device must be registered before sending interrupts [ 189.863003][ T5849] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 189.962376][T10135] loop1: detected capacity change from 0 to 16 [ 189.982651][T10135] erofs: (device loop1): mounted with root inode @ nid 36. [ 190.045230][ T5849] usb 3-1: unable to get BOS descriptor or descriptor too short [ 190.064197][ T5849] usb 3-1: config 6 has an invalid interface number: 200 but max is 0 [ 190.072400][ T5849] usb 3-1: config 6 has no interface number 0 [ 190.080237][ T5849] usb 3-1: config 6 interface 200 altsetting 8 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 190.132277][ T5849] usb 3-1: config 6 interface 200 has no altsetting 0 [ 190.147628][ T5849] usb 3-1: string descriptor 0 read error: -22 [ 190.154212][ T5849] usb 3-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 190.173766][ T5849] usb 3-1: New USB device strings: Mfr=9, Product=2, SerialNumber=3 [ 190.241123][ T5849] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 190.261130][ T27] audit: type=1326 audit(1763981572.963:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10142 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 190.337988][ T27] audit: type=1326 audit(1763981572.993:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10142 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 190.376836][ T27] audit: type=1326 audit(1763981573.003:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10142 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=274 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 190.411831][ T27] audit: type=1326 audit(1763981573.003:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10142 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 190.470121][ T27] audit: type=1326 audit(1763981573.003:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10142 comm="syz.0.1872" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 190.489768][ T5849] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 190.538718][ T5849] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 190.567792][ T5849] usb 3-1: media controller created [ 190.631651][ T5849] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 190.709852][ T5849] dvb-usb: bulk message failed: -71 (6/0) [ 190.730689][ T5849] dvb-usb: bulk message failed: -71 (6/0) [ 190.744134][ T5849] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 190.764354][ T5849] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input12 [ 190.771331][T10160] loop1: detected capacity change from 0 to 8 [ 190.812304][ T5849] dvb-usb: schedule remote query interval to 150 msecs. [ 190.818625][T10160] SQUASHFS error: Unable to read inode 0xa7 [ 190.836720][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1882'. [ 190.845848][ T5849] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 190.860303][T10162] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1882'. [ 190.882966][ T5849] usb 3-1: USB disconnect, device number 12 [ 190.896487][T10162] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1882'. [ 191.088136][ T5849] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 191.248341][T10176] loop1: detected capacity change from 0 to 4096 [ 191.259387][T10171] bond2: entered promiscuous mode [ 191.267816][T10171] 8021q: adding VLAN 0 to HW filter on device bond2 [ 191.331874][T10177] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 191.984913][ T5823] IPVS: starting estimator thread 0... [ 192.112752][T10204] IPVS: using max 20 ests per chain, 48000 per kthread [ 192.482895][ T5823] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 192.668926][T10230] loop1: detected capacity change from 0 to 4096 [ 192.686319][ T5823] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 192.695661][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.707647][ T5823] usb 3-1: Product: syz [ 192.712334][ T5823] usb 3-1: Manufacturer: syz [ 192.719406][ T5823] usb 3-1: SerialNumber: syz [ 192.728808][ T5823] usb 3-1: config 0 descriptor?? [ 192.967312][ T5823] hso 3-1:0.0: Failed to find BULK IN ep [ 192.995782][ T5823] usb-storage 3-1:0.0: USB Mass Storage device detected [ 193.287118][ T5849] usb 3-1: USB disconnect, device number 13 [ 193.315713][T10256] ieee802154 phy0 wpan0: encryption failed: -22 [ 193.501083][T10260] Timeout policy `syz1' can only be used by L3 protocol number 25944 [ 193.813892][T10254] loop3: detected capacity change from 0 to 32768 [ 193.892858][T10254] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 194.064277][T10287] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1933'. [ 194.106027][T10254] XFS (loop3): Ending clean mount [ 194.142220][T10254] XFS (loop3): Quotacheck needed: Please wait. [ 194.156408][T10288] loop1: detected capacity change from 0 to 4096 [ 194.235186][T10288] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 194.288565][T10254] XFS (loop3): Quotacheck: Done. [ 194.323103][T10288] EXT4-fs error (device loop1): ext4_get_first_dir_block:3604: inode #12: block 80: comm syz.1.1937: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0 [ 194.385028][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.391363][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.430702][T10288] EXT4-fs (loop1): Remounting filesystem read-only [ 194.499028][ T5786] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 194.570587][T10300] loop0: detected capacity change from 0 to 4096 [ 194.591404][T10300] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 194.619147][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 194.813656][T10307] loop3: detected capacity change from 0 to 16 [ 194.871101][T10307] erofs: (device loop3): mounted with root inode @ nid 36. [ 195.275735][T10319] loop2: detected capacity change from 0 to 64 [ 195.315441][T10321] loop3: detected capacity change from 0 to 8 [ 195.502575][ T27] audit: type=1800 audit(1763981578.203:93): pid=10321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.1952" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 195.593275][T10326] loop1: detected capacity change from 0 to 256 [ 195.657101][T10326] FAT-fs (loop1): Directory bread(block 64) failed [ 195.694192][T10326] FAT-fs (loop1): Directory bread(block 65) failed [ 195.700859][T10326] FAT-fs (loop1): Directory bread(block 66) failed [ 195.750543][T10326] FAT-fs (loop1): Directory bread(block 67) failed [ 195.779829][T10326] FAT-fs (loop1): Directory bread(block 68) failed [ 195.804829][T10326] FAT-fs (loop1): Directory bread(block 69) failed [ 195.839863][T10326] FAT-fs (loop1): Directory bread(block 70) failed [ 195.861074][T10326] FAT-fs (loop1): Directory bread(block 71) failed [ 195.877534][T10326] FAT-fs (loop1): Directory bread(block 72) failed [ 195.884366][T10326] FAT-fs (loop1): Directory bread(block 73) failed [ 196.183074][ T5823] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 196.373027][ T5823] usb 3-1: Using ep0 maxpacket: 32 [ 196.384325][ T5823] usb 3-1: config 0 has an invalid interface number: 35 but max is 0 [ 196.402668][ T5823] usb 3-1: config 0 has no interface number 0 [ 196.408915][ T5823] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 196.433523][ T5823] usb 3-1: config 0 interface 35 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 196.451161][T10336] loop0: detected capacity change from 0 to 32768 [ 196.454726][ T5823] usb 3-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.ad [ 196.480917][T10336] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.1958 (10336) [ 196.481137][ T5823] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.508394][ T5823] usb 3-1: Product: syz [ 196.513667][ T5823] usb 3-1: Manufacturer: syz [ 196.514926][T10354] xt_hashlimit: Unknown mode mask E2, kernel too old? [ 196.518509][ T5823] usb 3-1: SerialNumber: syz [ 196.533371][T10336] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 196.537396][ T5823] usb 3-1: config 0 descriptor?? [ 196.562663][ T5867] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 196.566328][T10336] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 196.633849][T10336] BTRFS info (device loop0): using free space tree [ 196.733655][T10336] BTRFS info (device loop0): enabling ssd optimizations [ 196.746808][ T5867] usb 2-1: Using ep0 maxpacket: 32 [ 196.762116][T10336] BTRFS info (device loop0): auto enabling async discard [ 196.778819][ T5867] usb 2-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 196.804961][ T5867] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.842277][ T5867] usb 2-1: config 0 descriptor?? [ 196.871055][ T5867] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 196.884969][ T5785] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 197.000295][ T5823] radio-si470x 3-1:0.35: si470x_get_report: usb_control_msg returned -71 [ 197.021715][ T5823] radio-si470x: probe of 3-1:0.35 failed with error -5 [ 197.078368][ T5823] radio-raremono 3-1:0.35: this is not Thanko's Raremono. [ 197.107465][ T5823] usb 3-1: USB disconnect, device number 14 [ 197.288556][ T5867] gspca_vc032x: reg_w err -71 [ 197.307697][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.327949][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.336811][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.372864][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.392927][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.398258][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.414048][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.422244][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.444685][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.469424][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.482614][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.489841][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.500888][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.506352][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.511847][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.517382][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.548195][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.562622][ T5867] gspca_vc032x: I2c Bus Busy Wait 00 [ 197.572610][ T5867] gspca_vc032x: Unknown sensor... [ 197.577735][ T5867] vc032x: probe of 2-1:0.0 failed with error -22 [ 197.602869][ T5867] usb 2-1: USB disconnect, device number 11 [ 197.957007][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1983'. [ 197.987299][T10405] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1983'. [ 198.017088][T10405] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1983'. [ 198.038863][T10405] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1983'. [ 198.192297][T10419] netlink: 'syz.1.1990': attribute type 13 has an invalid length. [ 198.382732][ T788] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 198.589452][ T788] usb 3-1: config 0 has an invalid interface number: 156 but max is 0 [ 198.612600][ T788] usb 3-1: config 0 has no interface number 0 [ 198.625207][ T788] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 198.639454][ T788] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 198.649440][ T788] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 198.675216][ T788] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 198.714563][ T788] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.732142][ T788] usb 3-1: config 0 descriptor?? [ 198.745083][ T788] gspca_main: spca561-2.14.0 probing abcd:cdee [ 198.971700][ T788] spca561: probe of 3-1:0.156 failed with error -22 [ 198.987229][ T788] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 199.004383][ T788] usb 3-1: MIDIStreaming interface descriptor not found [ 199.086945][ T788] usb 3-1: USB disconnect, device number 15 [ 199.127415][ T5776] udevd[5776]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.156/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 199.275872][T10456] loop3: detected capacity change from 0 to 512 [ 199.301325][T10456] EXT4-fs: Ignoring removed nobh option [ 199.321076][T10456] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 199.353250][T10460] loop0: detected capacity change from 0 to 16 [ 199.383277][T10460] erofs: (device loop0): mounted with root inode @ nid 36. [ 199.411684][T10456] EXT4-fs error (device loop3): ext4_do_update_inode:5244: inode #3: comm syz.3.2009: corrupted inode contents [ 199.437139][T10456] EXT4-fs (loop3): Remounting filesystem read-only [ 199.497211][T10456] Quota error (device loop3): write_blk: dquota write failed [ 199.537989][T10456] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 199.579477][T10456] EXT4-fs (loop3): 1 truncate cleaned up [ 199.587253][T10456] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 199.604984][T10456] ext4 filesystem being mounted at /519/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 199.829987][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 200.742803][ T9] usb 3-1: new low-speed USB device number 16 using dummy_hcd [ 200.764228][T10475] syz.0.2013 (10475): drop_caches: 2 [ 200.869465][T10499] loop0: detected capacity change from 0 to 512 [ 200.878304][T10499] EXT4-fs: Ignoring removed bh option [ 200.903411][T10499] EXT4-fs: Ignoring removed mblk_io_submit option [ 200.949138][T10499] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.987407][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 201.022816][T10499] ext4 filesystem being mounted at /560/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 201.034660][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 201.101030][ T9] usb 3-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 201.136621][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.138599][T10496] loop1: detected capacity change from 0 to 32768 [ 201.159958][T10499] EXT4-fs error (device loop0): __ext4_remount:6736: comm syz.0.2023: Abort forced by user [ 201.165768][ T9] usb 3-1: config 0 descriptor?? [ 201.205956][T10499] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 201.221127][T10496] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 201.322771][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.414998][ T9] usb 3-1: string descriptor 0 read error: -71 [ 201.421374][ T9] qmi_wwan: probe of 3-1:0.0 failed with error -22 [ 201.437949][T10514] loop3: detected capacity change from 0 to 4096 [ 201.454355][T10496] XFS (loop1): Ending clean mount [ 201.455912][ T9] usb 3-1: USB disconnect, device number 16 [ 201.486476][T10514] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 201.548882][T10496] XFS (loop1): Quotacheck needed: Please wait. [ 201.670741][T10496] XFS (loop1): Quotacheck: Done. [ 201.898471][ T5781] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 202.335050][T10518] loop0: detected capacity change from 0 to 32768 [ 202.445943][T10518] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 202.557384][T10518] OCFS2: ERROR (device loop0): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature  [ 202.623132][T10518] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 202.652732][T10518] OCFS2: File system is now read-only. [ 202.675758][T10518] (syz.0.2027,10518,0):ocfs2_find_entry_dx:1029 ERROR: status = -30 [ 202.810545][ T5785] ocfs2: Unmounting device (7,0) on (node local) [ 203.082831][ T788] usb 3-1: new full-speed USB device number 17 using dummy_hcd [ 203.090743][ C1] sd 0:0:1:0: [sda] tag#5028 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 203.090818][ C1] sd 0:0:1:0: [sda] tag#5028 CDB: Read(6) 08 00 00 00 03 44 [ 203.320936][T10542] loop1: detected capacity change from 0 to 32768 [ 203.350129][T10542] (syz.1.2039,10542,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 203.373147][ T788] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 203.381362][ T788] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 203.392486][T10542] (syz.1.2039,10542,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 203.410911][ T788] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 203.423620][ T788] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 203.439480][ T788] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 203.454124][ T788] usb 3-1: config 0 interface 0 has no altsetting 0 [ 203.490014][T10542] JBD2: Ignoring recovery information on journal [ 203.544880][ T788] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 203.592676][ T788] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 203.601151][ T788] usb 3-1: Product: syz [ 203.625609][T10542] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 203.682749][ T788] usb 3-1: Manufacturer: syz [ 203.687390][ T788] usb 3-1: SerialNumber: syz [ 203.721908][ T788] usb 3-1: config 0 descriptor?? [ 203.733444][T10550] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 203.772767][ T788] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 203.802400][ T788] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 203.860055][ T5781] ocfs2: Unmounting device (7,1) on (node local) [ 204.061138][ T5849] usb 3-1: USB disconnect, device number 17 [ 204.083627][ T5849] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 204.335333][T10594] x_tables: unsorted entry at hook 1 [ 204.493994][T10603] QAT: failed to copy from user cfg_data. [ 204.520309][T10604] tmpfs: Bad value for 'mpol' [ 204.654294][T10608] Cannot find del_set index 4 as target [ 205.163446][T10631] tipc: Can't bind to reserved service type 2 [ 205.496332][T10619] loop1: detected capacity change from 0 to 32768 [ 205.517991][T10619] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.2075 (10619) [ 205.557889][T10619] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 205.583280][T10619] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 205.602266][T10619] BTRFS info (device loop1): using free space tree [ 205.625348][T10647] loop2: detected capacity change from 0 to 164 [ 205.724844][T10619] BTRFS info (device loop1): enabling ssd optimizations [ 205.772259][T10619] BTRFS info (device loop1): auto enabling async discard [ 205.954984][T10645] syz.3.2085 (10645): drop_caches: 2 [ 205.960538][ T5781] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 206.186945][T10671] netlink: 'syz.0.2093': attribute type 10 has an invalid length. [ 206.360638][T10671] veth0_vlan: left promiscuous mode [ 206.417360][T10671] veth0_vlan: entered promiscuous mode [ 206.481149][T10671] team0: Device veth0_vlan failed to register rx_handler [ 207.078610][T10703] overlayfs: missing 'lowerdir' [ 207.614175][T10709] loop1: detected capacity change from 0 to 40427 [ 207.625138][T10709] F2FS-fs (loop1): invalid crc value [ 207.636016][T10709] F2FS-fs (loop1): Found nat_bits in checkpoint [ 207.689619][T10709] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 208.051798][T10727] loop0: detected capacity change from 0 to 1764 [ 208.122632][ T5774] blk_print_req_error: 17 callbacks suppressed [ 208.122648][ T5774] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 208.311968][T10733] syz.1.2115 (10733): drop_caches: 2 [ 208.446206][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 208.529897][T10745] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 208.644916][ T9] usb 1-1: config 0 interface 0 altsetting 60 endpoint 0xE has invalid maxpacket 1023, setting to 64 [ 208.676724][ T9] usb 1-1: config 0 interface 0 altsetting 60 endpoint 0xD has invalid maxpacket 65278, setting to 1024 [ 208.709299][ T9] usb 1-1: config 0 interface 0 altsetting 60 bulk endpoint 0xD has invalid maxpacket 1024 [ 208.721780][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 208.741372][ T9] usb 1-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=ae.ad [ 208.765193][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.793629][ T9] usb 1-1: config 0 descriptor?? [ 208.806834][T10727] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 208.855211][T10759] loop2: detected capacity change from 0 to 256 [ 208.912695][ T5849] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 208.937766][T10759] FAT-fs (loop2): Directory bread(block 64) failed [ 208.948734][T10759] FAT-fs (loop2): Directory bread(block 65) failed [ 208.955651][T10759] FAT-fs (loop2): Directory bread(block 66) failed [ 208.964739][T10759] FAT-fs (loop2): Directory bread(block 67) failed [ 208.981640][T10759] FAT-fs (loop2): Directory bread(block 68) failed [ 208.990667][T10759] FAT-fs (loop2): Directory bread(block 69) failed [ 208.997597][T10759] FAT-fs (loop2): Directory bread(block 70) failed [ 209.004791][T10759] FAT-fs (loop2): Directory bread(block 71) failed [ 209.011593][T10759] FAT-fs (loop2): Directory bread(block 72) failed [ 209.019002][T10759] FAT-fs (loop2): Directory bread(block 73) failed [ 209.035031][ T9] usb 1-1: string descriptor 0 read error: -71 [ 209.050224][ T9] usb 1-1: ucan: probing device on interface #0 [ 209.061040][ T9] usb 1-1: ucan: invalid endpoint configuration [ 209.082717][ T9] usb 1-1: ucan: probe failed; try to update the device firmware [ 209.106451][ T5849] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 209.128809][ T5849] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.141718][ T9] usb 1-1: USB disconnect, device number 7 [ 209.150257][ T5849] usb 2-1: Product: syz [ 209.156055][ T5849] usb 2-1: Manufacturer: syz [ 209.160762][ T5849] usb 2-1: SerialNumber: syz [ 209.177894][ T5849] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 209.226610][ T788] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 209.366416][T10769] libceph: resolve '400' (ret=-3): failed [ 209.760114][ T5849] usb 2-1: USB disconnect, device number 12 [ 209.799997][T10784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2145'. [ 209.858426][T10786] loop3: detected capacity change from 0 to 128 [ 209.914565][T10786] FAT-fs (loop3): Directory bread(block 11554) failed [ 209.921797][T10786] FAT-fs (loop3): Directory bread(block 11555) failed [ 209.929649][T10786] FAT-fs (loop3): Directory bread(block 11556) failed [ 209.936903][T10786] FAT-fs (loop3): Directory bread(block 11557) failed [ 209.954794][T10786] FAT-fs (loop3): Directory bread(block 11558) failed [ 209.971091][T10786] FAT-fs (loop3): Directory bread(block 11559) failed [ 209.979583][T10786] FAT-fs (loop3): Directory bread(block 11560) failed [ 209.990099][T10786] FAT-fs (loop3): Directory bread(block 11561) failed [ 210.001575][T10786] FAT-fs (loop3): Directory bread(block 11562) failed [ 210.011448][T10786] FAT-fs (loop3): Directory bread(block 11563) failed [ 210.263158][ T788] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 210.271544][ T788] ath9k_htc: Failed to initialize the device [ 210.319131][ T5849] usb 2-1: ath9k_htc: USB layer deinitialized [ 210.515666][T10806] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 210.531197][T10806] ip6gretap1: entered allmulticast mode [ 210.537053][T10810] netlink: 'syz.1.2158': attribute type 10 has an invalid length. [ 210.538894][T10809] syz.3.2159 (10809): drop_caches: 2 [ 210.626971][T10810] veth0_vlan: left promiscuous mode [ 210.667464][T10810] veth0_vlan: entered promiscuous mode [ 210.718281][T10810] team0: Device veth0_vlan failed to register rx_handler [ 210.876636][T10822] xt_cgroup: invalid path, errno=-2 [ 210.883707][T10820] loop3: detected capacity change from 0 to 512 [ 210.931090][T10820] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 210.956309][T10820] ext4 filesystem being mounted at /572/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.077703][T10820] EXT4-fs error (device loop3): ext4_ext_remove_space:2929: inode #15: comm syz.3.2164: pblk 0 bad header/extent: invalid magic - magic 0, entries 0, max 0(0), depth 0(0) [ 211.146481][T10820] EXT4-fs (loop3): Remounting filesystem read-only [ 211.241974][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 211.378639][T10843] loop0: detected capacity change from 0 to 512 [ 211.409069][T10843] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 211.510124][T10843] EXT4-fs (loop0): Couldn't remount RDWR because of unprocessed orphan inode list. Please umount/remount instead [ 211.651146][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.138509][T10880] loop0: detected capacity change from 0 to 128 [ 212.313248][ T788] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 212.517400][ T788] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 212.556769][ T788] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 212.577969][ T788] usb 4-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 212.608259][ T788] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 212.642010][ T788] usb 4-1: config 0 descriptor?? [ 212.664947][ T788] xbox_remote_probe: endpoint_in message size==0? [ 212.726807][T10900] netlink: 'syz.2.2202': attribute type 21 has an invalid length. [ 212.864557][T10903] loop1: detected capacity change from 0 to 4096 [ 212.874910][ T788] usbhid 4-1:0.0: can't add hid device: -71 [ 212.882471][ T788] usbhid: probe of 4-1:0.0 failed with error -71 [ 212.898865][ T788] usb 4-1: USB disconnect, device number 9 [ 212.944975][T10903] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 212.964967][T10910] SET target dimension over the limit! [ 213.077844][T10912] loop0: detected capacity change from 0 to 4096 [ 213.134297][T10915] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 213.204152][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.498186][T10925] libceph: resolve '0' (ret=-3): failed [ 213.685602][ T5867] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 213.915430][ T5867] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.938957][ T5867] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 213.958771][ T5867] usb 1-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 214.002805][ T5867] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.033681][ T5867] usb 1-1: config 0 descriptor?? [ 214.246987][T10945] netlink: 'syz.3.2223': attribute type 10 has an invalid length. [ 214.456576][T10945] team0: Device veth0_vlan failed to register rx_handler [ 214.463955][ T5867] Bluetooth: Can't get state to change to load configuration err [ 214.490925][ T5867] Bluetooth: Loading sysconfig file failed [ 214.506270][ T5867] ath3k: probe of 1-1:0.0 failed with error -16 [ 214.535641][ T5867] usb 1-1: USB disconnect, device number 8 [ 214.959492][T10967] netlink: 'syz.1.2234': attribute type 1 has an invalid length. [ 215.126763][T10975] loop2: detected capacity change from 0 to 256 [ 215.139215][T10975] exfat: Deprecated parameter 'utf8' [ 215.230780][T10975] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 215.370417][T10982] loop1: detected capacity change from 0 to 4096 [ 215.449508][T10988] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 215.450231][T10986] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2244'. [ 215.874963][T11003] 9pnet_fd: p9_fd_create_tcp (11003): problem connecting socket to 127.0.0.1 [ 216.021100][T11009] netlink: 'syz.1.2254': attribute type 21 has an invalid length. [ 216.043192][T11009] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2254'. [ 216.422860][T11030] No such timeout policy "syz0" [ 216.933366][T11053] No such timeout policy "syz0" [ 216.982812][ T9] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 217.193819][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 217.222722][ T9] usb 2-1: config 0 has an invalid interface number: 214 but max is 0 [ 217.231233][ T9] usb 2-1: config 0 has no interface number 0 [ 217.261441][ T9] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 217.285799][ T9] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 217.305622][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.306981][T11071] loop0: detected capacity change from 0 to 256 [ 217.321209][ T9] usb 2-1: Product: syz [ 217.326326][ T9] usb 2-1: Manufacturer: syz [ 217.346172][ T9] usb 2-1: SerialNumber: syz [ 217.365046][ T9] usb 2-1: config 0 descriptor?? [ 217.405844][T11071] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x987a2e96, utbl_chksum : 0xe619d30d) [ 217.701585][T11077] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2289'. [ 217.791817][ T9] usbtouchscreen: probe of 2-1:0.214 failed with error -71 [ 217.854791][ T9] usb 2-1: USB disconnect, device number 13 [ 217.980107][T11074] loop3: detected capacity change from 0 to 32768 [ 218.036911][T11074] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 218.061328][T11074] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 218.300701][ T5786] ocfs2: Unmounting device (7,3) on (node local) [ 218.332824][T11100] futex_wake_op: syz.0.2298 tries to shift op by 32; fix this program [ 218.514166][T11106] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2301'. [ 218.548169][T11106] netlink: 'syz.1.2301': attribute type 8 has an invalid length. [ 218.569581][T11106] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 218.722596][ T27] audit: type=1326 audit(1763981601.413:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11111 comm="syz.3.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 218.818416][ T27] audit: type=1326 audit(1763981601.413:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11111 comm="syz.3.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 218.882566][ T27] audit: type=1326 audit(1763981601.453:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11111 comm="syz.3.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=173 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 219.001684][ T27] audit: type=1326 audit(1763981601.453:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11111 comm="syz.3.2304" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 219.166737][T11130] loop1: detected capacity change from 0 to 256 [ 219.229124][T11130] FAT-fs (loop1): Directory bread(block 64) failed [ 219.246736][T11130] FAT-fs (loop1): Directory bread(block 65) failed [ 219.264962][T11130] FAT-fs (loop1): Directory bread(block 66) failed [ 219.283070][T11130] FAT-fs (loop1): Directory bread(block 67) failed [ 219.289791][T11130] FAT-fs (loop1): Directory bread(block 68) failed [ 219.317316][T11130] FAT-fs (loop1): Directory bread(block 69) failed [ 219.338709][T11130] FAT-fs (loop1): Directory bread(block 70) failed [ 219.362725][T11130] FAT-fs (loop1): Directory bread(block 71) failed [ 219.387825][T11130] FAT-fs (loop1): Directory bread(block 72) failed [ 219.402201][T11130] FAT-fs (loop1): Directory bread(block 73) failed [ 219.606777][T11144] veth1_vlan: mtu greater than device maximum [ 220.079815][T11167] loop1: detected capacity change from 0 to 256 [ 220.160913][T11167] FAT-fs (loop1): Directory bread(block 64) failed [ 220.179845][T11167] FAT-fs (loop1): Directory bread(block 65) failed [ 220.201432][T11167] FAT-fs (loop1): Directory bread(block 66) failed [ 220.236069][T11167] FAT-fs (loop1): Directory bread(block 67) failed [ 220.270353][T11167] FAT-fs (loop1): Directory bread(block 68) failed [ 220.325358][T11167] FAT-fs (loop1): Directory bread(block 69) failed [ 220.332024][T11167] FAT-fs (loop1): Directory bread(block 70) failed [ 220.360924][T11167] FAT-fs (loop1): Directory bread(block 71) failed [ 220.389891][T11167] FAT-fs (loop1): Directory bread(block 72) failed [ 220.402040][T11167] FAT-fs (loop1): Directory bread(block 73) failed [ 220.483982][T11181] tmpfs: Group quota block hardlimit too large. [ 221.028279][T11206] loop3: detected capacity change from 0 to 1024 [ 221.034952][ T9] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 221.078556][T11206] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.237145][ T9] usb 2-1: New USB device found, idVendor=05d1, idProduct=2021, bcdDevice=31.00 [ 221.253595][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.277155][ T9] usb 2-1: Product: syz [ 221.281803][ T9] usb 2-1: Manufacturer: syz [ 221.289403][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.290682][ T9] usb 2-1: SerialNumber: syz [ 221.311680][ T9] usb 2-1: config 0 descriptor?? [ 221.336624][ T9] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 221.353436][ T9] usb 2-1: Detected FT4232HP [ 221.411354][T11222] loop3: detected capacity change from 0 to 1024 [ 221.426896][T11222] EXT4-fs: Ignoring removed nobh option [ 221.448877][T11222] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 221.452691][ T23] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 221.481691][T11222] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #11: comm syz.3.2352: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 221.502152][T11222] EXT4-fs (loop3): Remounting filesystem read-only [ 221.515758][T11222] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.612375][T11228] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2354'. [ 221.622018][T11228] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2354'. [ 221.636425][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.660756][ T23] usb 3-1: Using ep0 maxpacket: 16 [ 221.676010][ T23] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 221.689070][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 221.712668][ T23] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 221.728729][ T23] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice=4f.14 [ 221.740304][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.752476][ T23] usb 3-1: Product: syz [ 221.757758][ T9] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 221.758308][ T23] usb 3-1: Manufacturer: syz [ 221.776263][ T9] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 221.778882][ T23] usb 3-1: SerialNumber: syz [ 221.799611][ T23] usb 3-1: config 0 descriptor?? [ 221.800413][ T9] usb 2-1: USB disconnect, device number 14 [ 221.811474][T11216] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 221.828082][ T23] mceusb 3-1:0.0: mceusb_dev_probe: device setup failed! [ 221.840261][ T23] mceusb: probe of 3-1:0.0 failed with error -12 [ 221.844190][ T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 221.889164][ T9] ftdi_sio 2-1:0.0: device disconnected [ 222.116898][ T23] usb 3-1: USB disconnect, device number 18 [ 222.415780][ T27] audit: type=1326 audit(1763981605.123:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 222.472801][ T27] audit: type=1326 audit(1763981605.143:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 222.531200][T11258] loop3: detected capacity change from 0 to 512 [ 222.539319][ T27] audit: type=1326 audit(1763981605.163:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 222.551582][T11258] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 222.645857][T11258] EXT4-fs (loop3): 1 truncate cleaned up [ 222.674258][ T27] audit: type=1326 audit(1763981605.163:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 222.697676][ T27] audit: type=1326 audit(1763981605.163:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11253 comm="syz.0.2367" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 222.723042][T11258] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 222.816953][T11265] loop1: detected capacity change from 0 to 16 [ 222.828244][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 222.840292][T11265] erofs: (device loop1): mounted with root inode @ nid 36. [ 223.132954][ T788] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 223.167980][T11279] loop2: detected capacity change from 0 to 2048 [ 223.223666][T11284] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 223.248987][T11283] tmpfs: Bad value for 'mpol' [ 223.278974][T11279] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=16, inode=2, rec_len=16, name_len=255 [ 223.326091][ T788] usb 2-1: config 1 has an invalid descriptor of length 9, skipping remainder of the config [ 223.338848][T11279] Remounting filesystem read-only [ 223.356981][ T788] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 223.399310][ T788] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 223.418875][ T788] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.428198][T11290] loop0: detected capacity change from 0 to 512 [ 223.431584][ T788] usb 2-1: Product: syz [ 223.445645][ T788] usb 2-1: Manufacturer: syz [ 223.447875][T11290] EXT4-fs: Ignoring removed nobh option [ 223.452934][ T788] usb 2-1: SerialNumber: syz [ 223.480335][ T788] rtl8150 2-1:1.0: couldn't find required endpoints [ 223.513154][ T788] rtl8150: probe of 2-1:1.0 failed with error -5 [ 223.533588][T11290] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 223.599959][T11290] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.2384: attempt to clear invalid blocks 1 len 1 [ 223.670530][T11290] EXT4-fs (loop0): Remounting filesystem read-only [ 223.712218][T11290] EXT4-fs (loop0): 1 truncate cleaned up [ 223.741519][T11290] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 223.770712][ T788] usb 2-1: USB disconnect, device number 15 [ 223.885131][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 224.540361][T11331] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2403'. [ 224.779911][T11340] loop3: detected capacity change from 0 to 1024 [ 224.803340][T11340] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 224.917405][T11340] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 225.088245][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.246108][T11363] IPVS: sync thread started: state = BACKUP, mcast_ifn = bond0, syncid = 8, id = 0 [ 225.813949][T11389] netlink: 'syz.3.2431': attribute type 1 has an invalid length. [ 225.821717][T11389] netlink: 232 bytes leftover after parsing attributes in process `syz.3.2431'. [ 226.693973][T11427] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2450'. [ 226.698923][T11422] loop2: detected capacity change from 0 to 4096 [ 226.729638][T11422] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 226.750062][ C1] vkms_vblank_simulate: vblank timer overrun [ 226.769425][T11431] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2452'. [ 226.821973][T11422] ntfs: volume version 3.1. [ 226.917228][T11422] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 226.952679][T11422] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x6, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 226.993001][T11422] ntfs: (device loop2): ntfs_cluster_alloc(): Failed to map page. [ 227.001476][T11422] ntfs: (device loop2): ntfs_cluster_alloc(): Failed to allocate clusters, aborting (error -5). [ 227.015152][T11422] ntfs: (device loop2): ntfs_truncate(): Cannot truncate inode 0x43, attribute type 0x80, because the conversion from resident to non-resident attribute failed with error code -5. [ 227.184438][ T5784] ntfs: (device loop2): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 227.391735][T11451] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2462'. [ 227.423386][T11453] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2463'. [ 227.585729][T11461] netlink: 'syz.1.2467': attribute type 10 has an invalid length. [ 227.653316][T11461] macvlan0: entered promiscuous mode [ 227.714309][T11461] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 227.740628][T11465] netlink: 'syz.3.2469': attribute type 2 has an invalid length. [ 227.751998][T11465] netlink: 'syz.3.2469': attribute type 8 has an invalid length. [ 227.760227][T11465] netlink: 132 bytes leftover after parsing attributes in process `syz.3.2469'. [ 228.039442][T11481] netlink: 'syz.1.2476': attribute type 6 has an invalid length. [ 228.082647][T11481] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.2476'. [ 228.331801][T11494] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2482'. [ 228.352689][T11494] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2482'. [ 228.406811][T11498] (unnamed net_device) (uninitialized): option lp_interval: invalid value (18446744073709551611) [ 228.452593][T11498] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 228.569257][T11505] loop0: detected capacity change from 0 to 512 [ 228.600661][T11505] EXT4-fs: Ignoring removed nomblk_io_submit option [ 228.649334][T11505] EXT4-fs (loop0): filesystem is read-only [ 228.681592][T11505] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 228.713369][T11505] EXT4-fs (loop0): filesystem is read-only [ 228.719230][T11505] EXT4-fs (loop0): orphan cleanup on readonly fs [ 228.799535][T11505] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #16: comm syz.0.2488: iget: bad i_size value: 648518346341360424 [ 228.916650][T11505] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.2488: couldn't read orphan inode 16 (err -117) [ 228.950512][T11505] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 229.103585][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 229.877467][T11558] loop0: detected capacity change from 0 to 4096 [ 229.935369][T11558] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 229.994428][T11558] ntfs3: loop0: Failed to load $Extend (-22). [ 230.010984][T11558] ntfs3: loop0: Failed to initialize $Extend. [ 230.066816][T11570] netlink: 'syz.1.2520': attribute type 20 has an invalid length. [ 230.103321][T11570] IPv6: NLM_F_CREATE should be specified when creating new route [ 230.122665][T11570] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 230.129931][T11570] IPv6: NLM_F_CREATE should be set when creating new route [ 231.293457][T11580] loop3: detected capacity change from 0 to 32768 [ 231.612999][T11615] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2541'. [ 231.875605][T11623] loop0: detected capacity change from 0 to 1024 [ 231.898664][T11623] EXT4-fs: Ignoring removed nomblk_io_submit option [ 231.949785][T11623] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 232.014881][T11623] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 232.050145][T11623] System zones: 0-1, 3-36 [ 232.071617][T11623] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 232.347165][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 233.132934][T11684] trusted_key: encrypted_key: master key parameter is missing [ 233.353330][T11697] netlink: 2 bytes leftover after parsing attributes in process `syz.0.2581'. [ 233.380542][T11697] batadv_slave_1: entered promiscuous mode [ 233.484132][T11702] netlink: 'syz.2.2584': attribute type 2 has an invalid length. [ 233.511664][T11702] netlink: 723 bytes leftover after parsing attributes in process `syz.2.2584'. [ 234.162632][ T5823] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 234.247090][T11738] loop0: detected capacity change from 0 to 4096 [ 234.260152][T11738] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 234.317147][T11738] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 234.401638][T11738] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 234.404817][ T5823] usb 4-1: unable to get BOS descriptor or descriptor too short [ 234.434356][T11738] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 234.446531][ T5823] usb 4-1: not running at top speed; connect to a high speed hub [ 234.465493][T11738] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 234.474913][T11738] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 234.484641][ T5823] usb 4-1: config 1 has an invalid interface number: 138 but max is 0 [ 234.501556][T11738] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 234.507555][ T5823] usb 4-1: config 1 has no interface number 0 [ 234.519360][ T5823] usb 4-1: config 1 interface 138 has no altsetting 0 [ 234.526696][T11738] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 234.550266][ T5823] usb 4-1: New USB device found, idVendor=0cb8, idProduct=c90b, bcdDevice= d.ae [ 234.559703][ T5823] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.567809][ T5823] usb 4-1: Product: syz [ 234.572691][T11738] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 234.581449][ T5823] usb 4-1: Manufacturer: syz [ 234.586717][T11738] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 234.607252][ T5823] usb 4-1: SerialNumber: syz [ 234.628326][T11738] ntfs: volume version 3.1. [ 234.861283][ T5823] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 234.928382][ T5823] usb 4-1: USB disconnect, device number 10 [ 235.039988][ T6966] udevd[6966]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.138/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 235.268775][T11768] loop1: detected capacity change from 0 to 4096 [ 235.318421][T11774] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2618'. [ 235.328312][T11774] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2618'. [ 235.341375][T11774] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2618'. [ 235.404324][T11768] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 235.463025][T11768] ntfs3: loop1: Failed to load $Extend (-22). [ 235.469175][T11768] ntfs3: loop1: Failed to initialize $Extend. [ 235.972762][T11799] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2630'. [ 236.031532][T11799] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2630'. [ 236.096134][T11806] loop0: detected capacity change from 0 to 64 [ 236.494902][T11822] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2641'. [ 237.149055][T11855] netlink: 'syz.2.2658': attribute type 11 has an invalid length. [ 237.318890][T11860] loop0: detected capacity change from 0 to 4096 [ 237.336888][T11860] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 237.360336][T11860] ntfs3: loop0: It is recommened to use chkdsk. [ 237.806598][T11852] loop3: detected capacity change from 0 to 32768 [ 237.869298][T11852] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 237.898705][T11852] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 237.994330][T11852] XFS (loop3): Ending clean mount [ 238.097280][ T5786] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 238.322079][T11898] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2675'. [ 238.378306][T11898] vlan0: entered promiscuous mode [ 238.645911][T11908] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 238.889734][T11918] capability: warning: `syz.2.2685' uses 32-bit capabilities (legacy support in use) [ 238.931925][T11920] IPv6: Can't replace route, no match found [ 239.381914][T11940] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2696'. [ 239.408614][T11940] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2696'. [ 239.805849][T11955] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 239.945858][ T5783] Bluetooth: hci3: command 0x0406 tx timeout [ 240.201474][T11947] loop2: detected capacity change from 0 to 32768 [ 240.585536][T11973] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2711'. [ 241.108522][T11988] IPv6: NLM_F_CREATE should be specified when creating new route [ 241.183125][T11975] loop2: detected capacity change from 0 to 32768 [ 241.210018][T11975] [ 241.210018][T11975] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.210018][T11975] [ 241.270238][T11975] __jfs_setxattr: xattr_size = 67, new_size = 161 [ 241.292576][ T5867] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 241.336856][ T1096] [ 241.336856][ T1096] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.336856][ T1096] [ 241.359323][ T1096] [ 241.359323][ T1096] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.359323][ T1096] [ 241.386762][ T113] [ 241.386762][ T113] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.386762][ T113] [ 241.404747][ T5784] [ 241.404747][ T5784] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.404747][ T5784] [ 241.417865][ T5784] [ 241.417865][ T5784] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 241.417865][ T5784] [ 241.485929][ T5867] usb 4-1: Using ep0 maxpacket: 32 [ 241.510036][ T5867] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.529633][ T5867] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.551400][T11993] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 241.553237][ T5867] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 241.580238][T11993] overlayfs: missing 'lowerdir' [ 241.592766][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.615543][ T5867] usb 4-1: config 0 descriptor?? [ 241.624128][ T5867] hub 4-1:0.0: USB hub found [ 241.845212][ T5867] hub 4-1:0.0: 1 port detected [ 242.042048][T12007] netlink: 'syz.0.2728': attribute type 30 has an invalid length. [ 242.058029][ T5867] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 242.067455][ T5867] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 242.102426][ T5867] usbhid 4-1:0.0: can't add hid device: -71 [ 242.114286][ T5867] usbhid: probe of 4-1:0.0 failed with error -71 [ 242.187055][ T5867] usb 4-1: USB disconnect, device number 11 [ 242.432018][T12021] usb usb8: usbfs: process 12021 (syz.0.2734) did not claim interface 0 before use [ 242.606917][T12027] loop0: detected capacity change from 0 to 1024 [ 242.713737][T12027] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: none. [ 242.786804][T12033] xt_CT: No such helper "pptp" [ 243.010634][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 243.099023][T12043] loop3: detected capacity change from 0 to 4096 [ 243.419684][T12055] bridge3: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 243.614015][T12063] netlink: 'syz.2.2754': attribute type 21 has an invalid length. [ 243.621906][T12063] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2754'. [ 243.642418][T12063] netlink: 'syz.2.2754': attribute type 4 has an invalid length. [ 243.652309][T12063] netlink: 3 bytes leftover after parsing attributes in process `syz.2.2754'. [ 243.792792][ T5815] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 243.994351][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 244.024819][ T5815] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 244.055781][ T5815] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 244.092689][ T5815] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 244.147361][ T5815] usb 2-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 244.157818][T12071] loop2: detected capacity change from 0 to 4096 [ 244.169157][ T5815] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.188001][T12071] ntfs3: loop2: Different NTFS sector size (2048) and media sector size (512). [ 244.206742][ T5815] usb 2-1: Product: syz [ 244.210944][ T5815] usb 2-1: Manufacturer: syz [ 244.235041][ T5815] usb 2-1: SerialNumber: syz [ 244.259304][T12071] ntfs3: loop2: Failed to initialize $Extend/$ObjId. [ 244.271393][ T5815] usb 2-1: config 0 descriptor?? [ 244.276677][T12057] loop0: detected capacity change from 0 to 32768 [ 244.287289][ T5815] ums-isd200 2-1:0.0: USB Mass Storage device detected [ 244.376010][T12057] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 244.564811][ T5815] scsi host1: usb-storage 2-1:0.0 [ 244.645524][ T5815] usb 2-1: USB disconnect, device number 16 [ 244.708685][T12092] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 244.722587][T12057] XFS (loop0): Ending clean mount [ 244.755931][T12057] XFS (loop0): Quotacheck needed: Please wait. [ 244.851362][T12057] XFS (loop0): Quotacheck: Done. [ 244.981411][T12098] netlink: 'syz.3.2765': attribute type 1 has an invalid length. [ 245.014589][T12098] netlink: 154788 bytes leftover after parsing attributes in process `syz.3.2765'. [ 245.070259][ T5785] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 245.216086][T12102] comedi comedi0: das16m1: I/O port conflict (0x3,16) [ 245.346256][T12106] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2771'. [ 245.412917][T12106] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 245.420217][T12106] IPv6: NLM_F_CREATE should be set when creating new route [ 245.427577][T12106] IPv6: NLM_F_CREATE should be set when creating new route [ 245.488461][T12112] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 245.620918][T12118] loop1: detected capacity change from 0 to 2048 [ 245.641055][T12120] loop0: detected capacity change from 0 to 512 [ 245.649761][T12120] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 245.700672][T12118] Alternate GPT is invalid, using primary GPT. [ 245.717977][T12120] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 245.731281][T12120] ext4 filesystem being mounted at /753/file3 supports timestamps until 2038-01-19 (0x7fffffff) [ 245.735817][T12118] loop1: p1 p2 p3 [ 245.759544][T12118] loop1: partition table partially beyond EOD, truncated [ 245.780751][T12120] EXT4-fs error (device loop0): __ext4_new_inode:1284: comm syz.0.2777: failed to insert inode 16: doubly allocated? [ 245.875833][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 245.953426][ T23] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 246.078605][T12133] netlink: 'syz.2.2783': attribute type 2 has an invalid length. [ 246.153646][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 246.161102][ T23] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 246.192656][ T23] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 246.209366][ T23] usb 4-1: config 0 interface 0 has no altsetting 0 [ 246.226960][T12141] loop2: detected capacity change from 0 to 256 [ 246.228315][ T23] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 246.255369][ T23] usb 4-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 246.275881][ T23] usb 4-1: Product: syz [ 246.280086][ T23] usb 4-1: Manufacturer: syz [ 246.288773][ T23] usb 4-1: SerialNumber: syz [ 246.305302][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.343785][ T23] usb 4-1: config 0 descriptor?? [ 246.345475][T12141] FAT-fs (loop2): Filesystem has been set read-only [ 246.363237][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.372019][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.383682][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.401097][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.411584][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.427163][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.437525][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.460874][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.484603][T12141] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 246.514376][ T27] kauditd_printk_skb: 10 callbacks suppressed [ 246.514392][ T27] audit: type=1800 audit(1763981629.213:103): pid=12141 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2785" name="file1" dev="loop2" ino=1048621 res=0 errno=0 [ 246.552282][T12141] FAT-fs (loop2): error, fat_free_clusters: deleting FAT entry beyond EOF [ 246.803295][ T23] gs_usb 4-1:0.0: Couldn't get device config: (err=-71) [ 246.810308][ T23] gs_usb: probe of 4-1:0.0 failed with error -71 [ 246.845964][ T23] usb 4-1: USB disconnect, device number 12 [ 246.905973][T12157] loop1: detected capacity change from 0 to 512 [ 246.941416][T12157] EXT4-fs (loop1): Test dummy encryption mode enabled [ 246.998576][T12157] EXT4-fs (loop1): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 247.027525][T12147] loop0: detected capacity change from 0 to 32768 [ 247.074455][T12157] EXT4-fs (loop1): unmounting filesystem 00000005-0000-0000-0000-000000000000. [ 247.089296][T12147] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 247.388277][T12147] XFS (loop0): Ending clean mount [ 247.422671][T12147] XFS (loop0): Quotacheck needed: Please wait. [ 247.517863][T12147] XFS (loop0): Quotacheck: Done. [ 247.741977][ T5785] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 248.211435][T12201] netlink: 'syz.3.2811': attribute type 1 has an invalid length. [ 248.301839][T12181] loop1: detected capacity change from 0 to 32768 [ 248.343713][T12181] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 248.476652][T12219] cgroup: Unexpected value for 'nofavordynmods' [ 248.519576][T12181] XFS (loop1): Ending clean mount [ 248.545252][T12221] kernel profiling enabled (shift: 63) [ 248.552690][T12221] profiling shift: 63 too large [ 248.577554][T12181] XFS (loop1): Quotacheck needed: Please wait. [ 248.673579][T12181] XFS (loop1): Quotacheck: Done. [ 248.846282][ T5781] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 249.480346][ T27] audit: type=1326 audit(1763981632.173:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12247 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 249.504316][T12223] loop0: detected capacity change from 0 to 32768 [ 249.561619][ T27] audit: type=1326 audit(1763981632.173:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12247 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 249.614917][T12252] loop2: detected capacity change from 0 to 64 [ 249.617323][ T27] audit: type=1326 audit(1763981632.223:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12247 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=107 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 249.622679][ T5783] Bluetooth: hci3: command 0x0406 tx timeout [ 249.649612][ T27] audit: type=1326 audit(1763981632.223:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12247 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 249.672462][ T27] audit: type=1326 audit(1763981632.223:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12247 comm="syz.3.2829" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f123598f749 code=0x7ffc0000 [ 249.707732][T12252] syz.2.2831: attempt to access beyond end of device [ 249.707732][T12252] loop2: rw=2049, sector=268435468, nr_sectors = 2 limit=64 [ 249.723750][T12252] Buffer I/O error on dev loop2, logical block 134217734, lost async page write [ 249.803410][T12254] : renamed from veth0_vlan [ 250.324653][T12277] overlayfs: cannot append lower layer [ 250.891621][T12305] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2857'. [ 251.188623][ T787] IPVS: starting estimator thread 0... [ 251.292668][T12318] IPVS: using max 21 ests per chain, 50400 per kthread [ 251.356357][T12324] autofs4:pid:12324:autofs_fill_super: called with bogus options [ 251.602771][T12336] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2872'. [ 251.736653][T12344] netlink: 9 bytes leftover after parsing attributes in process `syz.3.2876'. [ 252.145979][T12359] loop1: detected capacity change from 0 to 4096 [ 252.169363][T12359] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 252.255129][T12359] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 252.397825][T12373] netlink: 'syz.2.2890': attribute type 21 has an invalid length. [ 252.405998][T12373] netlink: 156 bytes leftover after parsing attributes in process `syz.2.2890'. [ 252.539869][T12375] loop0: detected capacity change from 0 to 512 [ 252.597925][T12375] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 252.620922][T12375] ext4 filesystem being mounted at /774/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 252.639582][T12375] EXT4-fs error (device loop0): ext4_xattr_block_get:600: inode #15: comm syz.0.2892: corrupted xattr block 33: e_value out of bounds [ 252.740794][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.076714][T12395] loop1: detected capacity change from 0 to 4096 [ 253.129558][T12402] loop2: detected capacity change from 0 to 512 [ 253.153823][T12402] EXT4-fs: Ignoring removed mblk_io_submit option [ 253.177796][T12395] ntfs: (device loop1): parse_options(): NLS character set cp8ƒÓ O¥¿one_multiplier=0x0000000000000001gid=0 not found. Using previous one cp862. [ 253.211838][T12402] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 253.255960][T12395] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 253.279152][T12402] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.2903: inode has both inline data and extents flags [ 253.280679][T12395] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 253.323915][T12395] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 253.338074][T12395] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 253.357872][T12395] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 253.369374][T12402] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.2903: couldn't read orphan inode 15 (err -117) [ 253.387714][T12395] ntfs: volume version 3.1. [ 253.397178][T12402] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.410899][T12395] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 253.422973][T12395] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 253.442558][T12395] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 253.462714][ T787] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 253.490561][T12395] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 253.583335][ T5784] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.718462][ T787] usb 1-1: New USB device found, idVendor=0c45, idProduct=608f, bcdDevice=b5.55 [ 253.736430][ T787] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.751839][ T787] usb 1-1: Product: syz [ 253.757362][ T787] usb 1-1: Manufacturer: syz [ 253.766100][ T787] usb 1-1: SerialNumber: syz [ 253.789956][ T787] usb 1-1: config 0 descriptor?? [ 253.814417][ T787] gspca_main: sonixb-2.14.0 probing 0c45:608f [ 254.043279][T12420] loop2: detected capacity change from 0 to 4096 [ 254.073817][T12420] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 254.146287][T12420] ntfs3: loop2: failed to convert "c46c" to default [ 254.281667][ T5849] usb 1-1: USB disconnect, device number 9 [ 255.255267][T12478] kernel read not supported for file / œ7³ÏüâW)ës“§Ç!Qöì¥fsõl{T‡rÒ)r§ÖOš˜õ2:"ôÀT+ÍŸv|Õ²DvcŽ“ØÖ Å6Òxãc: (pid: 12478 comm: syz.3.2940) [ 255.393826][ T5849] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 255.586871][ T5849] usb 3-1: Using ep0 maxpacket: 32 [ 255.602277][ T5849] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 255.650128][ T5849] usb 3-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 255.663288][ T5849] usb 3-1: config 0 interface 0 has no altsetting 0 [ 255.673377][ T5849] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 255.692565][ T5849] usb 3-1: New USB device strings: Mfr=229, Product=1, SerialNumber=3 [ 255.700948][ T5849] usb 3-1: Product: syz [ 255.712576][ T5849] usb 3-1: Manufacturer: syz [ 255.717240][ T5849] usb 3-1: SerialNumber: syz [ 255.744936][ T5849] usb 3-1: config 0 descriptor?? [ 255.786684][ T1282] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.797186][ T1282] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.067308][T12484] loop3: detected capacity change from 0 to 32768 [ 256.132658][T12484] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 256.182896][ T5849] gs_usb 3-1:0.0: Couldn't get device config: (err=-71) [ 256.190003][ T5849] gs_usb: probe of 3-1:0.0 failed with error -71 [ 256.217072][ T5849] usb 3-1: USB disconnect, device number 19 [ 256.289780][T12484] XFS (loop3): Ending clean mount [ 256.324135][T12484] XFS (loop3): Quotacheck needed: Please wait. [ 256.397041][T12484] XFS (loop3): Quotacheck: Done. [ 256.432193][ T5823] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 256.446612][ T787] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 256.517515][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 256.644359][ T787] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 256.672378][ T787] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 256.699533][ T787] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 256.713123][ T787] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 256.731808][ T787] usb 1-1: SerialNumber: syz [ 256.984586][ T787] usb 1-1: 0:2 : does not exist [ 257.026682][ T787] usb 1-1: USB disconnect, device number 10 [ 257.167907][ T5776] udevd[5776]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 257.275598][T12548] tmpfs: Bad value for 'grpquota_inode_hardlimit' [ 257.989401][T12583] netlink: 'syz.1.2987': attribute type 3 has an invalid length. [ 258.346723][T12598] loop1: detected capacity change from 0 to 512 [ 258.438671][T12598] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.459903][T12598] ext4 filesystem being mounted at /695/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 258.538809][T12598] EXT4-fs error (device loop1): ext4_empty_dir:3136: inode #12: comm syz.1.2995: invalid size [ 258.598933][ T5781] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 258.713152][ T788] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 258.920309][ T788] usb 4-1: config 0 has an invalid interface number: 69 but max is 0 [ 258.951655][ T788] usb 4-1: config 0 has no interface number 0 [ 258.967695][ T788] usb 4-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 258.979224][ T788] usb 4-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 258.994877][ T788] usb 4-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 259.008531][ T788] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.045112][ T788] usb 4-1: Product: syz [ 259.051391][T12627] loop0: detected capacity change from 0 to 4096 [ 259.059833][ T788] usb 4-1: Manufacturer: syz [ 259.064941][T12627] ntfs3: loop0: ino=3, Correct links count -> 2. [ 259.084770][ T788] usb 4-1: SerialNumber: syz [ 259.109681][ T788] usb 4-1: config 0 descriptor?? [ 259.129327][T12604] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 259.156818][ T788] cyberjack 4-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 259.202146][ T788] usb 4-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 259.468925][ C1] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22 [ 259.484358][T12640] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3013'. [ 259.670551][ T9] usb 4-1: USB disconnect, device number 13 [ 259.693764][ T9] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 259.730633][T12651] loop0: detected capacity change from 0 to 256 [ 259.735446][ T9] cyberjack 4-1:0.69: device disconnected [ 259.860831][T12651] FAT-fs (loop0): Directory bread(block 64) failed [ 259.879786][T12651] FAT-fs (loop0): Directory bread(block 65) failed [ 259.903365][T12651] FAT-fs (loop0): Directory bread(block 66) failed [ 259.909931][T12651] FAT-fs (loop0): Directory bread(block 67) failed [ 259.932720][T12651] FAT-fs (loop0): Directory bread(block 68) failed [ 259.940722][T12651] FAT-fs (loop0): Directory bread(block 69) failed [ 259.958275][T12651] FAT-fs (loop0): Directory bread(block 70) failed [ 259.973482][T12651] FAT-fs (loop0): Directory bread(block 71) failed [ 259.992204][T12651] FAT-fs (loop0): Directory bread(block 72) failed [ 259.999535][T12651] FAT-fs (loop0): Directory bread(block 73) failed [ 260.371807][T12670] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 260.735239][T12688] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-xor(2) [ 260.742025][T12691] loop3: detected capacity change from 0 to 64 [ 260.777182][T12691] hfs: unable to locate alternate MDB [ 260.793389][T12691] hfs: continuing without an alternate MDB [ 261.284945][T12711] bond0: Unable to set up delay as MII monitoring is disabled [ 261.755461][T12725] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 261.884912][T12732] netlink: 'syz.3.3059': attribute type 21 has an invalid length. [ 262.978237][T12773] loop3: detected capacity change from 0 to 2048 [ 263.031389][T12754] loop2: detected capacity change from 0 to 32768 [ 263.064833][T12773] Alternate GPT is invalid, using primary GPT. [ 263.087546][T12778] netlink: 'syz.0.3079': attribute type 12 has an invalid length. [ 263.087709][T12773] loop3: p1 p2 p3 [ 263.109000][T12754] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 263.116017][T12773] loop3: partition table partially beyond EOD, truncated [ 263.146708][T12754] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 263.216256][T12787] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3081'. [ 263.251512][T12785] loop1: detected capacity change from 0 to 1024 [ 263.333507][T12754] XFS (loop2): Ending clean mount [ 263.582384][ T5784] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 263.728611][ T6888] udevd[6888]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 263.757909][ T7635] udevd[7635]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 263.769095][ T5774] udevd[5774]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 264.019842][T12804] loop2: detected capacity change from 0 to 4096 [ 264.098529][T12804] ntfs3: loop2: ino=3, Correct links count -> 2. [ 264.317438][T12812] loop0: detected capacity change from 0 to 4096 [ 264.336854][T12812] __ntfs_warning: 16 callbacks suppressed [ 264.336870][T12812] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 264.588509][T12812] ntfs: volume version 3.1. [ 264.723862][T12801] loop1: detected capacity change from 0 to 32768 [ 264.778469][T12801] XFS (loop1): DAX unsupported by block device. Turning off DAX. [ 264.796561][ T23] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 264.806394][T12801] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 264.993489][T12801] XFS (loop1): Ending clean mount [ 264.994199][ T23] usb 3-1: Using ep0 maxpacket: 32 [ 265.014851][ T23] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 265.023746][ T23] usb 3-1: config 0 has no interface number 0 [ 265.035827][ T23] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 265.056590][T12834] sctp: [Deprecated]: syz.3.3098 (pid 12834) Use of int in max_burst socket option. [ 265.056590][T12834] Use struct sctp_assoc_value instead [ 265.096071][ T23] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 265.111580][ T23] usb 3-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 265.136924][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.159425][ T23] usb 3-1: Product: syz [ 265.177748][ T23] usb 3-1: Manufacturer: syz [ 265.182371][ T23] usb 3-1: SerialNumber: syz [ 265.204661][ T5781] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 265.220828][ T23] usb 3-1: config 0 descriptor?? [ 265.243997][T12816] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 265.258560][T12816] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 265.340402][ T23] plusb 3-1:0.231 usb0: register 'plusb' at usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1, 5e:52:8a:56:3a:0a [ 265.473406][T12844] netlink: 'syz.0.3103': attribute type 3 has an invalid length. [ 265.657130][T12847] loop3: detected capacity change from 0 to 128 [ 265.689318][T12847] affs: Error parsing options [ 266.012897][T12866] netlink: 14 bytes leftover after parsing attributes in process `syz.3.3111'. [ 266.026699][ T787] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 266.039114][ T9] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 266.051885][T12866] hsr_slave_0: left promiscuous mode [ 266.063641][T12866] hsr_slave_1: left promiscuous mode [ 266.179531][T12869] ..0ˆ: renamed from veth0_to_hsr (while UP) [ 266.366392][T12881] loop0: detected capacity change from 0 to 512 [ 266.380928][T12881] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 266.468586][T12881] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.595506][T12890] loop1: detected capacity change from 0 to 4096 [ 266.606888][T12890] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 266.622606][T12890] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 266.652832][T12890] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 266.693170][T12890] ntfs: volume version 3.1. [ 266.738255][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.959582][ T5781] ntfs: (device loop1): ntfs_put_super(): Volume has errors. Leaving volume marked dirty. Run chkdsk. [ 266.976173][ T9] usb 3-1: USB disconnect, device number 20 [ 267.013921][ T9] plusb 3-1:0.231 usb0: unregister 'plusb' usb-dummy_hcd.2-1, Prolific PL-2301/PL-2302/PL-25A1/PL-27A1 [ 267.563502][T12921] : renamed from veth0_vlan [ 267.669888][T12925] loop1: detected capacity change from 0 to 2048 [ 267.733231][T12925] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 267.785792][T12925] syz.1.3130: attempt to access beyond end of device [ 267.785792][T12925] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 267.802754][T12933] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 267.972952][T12925] syz.1.3130: attempt to access beyond end of device [ 267.972952][T12925] loop1: rw=0, sector=9437254, nr_sectors = 2 limit=2048 [ 268.018551][T12925] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=0) [ 268.048504][T12941] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3136'. [ 268.074871][T12941] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3136'. [ 268.240754][T12949] netlink: 'syz.2.3139': attribute type 3 has an invalid length. [ 268.278868][T12949] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 269.875518][T13019] loop3: detected capacity change from 0 to 8192 [ 269.890406][T13019] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 269.903667][T13019] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 269.912974][T13019] REISERFS (device loop3): using ordered data mode [ 269.919665][T13019] reiserfs: using flush barriers [ 269.932602][T13019] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 269.949659][T13019] REISERFS (device loop3): checking transaction log (loop3) [ 270.249040][T13019] REISERFS (device loop3): Using tea hash to sort names [ 270.286583][T13019] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 270.494232][T13050] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3170'. [ 270.513144][T13050] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3170'. [ 270.747274][T13056] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 271.493055][T13089] loop0: detected capacity change from 0 to 512 [ 271.540683][T13089] EXT4-fs error (device loop0): ext4_orphan_get:1399: inode #15: comm syz.0.3185: inode has both inline data and extents flags [ 271.597735][T13089] EXT4-fs error (device loop0): ext4_orphan_get:1404: comm syz.0.3185: couldn't read orphan inode 15 (err -117) [ 271.636721][T13089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 271.831982][ T5785] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 271.971884][T13098] loop3: detected capacity change from 0 to 1764 [ 272.270642][T13083] loop2: detected capacity change from 0 to 32768 [ 272.310634][T13085] loop1: detected capacity change from 0 to 32768 [ 272.365554][T13083] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 272.696358][ T5784] ocfs2: Unmounting device (7,2) on (node local) [ 273.332612][ T23] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 273.398828][T13141] bond2: entered allmulticast mode [ 273.517607][ T23] usb 3-1: New USB device found, idVendor=13d3, idProduct=3224, bcdDevice=cb.0d [ 273.539260][ T23] usb 3-1: New USB device strings: Mfr=1, Product=12, SerialNumber=3 [ 273.559525][ T23] usb 3-1: Product: syz [ 273.576027][ T23] usb 3-1: Manufacturer: syz [ 273.587414][ T23] usb 3-1: SerialNumber: syz [ 273.613485][ T23] dvb-usb: found a 'DigitalNow TinyUSB 2 DVB-t Receiver' in warm state. [ 273.797956][T13157] x_tables: duplicate underflow at hook 1 [ 274.021324][ T23] vp7045: USB control message 'in' went wrong. [ 274.037390][ T23] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 274.077926][ T23] dvb-usb: DigitalNow TinyUSB 2 DVB-t Receiver error while loading driver (-19) [ 274.100221][ T23] usb 3-1: USB disconnect, device number 21 [ 274.199479][T13171] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 274.236857][T13171] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 274.298249][T13177] loop3: detected capacity change from 0 to 512 [ 274.382725][T13177] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.3222: inode has both inline data and extents flags [ 274.402879][T13177] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.3222: couldn't read orphan inode 15 (err -117) [ 274.427332][T13177] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 274.562356][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 274.751519][T13196] syz.0.3229 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 275.230968][T13212] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3236'. [ 275.462413][T13218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3239'. [ 275.627147][T13204] loop0: detected capacity change from 0 to 32768 [ 275.631721][ T5867] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 275.752368][T13204] jfs_rename: dtInsert returned -EIO [ 275.934283][ T788] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 276.142643][ T788] usb 4-1: config 0 has an invalid interface number: 40 but max is 0 [ 276.176120][ T788] usb 4-1: config 0 has no interface number 0 [ 276.203540][ T788] usb 4-1: New USB device found, idVendor=0403, idProduct=a951, bcdDevice=c0.f8 [ 276.232747][ T788] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.255808][ T788] usb 4-1: config 0 descriptor?? [ 276.262974][ T788] hub 4-1:0.40: bad descriptor, ignoring hub [ 276.269006][ T788] hub: probe of 4-1:0.40 failed with error -5 [ 276.284351][ T788] ftdi_sio 4-1:0.40: FTDI USB Serial Device converter detected [ 276.310198][ T788] ftdi_sio ttyUSB0: unknown device type: 0xc0f8 [ 276.642819][ T788] usb 4-1: USB disconnect, device number 14 [ 276.650894][ T788] ftdi_sio 4-1:0.40: device disconnected [ 276.657107][T13259] Cannot find add_set index 2 as target [ 276.729309][T13257] xt_connbytes: Forcing CT accounting to be enabled [ 276.745485][T13257] xt_bpf: check failed: parse error [ 277.012409][T13254] loop2: detected capacity change from 0 to 32768 [ 277.084259][T13254] jfs_rename: dtInsert returned -EIO [ 277.659276][T13290] overlayfs: disabling nfs_export due to verity=require [ 277.675175][T13290] overlayfs: conflicting options: userxattr,verity=require [ 277.868126][T13270] loop1: detected capacity change from 0 to 32768 [ 277.894689][T13270] ERROR: (device loop1): dbAlloc: the hint is outside the map [ 277.894689][T13270] [ 277.909862][T13270] ialloc: diAlloc returned -5! [ 278.421211][T13292] loop3: detected capacity change from 0 to 32768 [ 278.499512][T13292] jfs_rename: dtInsert returned -EIO [ 278.556229][T13294] loop0: detected capacity change from 0 to 40427 [ 278.584126][T13294] F2FS-fs (loop0): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 278.616396][T13294] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 278.656867][T13294] F2FS-fs (loop0): invalid crc value [ 278.708693][T13294] F2FS-fs (loop0): Found nat_bits in checkpoint [ 278.924199][T13294] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 278.954753][T13294] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 279.156250][T13323] x_tables: ip6_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT/POSTROUTING [ 279.735612][T13345] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3300'. [ 279.789921][T13345] (unnamed net_device) (uninitialized): option ad_actor_system: mode dependency failed, not supported in mode balance-rr(0) [ 280.042911][T13361] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3308'. [ 280.065310][T13361] netlink: 32 bytes leftover after parsing attributes in process `syz.3.3308'. [ 280.142684][T13363] netlink: 'syz.2.3309': attribute type 2 has an invalid length. [ 280.323915][T13372] syz.1.3314: attempt to access beyond end of device [ 280.323915][T13372] nbd1: rw=0, sector=0, nr_sectors = 8 limit=0 [ 280.338984][T13372] F2FS-fs (nbd1): Unable to read 1th superblock [ 280.355990][T13373] loop2: detected capacity change from 0 to 64 [ 280.362459][T13372] syz.1.3314: attempt to access beyond end of device [ 280.362459][T13372] nbd1: rw=0, sector=8, nr_sectors = 8 limit=0 [ 280.407858][T13377] loop0: detected capacity change from 0 to 64 [ 280.432184][T13372] F2FS-fs (nbd1): Unable to read 2th superblock [ 280.625633][T13383] netlink: 'syz.2.3317': attribute type 2 has an invalid length. [ 281.074197][T13403] loop2: detected capacity change from 0 to 16 [ 281.086786][T13403] erofs: (device loop2): mounted with root inode @ nid 36. [ 281.416196][T13417] xt_l2tp: invalid flags combination: 8 [ 281.814536][T13437] netlink: 156 bytes leftover after parsing attributes in process `syz.1.3346'. [ 282.003631][T13443] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3349'. [ 282.038269][T13449] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3351'. [ 282.072588][T13449] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3351'. [ 282.493161][T13469] netlink: 'syz.1.3361': attribute type 1 has an invalid length. [ 282.500932][T13469] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3361'. [ 282.690968][T13478] loop2: detected capacity change from 0 to 8 [ 282.793094][T13478] SQUASHFS error: Failed to read block 0x1ec: -5 [ 282.837750][T13478] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 283.349704][T13475] loop3: detected capacity change from 0 to 32768 [ 283.365252][T13502] netlink: 'syz.0.3378': attribute type 5 has an invalid length. [ 283.385336][T13502] netlink: 3657 bytes leftover after parsing attributes in process `syz.0.3378'. [ 283.469764][T13475] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 283.726555][T13475] XFS (loop3): Ending clean mount [ 283.735528][T13475] XFS (loop3): Quotacheck needed: Please wait. [ 283.852162][T13475] XFS (loop3): Quotacheck: Done. [ 284.062664][ T5786] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 284.393656][T13546] netlink: 'syz.1.3397': attribute type 27 has an invalid length. [ 284.401514][T13546] netlink: 'syz.1.3397': attribute type 3 has an invalid length. [ 284.414243][T13546] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3397'. [ 284.779039][T13561] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3403'. [ 284.798318][T13561] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3403'. [ 284.819181][T13563] netlink: 800 bytes leftover after parsing attributes in process `syz.3.3405'. [ 285.223063][ T5823] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 285.234493][ T9] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 285.382124][T13588] --map-set only usable from mangle table [ 285.442807][T13593] xt_CT: You must specify a L4 protocol and not use inversions on it [ 285.687298][T13595] loop1: detected capacity change from 0 to 8192 [ 285.714655][T13595] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 285.721674][T13605] netlink: 'syz.2.3425': attribute type 6 has an invalid length. [ 285.803963][T13595] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 1046) [ 285.850919][T13595] FAT-fs (loop1): Filesystem has been set read-only [ 286.013158][ T5781] FAT-fs (loop1): error, fat_free: invalid cluster chain (i_pos 1046) [ 286.234501][T13625] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 286.334478][ T27] audit: type=1326 audit(1763981669.043:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13627 comm="syz.0.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 286.397677][T13630] netlink: 'syz.1.3436': attribute type 9 has an invalid length. [ 286.410353][ T27] audit: type=1326 audit(1763981669.073:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13627 comm="syz.0.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 286.492804][ T27] audit: type=1326 audit(1763981669.083:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13627 comm="syz.0.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=244 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 286.543582][ T27] audit: type=1326 audit(1763981669.083:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13627 comm="syz.0.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 286.622819][ T27] audit: type=1326 audit(1763981669.083:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13627 comm="syz.0.3437" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe829b8f749 code=0x7ffc0000 [ 287.460692][T13679] loop2: detected capacity change from 0 to 16 [ 287.502692][ T23] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 287.511470][T13679] erofs: (device loop2): mounted with root inode @ nid 36. [ 287.716680][ T23] usb 2-1: config 0 has an invalid interface number: 52 but max is 0 [ 287.739439][ T23] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 287.773498][ T23] usb 2-1: config 0 has no interface number 0 [ 287.779654][ T23] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 287.816899][ T23] usb 2-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 287.826922][ T23] usb 2-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 287.840180][ T23] usb 2-1: config 0 interface 52 has no altsetting 0 [ 287.848602][ T23] usb 2-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice= 0.00 [ 287.881664][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=35 [ 287.901681][ T23] usb 2-1: SerialNumber: syz [ 287.917725][ T23] usb 2-1: config 0 descriptor?? [ 288.045134][T13701] loop3: detected capacity change from 0 to 16 [ 288.078767][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop3 [ 288.083646][T13701] MTD: Attempt to mount non-MTD device "/dev/loop3" [ 288.116919][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop3 [ 288.172426][ T5774] udevd[5774]: incorrect cramfs checksum on /dev/loop3 [ 288.183596][ T23] synaptics_usb 2-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 288.222749][ T23] synaptics_usb: probe of 2-1:0.52 failed with error -5 [ 288.248385][ T5783] Bluetooth: hci1: unexpected event for opcode 0x2040 [ 288.303494][T13708] netlink: 'syz.2.3476': attribute type 64 has an invalid length. [ 288.361944][T13710] netlink: 'syz.2.3478': attribute type 21 has an invalid length. [ 288.393567][T13710] __nla_validate_parse: 2 callbacks suppressed [ 288.393583][T13710] netlink: 164 bytes leftover after parsing attributes in process `syz.2.3478'. [ 288.425440][ T5823] usb 2-1: USB disconnect, device number 17 [ 288.684905][T13722] netlink: 'syz.3.3483': attribute type 3 has an invalid length. [ 288.706704][T13722] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3483'. [ 289.268133][T13748] cgroup: name respecified [ 289.418631][T13754] overlayfs: conflicting options: userxattr,metacopy=on [ 289.604523][T13758] nvme_fabrics: missing parameter 'transport=%s' [ 289.611562][T13758] nvme_fabrics: missing parameter 'nqn=%s' [ 290.292244][T13787] netlink: 'syz.3.3515': attribute type 1 has an invalid length. [ 290.318297][T13763] loop1: detected capacity change from 0 to 32768 [ 290.373729][T13763] (syz.1.3503,13763,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 290.415030][T13763] (syz.1.3503,13763,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 290.471362][T13794] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3519'. [ 290.491185][T13794] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3519'. [ 290.501115][T13794] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3519'. [ 290.510607][T13763] JBD2: Ignoring recovery information on journal [ 290.585958][T13763] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 290.658309][T13763] [ 290.660673][T13763] ====================================================== [ 290.667692][T13763] WARNING: possible circular locking dependency detected [ 290.674725][T13763] syzkaller #0 Not tainted [ 290.679143][T13763] ------------------------------------------------------ [ 290.686167][T13763] syz.1.3503/13763 is trying to acquire lock: [ 290.692239][T13763] ffff8880598e14a0 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 290.703831][T13763] [ 290.703831][T13763] but task is already holding lock: [ 290.711195][T13763] ffff8880598e1538 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x320 [ 290.712023][T13804] binder: 13803:13804 ioctl c0306201 200000000240 returned -14 [ 290.721813][T13763] [ 290.721813][T13763] which lock already depends on the new lock. [ 290.721813][T13763] [ 290.721821][T13763] [ 290.721821][T13763] the existing dependency chain (in reverse order) is: [ 290.721827][T13763] [ 290.721827][T13763] -> #6 (&oi->ip_xattr_sem){++++}-{3:3}: [ 290.721853][T13763] down_read+0x46/0x2e0 [ 290.721872][T13763] ocfs2_init_acl+0x2fa/0x720 [ 290.721894][T13763] ocfs2_mknod+0x12e5/0x20f0 [ 290.771565][T13763] vfs_mknod+0x32b/0x360 [ 290.776344][T13763] do_mknodat+0x37e/0x4f0 [ 290.781203][T13763] __x64_sys_mknod+0x8e/0xa0 [ 290.786340][T13763] do_syscall_64+0x55/0xb0 [ 290.791291][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.797719][T13763] [ 290.797719][T13763] -> #5 (jbd2_handle){++++}-{0:0}: [ 290.805032][T13763] start_this_handle+0x1e9d/0x20c0 [ 290.810673][T13763] jbd2__journal_start+0x2bb/0x5b0 [ 290.816311][T13763] jbd2_journal_start+0x2a/0x40 [ 290.821691][T13763] ocfs2_start_trans+0x376/0x6c0 [ 290.827165][T13763] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 290.833412][T13763] ocfs2_dismount_volume+0x1e2/0x890 [ 290.839228][T13763] generic_shutdown_super+0x134/0x2b0 [ 290.845135][T13763] kill_block_super+0x44/0x90 [ 290.850347][T13763] deactivate_locked_super+0x97/0x100 [ 290.856254][T13763] cleanup_mnt+0x429/0x4c0 [ 290.861201][T13763] task_work_run+0x1ce/0x250 [ 290.866335][T13763] exit_to_user_mode_loop+0xe6/0x110 [ 290.872156][T13763] exit_to_user_mode_prepare+0xf6/0x180 [ 290.878243][T13763] syscall_exit_to_user_mode+0x1a/0x50 [ 290.884238][T13763] do_syscall_64+0x61/0xb0 [ 290.889187][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.895634][T13763] [ 290.895634][T13763] -> #4 (&journal->j_trans_barrier){.+.+}-{3:3}: [ 290.904174][T13763] down_read+0x46/0x2e0 [ 290.908872][T13763] ocfs2_start_trans+0x36a/0x6c0 [ 290.914350][T13763] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 290.920601][T13763] ocfs2_dismount_volume+0x1e2/0x890 [ 290.926423][T13763] generic_shutdown_super+0x134/0x2b0 [ 290.932331][T13763] kill_block_super+0x44/0x90 [ 290.937537][T13763] deactivate_locked_super+0x97/0x100 [ 290.943446][T13763] cleanup_mnt+0x429/0x4c0 [ 290.948397][T13763] task_work_run+0x1ce/0x250 [ 290.953523][T13763] exit_to_user_mode_loop+0xe6/0x110 [ 290.959342][T13763] exit_to_user_mode_prepare+0xf6/0x180 [ 290.965419][T13763] syscall_exit_to_user_mode+0x1a/0x50 [ 290.971405][T13763] do_syscall_64+0x61/0xb0 [ 290.976358][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 290.982785][T13763] [ 290.982785][T13763] -> #3 (sb_internal#3){.+.+}-{0:0}: [ 290.990280][T13763] ocfs2_start_trans+0x26b/0x6c0 [ 290.995753][T13763] ocfs2_shutdown_local_alloc+0x201/0xa10 [ 291.002007][T13763] ocfs2_dismount_volume+0x1e2/0x890 [ 291.007824][T13763] generic_shutdown_super+0x134/0x2b0 [ 291.013735][T13763] kill_block_super+0x44/0x90 [ 291.018938][T13763] deactivate_locked_super+0x97/0x100 [ 291.024848][T13763] cleanup_mnt+0x429/0x4c0 [ 291.029813][T13763] task_work_run+0x1ce/0x250 [ 291.034934][T13763] exit_to_user_mode_loop+0xe6/0x110 [ 291.040754][T13763] exit_to_user_mode_prepare+0xf6/0x180 [ 291.046836][T13763] syscall_exit_to_user_mode+0x1a/0x50 [ 291.052829][T13763] do_syscall_64+0x61/0xb0 [ 291.057783][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.064214][T13763] [ 291.064214][T13763] -> #2 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}: [ 291.074837][T13763] down_write+0x97/0x1f0 [ 291.079617][T13763] ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 291.086053][T13763] ocfs2_reserve_clusters_with_limit+0x2fc/0xba0 [ 291.092925][T13763] ocfs2_reserve_suballoc_bits+0x6eb/0x4360 [ 291.099359][T13763] ocfs2_reserve_new_metadata_blocks+0x404/0x940 [ 291.106224][T13763] ocfs2_extend_dir+0xc60/0x4760 [ 291.111694][T13763] ocfs2_prepare_dir_for_insert+0x2fc7/0x5480 [ 291.118290][T13763] ocfs2_mknod+0x818/0x20f0 [ 291.123323][T13763] vfs_mknod+0x32b/0x360 [ 291.128104][T13763] do_mknodat+0x37e/0x4f0 [ 291.132973][T13763] __x64_sys_mknod+0x8e/0xa0 [ 291.138104][T13763] do_syscall_64+0x55/0xb0 [ 291.143056][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.149477][T13763] [ 291.149477][T13763] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#5){+.+.}-{3:3}: [ 291.159989][T13763] down_write+0x97/0x1f0 [ 291.164735][T13763] ocfs2_reserve_suballoc_bits+0x165/0x4360 [ 291.171220][T13763] ocfs2_reserve_new_metadata_blocks+0x404/0x940 [ 291.178053][T13763] ocfs2_extend_dir+0xc60/0x4760 [ 291.183491][T13763] ocfs2_prepare_dir_for_insert+0x2fc7/0x5480 [ 291.190090][T13763] ocfs2_mknod+0x818/0x20f0 [ 291.195096][T13763] vfs_mknod+0x32b/0x360 [ 291.199842][T13763] do_mknodat+0x37e/0x4f0 [ 291.204678][T13763] __x64_sys_mknod+0x8e/0xa0 [ 291.209774][T13763] do_syscall_64+0x55/0xb0 [ 291.214696][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.221091][T13763] [ 291.221091][T13763] -> #0 (&ocfs2_file_ip_alloc_sem_key){++++}-{3:3}: [ 291.229845][T13763] __lock_acquire+0x2ddb/0x7c80 [ 291.235206][T13763] lock_acquire+0x197/0x410 [ 291.240211][T13763] down_write+0x97/0x1f0 [ 291.244953][T13763] ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 291.251437][T13763] ocfs2_xattr_set+0x596/0x11f0 [ 291.256796][T13763] ocfs2_set_acl+0x4e1/0x590 [ 291.261889][T13763] ocfs2_iop_set_acl+0x1ab/0x2a0 [ 291.267332][T13763] vfs_remove_acl+0x4e3/0x740 [ 291.272520][T13763] path_removexattr+0x23b/0x3f0 [ 291.277890][T13763] __x64_sys_removexattr+0x60/0x70 [ 291.283505][T13763] do_syscall_64+0x55/0xb0 [ 291.288428][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.294822][T13763] [ 291.294822][T13763] other info that might help us debug this: [ 291.294822][T13763] [ 291.305027][T13763] Chain exists of: [ 291.305027][T13763] &ocfs2_file_ip_alloc_sem_key --> jbd2_handle --> &oi->ip_xattr_sem [ 291.305027][T13763] [ 291.318993][T13763] Possible unsafe locking scenario: [ 291.318993][T13763] [ 291.326425][T13763] CPU0 CPU1 [ 291.331768][T13763] ---- ---- [ 291.337114][T13763] lock(&oi->ip_xattr_sem); [ 291.341684][T13763] lock(jbd2_handle); [ 291.348252][T13763] lock(&oi->ip_xattr_sem); [ 291.355342][T13763] lock(&ocfs2_file_ip_alloc_sem_key); [ 291.360867][T13763] [ 291.360867][T13763] *** DEADLOCK *** [ 291.360867][T13763] [ 291.368989][T13763] 3 locks held by syz.1.3503/13763: [ 291.374182][T13763] #0: ffff88802dd12418 (sb_writers#27){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90 [ 291.383394][T13763] #1: ffff8880598e1818 (&type->i_mutex_dir_key#21){++++}-{3:3}, at: vfs_remove_acl+0xf4/0x740 [ 291.393743][T13763] #2: ffff8880598e1538 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_try_remove_refcount_tree+0xa5/0x320 [ 291.404767][T13763] [ 291.404767][T13763] stack backtrace: [ 291.410650][T13763] CPU: 0 PID: 13763 Comm: syz.1.3503 Not tainted syzkaller #0 [ 291.418085][T13763] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 291.428128][T13763] Call Trace: [ 291.431395][T13763] [ 291.434319][T13763] dump_stack_lvl+0x16c/0x230 [ 291.438985][T13763] ? load_image+0x3b0/0x3b0 [ 291.443480][T13763] ? show_regs_print_info+0x20/0x20 [ 291.448684][T13763] ? print_circular_bug+0x12b/0x1a0 [ 291.453868][T13763] check_noncircular+0x2bd/0x3c0 [ 291.458788][T13763] ? look_up_lock_class+0x75/0x140 [ 291.463892][T13763] ? print_deadlock_bug+0x5d0/0x5d0 [ 291.469093][T13763] ? lockdep_lock+0xe0/0x220 [ 291.473696][T13763] ? _find_first_zero_bit+0xd3/0x100 [ 291.478971][T13763] __lock_acquire+0x2ddb/0x7c80 [ 291.483812][T13763] ? verify_lock_unused+0x140/0x140 [ 291.488995][T13763] ? verify_lock_unused+0x140/0x140 [ 291.494176][T13763] lock_acquire+0x197/0x410 [ 291.498661][T13763] ? ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 291.504798][T13763] ? __might_sleep+0xe0/0xe0 [ 291.509367][T13763] ? read_lock_is_recursive+0x20/0x20 [ 291.514729][T13763] down_write+0x97/0x1f0 [ 291.518951][T13763] ? ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 291.525086][T13763] ? down_read_killable+0x340/0x340 [ 291.530263][T13763] ? ocfs2_xattr_set+0x56f/0x11f0 [ 291.535275][T13763] ? __lock_acquire+0x7c80/0x7c80 [ 291.540277][T13763] ? ocfs2_xattr_block_find+0x154/0x4c0 [ 291.545821][T13763] ocfs2_try_remove_refcount_tree+0xb7/0x320 [ 291.551795][T13763] ? ocfs2_remove_refcount_tree+0xd50/0xd50 [ 291.557673][T13763] ? up_write+0x1c3/0x410 [ 291.561987][T13763] ocfs2_xattr_set+0x596/0x11f0 [ 291.566827][T13763] ? __ocfs2_xattr_set_handle+0xf10/0xf10 [ 291.572544][T13763] ? mark_lock+0x94/0x320 [ 291.576960][T13763] ? __lock_acquire+0x1334/0x7c80 [ 291.581966][T13763] ? ocfs2_inode_lock_tracker+0x3ec/0x660 [ 291.587670][T13763] ? do_raw_spin_lock+0x121/0x2c0 [ 291.592693][T13763] ? __rwlock_init+0x150/0x150 [ 291.597457][T13763] ? do_raw_spin_unlock+0x121/0x230 [ 291.602659][T13763] ? _raw_spin_unlock+0x28/0x40 [ 291.607519][T13763] ? ocfs2_inode_lock_tracker+0x3ec/0x660 [ 291.613239][T13763] ? verify_lock_unused+0x140/0x140 [ 291.618455][T13763] ? ocfs2_inode_lock_atime+0x4e0/0x4e0 [ 291.624023][T13763] ocfs2_set_acl+0x4e1/0x590 [ 291.628609][T13763] ocfs2_iop_set_acl+0x1ab/0x2a0 [ 291.633541][T13763] ? read_lock_is_recursive+0x20/0x20 [ 291.638901][T13763] ? ocfs2_xattr_get+0x220/0x220 [ 291.643836][T13763] ? evm_inode_set_acl+0xbb/0x410 [ 291.648876][T13763] ? __mnt_want_write+0x68/0x2a0 [ 291.653810][T13763] ? down_write+0x162/0x1f0 [ 291.658308][T13763] ? down_read_killable+0x340/0x340 [ 291.663501][T13763] ? evm_revalidate_status+0x4f/0xb0 [ 291.668789][T13763] ? make_vfsuid+0x51/0xb0 [ 291.673206][T13763] ? inode_owner_or_capable+0xf0/0x1c0 [ 291.678668][T13763] vfs_remove_acl+0x4e3/0x740 [ 291.683337][T13763] path_removexattr+0x23b/0x3f0 [ 291.688176][T13763] ? listxattr+0x280/0x280 [ 291.692581][T13763] ? do_futex+0x2ff/0x3e0 [ 291.696924][T13763] ? lock_chain_count+0x20/0x20 [ 291.701761][T13763] ? syscall_enter_from_user_mode+0x25/0x80 [ 291.707643][T13763] __x64_sys_removexattr+0x60/0x70 [ 291.712760][T13763] do_syscall_64+0x55/0xb0 [ 291.717181][T13763] ? clear_bhb_loop+0x40/0x90 [ 291.721842][T13763] ? clear_bhb_loop+0x40/0x90 [ 291.726506][T13763] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.732476][T13763] RIP: 0033:0x7f7642b8f749 [ 291.736926][T13763] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.756519][T13763] RSP: 002b:00007f7643a8b038 EFLAGS: 00000246 ORIG_RAX: 00000000000000c5 [ 291.765192][T13763] RAX: ffffffffffffffda RBX: 00007f7642de5fa0 RCX: 00007f7642b8f749 [ 291.773175][T13763] RDX: 0000000000000000 RSI: 0000200000000640 RDI: 0000200000000580 [ 291.781294][T13763] RBP: 00007f7642c13f91 R08: 0000000000000000 R09: 0000000000000000 [ 291.789262][T13763] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 291.797223][T13763] R13: 00007f7642de6038 R14: 00007f7642de5fa0 R15: 00007ffcf6c7e748 [ 291.805191][T13763] [ 291.808282][ C0] vkms_vblank_simulate: vblank timer overrun [ 291.864535][ T5781] ocfs2: Unmounting device (7,1) on (node local) [ 294.824318][ T5823] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration