last executing test programs: 3m45.125521688s ago: executing program 0 (id=443): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x1) ioctl$TIOCVHANGUP(r0, 0x5437, 0x0) 3m44.786476644s ago: executing program 0 (id=445): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r0, &(0x7f0000000100)={0x2, 0x0, @remote}, 0x10) getsockopt$inet_int(r0, 0x29000000, 0xf, 0x0, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x18, 0x0, 0x0) 3m44.613441317s ago: executing program 0 (id=446): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') lseek(r0, 0x289e0cb5, 0x0) 3m44.313521311s ago: executing program 0 (id=449): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f00000000c0)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@min_batch_time={'min_batch_time', 0x3d, 0xfff}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x80}}, {@lazytime}, {@init_itable}, {@max_batch_time={'max_batch_time', 0x3d, 0x7}}]}, 0x3, 0x43a, &(0x7f0000000340)="$eJzs28tvG0UYAPBv13FKXySU8ugDCBRExCNp0gI9cAGBxAEkJDiUY0jSqtRtUBMkWlUQECpHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZs4jp0mwY5L/ftJm8zsjjPzeXbs2Z1sAH1rJPuRROyJiN8jYqieXV1gpP7r5tLl6b+XLk8nUa2+9VdSK3dj6fJ0UbR43e48M5pGpJ8lcahFvfMXL52dqlRmL+T58YVz74/PX7z07JlzU6dnT8+enzxx4vixiReen3yuI3Fmbbpx8KO5wwdee+fqG9Mnr77787dJEX9THB0yst7BJ6rVDlfXW3sb0slADxvCppQiIuuucm38D0UpVjpvKF79tKeNA7qqWq1Wd7c/vFgF7mBJbLTk2fzzArgzFF/02fVvsW3T1OO2cP2l+gVQFvfNfKsfGYg0L1Nuur7tpJGIOLn4z1fZFt25DwEAsMr32fznmVbzvzTubyh3d742NBwR90TEvoi4NyL2R8R9EbWyD0TEg5usv3mRZO38J722pcA2KJv/vZivba2e/xWzvxgu5bm9tfjLyakzldmj+XsyGuUdWX5inTp+eOW3L9oda5z/ZVtWfzEXzNtxbWDH6tfMTC1M/ZeYG13/JOLgQKv4k+WVgCQiDkTEwS3Wceapbw63O9Yu/vJG/nAH1pmqX0c8We//xWiKv5Csvz45fldUZo+OF2fFWr/8euXNdvXfuv+7K+v/XS3P/+X4h5PG9dr5zddx5Y/P217TbPX8H0zerqUH830fTi0sXJiIGExerze6cf/kymuLfFE+i3/0SOvxvy9W3olDEZGdxA9FxMMR8Uje9kcj4rGIOLJO/D+9/Ph7W4+/u7L4ZzbV/yuJwWje0zpROvvjd6sqHd5M/Fn/H6+lRvM9G/n820i7tnY2AwAAwP9PGhF7IknHltNpOjZW/3/5/bErrczNLzx9au6D8zP1ZwSGo5wWd7qGGu6HTuSX9UV+sil/LL9v/GVpZy0/Nj1Xmel18NDndrcZ/5k/S71uHdB1nteC/mX8Q/8y/qF/Gf/Qv1qM/529aAew/Vp9/3/cg3YA269p/Fv2gz7i+h/6l/EP/cv4h740vzNu/ZC8hMSaRKS3RTMkupTo9ScTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ/wbAAD//9E940M=") syz_mount_image$fuse(0x0, &(0x7f0000000400)='./file4\x00', 0x1018000, 0x0, 0x1, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x10000, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file4'}}], [], 0x2c}) 3m43.705639611s ago: executing program 0 (id=453): r0 = socket(0x10, 0x3, 0x0) sendmsg$BATADV_CMD_GET_MCAST_FLAGS(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000a00)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYBLOB="c0a201"], 0x24}}, 0x0) recvmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/250, 0xfa}, {&(0x7f0000003ac0)=""/4123, 0x101b}], 0x2}}], 0x1, 0x0, 0x0) write(r0, &(0x7f0000000100)="1400000052004f7fb3e4bf80a000080000000000", 0x14) 3m43.071888121s ago: executing program 0 (id=458): socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) 3m42.259526794s ago: executing program 32 (id=458): socketpair$unix(0x1, 0x2, 0x0, 0x0) prctl$PR_SET_SECUREBITS(0x1c, 0x1d) setuid(0xee01) openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) 2.285537594s ago: executing program 3 (id=2367): syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="9115463ecc790180c200000308060001"], 0x0) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', 0x0}) sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14) 2.284343794s ago: executing program 2 (id=2368): r0 = syz_open_dev$evdev(&(0x7f0000000040), 0x0, 0x0) syz_usb_disconnect(r0) syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f0000000540)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x11, 0x40, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0xdf}, {0xd, 0x24, 0xf, 0x1, 0x1, 0x0, 0x7, 0x5}, {0x6, 0x24, 0x1a, 0x401, 0x14}}, {{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x9, 0x4, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0xf1, 0x2, 0x9}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x26, 0x0, 0x7}}}}}}}]}}, 0x0) ioctl$EVIOCRMFF(r0, 0x40045506, &(0x7f0000000500)) 2.139873466s ago: executing program 3 (id=2370): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$loop(&(0x7f0000000000), 0x800, 0x280) fadvise64(r0, 0xa, 0x8, 0x3) 2.011960608s ago: executing program 3 (id=2371): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000280)={0x34, r1, 0x101, 0x2, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}, @NL80211_ATTR_WIPHY_CHANNEL_TYPE={0x8, 0x27, 0x2}], @NL80211_ATTR_SSID={0x5, 0x34, @random='\a'}]}, 0x34}, 0x1, 0x0, 0x0, 0x20008800}, 0x40080) 1.821663371s ago: executing program 3 (id=2372): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) sendmsg$unix(r0, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18}, 0x0) recvmsg$unix(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000440)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x30}, 0x2062) 1.793925222s ago: executing program 4 (id=2373): r0 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'veth0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="3400000015000100fdffffff00000000020000fd", @ANYRES32=r1, @ANYBLOB="1400030076657468300000000000000000"], 0x34}, 0x1, 0x0, 0x0, 0x10}, 0x0) 1.729049782s ago: executing program 3 (id=2374): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000000)={0x73622a85, 0x100}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x800, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x44, 0x0, &(0x7f0000000500)=[@transaction={0x40406300, {0x0, 0x0, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 1.651184844s ago: executing program 3 (id=2376): sendmsg$tipc(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000a40)="ad4308a803a93ae832cfe6d5ef23337e0f698efa258fa9d3bc1c9df29b8749c5ffd0074397d4b10c19ca158b9169fc747e0ce81800f6ab54701b60db0d358f0341b17544b7edabe88d90fc5a63b52a5eee75baf1278b9c106f3c728d86482d41a1b38f52ef3ad9e716e77953d785625a2279cf4fd6266ccaba213de2e35c65a01968cf04d00a1ca520baf750b816fafde164d33bfafb0fee4aae07b55527d4d61deda8a79a1be0238b8309d25f34019a61f0363bd8bdf6bae02edd9d34b01b8157e510898a6e7d7217224d331981b5c2bb14d88bdc317c7a88eb04c5ef7be4021f8dbbf25c65b82d0f787de0c0b87c2d51c21e948c9c8f8077e0341b04c4ff", 0xff}], 0x1}, 0x40) r0 = syz_usb_connect(0x2, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000041436120410e5150e8d5000000010902f98a5c01000000090401001186eee2000905821704"], 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xfffffffffffffddf, &(0x7f0000000340)=ANY=[@ANYBLOB="81"]) syz_usb_control_io(r0, 0x0, 0x0) 1.065705594s ago: executing program 4 (id=2381): unshare(0x20000400) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) connect$rose(r0, &(0x7f0000000080)=@full={0xb, @dev={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, 0x6, [@default, @default, @default, @null, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}]}, 0x40) 931.749236ms ago: executing program 4 (id=2383): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0xffc, 0x4, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x4) setpriority(0x0, 0x1, 0xa7a8) 931.609065ms ago: executing program 1 (id=2384): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000003, 0x4031, 0xffffffffffffffff, 0x0) madvise(&(0x7f00000ec000/0x800000)=nil, 0x800000, 0x17) rseq(&(0x7f0000000280), 0x20, 0x0, 0x0) mlockall(0x2) 637.49131ms ago: executing program 2 (id=2385): bpf$PROG_LOAD(0x5, 0x0, 0x0) symlink(&(0x7f00000049c0)='.\x00', &(0x7f00000059c0)='./file0\x00') mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0/../file0\x00', &(0x7f0000000380)={0x0, 0x0, 0x13}, 0x18) 495.989022ms ago: executing program 1 (id=2386): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r1 = syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0) ioctl$EVIOCSCLOCKID(r1, 0x40084504, &(0x7f0000ffcffc)) 461.257043ms ago: executing program 2 (id=2387): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000640)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x28, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MESH_ID={0xa}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x0) 427.145363ms ago: executing program 4 (id=2388): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000000c0)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000003c0)=0x2, 0x4) recvmmsg(r0, &(0x7f0000000080), 0x21e, 0x40010002, 0x0) 342.233625ms ago: executing program 1 (id=2389): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) ioctl$PAGEMAP_SCAN(0xffffffffffffffff, 0xc0606610, &(0x7f00000001c0)={0x60, 0x0, &(0x7f0000001000/0x1000)=nil, &(0x7f0000c87000/0x2000)=nil, 0xfffffffffffffffd, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x4}) 314.974225ms ago: executing program 4 (id=2390): unshare(0x480) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_procfs$namespace(0x0, &(0x7f0000000100)='ns/time_for_children\x00') sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=@newlink={0x3c, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vxcan={{0xa}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NET_NS_FD={0x8, 0x1c, r1}]}, 0x3c}}, 0x0) 282.129776ms ago: executing program 2 (id=2391): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_MANUAL_DIRTY_LOG_PROTECT2(r1, 0x4068aea3, &(0x7f0000000000)={0xa8, 0x0, 0x3}) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x5, 0x3, 0x0, 0x2000, &(0x7f0000ffe000/0x2000)=nil}) 222.975587ms ago: executing program 1 (id=2392): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB=','], 0x31) 130.335628ms ago: executing program 4 (id=2393): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@ccm_128={{0x305}, '\x00', "bcbd13b603e0f7b3bfa8909ef43c0ae1", "0000fd9f", "b08068ebce17ab00"}, 0x28) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) connect$inet6(r0, &(0x7f00000001c0)={0xa, 0x4000, 0x0, @loopback}, 0x1c) 69.609509ms ago: executing program 1 (id=2394): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0xc, &(0x7f00000000c0)='7', 0x1) setsockopt$inet_opts(r0, 0x0, 0x8, &(0x7f0000000100)="83", 0x1) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f0000000200)=""/49, &(0x7f0000000080)=0x31) 69.401929ms ago: executing program 2 (id=2395): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x80, 0x1, 0x28}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="1800000000000000000000000010000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b7000000000000009500000000"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1}, 0xc) 684.98µs ago: executing program 2 (id=2396): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file2\x00', 0x2004d95, &(0x7f00000000c0)={[{@barrier}]}, 0x1, 0x523, &(0x7f0000000a80)="$eJzs3c1vHGcZAPBnNrtJnDi1+ThAJUKhRU4F2bVr2locSpEQnCohyj0Ye21ZXnst77qNVxV1/gIkhACJE1y4IPEHIKFIXDgipEpwBqkIhCCFAwfooJ2d9Vd27W262XXs30+azPvO1/O8m8zszOybmQAurGci4tWIeD9N0+cjYiqSbHohH2KvM7SXe+/BW0vtIYk0ff0fSbZku97dVpKPr+erXY2Ib3494jvJw3Ebu631xVqtup3XK82NrUpjt3V7bWNxtbpa3Zyfn3tp4eWFFxdmh9LOGxHxylf/8sPv/fxrr/z6C2/++c7fbn23ndZkPv9wOz6g4kkzO00vZZ/F4RW2HzHYWVTMWpibGGyde48xHwAA+muf4380Ij4bEc/HVFw6+XQWAAAAeAKlX56M/yYRaW+X+0wHAAAAniCFrA9sUijnfQEmo1Aolzt9eD8e1wq1eqP5+ZX6zuZyp6/sdJQKK2u16mzWVzirJ+36XFY+qL9wrD5/pXO/4QdTE1m9vFSvLY/75gcAAABcENePXf//e6pz/Q8AAACcM9PjTgAAAAB47Fz/AwAAwPnn+h8AAADOtW+89tpERKTd918vv7G7s15/4/ZytbFe3thZKi/Vt7fKq/X6avbMvo3Ttler17e+GJs7dyvNaqNZaey27mzUdzabd9aOvAIbAAAAGKGPfPr+H5OI2PvSRDa0XR53UsBIFPdLST7usff/6anO+N0RJQWMxKUBlnn3yggSAUauOO4EgLEpjTsBYOySU+b37bzzu3z8meHmAwAADN/MJ/v//l84cc29k2cDZ56dGC6uY/t/2jauXIDRyn7/H7TDr5MFOFdKA/UABM6zD/37/6lcVwAAwLhNZkNSKOe39yajUCiXI25krwUoJStrtepsRDwVEX+YKl1p1+diwP84CAAAAAAAAAAAAAAAAAAAAAAAAABk0jTpvPQHAAAAOLciCn9NfpNk7/+amXpu8vj9gcvJf6Yif0Xomz95/Ud3F5vN7bn29H/uT2/+OJ/+wjjuYAAAAADHda/Tu9fxAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADBM7z14a6k7jDLu378SEdO94hfjaja+GqWIuPavJIqH1ksi4tIQ4u/di4hP9IqftNPaD9kr/sTjjx/T+afQK/71IcSHi+x++/jzaq/9rxDPZOPe+18x4kj9UR05/rVuHjn+do9/l/rs/zcGjPH0O7+s9I1/L+LpYu/jTzd+0if+swPG//a3Wq1+89KfRsz0/P5JjsSqNDe2Ko3d1u21jcXV6mp1c35+7qWFlxdeXJitrKzVqvmfPWN8/1O/ev+k9l/rE3/6lPY/N2D7//fO3Qcf6xRLB1Mn9uPferZH/N/+LF/u4fiF/Lvvc3m5PX+mW97rlA+7+Yvf3zyp/csH7S99kL//WwO2fyg7CgAwNI3d1vpirVbdfsIKb+f5n75w+zzrbOT8CIXkbKRxXgtvD3WDaZqm7X+TPWbdj4hBtpPEWfhYssJ4j0sAAMDwHZz0jzsTAAAAAAAAAAAAAAAAAAAAuLgefvpXmsaQH0J2PObefinxZGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Mz4fwAAAP//j6PX8g==") r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901) r1 = fspick(r0, &(0x7f0000000000)='.\x00', 0x0) fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=2404): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000060000000410000010"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007b00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='mmap_lock_acquire_returned\x00', r1}, 0x10) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0xd, 0x8, 0x0) kernel console output (not intermixed with test programs): d up [ 282.760694][T10605] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 282.836043][T10608] FAT-fs (loop2): Directory bread(block 64) failed [ 282.849283][T10608] FAT-fs (loop2): Directory bread(block 65) failed [ 282.875692][T10608] FAT-fs (loop2): Directory bread(block 66) failed [ 282.882459][T10608] FAT-fs (loop2): Directory bread(block 67) failed [ 282.888209][T10605] EXT4-fs error (device loop4): ext4_expand_extra_isize_ea:2817: inode #15: comm syz.4.1548: corrupted xattr block 33: invalid header [ 282.889274][T10608] FAT-fs (loop2): Directory bread(block 68) failed [ 282.910573][T10608] FAT-fs (loop2): Directory bread(block 69) failed [ 282.917256][T10608] FAT-fs (loop2): Directory bread(block 70) failed [ 282.924152][T10608] FAT-fs (loop2): Directory bread(block 71) failed [ 282.930982][T10608] FAT-fs (loop2): Directory bread(block 72) failed [ 282.941502][T10608] FAT-fs (loop2): Directory bread(block 73) failed [ 282.969551][T10605] EXT4-fs (loop4): Remounting filesystem read-only [ 283.039194][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 283.452337][T10618] loop4: detected capacity change from 0 to 32768 [ 283.480589][T10618] ERROR: (device loop4): dbFindCtl: Corrupt dmapctl page [ 283.480589][T10618] [ 283.490401][T10618] ERROR: (device loop4): remounting filesystem as read-only [ 283.497762][T10618] jfs_mkdir: dtInsert returned -EIO [ 283.504245][T10618] ERROR: (device loop4): jfs_mkdir: [ 283.504245][T10618] [ 283.531093][T10618] ERROR: (device loop4): dbFindCtl: Corrupt dmapctl page [ 283.531093][T10618] [ 284.135203][T10623] loop4: detected capacity change from 0 to 1024 [ 284.226128][T10623] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 284.491767][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.781046][T10626] loop1: detected capacity change from 0 to 40427 [ 284.804602][T10626] F2FS-fs (loop1): Fix alignment : done, start(4096) end(16896) block(12288) [ 284.835739][T10626] F2FS-fs (loop1): invalid crc value [ 284.853007][T10626] F2FS-fs (loop1): Found nat_bits in checkpoint [ 284.943035][T10641] loop4: detected capacity change from 0 to 512 [ 284.970923][T10626] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 284.990188][T10641] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 285.009832][T10641] System zones: 0-2, 18-18, 34-35 [ 285.024465][T10641] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.069531][T10641] ext4 filesystem being mounted at /283/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 285.166050][ T5786] syz-executor: attempt to access beyond end of device [ 285.166050][ T5786] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 285.231329][ T5786] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 285.339008][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 285.597422][T10659] loop2: detected capacity change from 0 to 1024 [ 285.646513][T10659] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 285.867433][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.051024][T10676] loop2: detected capacity change from 0 to 512 [ 286.061171][T10676] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 286.081272][T10679] netlink: 92 bytes leftover after parsing attributes in process `syz.3.1577'. [ 286.095239][T10676] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 286.103591][T10676] System zones: 0-2, 18-18, 34-34 [ 286.114933][T10676] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 286.132033][T10676] ext4 filesystem being mounted at /409/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 286.206894][T10676] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 41 vs 39667 free clusters [ 286.349500][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.467471][T10695] loop3: detected capacity change from 0 to 1024 [ 286.490324][T10695] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 287.082845][T10717] bridge0: port 3(syz_tun) entered blocking state [ 287.112413][T10717] bridge0: port 3(syz_tun) entered disabled state [ 287.119112][T10717] syz_tun: entered allmulticast mode [ 287.181839][T10717] syz_tun: entered promiscuous mode [ 287.187745][T10717] bridge0: port 3(syz_tun) entered blocking state [ 287.194425][T10717] bridge0: port 3(syz_tun) entered forwarding state [ 287.259556][T10720] loop3: detected capacity change from 0 to 512 [ 287.285391][T10720] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 287.315358][T10720] EXT4-fs (loop3): 1 truncate cleaned up [ 287.324933][T10720] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 287.430311][T10720] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2817: inode #15: comm syz.3.1592: corrupted xattr block 33: invalid header [ 287.469351][T10720] EXT4-fs (loop3): Remounting filesystem read-only [ 287.482187][T10715] loop4: detected capacity change from 0 to 32768 [ 287.491288][T10715] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.1591 (10715) [ 287.510344][T10715] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 287.530157][T10715] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 287.539099][T10715] BTRFS info (device loop4): using free space tree [ 287.596740][T10715] BTRFS info (device loop4): enabling ssd optimizations [ 287.597983][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 287.604105][T10715] BTRFS info (device loop4): auto enabling async discard [ 287.820417][ T7339] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 287.839783][T10749] loop2: detected capacity change from 0 to 1024 [ 287.847213][T10749] EXT4-fs: inline encryption not supported [ 287.939144][T10749] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.018688][T10754] loop3: detected capacity change from 0 to 1024 [ 288.079266][T10749] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4036: comm syz.2.1598: Allocating blocks 257-513 which overlap fs metadata [ 288.115948][T10749] EXT4-fs (loop2): Remounting filesystem read-only [ 288.117957][T10754] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 288.197838][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.253669][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 288.670508][T10777] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1606'. [ 288.798969][T10786] loop2: detected capacity change from 0 to 8 [ 288.838335][T10787] sch_tbf: burst 20480 is lower than device lo mtu (65550) ! [ 289.403381][T10808] loop3: detected capacity change from 0 to 8192 [ 289.563606][T10818] loop4: detected capacity change from 0 to 512 [ 289.587499][T10818] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 289.619237][T10818] EXT4-fs (loop4): 1 truncate cleaned up [ 289.629539][T10818] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 289.727967][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 289.799330][ T5798] Bluetooth: hci1: ISO packet too small [ 289.943530][T10817] loop1: detected capacity change from 0 to 32768 [ 289.960512][T10817] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1629 (10817) [ 289.989426][T10817] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 290.010489][T10817] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 290.019279][T10817] BTRFS info (device loop1): setting nodatacow, compression disabled [ 290.027635][T10817] BTRFS info (device loop1): max_inline at 0 [ 290.034010][T10817] BTRFS info (device loop1): enabling disk space caching [ 290.044690][T10817] BTRFS info (device loop1): turning off barriers [ 290.051771][T10817] BTRFS info (device loop1): turning on flush-on-commit [ 290.058841][T10817] BTRFS info (device loop1): disabling tree log [ 290.065434][T10817] BTRFS info (device loop1): force clearing of disk cache [ 290.073074][T10817] BTRFS info (device loop1): max_inline at 86 [ 290.084204][T10817] BTRFS info (device loop1): disk space caching is enabled [ 290.134548][T10817] BTRFS info (device loop1): enabling ssd optimizations [ 290.146338][T10817] BTRFS info (device loop1): auto enabling async discard [ 290.159552][T10817] BTRFS info (device loop1): rebuilding free space tree [ 290.190384][T10817] BTRFS info (device loop1): disabling free space tree [ 290.197567][T10817] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 290.219118][T10817] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 290.547349][T10828] loop4: detected capacity change from 0 to 40427 [ 290.554475][ T5786] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 290.582621][T10828] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x7 [ 290.596254][T10828] F2FS-fs (loop4): invalid crc value [ 290.613437][T10828] F2FS-fs (loop4): Found nat_bits in checkpoint [ 290.732173][T10828] F2FS-fs (loop4): Start checkpoint disabled! [ 290.752835][T10828] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 290.916489][T10828] syz.4.1632: attempt to access beyond end of device [ 290.916489][T10828] loop4: rw=2049, sector=77824, nr_sectors = 136 limit=40427 [ 291.210904][ T58] kworker/u4:4: attempt to access beyond end of device [ 291.210904][ T58] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 291.226792][ T58] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 291.234401][ T58] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 291.241619][ T58] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 291.645594][T10880] tap0: tun_chr_ioctl cmd 1074025677 [ 291.651735][T10880] tap0: linktype set to 823 [ 292.360786][T10890] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1652'. [ 292.376659][T10890] netem: change failed [ 292.580136][T10898] loop1: detected capacity change from 0 to 1024 [ 292.612977][T10898] EXT4-fs: inline encryption not supported [ 292.658752][T10898] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 292.770202][T10898] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4036: comm syz.1.1655: Allocating blocks 257-513 which overlap fs metadata [ 292.830276][T10898] EXT4-fs (loop1): Remounting filesystem read-only [ 292.947801][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.986250][T10917] loop4: detected capacity change from 0 to 1024 [ 293.163290][T10921] loop1: detected capacity change from 0 to 2048 [ 293.224928][T10921] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.258737][T10910] loop2: detected capacity change from 0 to 32768 [ 293.271499][T10910] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.1660 (10910) [ 293.311420][T10921] EXT4-fs (loop1): shut down requested (0) [ 293.335648][T10910] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 293.382992][T10910] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 293.426522][T10910] BTRFS info (device loop2): setting nodatacow, compression disabled [ 293.459423][T10910] BTRFS info (device loop2): max_inline at 0 [ 293.490799][T10910] BTRFS info (device loop2): enabling disk space caching [ 293.498013][T10910] BTRFS info (device loop2): turning off barriers [ 293.528724][T10910] BTRFS info (device loop2): turning on flush-on-commit [ 293.538516][T10910] BTRFS info (device loop2): disabling tree log [ 293.540285][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.545432][T10910] BTRFS info (device loop2): force clearing of disk cache [ 293.545509][T10910] BTRFS info (device loop2): max_inline at 86 [ 293.545530][T10910] BTRFS info (device loop2): disk space caching is enabled [ 293.579023][T10936] loop3: detected capacity change from 0 to 512 [ 293.587795][T10936] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 293.623091][T10936] EXT4-fs (loop3): 1 truncate cleaned up [ 293.632533][T10936] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 293.719337][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.729778][T10910] BTRFS info (device loop2): enabling ssd optimizations [ 293.744583][T10910] BTRFS info (device loop2): auto enabling async discard [ 293.752837][ T5802] Bluetooth: hci3: command 0x0406 tx timeout [ 293.760190][T10910] BTRFS info (device loop2): rebuilding free space tree [ 293.825838][T10910] BTRFS info (device loop2): disabling free space tree [ 293.856880][T10910] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 293.884574][T10910] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 293.949777][T10963] loop3: detected capacity change from 0 to 128 [ 293.990748][T10966] program syz.4.1677 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 293.991973][T10963] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 294.028659][T10963] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 294.202293][ T5787] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 294.940422][T10970] loop1: detected capacity change from 0 to 32768 [ 294.992740][T10970] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.1679 (10970) [ 295.048408][T10970] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 295.064876][T10970] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 295.073965][T10970] BTRFS info (device loop1): force clearing of disk cache [ 295.081344][T10970] BTRFS info (device loop1): enabling auto defrag [ 295.087877][T10970] BTRFS info (device loop1): force zlib compression, level 3 [ 295.096635][T10970] BTRFS info (device loop1): max_inline at 0 [ 295.102848][T10970] BTRFS info (device loop1): enabling disk space caching [ 295.109949][T10970] BTRFS info (device loop1): disk space caching is enabled [ 295.156974][T10970] BTRFS info (device loop1): enabling ssd optimizations [ 295.168970][T10970] BTRFS info (device loop1): rebuilding free space tree [ 295.190342][T10970] BTRFS info (device loop1): disabling free space tree [ 295.199842][T10970] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 295.210260][T10970] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 295.318538][ T5786] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 295.331331][ T23] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 295.532956][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 295.566505][ T23] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 295.575842][ T23] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.601177][ T23] usb 3-1: Product: syz [ 295.605414][ T23] usb 3-1: Manufacturer: syz [ 295.612282][T11019] loop3: detected capacity change from 0 to 1024 [ 295.630844][ T23] usb 3-1: SerialNumber: syz [ 295.639691][ T23] usb 3-1: config 0 descriptor?? [ 295.662543][ T23] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 295.671315][ T23] usb 3-1: setting power ON [ 295.675977][ T23] dvb-usb: bulk message failed: -22 (2/0) [ 295.700849][T11019] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 295.729470][ T23] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 295.757912][ T28] audit: type=1326 audit(1752876991.521:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b4dd85967 code=0x7ffc0000 [ 295.791529][ T23] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 295.800111][ T23] usb 3-1: media controller created [ 295.809238][T11019] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #14: comm syz.3.1693: attempt to clear invalid blocks 1886221359 len 1 [ 295.824939][ T28] audit: type=1326 audit(1752876991.521:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b4dd2ab89 code=0x7ffc0000 [ 295.861064][T11019] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #14: comm syz.3.1693: invalid indirect mapped block 262147 (level 1) [ 295.884785][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 295.894653][T10993] dvb-usb: bulk message failed: -22 (3/0) [ 295.900451][T10993] cxusb: i2c wr: len=80 is too big! [ 295.900451][T10993] [ 295.911292][ T28] audit: type=1326 audit(1752876991.521:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4dd8e9a9 code=0x7ffc0000 [ 295.953415][T11019] EXT4-fs error (device loop3): ext4_mb_clear_bb:6473: comm syz.3.1693: Freeing blocks in system zone - Block = 0, count = 16 [ 295.968256][ T23] usb 3-1: selecting invalid altsetting 6 [ 295.974509][ T23] usb 3-1: digital interface selection failed (-22) [ 295.981238][ T28] audit: type=1326 audit(1752876991.521:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b4dd85967 code=0x7ffc0000 [ 296.011047][ T23] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 296.035396][T11025] loop4: detected capacity change from 0 to 128 [ 296.038277][ T23] usb 3-1: setting power OFF [ 296.047693][ T23] dvb-usb: bulk message failed: -22 (2/0) [ 296.048282][T11025] EXT4-fs: Ignoring removed nobh option [ 296.053550][ T28] audit: type=1326 audit(1752876991.521:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b4dd2ab89 code=0x7ffc0000 [ 296.084928][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 296.090323][ T23] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 296.113616][ T23] (NULL device *): no alternate interface [ 296.137683][T11025] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 296.141764][ T28] audit: type=1326 audit(1752876991.521:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7b4dd8e9a9 code=0x7ffc0000 [ 296.164112][T11025] ext4 filesystem being mounted at /315/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 296.197253][ T28] audit: type=1326 audit(1752876991.541:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b4dd85967 code=0x7ffc0000 [ 296.226154][ T23] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 296.243345][ T23] usb 3-1: USB disconnect, device number 16 [ 296.254679][ T28] audit: type=1326 audit(1752876991.551:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b4dd2ab89 code=0x7ffc0000 [ 296.277492][ T28] audit: type=1326 audit(1752876991.551:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7b4dd85967 code=0x7ffc0000 [ 296.308775][T11030] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1697'. [ 296.346972][ T28] audit: type=1326 audit(1752876991.551:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.1.1691" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7b4dd2ab89 code=0x7ffc0000 [ 296.362646][T11032] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1696'. [ 296.379113][T11032] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1696'. [ 296.486688][T11035] loop3: detected capacity change from 0 to 128 [ 296.497508][ T7339] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 297.482458][T11081] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1719'. [ 297.508269][T11085] loop2: detected capacity change from 0 to 24 [ 297.535185][T11083] netlink: 201392 bytes leftover after parsing attributes in process `syz.4.1720'. [ 297.570096][T11083] netlink: zone id is out of range [ 297.590158][T11083] netlink: zone id is out of range [ 297.611656][T11083] netlink: del zone limit has 8 unknown bytes [ 297.956633][T11102] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1730'. [ 297.971451][T11102] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1730'. [ 298.163054][T11109] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1733'. [ 298.377389][T11116] loop4: detected capacity change from 0 to 2048 [ 298.386430][T11116] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=3932051, location=3932051 [ 298.415089][T11116] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 298.569000][T11100] loop1: detected capacity change from 0 to 40427 [ 298.577293][T11100] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 298.586203][T11100] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 298.597976][T11100] F2FS-fs (loop1): invalid crc value [ 298.622869][T11100] F2FS-fs (loop1): Found nat_bits in checkpoint [ 298.698952][T11100] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 298.720674][T11100] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 298.875634][T11135] loop4: detected capacity change from 0 to 1024 [ 298.895423][T11135] EXT4-fs: Ignoring removed nobh option [ 298.901234][T11135] EXT4-fs: Ignoring removed bh option [ 298.923718][T11135] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 298.962893][T11135] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.049762][T11135] EXT4-fs error (device loop4): mb_free_blocks:1943: group 0, inode 15: block 161:freeing already freed block (bit 10); block bitmap corrupt. [ 299.067685][T11135] EXT4-fs (loop4): Remounting filesystem read-only [ 299.134671][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.291971][T11145] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1746'. [ 299.752135][T11164] loop3: detected capacity change from 0 to 2048 [ 299.786931][T11164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.814657][T11165] loop1: detected capacity change from 0 to 4096 [ 299.831389][T11165] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 299.847922][T11164] overlayfs: failed to resolve './file0': -2 [ 299.899751][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 299.966276][T11165] ntfs3: loop1: ino=1b, "file0" directory corrupted [ 300.375706][T11169] loop2: detected capacity change from 0 to 32768 [ 300.462193][T11181] tun0: tun_chr_ioctl cmd 2147767521 [ 300.770442][T11186] loop3: detected capacity change from 0 to 4096 [ 301.211961][T11206] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1773'. [ 301.231918][T11206] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1773'. [ 301.626086][T11219] loop1: detected capacity change from 0 to 512 [ 301.673901][T11219] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 301.709715][T11219] ext4 filesystem being mounted at /428/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 301.731043][T11200] loop3: detected capacity change from 0 to 40427 [ 301.743422][T11200] F2FS-fs (loop3): invalid crc value [ 301.760407][T11200] F2FS-fs (loop3): Found nat_bits in checkpoint [ 301.816321][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 301.828557][T11200] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 301.997180][ T6767] syz-executor: attempt to access beyond end of device [ 301.997180][ T6767] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 302.020714][T11231] loop1: detected capacity change from 0 to 4096 [ 302.027976][ T6767] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 302.197551][T11235] loop2: detected capacity change from 0 to 8192 [ 302.216935][T11235] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 302.233016][T11235] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 302.245248][T11235] REISERFS (device loop2): using ordered data mode [ 302.253905][T11235] reiserfs: using flush barriers [ 302.264067][T11235] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 302.302473][T11235] REISERFS (device loop2): checking transaction log (loop2) [ 302.352440][T11233] loop4: detected capacity change from 0 to 8192 [ 302.498866][T11235] REISERFS (device loop2): Using tea hash to sort names [ 302.510074][T11235] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 302.726605][T11242] loop4: detected capacity change from 0 to 4096 [ 302.728069][T11242] ntfs3: loop4: Different NTFS sector size (1024) and media sector size (512). [ 302.787678][T11244] loop3: detected capacity change from 0 to 1024 [ 302.813291][T11244] EXT4-fs: Ignoring removed nobh option [ 302.824982][T11244] EXT4-fs: Ignoring removed bh option [ 302.839394][T11244] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 302.881108][T11242] ntfs3: loop4: ino=1b, "file0" directory corrupted [ 302.923715][T11244] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 303.053605][T11244] EXT4-fs error (device loop3): mb_free_blocks:1943: group 0, inode 15: block 161:freeing already freed block (bit 10); block bitmap corrupt. [ 303.085359][T11244] EXT4-fs (loop3): Remounting filesystem read-only [ 303.149424][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 303.417499][T11262] loop3: detected capacity change from 0 to 4096 [ 303.437086][T11262] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 303.510620][T11262] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 303.533013][T11262] ntfs3: loop3: Failed to initialize $Extend/$ObjId. [ 303.947010][T11257] loop1: detected capacity change from 0 to 40427 [ 303.972252][T11257] F2FS-fs (loop1): invalid crc value [ 303.991759][T11257] F2FS-fs (loop1): Found nat_bits in checkpoint [ 303.998237][T11289] loop2: detected capacity change from 0 to 256 [ 304.028009][T11289] FAT-fs (loop2): Directory bread(block 64) failed [ 304.038295][T11289] FAT-fs (loop2): Directory bread(block 65) failed [ 304.046759][T11289] FAT-fs (loop2): Directory bread(block 66) failed [ 304.058598][T11289] FAT-fs (loop2): Directory bread(block 67) failed [ 304.066677][T11289] FAT-fs (loop2): Directory bread(block 68) failed [ 304.080977][T11289] FAT-fs (loop2): Directory bread(block 69) failed [ 304.081312][T11257] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 304.087833][T11289] FAT-fs (loop2): Directory bread(block 70) failed [ 304.087865][T11289] FAT-fs (loop2): Directory bread(block 71) failed [ 304.087973][T11289] FAT-fs (loop2): Directory bread(block 72) failed [ 304.132189][T11289] FAT-fs (loop2): Directory bread(block 73) failed [ 304.204895][ T5786] syz-executor: attempt to access beyond end of device [ 304.204895][ T5786] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 304.231251][ T5786] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 305.051493][T11316] loop4: detected capacity change from 0 to 8192 [ 305.088092][T11316] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 305.107589][T11316] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 305.142411][T11316] REISERFS (device loop4): using ordered data mode [ 305.149000][T11316] reiserfs: using flush barriers [ 305.203688][T11316] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 305.231221][T11316] REISERFS (device loop4): checking transaction log (loop4) [ 305.341812][T11334] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1823'. [ 305.360449][T11334] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1823'. [ 305.402040][T11316] REISERFS (device loop4): Using tea hash to sort names [ 305.419711][T11316] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 305.490329][T11339] loop1: detected capacity change from 0 to 16 [ 305.504767][T11339] erofs: (device loop1): mounted with root inode @ nid 36. [ 305.555160][T11339] erofs: (device loop1): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 305.573178][T11339] erofs: (device loop1): erofs_readdir: invalid de[0].nameoff 0 @ nid 36 [ 305.679164][T11347] syzkaller1: tun_chr_ioctl cmd 1074025672 [ 305.685878][T11347] syzkaller1: ignored: set checksum enabled [ 306.346694][T11368] loop3: detected capacity change from 0 to 8192 [ 306.360252][T11368] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 306.377670][T11368] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 306.387090][T11368] REISERFS (device loop3): using ordered data mode [ 306.395364][T11368] reiserfs: using flush barriers [ 306.404671][T11368] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 306.442946][T11368] REISERFS (device loop3): checking transaction log (loop3) [ 306.586875][T11368] REISERFS (device loop3): Using tea hash to sort names [ 306.602871][T11368] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 306.773399][T11364] loop1: detected capacity change from 0 to 40427 [ 306.814715][T11364] F2FS-fs (loop1): invalid crc value [ 306.829218][T11364] F2FS-fs (loop1): Found nat_bits in checkpoint [ 306.900729][T11371] loop4: detected capacity change from 0 to 32768 [ 306.917776][T11364] F2FS-fs (loop1): Start checkpoint disabled! [ 306.924336][T11371] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 scanned by syz.4.1841 (11371) [ 306.949187][T11371] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 306.963358][T11364] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 306.983759][T11371] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 307.002500][T11371] BTRFS info (device loop4): setting nodatacow, compression disabled [ 307.011275][T11371] BTRFS info (device loop4): turning on flush-on-commit [ 307.030670][T11371] BTRFS info (device loop4): using free space tree [ 307.146569][T11371] BTRFS info (device loop4): enabling ssd optimizations [ 307.158381][ T1118] kworker/u4:5: attempt to access beyond end of device [ 307.158381][ T1118] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 307.173092][ T1118] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 307.181038][ T1118] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 307.181465][T11371] BTRFS info (device loop4): auto enabling async discard [ 307.423927][T11404] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1847'. [ 307.436388][ T7339] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 307.593493][ T5802] Bluetooth: hci3: command 0x0406 tx timeout [ 308.176087][T11405] loop2: detected capacity change from 0 to 32768 [ 308.195938][T11405] JBD2: Ignoring recovery information on journal [ 308.312367][T11405] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 308.495516][T11416] loop1: detected capacity change from 0 to 32768 [ 308.512071][T11416] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.1862 (11416) [ 308.527559][T11424] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1856'. [ 308.539049][T11416] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 308.547332][ T5787] ocfs2: Unmounting device (7,2) on (node local) [ 308.563169][T11416] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 308.571934][T11416] BTRFS info (device loop1): setting nodatacow, compression disabled [ 308.603587][T11416] BTRFS info (device loop1): max_inline at 0 [ 308.609969][T11416] BTRFS info (device loop1): enabling disk space caching [ 308.653826][T11416] BTRFS info (device loop1): turning off barriers [ 308.660556][T11416] BTRFS info (device loop1): turning on flush-on-commit [ 308.682459][T11416] BTRFS info (device loop1): doing ref verification [ 308.708990][T11416] BTRFS info (device loop1): force clearing of disk cache [ 308.728143][T11416] BTRFS info (device loop1): enabling ssd optimizations [ 308.748299][T11416] BTRFS info (device loop1): max_inline at 4096 [ 308.759788][T11416] BTRFS info (device loop1): disk space caching is enabled [ 308.850285][T11413] loop4: detected capacity change from 0 to 32768 [ 308.876314][T11413] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 308.898591][T11416] BTRFS info (device loop1): auto enabling async discard [ 308.915148][T11453] loop2: detected capacity change from 0 to 256 [ 308.916299][T11416] BTRFS info (device loop1): rebuilding free space tree [ 308.941637][T11453] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 308.942267][T11416] BTRFS info (device loop1): disabling free space tree [ 308.966508][T11416] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 308.977166][T11416] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 308.993077][T11413] XFS (loop4): Ending clean mount [ 309.011917][T11413] XFS (loop4): Quotacheck needed: Please wait. [ 309.087863][T11413] XFS (loop4): Quotacheck: Done. [ 309.103100][ T5859] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 309.140507][ T5786] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 309.230902][ T7339] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 309.344704][ T5859] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 309.354156][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.364753][ T5859] usb 4-1: config 0 descriptor?? [ 309.392969][ T5859] cp210x 4-1:0.0: cp210x converter detected [ 309.632600][T11457] loop1: detected capacity change from 0 to 512 [ 309.656950][T11457] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 309.729305][T11457] EXT4-fs (loop1): 1 truncate cleaned up [ 309.749064][T11457] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 309.783841][T11455] loop2: detected capacity change from 0 to 32768 [ 309.793140][T11455] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 scanned by syz.2.1860 (11455) [ 309.822964][T11455] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 309.841401][ T5859] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 309.860878][T11455] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 309.877065][ T5859] usb 4-1: cp210x converter now attached to ttyUSB0 [ 309.888456][T11455] BTRFS info (device loop2): setting nodatacow, compression disabled [ 309.901932][T11455] BTRFS info (device loop2): turning on flush-on-commit [ 309.913436][ T5798] Bluetooth: hci3: command 0x0406 tx timeout [ 309.915415][T11455] BTRFS info (device loop2): using free space tree [ 309.938385][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.050296][T11475] loop4: detected capacity change from 0 to 4096 [ 310.056924][T11455] BTRFS info (device loop2): enabling ssd optimizations [ 310.064732][T11475] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 310.075690][T11455] BTRFS info (device loop2): auto enabling async discard [ 310.077411][ T5859] usb 4-1: USB disconnect, device number 13 [ 310.098048][ T5859] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 310.106447][T11475] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 310.137667][ T5859] cp210x 4-1:0.0: device disconnected [ 310.179463][T11475] fs-verity: sha256 using implementation "sha256-avx2" [ 310.261901][ T5787] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885 [ 310.326062][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 310.990490][T11497] loop1: detected capacity change from 0 to 32768 [ 311.055133][T11497] JBD2: Ignoring recovery information on journal [ 311.063794][T11497] jbd2_journal_bmap: journal block not found at offset 32 on loop1-75 [ 311.068015][T11501] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 311.073310][T11497] JBD2: bad block at offset 32 [ 311.103371][T11497] (syz.1.1872,11497,0):ocfs2_load_local_alloc:311 ERROR: Invalid local alloc inode, 75 [ 311.113685][T11497] (syz.1.1872,11497,0):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 311.121911][T11497] (syz.1.1872,11497,0):ocfs2_check_volume:2462 ERROR: status = -22 [ 311.129994][T11497] (syz.1.1872,11497,0):ocfs2_check_volume:2490 ERROR: status = -22 [ 311.138009][T11497] (syz.1.1872,11497,0):ocfs2_mount_volume:1822 ERROR: status = -22 [ 311.152048][T11497] (syz.1.1872,11497,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 311.399790][T11498] loop2: detected capacity change from 0 to 32768 [ 311.423585][T11508] loop4: detected capacity change from 0 to 1024 [ 311.433933][T11498] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.1868 (11498) [ 311.472323][T11498] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 311.493289][T11498] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 311.511326][T11498] BTRFS info (device loop2): force zlib compression, level 3 [ 311.519528][T11498] BTRFS info (device loop2): force clearing of disk cache [ 311.527160][T11498] BTRFS info (device loop2): turning off barriers [ 311.539346][T11498] BTRFS info (device loop2): doing ref verification [ 311.571581][T11510] loop1: detected capacity change from 0 to 512 [ 311.572992][T11498] BTRFS info (device loop2): enabling disk space caching [ 311.592168][T11498] BTRFS info (device loop2): disk space caching is enabled [ 311.626579][T11517] loop4: detected capacity change from 0 to 256 [ 311.638964][T11510] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 311.662125][T11510] ext4 filesystem being mounted at /452/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 311.678346][T11517] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 311.711686][T11498] BTRFS info (device loop2): enabling ssd optimizations [ 311.743490][T11498] BTRFS info (device loop2): auto enabling async discard [ 311.763509][T11498] BTRFS info (device loop2): rebuilding free space tree [ 311.786640][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 311.825479][T11498] BTRFS info (device loop2): disabling free space tree [ 311.852773][T11498] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 311.903075][T11498] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 312.077376][T11498] BTRFS info (device loop2): balance: start -d -m [ 312.098502][T11498] BTRFS info (device loop2): balance: paused [ 312.179515][T11548] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 312.211610][T11498] BTRFS info (device loop2): balance: resume -dusage=90 -musage=90 [ 312.230244][T11498] BTRFS info (device loop2): relocating block group 6881280 flags data|metadata [ 312.320891][T11550] loop1: detected capacity change from 0 to 128 [ 312.327932][ T8] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 312.360167][T11498] BTRFS info (device loop2): relocating block group 5242880 flags data|metadata [ 312.421327][T11550] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 312.480402][T11498] BTRFS info (device loop2): balance: canceled [ 312.506375][T11550] ext4 filesystem being mounted at /454/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 312.579027][ T5787] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 312.651241][ T5786] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 312.651327][T11552] loop3: detected capacity change from 0 to 32768 [ 312.727287][T11552] JBD2: Ignoring recovery information on journal [ 312.735772][T11552] jbd2_journal_bmap: journal block not found at offset 32 on loop3-75 [ 312.744509][T11552] JBD2: bad block at offset 32 [ 312.774675][T11552] (syz.3.1886,11552,0):ocfs2_load_local_alloc:311 ERROR: Invalid local alloc inode, 75 [ 312.784597][T11552] (syz.3.1886,11552,0):ocfs2_load_local_alloc:355 ERROR: status = -22 [ 312.792831][T11552] (syz.3.1886,11552,0):ocfs2_check_volume:2462 ERROR: status = -22 [ 312.800938][T11552] (syz.3.1886,11552,0):ocfs2_check_volume:2490 ERROR: status = -22 [ 312.809083][T11552] (syz.3.1886,11552,0):ocfs2_mount_volume:1822 ERROR: status = -22 [ 312.829297][ T8] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 312.840563][T11552] (syz.3.1886,11552,0):ocfs2_fill_super:1178 ERROR: status = -22 [ 312.857498][ T8] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 312.882231][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.006230][ T8] usb 5-1: config 0 descriptor?? [ 313.495666][ T8] keytouch 0003:0926:3333.000E: fixing up Keytouch IEC report descriptor [ 313.531360][ T8] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.000E/input/input16 [ 314.081022][T11562] loop3: detected capacity change from 0 to 32768 [ 314.107208][T11562] JBD2: Ignoring recovery information on journal [ 314.184761][T11562] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 314.663314][ C1] sched: RT throttling activated [ 314.672358][T11567] loop4: detected capacity change from 0 to 256 [ 314.740832][ T6767] ocfs2: Unmounting device (7,3) on (node local) [ 314.766029][T11567] FAT-fs (loop4): Directory bread(block 64) failed [ 314.793180][T11567] FAT-fs (loop4): Directory bread(block 65) failed [ 314.825186][T11567] FAT-fs (loop4): Directory bread(block 66) failed [ 314.861660][T11567] FAT-fs (loop4): Directory bread(block 67) failed [ 314.882017][T11567] FAT-fs (loop4): Directory bread(block 68) failed [ 314.905785][T11567] FAT-fs (loop4): Directory bread(block 69) failed [ 314.933139][T11567] FAT-fs (loop4): Directory bread(block 70) failed [ 314.973527][T11567] FAT-fs (loop4): Directory bread(block 71) failed [ 314.993084][T11567] FAT-fs (loop4): Directory bread(block 72) failed [ 315.000829][T11569] loop2: detected capacity change from 0 to 4096 [ 315.017654][T11567] FAT-fs (loop4): Directory bread(block 73) failed [ 315.038131][T11569] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 315.111858][T11569] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 315.404950][T11559] loop1: detected capacity change from 0 to 262144 [ 315.447084][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 315.458048][T11559] F2FS-fs (loop1): Found nat_bits in checkpoint [ 315.489642][ T8] keytouch 0003:0926:3333.000E: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 315.532168][T11559] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 315.587780][ T58] kworker/u4:4: attempt to access beyond end of device [ 315.587780][ T58] loop4: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 315.634910][ T58] kworker/u4:4: attempt to access beyond end of device [ 315.634910][ T58] loop4: rw=1, sector=1864, nr_sectors = 408 limit=256 [ 315.638768][T11580] loop3: detected capacity change from 0 to 256 [ 315.730754][T11580] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 316.290839][T11598] syz.2.1905[11598] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.290992][T11598] syz.2.1905[11598] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 316.351550][T11598] syz.2.1905 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 316.420490][ T8] usb 5-1: USB disconnect, device number 12 [ 316.693204][T11605] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 316.724039][T11591] loop4: detected capacity change from 0 to 32768 [ 317.278881][ T1280] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.570283][T11627] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1918'. [ 317.740775][T11629] loop3: detected capacity change from 0 to 4096 [ 317.750423][T11629] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 317.779638][T11629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 317.885008][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 317.923057][T11621] loop4: detected capacity change from 0 to 32768 [ 317.989014][T11621] JBD2: Ignoring recovery information on journal [ 318.010618][T11638] loop2: detected capacity change from 0 to 512 [ 318.057196][T11638] ext4: Unknown parameter 'obj_role' [ 318.075285][T11621] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 318.315931][ T7339] ocfs2: Unmounting device (7,4) on (node local) [ 318.460038][T11653] sp0: Synchronizing with TNC [ 318.573034][T11653] sp0: Synchronizing with TNC [ 318.951296][T11648] loop2: detected capacity change from 0 to 40427 [ 318.967659][T11648] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 318.978997][T11648] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 318.989337][T11651] loop1: detected capacity change from 0 to 32768 [ 319.000431][T11651] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.1927 (11651) [ 319.007533][T11648] F2FS-fs (loop2): Found nat_bits in checkpoint [ 319.053956][T11651] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 319.084082][T11651] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 319.106467][T11651] BTRFS info (device loop1): force zlib compression, level 3 [ 319.107438][T11648] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 319.121342][T11648] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 319.146167][T11651] BTRFS info (device loop1): force clearing of disk cache [ 319.153503][T11651] BTRFS info (device loop1): turning off barriers [ 319.172778][T11651] BTRFS info (device loop1): doing ref verification [ 319.179684][T11651] BTRFS info (device loop1): enabling disk space caching [ 319.186970][T11651] BTRFS info (device loop1): disk space caching is enabled [ 319.233548][T11665] loop4: detected capacity change from 0 to 512 [ 319.240985][T11665] EXT4-fs: Ignoring removed nomblk_io_submit option [ 319.250315][T11665] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 319.272600][T11665] EXT4-fs (loop4): 1 truncate cleaned up [ 319.295240][T11665] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 319.359501][ T28] kauditd_printk_skb: 57 callbacks suppressed [ 319.359519][ T28] audit: type=1800 audit(1752877015.119:158): pid=11665 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1932" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 319.407423][T11651] BTRFS info (device loop1): enabling ssd optimizations [ 319.417096][T11651] BTRFS info (device loop1): auto enabling async discard [ 319.437389][T11651] BTRFS info (device loop1): rebuilding free space tree [ 319.459820][T11651] BTRFS info (device loop1): disabling free space tree [ 319.475034][T11651] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 319.489011][T11651] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 319.539691][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 319.624872][T11657] loop3: detected capacity change from 0 to 32768 [ 319.686869][T11651] BTRFS info (device loop1): balance: start -d -m [ 319.698034][T11651] BTRFS info (device loop1): relocating block group 6881280 flags data|metadata [ 319.809728][T11651] BTRFS info (device loop1): balance: paused [ 319.998595][ T5786] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 320.372507][ T27] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 320.576672][ T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.600788][ T27] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.620955][ T27] usb 4-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 320.640428][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.651280][ T27] usb 4-1: config 0 descriptor?? [ 320.851720][T11703] loop1: detected capacity change from 0 to 32768 [ 320.881343][T11703] JBD2: Ignoring recovery information on journal [ 320.938595][T11703] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 321.059412][T11719] loop4: detected capacity change from 0 to 4096 [ 321.091908][ T27] uclogic 0003:5543:0522.000F: No inputs registered, leaving [ 321.101672][ T27] uclogic 0003:5543:0522.000F: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.3-1/input0 [ 321.121279][ T5786] ocfs2: Unmounting device (7,1) on (node local) [ 321.309369][ T27] usb 4-1: USB disconnect, device number 14 [ 321.468811][T11726] loop1: detected capacity change from 0 to 256 [ 321.505706][T11726] FAT-fs (loop1): Directory bread(block 64) failed [ 321.526360][T11726] FAT-fs (loop1): Directory bread(block 65) failed [ 321.533084][T11726] FAT-fs (loop1): Directory bread(block 66) failed [ 321.545957][T11726] FAT-fs (loop1): Directory bread(block 67) failed [ 321.552858][T11726] FAT-fs (loop1): Directory bread(block 68) failed [ 321.562008][T11726] FAT-fs (loop1): Directory bread(block 69) failed [ 321.571283][T11726] FAT-fs (loop1): Directory bread(block 70) failed [ 321.580184][T11726] FAT-fs (loop1): Directory bread(block 71) failed [ 321.589098][T11726] FAT-fs (loop1): Directory bread(block 72) failed [ 321.599542][T11726] FAT-fs (loop1): Directory bread(block 73) failed [ 322.011561][ T48] kworker/u4:3: attempt to access beyond end of device [ 322.011561][ T48] loop1: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 322.099662][ T48] kworker/u4:3: attempt to access beyond end of device [ 322.099662][ T48] loop1: rw=1, sector=1864, nr_sectors = 408 limit=256 [ 322.491135][T11736] loop1: detected capacity change from 0 to 1024 [ 323.262094][T11748] loop1: detected capacity change from 0 to 512 [ 323.294838][T11748] ext4: Unknown parameter 'obj_role' [ 323.402074][T11732] loop3: detected capacity change from 0 to 32768 [ 323.735280][T11721] loop4: detected capacity change from 0 to 262144 [ 323.790846][T11721] F2FS-fs (loop4): Found nat_bits in checkpoint [ 323.857857][T11721] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 324.155094][ T5802] Bluetooth: hci3: command 0x0406 tx timeout [ 324.267463][T11764] loop3: detected capacity change from 0 to 1024 [ 324.305338][T11764] EXT4-fs: Ignoring removed orlov option [ 324.370636][T11764] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 324.389776][T11760] loop1: detected capacity change from 0 to 32768 [ 324.404168][T11752] loop2: detected capacity change from 0 to 32768 [ 324.424061][T11752] ocfs2: Slot 0 on device (7,2) was already allocated to this node! [ 324.466347][T11764] EXT4-fs error (device loop3): ext4_expand_extra_isize_ea:2797: inode #2: comm syz.3.1966: corrupted in-inode xattr: bad e_name length [ 324.497543][T11752] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 324.512655][ T27] Process accounting resumed [ 324.578175][T11769] EXT4-fs error (device loop3): ext4_xattr_ibody_get:653: inode #2: comm syz.3.1966: corrupted in-inode xattr: bad e_name length [ 324.746261][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 324.827775][ T5787] ocfs2: Unmounting device (7,2) on (node local) [ 325.214721][ T27] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 325.385127][ T5878] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 325.397403][ T27] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 325.413175][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.424289][ T27] usb 2-1: config 0 descriptor?? [ 325.436874][ T27] cp210x 2-1:0.0: cp210x converter detected [ 325.548816][T11778] loop2: detected capacity change from 0 to 256 [ 325.584337][T11778] FAT-fs (loop2): Directory bread(block 64) failed [ 325.601767][T11778] FAT-fs (loop2): Directory bread(block 65) failed [ 325.605616][ T5878] usb 4-1: unable to get BOS descriptor or descriptor too short [ 325.621476][T11778] FAT-fs (loop2): Directory bread(block 66) failed [ 325.649899][T11778] FAT-fs (loop2): Directory bread(block 67) failed [ 325.659059][T11778] FAT-fs (loop2): Directory bread(block 68) failed [ 325.666129][ T5878] usb 4-1: no configurations [ 325.670810][ T5878] usb 4-1: can't read configurations, error -22 [ 325.678175][T11783] loop4: detected capacity change from 0 to 512 [ 325.685101][T11778] FAT-fs (loop2): Directory bread(block 69) failed [ 325.686636][T11783] ext4: Unknown parameter 'obj_role' [ 325.691835][T11778] FAT-fs (loop2): Directory bread(block 70) failed [ 325.707646][T11778] FAT-fs (loop2): Directory bread(block 71) failed [ 325.714380][T11778] FAT-fs (loop2): Directory bread(block 72) failed [ 325.722307][T11778] FAT-fs (loop2): Directory bread(block 73) failed [ 325.858781][ T27] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 325.875665][ T27] usb 2-1: cp210x converter now attached to ttyUSB0 [ 325.961568][ T42] kworker/u4:2: attempt to access beyond end of device [ 325.961568][ T42] loop2: rw=1, sector=1224, nr_sectors = 608 limit=256 [ 325.978921][ T42] kworker/u4:2: attempt to access beyond end of device [ 325.978921][ T42] loop2: rw=1, sector=1864, nr_sectors = 408 limit=256 [ 326.084988][ T8] usb 2-1: USB disconnect, device number 21 [ 326.099671][ T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 326.112954][ T8] cp210x 2-1:0.0: device disconnected [ 326.270153][T11801] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1978'. [ 326.279986][T11801] netlink: 'syz.3.1978': attribute type 18 has an invalid length. [ 326.288352][T11801] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1978'. [ 326.324935][ T27] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 326.525578][ T27] usb 3-1: Using ep0 maxpacket: 32 [ 326.530933][ T23] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 326.540826][ T27] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 326.548981][ T27] usb 3-1: config 0 has no interface number 0 [ 326.557551][ T27] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 326.566759][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.574940][ T27] usb 3-1: Product: syz [ 326.579129][ T27] usb 3-1: Manufacturer: syz [ 326.583848][ T27] usb 3-1: SerialNumber: syz [ 326.591422][ T27] usb 3-1: config 0 descriptor?? [ 326.599319][ T27] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 326.725605][ T23] usb 5-1: Using ep0 maxpacket: 16 [ 326.746822][ T23] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 326.757743][ T23] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 326.771307][ T23] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 326.780836][ T23] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.789555][ T23] usb 5-1: Product: syz [ 326.793796][ T23] usb 5-1: Manufacturer: syz [ 326.806383][ T23] usb 5-1: SerialNumber: syz [ 326.816327][ T27] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 326.827694][ T5878] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 326.847394][ T27] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 326.934027][T11811] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 326.934027][T11811] The task syz.1.1982 (11811) triggered the difference, watch for misbehavior. [ 327.027894][ T5878] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 327.036643][ T5878] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 327.047103][ T5878] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 327.059204][ T5878] usb 4-1: config 220 has no interface number 2 [ 327.065845][ T5878] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 327.079661][ T5878] usb 4-1: config 220 interface 0 has no altsetting 0 [ 327.086834][ T5878] usb 4-1: config 220 interface 76 has no altsetting 0 [ 327.093721][ T5878] usb 4-1: config 220 interface 1 has no altsetting 0 [ 327.102813][ T5878] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 327.111958][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.120467][ T5878] usb 4-1: Product: syz [ 327.126337][ T5878] usb 4-1: Manufacturer: syz [ 327.131212][ T5878] usb 4-1: SerialNumber: syz [ 327.248009][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 327.258105][ T27] usb 3-1: USB disconnect, device number 17 [ 327.267501][ T23] usb 5-1: cannot find UAC_HEADER [ 327.287009][ T27] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 327.303386][ T23] snd-usb-audio: probe of 5-1:1.0 failed with error -22 [ 327.318421][ T27] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 327.332236][ T27] quatech2 3-1:0.51: device disconnected [ 327.352229][ T5878] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 327.360678][ T5878] usb 4-1: No valid video chain found. [ 327.367927][ T5878] usb 4-1: selecting invalid altsetting 0 [ 327.380435][ T5878] usb 4-1: selecting invalid altsetting 0 [ 327.386319][ T5878] usbtest: probe of 4-1:220.1 failed with error -22 [ 327.396783][ T5878] usb 4-1: USB disconnect, device number 16 [ 327.498443][ T8] usb 5-1: USB disconnect, device number 13 [ 327.802902][T11814] loop1: detected capacity change from 0 to 512 [ 327.855015][T11814] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 327.897686][T11814] EXT4-fs (loop1): invalid journal inode [ 327.903458][T11814] EXT4-fs (loop1): can't get journal size [ 327.955156][T11814] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c118, mo2=0002] [ 327.995753][T11814] System zones: 1-12, 13-13 [ 328.018936][T11814] EXT4-fs (loop1): 1 truncate cleaned up [ 328.046306][T11814] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 328.107208][ T8] kernel write not supported for file /amidi2 (pid: 8 comm: kworker/0:0) [ 328.352266][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 328.716391][T11849] loop1: detected capacity change from 0 to 2048 [ 328.723733][T11849] EXT4-fs: Ignoring removed bh option [ 328.776160][T11849] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 328.883873][T11849] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 328.922185][T11849] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 2 with error 28 [ 328.945239][T11849] EXT4-fs (loop1): This should not happen!! Data will be lost [ 328.945239][T11849] [ 328.975450][T11849] EXT4-fs (loop1): Total free blocks count 0 [ 328.989677][T11849] EXT4-fs (loop1): Free/Dirty block details [ 329.006439][T11849] EXT4-fs (loop1): free_blocks=2415919104 [ 329.022315][T11849] EXT4-fs (loop1): dirty_blocks=16 [ 329.028113][T11849] EXT4-fs (loop1): Block reservation details [ 329.034364][T11849] EXT4-fs (loop1): i_reserved_data_blocks=1 [ 329.111460][ T1118] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 329.117721][T11847] loop2: detected capacity change from 0 to 32768 [ 329.165582][ T5776] Process accounting resumed [ 329.497741][T11868] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2005'. [ 329.508120][T11868] netlink: 'syz.1.2005': attribute type 18 has an invalid length. [ 329.516812][T11868] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2005'. [ 329.614166][ T5776] kernel write not supported for file /amidi2 (pid: 5776 comm: kworker/1:3) [ 329.696110][T11875] loop3: detected capacity change from 0 to 2048 [ 329.704046][T11875] EXT4-fs: Ignoring removed bh option [ 329.728771][T11875] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 329.797090][T11875] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 329.826996][T11875] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 12 with max blocks 2 with error 28 [ 329.858758][T11875] EXT4-fs (loop3): This should not happen!! Data will be lost [ 329.858758][T11875] [ 329.879498][T11875] EXT4-fs (loop3): Total free blocks count 0 [ 329.895668][T11875] EXT4-fs (loop3): Free/Dirty block details [ 329.903865][T11875] EXT4-fs (loop3): free_blocks=2415919104 [ 329.922062][T11875] EXT4-fs (loop3): dirty_blocks=16 [ 329.935345][ T965] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 329.940774][T11875] EXT4-fs (loop3): Block reservation details [ 329.959766][T11875] EXT4-fs (loop3): i_reserved_data_blocks=1 [ 330.030561][ T42] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 330.033129][T11886] bond0: entered promiscuous mode [ 330.065383][T11886] bond_slave_0: entered promiscuous mode [ 330.078660][T11886] bond_slave_1: entered promiscuous mode [ 330.095711][T11886] bond1: entered promiscuous mode [ 330.110467][T11886] ipvlan1: entered promiscuous mode [ 330.123552][T11886] ipvlan1: left promiscuous mode [ 330.150165][ T965] usb 2-1: Using ep0 maxpacket: 16 [ 330.155642][T11886] bond0: left promiscuous mode [ 330.161795][T11886] bond_slave_0: left promiscuous mode [ 330.170288][ T965] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 330.183136][T11886] bond_slave_1: left promiscuous mode [ 330.195748][T11886] bond1: left promiscuous mode [ 330.200604][ T965] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 330.225348][ T965] usb 2-1: config 0 interface 0 has no altsetting 0 [ 330.233275][ T965] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 330.255294][ T965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.296552][ T965] usb 2-1: config 0 descriptor?? [ 330.385015][T11882] loop4: detected capacity change from 0 to 32768 [ 330.447958][ T5776] Process accounting resumed [ 330.727677][T11873] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 330.756249][T11873] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 330.922160][T11898] loop3: detected capacity change from 0 to 32768 [ 330.938464][T11898] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 330.953076][T11898] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 330.976197][ T5776] usb 2-1: USB disconnect, device number 22 [ 331.045504][ T6767] ocfs2: Unmounting device (7,3) on (node local) [ 331.787145][T11915] loop2: detected capacity change from 0 to 512 [ 331.833784][T11915] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 331.915726][ T965] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 331.934281][T11915] EXT4-fs (loop2): invalid journal inode [ 331.956461][T11915] EXT4-fs (loop2): can't get journal size [ 331.994723][T11915] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c118, mo2=0002] [ 332.022568][T11915] System zones: 1-12, 13-13 [ 332.040455][T11915] EXT4-fs (loop2): 1 truncate cleaned up [ 332.061095][T11915] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 332.127515][ T965] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 332.159013][ T965] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 332.195324][ T965] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 332.235292][ T965] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.253227][T11923] bond0: entered promiscuous mode [ 332.265556][T11923] bond_slave_0: entered promiscuous mode [ 332.284780][ T965] usb 2-1: config 0 descriptor?? [ 332.294299][T11923] bond_slave_1: entered promiscuous mode [ 332.340130][T11923] ipvlan1: entered promiscuous mode [ 332.361314][T11923] ipvlan1: left promiscuous mode [ 332.379104][T11923] bond0: left promiscuous mode [ 332.388715][T11923] bond_slave_0: left promiscuous mode [ 332.396160][ T5798] Bluetooth: hci3: command 0x0406 tx timeout [ 332.420926][T11923] bond_slave_1: left promiscuous mode [ 332.440652][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 332.741589][ T965] uclogic 0003:5543:0522.0011: No inputs registered, leaving [ 332.791147][ T965] uclogic 0003:5543:0522.0011: hidraw0: USB HID v0.00 Device [HID 5543:0522] on usb-dummy_hcd.1-1/input0 [ 333.024732][ T965] usb 2-1: USB disconnect, device number 23 [ 333.852462][T11931] loop1: detected capacity change from 0 to 512 [ 333.905110][T11931] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 333.949943][T11925] loop2: detected capacity change from 0 to 32768 [ 333.987953][T11925] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.2027 (11925) [ 334.028295][T11910] loop3: detected capacity change from 0 to 262144 [ 334.048977][T11925] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 334.069922][T11910] F2FS-fs (loop3): Found nat_bits in checkpoint [ 334.082873][T11931] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 334.108243][T11925] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 334.130349][T11910] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 334.137321][T11925] BTRFS info (device loop2): turning off barriers [ 334.185765][T11925] BTRFS info (device loop2): setting nodatasum [ 334.192019][T11925] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 334.240378][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 334.255735][T11925] BTRFS info (device loop2): use zstd compression, level 3 [ 334.263036][T11925] BTRFS info (device loop2): using free space tree [ 334.369068][T11929] loop4: detected capacity change from 0 to 40427 [ 334.399459][T11929] F2FS-fs (loop4): heap/no_heap options were deprecated [ 334.420217][T11929] F2FS-fs (loop4): invalid crc value [ 334.450317][T11929] F2FS-fs (loop4): Found nat_bits in checkpoint [ 334.536130][T11929] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 334.746291][ T7339] syz-executor: attempt to access beyond end of device [ 334.746291][ T7339] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 334.789639][ T5787] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 334.795902][ T7339] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 335.087165][T11961] loop1: detected capacity change from 0 to 8192 [ 335.140413][T11961] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 335.165539][T11961] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 335.221500][T11961] REISERFS (device loop1): using ordered data mode [ 335.240824][T11961] reiserfs: using flush barriers [ 335.278093][T11961] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 335.296865][T11961] REISERFS (device loop1): checking transaction log (loop1) [ 335.507501][T11961] REISERFS (device loop1): Using tea hash to sort names [ 335.526395][T11961] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 336.033116][T11966] loop2: detected capacity change from 0 to 32768 [ 336.043326][T11966] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 scanned by syz.2.2038 (11966) [ 336.071642][T11966] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 336.093932][T11966] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 336.129305][T11966] BTRFS info (device loop2): using free space tree [ 336.256157][T11966] BTRFS info (device loop2): enabling ssd optimizations [ 336.263216][T11966] BTRFS info (device loop2): auto enabling async discard [ 336.436692][ T5787] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 337.220221][T12014] loop3: detected capacity change from 0 to 512 [ 337.258861][T12014] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 337.317305][T12014] EXT4-fs (loop3): invalid journal inode [ 337.324825][T12014] EXT4-fs (loop3): can't get journal size [ 337.385341][T12014] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e016c118, mo2=0002] [ 337.397626][T12014] System zones: 1-12, 13-13 [ 337.422407][T12014] EXT4-fs (loop3): 1 truncate cleaned up [ 337.453932][T12014] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 337.479108][T12005] loop4: detected capacity change from 0 to 32768 [ 337.487890][T12005] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 scanned by syz.4.2048 (12005) [ 337.538175][T12005] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 337.548715][T12005] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 337.558528][T12005] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 337.569395][T12005] BTRFS info (device loop4): use zstd compression, level 3 [ 337.576815][T12005] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_LZO (0x8) [ 337.602233][T12005] BTRFS info (device loop4): use lzo compression, level 0 [ 337.625923][T12005] BTRFS info (device loop4): using free space tree [ 337.687474][T12009] loop2: detected capacity change from 0 to 32768 [ 337.728908][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 337.775691][T12005] BTRFS info (device loop4): enabling ssd optimizations [ 337.789926][T12009] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 337.794629][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 337.997189][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 338.116061][ T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!! [ 338.127919][T12009] XFS (loop2): Ending clean mount [ 338.133713][T12005] BTRFS warning (device loop4): failed to trim 1 device(s), last error -512 [ 338.153585][T12009] XFS (loop2): Quotacheck needed: Please wait. [ 338.206608][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 338.342828][T12009] XFS (loop2): Quotacheck: Done. [ 338.353181][ T7339] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 338.833591][ T5787] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 339.561924][T12073] loop3: detected capacity change from 0 to 32768 [ 339.578323][T12073] [ 339.578323][T12073] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.578323][T12073] [ 339.618025][ T28] audit: type=1800 audit(1752877041.384:159): pid=12073 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2065" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 339.661164][T12073] [ 339.661164][T12073] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.661164][T12073] [ 339.674069][T12073] [ 339.674069][T12073] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.674069][T12073] [ 339.684863][T12073] [ 339.684863][T12073] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.684863][T12073] [ 339.703837][T12073] JFS: metapage_get_blocks failed [ 339.709780][T12073] [ 339.709780][T12073] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.709780][T12073] [ 339.721718][T12083] loop4: detected capacity change from 0 to 8192 [ 339.722501][T12086] ERROR: (device loop3): diWrite: ixpxd invalid [ 339.722501][T12086] [ 339.736874][T12083] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 339.740157][T12086] ERROR: (device loop3): txCommit: [ 339.740157][T12086] [ 339.751405][T12083] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 339.764631][T12086] ERROR: (device loop3): diFree: invalid inoext [ 339.764631][T12086] [ 339.767505][T12083] REISERFS (device loop4): using ordered data mode [ 339.783478][T12083] reiserfs: using flush barriers [ 339.790382][T12083] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 339.815583][T12083] REISERFS (device loop4): checking transaction log (loop4) [ 339.872579][ T11] ERROR: (device loop3): diWrite: ixpxd invalid [ 339.872579][ T11] [ 339.890661][ T11] ERROR: (device loop3): txCommit: [ 339.890661][ T11] [ 339.916161][ T11] jfs_write_inode: jfs_commit_inode failed! [ 339.924129][ T6767] [ 339.924129][ T6767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 339.924129][ T6767] [ 339.949856][T12083] REISERFS (device loop4): Using tea hash to sort names [ 339.972937][T12083] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 340.011691][ T6767] [ 340.011691][ T6767] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 340.011691][ T6767] [ 340.440400][T12095] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2075'. [ 340.947687][T12115] loop4: detected capacity change from 0 to 512 [ 340.955014][T12115] EXT4-fs: Ignoring removed oldalloc option [ 340.981858][T12115] EXT4-fs: inline encryption not supported [ 341.018440][T12115] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 341.038716][T12115] EXT4-fs (loop4): 1 truncate cleaned up [ 341.062190][T12115] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 341.128783][T12104] loop1: detected capacity change from 0 to 32768 [ 341.138347][T12104] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop1 scanned by syz.1.2076 (12104) [ 341.175912][T12104] BTRFS info (device loop1): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 341.177329][T12115] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000. [ 341.196550][T12104] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 341.216238][T12104] BTRFS info (device loop1): using free space tree [ 341.294114][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 341.376537][T12104] BTRFS info (device loop1): enabling ssd optimizations [ 341.383568][T12104] BTRFS info (device loop1): auto enabling async discard [ 341.432509][T12136] sg_write: data in/out 524252/17 bytes for SCSI command 0x1-- guessing data in; [ 341.432509][T12136] program syz.4.2083 not setting count and/or reply_len properly [ 341.546968][ T5786] BTRFS info (device loop1): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6 [ 341.560548][T12110] loop2: detected capacity change from 0 to 40427 [ 341.592928][T12110] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff [ 341.607178][T12110] F2FS-fs (loop2): Image doesn't support compression [ 341.614014][T12110] F2FS-fs (loop2): Image doesn't support compression [ 341.660252][T12110] F2FS-fs (loop2): invalid crc value [ 341.723094][T12110] F2FS-fs (loop2): Found nat_bits in checkpoint [ 341.897474][T12132] loop3: detected capacity change from 0 to 32768 [ 341.910921][T12132] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.2082 (12132) [ 341.945373][T12110] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 341.964999][T12132] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 341.996658][T12132] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 342.020850][T12132] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 342.056905][T12132] BTRFS info (device loop3): use zstd compression, level 3 [ 342.064209][T12132] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 342.076834][ T28] audit: type=1800 audit(1752877043.844:160): pid=12110 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2079" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 342.106805][T12132] BTRFS info (device loop3): use lzo compression, level 0 [ 342.114105][T12132] BTRFS info (device loop3): using free space tree [ 342.196599][ T5787] syz-executor: attempt to access beyond end of device [ 342.196599][ T5787] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 342.211168][T12148] loop4: detected capacity change from 0 to 128 [ 342.223393][ T5787] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 342.248614][T12148] FAT-fs (loop4): error, corrupted file size (i_pos 548, 512) [ 342.262112][T12148] FAT-fs (loop4): Filesystem has been set read-only [ 342.271326][T12148] FAT-fs (loop4): error, corrupted file size (i_pos 548, 512) [ 342.336191][T12132] BTRFS info (device loop3): enabling ssd optimizations [ 342.496803][ T27] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 342.561296][ T6767] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 342.697927][ T27] usb 2-1: Using ep0 maxpacket: 32 [ 342.726867][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 342.740991][ T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 342.776743][ T27] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 342.796410][ T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.839355][ T27] usb 2-1: config 0 descriptor?? [ 342.854712][ T27] hub 2-1:0.0: USB hub found [ 342.911834][T12170] loop2: detected capacity change from 0 to 1024 [ 342.923784][T12170] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 342.963030][T12172] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2089'. [ 343.086979][ T27] hub 2-1:0.0: 1 port detected [ 343.098244][T12175] syz.2.2095 (12175): attempted to duplicate a private mapping with mremap. This is not supported. [ 343.293843][ C1] raw-gadget.0 gadget.1: ignoring, device is not running [ 343.302942][ T27] hub 2-1:0.0: hub_hub_status failed (err = -71) [ 343.310133][ T27] hub 2-1:0.0: config failed, can't get hub status (err -71) [ 343.337835][ T27] usbhid 2-1:0.0: can't add hid device: -71 [ 343.359762][ T27] usbhid: probe of 2-1:0.0 failed with error -71 [ 343.403628][ T27] usb 2-1: USB disconnect, device number 24 [ 343.481010][T12187] loop4: detected capacity change from 0 to 1024 [ 343.592217][ T11] hfsplus: b-tree write err: -5, ino 4 [ 344.054666][T12191] loop3: detected capacity change from 0 to 32768 [ 344.085061][T12191] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2099 (12191) [ 344.137744][T12191] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 344.153534][T12193] loop2: detected capacity change from 0 to 32768 [ 344.165450][T12191] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 344.175404][T12191] BTRFS info (device loop3): turning off barriers [ 344.190787][T12191] BTRFS info (device loop3): setting nodatasum [ 344.198303][T12191] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 344.202225][T12203] loop1: detected capacity change from 0 to 1024 [ 344.212635][T12191] BTRFS info (device loop3): use zstd compression, level 3 [ 344.217470][T12203] EXT4-fs (loop1): VFS: Can't find ext4 filesystem [ 344.223766][T12191] BTRFS info (device loop3): using free space tree [ 344.243660][T12193] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 344.300885][T12193] XFS (loop2): Ending clean mount [ 344.331716][T12193] XFS (loop2): Quotacheck needed: Please wait. [ 344.389653][T12193] XFS (loop2): Quotacheck: Done. [ 344.476106][ T5787] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 344.857883][ T6767] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 345.112795][T12230] loop4: detected capacity change from 0 to 32768 [ 345.210492][T12230] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 345.346410][T12230] XFS (loop4): Ending clean mount [ 345.357557][T12230] XFS (loop4): Quotacheck needed: Please wait. [ 345.383196][T12238] loop1: detected capacity change from 0 to 32768 [ 345.401713][T12238] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.2111 (12238) [ 345.442150][T12238] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 345.452582][T12238] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 345.458093][T12230] XFS (loop4): Quotacheck: Done. [ 345.463155][T12238] BTRFS info (device loop1): turning off barriers [ 345.477773][T12238] BTRFS info (device loop1): setting nodatasum [ 345.493844][T12238] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 345.503382][T12238] BTRFS info (device loop1): use zstd compression, level 3 [ 345.510969][T12238] BTRFS info (device loop1): using free space tree [ 345.593464][ T7339] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 345.766646][ T23] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 345.864033][T12270] loop2: detected capacity change from 0 to 8 [ 345.901630][T12270] SQUASHFS error: Failed to read block 0x2d7: -5 [ 345.911292][T12270] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 345.935527][ T5786] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 345.946770][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 345.963855][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 345.975145][ T23] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.985641][ T23] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 346.019895][ T23] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.052943][ T23] usb 4-1: config 0 descriptor?? [ 346.070364][ T23] hub 4-1:0.0: USB hub found [ 346.293795][ T23] hub 4-1:0.0: 1 port detected [ 346.495977][ T23] hub 4-1:0.0: hub_hub_status failed (err = -71) [ 346.502535][ T23] hub 4-1:0.0: config failed, can't get hub status (err -71) [ 346.515834][ T23] usbhid 4-1:0.0: can't add hid device: -71 [ 346.522292][ T23] usbhid: probe of 4-1:0.0 failed with error -71 [ 346.557607][ T23] usb 4-1: USB disconnect, device number 17 [ 347.235244][T12286] loop4: detected capacity change from 0 to 32768 [ 347.280021][T12286] [ 347.280021][T12286] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.280021][T12286] [ 347.321833][ T28] audit: type=1800 audit(1752877049.084:161): pid=12286 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2113" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 347.365065][T12286] [ 347.365065][T12286] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.365065][T12286] [ 347.384984][T12286] [ 347.384984][T12286] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.384984][T12286] [ 347.396431][T12286] [ 347.396431][T12286] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.396431][T12286] [ 347.446495][T12286] JFS: metapage_get_blocks failed [ 347.466975][T12286] [ 347.466975][T12286] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.466975][T12286] [ 347.493882][T12298] ERROR: (device loop4): diWrite: ixpxd invalid [ 347.493882][T12298] [ 347.523573][T12298] ERROR: (device loop4): txCommit: [ 347.523573][T12298] [ 347.556465][T12298] ERROR: (device loop4): diFree: invalid inoext [ 347.556465][T12298] [ 347.584078][T12304] loop1: detected capacity change from 0 to 8 [ 347.628479][T12304] SQUASHFS error: Failed to read block 0x2d7: -5 [ 347.670382][T12304] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 347.722814][ T11] ERROR: (device loop4): diWrite: ixpxd invalid [ 347.722814][ T11] [ 347.743426][ T11] ERROR: (device loop4): txCommit: [ 347.743426][ T11] [ 347.772324][ T11] jfs_write_inode: jfs_commit_inode failed! [ 347.798146][ T7339] [ 347.798146][ T7339] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.798146][ T7339] [ 347.813801][T12288] loop3: detected capacity change from 0 to 32768 [ 347.833543][ T7339] [ 347.833543][ T7339] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 347.833543][ T7339] [ 347.870010][T12288] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 347.872879][T12314] loop2: detected capacity change from 0 to 1024 [ 347.928027][T12288] XFS (loop3): Ending clean mount [ 347.947760][T12288] XFS (loop3): Quotacheck needed: Please wait. [ 348.025380][ T1118] hfsplus: b-tree write err: -5, ino 4 [ 348.065938][T12288] XFS (loop3): Quotacheck: Done. [ 348.169730][ T6767] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 348.887459][T12341] loop3: detected capacity change from 0 to 40427 [ 348.895510][T12341] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff [ 348.904581][T12341] F2FS-fs (loop3): Image doesn't support compression [ 348.911425][T12341] F2FS-fs (loop3): Image doesn't support compression [ 348.920482][T12341] F2FS-fs (loop3): invalid crc value [ 348.932650][T12341] F2FS-fs (loop3): Found nat_bits in checkpoint [ 348.975342][T12341] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 349.006680][ T28] audit: type=1800 audit(1752877050.774:162): pid=12341 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2129" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 349.054455][ T6767] syz-executor: attempt to access beyond end of device [ 349.054455][ T6767] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 349.069587][ T6767] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 349.361806][T12348] loop3: detected capacity change from 0 to 8 [ 349.385837][T12348] SQUASHFS error: Failed to read block 0x2d7: -5 [ 349.392580][T12348] SQUASHFS error: Unable to read metadata cache entry [2d5] [ 350.172162][T12366] loop3: detected capacity change from 0 to 2048 [ 350.216153][T12366] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 350.264463][T12366] EXT4-fs error (device loop3): ext4_find_extent:936: inode #2: comm syz.3.2147: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 350.335831][T12366] EXT4-fs (loop3): Remounting filesystem read-only [ 350.432573][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 350.532666][T12352] loop1: detected capacity change from 0 to 32768 [ 350.554296][T12352] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 350.595891][T12352] XFS (loop1): Ending clean mount [ 350.621748][T12352] XFS (loop1): Quotacheck needed: Please wait. [ 350.804382][T12352] XFS (loop1): Quotacheck: Done. [ 350.836868][T12358] loop2: detected capacity change from 0 to 131072 [ 350.844898][T12358] F2FS-fs (loop2): Invalid log sectorsize (67108873) [ 350.851764][T12358] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 350.862194][T12358] F2FS-fs (loop2): invalid crc value [ 350.901442][T12358] F2FS-fs (loop2): Found nat_bits in checkpoint [ 350.943720][ T5786] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 350.954348][T12358] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 350.961599][T12358] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 351.611501][T12399] loop1: detected capacity change from 0 to 1764 [ 352.183984][T12416] loop3: detected capacity change from 0 to 512 [ 352.259516][T12415] loop4: detected capacity change from 0 to 4096 [ 352.279269][T12416] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 352.288198][T12415] ntfs3: loop4: Different NTFS sector size (2048) and media sector size (512). [ 352.346590][T12416] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 352.360604][T12415] ntfs3: loop4: Failed to initialize $Extend/$ObjId. [ 352.377259][T12416] ext4 filesystem being mounted at /475/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 352.437944][T12416] EXT4-fs error (device loop3): ext4_xattr_block_get:596: inode #15: comm syz.3.2162: corrupted xattr block 19: overlapping e_value [ 352.694197][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 352.904004][T12430] loop4: detected capacity change from 0 to 4096 [ 352.938225][T12434] loop3: detected capacity change from 0 to 256 [ 353.043603][T12434] FAT-fs (loop3): Directory bread(block 64) failed [ 353.069726][T12434] FAT-fs (loop3): Directory bread(block 65) failed [ 353.102086][T12434] FAT-fs (loop3): Directory bread(block 66) failed [ 353.154707][T12434] FAT-fs (loop3): Directory bread(block 67) failed [ 353.171942][T12434] FAT-fs (loop3): Directory bread(block 68) failed [ 353.210264][T12434] FAT-fs (loop3): Directory bread(block 69) failed [ 353.256550][T12434] FAT-fs (loop3): Directory bread(block 70) failed [ 353.279909][T12434] FAT-fs (loop3): Directory bread(block 71) failed [ 353.325528][T12434] FAT-fs (loop3): Directory bread(block 72) failed [ 353.356400][T12434] FAT-fs (loop3): Directory bread(block 73) failed [ 354.159660][T12438] loop4: detected capacity change from 0 to 40427 [ 354.168146][T12438] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff [ 354.187494][T12438] F2FS-fs (loop4): Image doesn't support compression [ 354.195477][T12438] F2FS-fs (loop4): Image doesn't support compression [ 354.208095][T12438] F2FS-fs (loop4): invalid crc value [ 354.251963][T12438] F2FS-fs (loop4): Found nat_bits in checkpoint [ 354.350982][T12438] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 354.413730][ T28] audit: type=1800 audit(1752877056.174:163): pid=12438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2172" name="file1" dev="loop4" ino=10 res=0 errno=0 [ 354.517894][ T7339] syz-executor: attempt to access beyond end of device [ 354.517894][ T7339] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 354.546889][ T7339] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 354.856028][T12455] loop1: detected capacity change from 0 to 32768 [ 354.868890][T12455] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.2185 (12455) [ 354.891528][T12455] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 354.905319][T12455] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm [ 354.918372][T12455] BTRFS info (device loop1): force clearing of disk cache [ 354.925654][T12455] BTRFS info (device loop1): enabling auto defrag [ 354.935057][T12455] BTRFS info (device loop1): max_inline at 0 [ 354.947327][T12455] BTRFS info (device loop1): enabling disk space caching [ 354.965119][T12455] BTRFS info (device loop1): disk space caching is enabled [ 355.030979][T12455] BTRFS info (device loop1): enabling ssd optimizations [ 355.051351][T12455] BTRFS info (device loop1): rebuilding free space tree [ 355.115401][T12455] BTRFS info (device loop1): disabling free space tree [ 355.126179][T12455] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 355.152252][T12455] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 355.349268][T12486] loop4: detected capacity change from 0 to 1024 [ 355.377325][ T5786] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 355.417927][T12486] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 355.441244][T12486] ext4 filesystem being mounted at /438/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 355.558863][ T28] audit: type=1800 audit(1752877057.324:164): pid=12486 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2183" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 355.582624][T12486] EXT4-fs error (device loop4): ext4_map_blocks:718: inode #15: block 1: comm syz.4.2183: lblock 1 mapped to illegal pblock 1 (length 15) [ 355.707479][T12486] EXT4-fs error (device loop4): ext4_ext_remove_space:2929: inode #15: comm syz.4.2183: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 355.777332][ T28] audit: type=1804 audit(1752877057.534:165): pid=12494 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.2183" name="/newroot/438/file1/file1" dev="loop4" ino=15 res=1 errno=0 [ 355.777626][T12494] EXT4-fs error (device loop4): ext4_ext_remove_space:2929: inode #15: comm syz.4.2183: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0) [ 355.799202][ C1] vkms_vblank_simulate: vblank timer overrun [ 355.937646][T12494] EXT4-fs error (device loop4) in ext4_setattr:5645: Corrupt filesystem [ 356.149451][T12500] loop1: detected capacity change from 0 to 256 [ 356.168593][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 356.199074][T12500] FAT-fs (loop1): "posix" option is obsolete, not supported now [ 356.600493][T12508] loop1: detected capacity change from 0 to 512 [ 356.620610][T12508] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 356.658306][T12493] loop2: detected capacity change from 0 to 40427 [ 356.666714][T12493] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 356.675256][T12493] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 356.698277][T12508] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 356.716091][T12508] ext4 filesystem being mounted at /536/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 356.774129][T12508] EXT4-fs error (device loop1): ext4_xattr_block_get:596: inode #15: comm syz.1.2193: corrupted xattr block 19: overlapping e_value [ 356.796104][T12493] F2FS-fs (loop2): Found nat_bits in checkpoint [ 356.905338][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 356.979566][T12493] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 356.996410][T12493] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 357.115758][T12516] loop4: detected capacity change from 0 to 32768 [ 357.124816][T12516] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.2196 (12516) [ 357.141409][T12516] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 357.158818][T12516] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 357.170075][T12516] BTRFS info (device loop4): turning off barriers [ 357.179058][T12516] BTRFS info (device loop4): setting nodatasum [ 357.185433][T12516] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 357.196134][T12516] BTRFS info (device loop4): use zstd compression, level 3 [ 357.205374][T12516] BTRFS info (device loop4): using free space tree [ 357.290005][ T5859] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 357.478328][ T5859] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 357.497037][ T5859] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 357.516764][ T5859] usb 2-1: New USB device found, idVendor=1d34, idProduct=0004, bcdDevice= 0.00 [ 357.536878][ T5859] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.550635][ T5859] usb 2-1: config 0 descriptor?? [ 357.641055][ T7339] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 357.689964][T12544] loop2: detected capacity change from 0 to 4096 [ 357.806440][T12544] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 357.823785][T12544] ntfs3: loop2: Failed to load $Extend (-22). [ 357.841162][T12544] ntfs3: loop2: Failed to initialize $Extend. [ 358.086234][T12550] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2201'. [ 358.858157][T12548] loop3: detected capacity change from 0 to 131072 [ 358.866077][T12548] F2FS-fs (loop3): Invalid log sectorsize (67108873) [ 358.873142][T12548] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 358.885083][T12548] F2FS-fs (loop3): invalid crc value [ 358.894182][ T5859] hid-led 0003:1D34:0004.0012: unknown main item tag 0x0 [ 358.939492][ T5859] hid-led 0003:1D34:0004.0012: hidraw0: USB HID v0.00 Device [HID 1d34:0004] on usb-dummy_hcd.1-1/input0 [ 358.953186][T12548] F2FS-fs (loop3): Found nat_bits in checkpoint [ 359.040929][ T5859] hid-led 0003:1D34:0004.0012: Dream Cheeky Webmail Notifier initialized [ 359.049644][T12548] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 359.056937][T12548] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 359.083094][T12560] loop2: detected capacity change from 0 to 256 [ 359.128408][T12560] FAT-fs (loop2): Directory bread(block 64) failed [ 359.146252][ T5859] usb 2-1: USB disconnect, device number 25 [ 359.152983][T12560] FAT-fs (loop2): Directory bread(block 65) failed [ 359.170457][T12560] FAT-fs (loop2): Directory bread(block 66) failed [ 359.193287][T12560] FAT-fs (loop2): Directory bread(block 67) failed [ 359.214013][T12560] FAT-fs (loop2): Directory bread(block 68) failed [ 359.220775][T12560] FAT-fs (loop2): Directory bread(block 69) failed [ 359.234904][T12560] FAT-fs (loop2): Directory bread(block 70) failed [ 359.244929][T12560] FAT-fs (loop2): Directory bread(block 71) failed [ 359.258800][T12560] FAT-fs (loop2): Directory bread(block 72) failed [ 359.265529][T12560] FAT-fs (loop2): Directory bread(block 73) failed [ 359.424735][T12563] loop4: detected capacity change from 0 to 16 [ 359.438241][T12563] erofs: (device loop4): mounted with root inode @ nid 36. [ 359.992760][T12573] loop4: detected capacity change from 0 to 2048 [ 360.034692][T12573] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 360.062012][T12573] EXT4-fs error (device loop4): ext4_find_extent:936: inode #2: comm syz.4.2213: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 360.087200][T12573] EXT4-fs (loop4): Remounting filesystem read-only [ 360.103277][T12565] loop2: detected capacity change from 0 to 32768 [ 360.150600][T12565] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.2209 (12565) [ 360.195652][ T7339] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 360.220688][T12565] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 360.276820][T12565] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 360.285613][T12565] BTRFS info (device loop2): turning off barriers [ 360.326759][T12565] BTRFS info (device loop2): setting nodatasum [ 360.333945][T12565] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 360.356406][T12565] BTRFS info (device loop2): use zstd compression, level 3 [ 360.366738][T12565] BTRFS info (device loop2): using free space tree [ 360.399356][T12579] loop4: detected capacity change from 0 to 16 [ 360.435133][T12579] erofs: (device loop4): mounted with root inode @ nid 36. [ 360.832334][ T5787] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 361.900677][T12619] loop3: detected capacity change from 0 to 256 [ 361.938120][T12619] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 362.099843][T12625] loop1: detected capacity change from 0 to 16 [ 362.131833][T12625] erofs: (device loop1): mounted with root inode @ nid 36. [ 362.465245][T12633] loop2: detected capacity change from 0 to 4096 [ 362.533263][T12633] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 362.726907][T12645] loop6: detected capacity change from 0 to 524287999 [ 363.638721][T12657] loop3: detected capacity change from 0 to 40427 [ 363.657738][T12657] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff [ 363.684434][T12657] F2FS-fs (loop3): invalid crc value [ 363.710197][T12657] F2FS-fs (loop3): Found nat_bits in checkpoint [ 363.805960][T12657] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 363.903645][ T6767] syz-executor: attempt to access beyond end of device [ 363.903645][ T6767] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 363.941763][ T6767] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 364.244645][T12697] loop1: detected capacity change from 0 to 512 [ 364.297300][T12697] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 364.310599][T12697] ext4 filesystem being mounted at /547/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 364.342847][T12697] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 364.369833][T12697] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 364.419471][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 364.588818][T12704] loop3: detected capacity change from 0 to 2048 [ 364.606471][T12704] EXT4-fs: Ignoring removed bh option [ 364.648692][T12704] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 364.751448][T12712] Bluetooth: hci4: received HCILL_GO_TO_SLEEP_ACK in state 2 [ 364.760195][ T6767] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 364.770272][ T58] Bluetooth: hci4: Frame reassembly failed (-84) [ 365.024202][ T28] audit: type=1326 audit(1752877066.784:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.060189][ T28] audit: type=1326 audit(1752877066.794:167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.103663][ T28] audit: type=1326 audit(1752877066.804:168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.126917][ T28] audit: type=1326 audit(1752877066.804:169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.151159][ T28] audit: type=1326 audit(1752877066.814:170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.184293][ T28] audit: type=1326 audit(1752877066.814:171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.232595][ T28] audit: type=1326 audit(1752877066.814:172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.267691][ T28] audit: type=1326 audit(1752877066.824:173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.294837][ T28] audit: type=1326 audit(1752877066.824:174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.317991][ T28] audit: type=1326 audit(1752877066.824:175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12721 comm="syz.4.2266" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3330f8e9a9 code=0x7ffc0000 [ 365.575321][T12740] IPVS: length: 4096 != 8 [ 365.752149][T12736] loop4: detected capacity change from 0 to 32768 [ 365.776709][ T23] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 365.797529][T12736] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 365.853622][T12736] XFS (loop4): Ending clean mount [ 365.863318][T12736] XFS (loop4): Quotacheck needed: Please wait. [ 365.919991][T12736] XFS (loop4): Quotacheck: Done. [ 365.976725][ T23] usb 2-1: Using ep0 maxpacket: 8 [ 365.995761][ T23] usb 2-1: unable to get BOS descriptor or descriptor too short [ 365.997651][T12742] loop3: detected capacity change from 0 to 32768 [ 366.004479][ T23] usb 2-1: too many configurations: 73, using maximum allowed: 8 [ 366.023939][T12742] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2275 (12742) [ 366.027015][ T23] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 366.046936][ T23] usb 2-1: can't read configurations, error -71 [ 366.054072][T12742] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 366.056479][ T7339] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 366.065503][T12742] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 366.084581][T12742] BTRFS info (device loop3): metadata ratio 2 [ 366.091299][T12742] BTRFS info (device loop3): allowing degraded mounts [ 366.098697][T12742] BTRFS info (device loop3): force zlib compression, level 3 [ 366.106133][T12742] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 366.115849][T12742] BTRFS info (device loop3): use zstd compression, level 3 [ 366.123451][T12742] BTRFS info (device loop3): force clearing of disk cache [ 366.131018][T12742] BTRFS info (device loop3): max_inline at 0 [ 366.142011][T12742] BTRFS info (device loop3): using free space tree [ 366.272646][T12742] BTRFS info (device loop3): enabling ssd optimizations [ 366.283081][T12742] BTRFS info (device loop3): rebuilding free space tree [ 366.359084][T12742] BTRFS error (device loop3: state M): unrecognized mount option 'ÿÿ18446744073709551615ÿ01777777777777777777777±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(cŸoö—ÈêM ) Ç0177777777777777777777718446744073709551615ÿÿÿÿÿÿÿÿÿÿ' [ 366.413229][ T6767] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 366.692133][T12777] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2280'. [ 366.797586][ T5802] Bluetooth: hci4: command 0x1003 tx timeout [ 366.807734][ T5798] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 367.219612][T12788] fuse: Invalid user_id [ 367.332950][T12795] loop2: detected capacity change from 0 to 1024 [ 367.551002][ T23] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 367.746721][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 367.766924][ T23] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 367.783569][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.803258][ T23] usb 2-1: config 0 descriptor?? [ 367.823082][ T23] as10x_usb: device has been detected [ 367.829938][ T23] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 367.865968][ T23] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 368.005132][ T23] as10x_usb: error during firmware upload part1 [ 368.045065][ T23] Registered device nBox DVB-T Dongle [ 368.049209][ T23] usb 2-1: USB disconnect, device number 28 [ 368.101657][ T23] Unregistered device nBox DVB-T Dongle [ 368.113776][ T23] as10x_usb: device has been disconnected [ 368.178731][T12802] loop2: detected capacity change from 0 to 32768 [ 368.232245][T12802] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 368.322130][T12802] XFS (loop2): Ending clean mount [ 368.332258][T12802] XFS (loop2): Quotacheck needed: Please wait. [ 368.385223][T12802] XFS (loop2): Quotacheck: Done. [ 368.572432][ T5787] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 368.928761][T12842] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2304'. [ 369.158726][T12848] mmap: syz.4.2306 (12848) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 369.498460][T12860] loop4: detected capacity change from 0 to 256 [ 369.560565][T12865] loop1: detected capacity change from 0 to 512 [ 369.574483][T12838] loop3: detected capacity change from 0 to 40427 [ 369.590917][T12865] EXT4-fs (loop1): orphan cleanup on readonly fs [ 369.597305][T12838] F2FS-fs (loop3): build fault injection attr: rate: 19, type: 0x7ffff [ 369.597338][T12838] F2FS-fs (loop3): build fault injection attr: rate: 4, type: 0x7ffff [ 369.604212][T12838] F2FS-fs (loop3): invalid crc value [ 369.614544][T12865] EXT4-fs error (device loop1): ext4_acquire_dquot:6938: comm syz.1.2313: Failed to acquire dquot type 1 [ 369.637184][T12865] EXT4-fs (loop1): 1 truncate cleaned up [ 369.656097][T12865] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 369.662889][T12838] F2FS-fs (loop3): Found nat_bits in checkpoint [ 369.709067][T12865] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 369.766411][T12865] EXT4-fs warning (device loop1): read_mmp_block:115: Error -117 while reading MMP block 8 [ 369.808384][T12838] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 369.819547][T12874] loop9: detected capacity change from 0 to 8 [ 369.856271][T12874] loop9: [CUMANA/ADFS] p1 [ADFS] p1 [ 369.869374][T12874] loop9: partition table partially beyond EOD, truncated [ 369.888592][T12874] loop9: p1 size 81768186 extends beyond EOD, truncated [ 369.901382][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 370.264444][T12871] loop4: detected capacity change from 0 to 32768 [ 370.565329][T12876] loop1: detected capacity change from 0 to 32768 [ 370.591719][T12876] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 370.628291][T12876] XFS (loop1): Ending clean mount [ 370.643055][T12876] XFS (loop1): Quotacheck needed: Please wait. [ 370.713464][T12876] XFS (loop1): Quotacheck: Done. [ 370.792708][ T5786] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 371.467560][T12912] loop2: detected capacity change from 0 to 1024 [ 371.485423][T12912] EXT4-fs: inline encryption not supported [ 371.503563][T12912] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 371.527864][T12898] loop3: detected capacity change from 0 to 40427 [ 371.537583][T12898] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 371.546894][T12898] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 371.565393][T12912] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 2: comm syz.2.2331: lblock 2 mapped to illegal pblock 2 (length 1) [ 371.582881][T12898] F2FS-fs (loop3): invalid crc value [ 371.595366][T12912] EXT4-fs (loop2): Remounting filesystem read-only [ 371.605418][T12898] F2FS-fs (loop3): Found nat_bits in checkpoint [ 371.616469][T12912] __quota_error: 2 callbacks suppressed [ 371.616484][T12912] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 371.652767][T12912] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 371.685298][T12912] EXT4-fs (loop2): 1 orphan inode deleted [ 371.688757][T12906] loop4: detected capacity change from 0 to 32768 [ 371.702544][T12912] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 371.722433][T12898] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 371.729739][T12898] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 371.770588][T12898] syz.3.2324: attempt to access beyond end of device [ 371.770588][T12898] loop3: rw=2049, sector=45096, nr_sectors = 88 limit=40427 [ 371.802036][T12898] syz.3.2324: attempt to access beyond end of device [ 371.802036][T12898] loop3: rw=2049, sector=45184, nr_sectors = 40 limit=40427 [ 371.819576][T12898] syz.3.2324: attempt to access beyond end of device [ 371.819576][T12898] loop3: rw=2049, sector=45096, nr_sectors = 88 limit=40427 [ 371.821391][ T5787] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 372.178785][T12924] loop1: detected capacity change from 0 to 512 [ 372.186039][T12924] EXT4-fs: Ignoring removed i_version option [ 372.218925][T12924] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 372.240917][T12924] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=2802e12c, mo2=0002] [ 372.266588][T12924] System zones: 1-12 [ 372.270899][T12924] EXT4-fs (loop1): orphan cleanup on readonly fs [ 372.303814][T12924] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.2322: invalid indirect mapped block 12 (level 1) [ 372.361149][T12924] EXT4-fs (loop1): Remounting filesystem read-only [ 372.369737][T12924] EXT4-fs (loop1): 1 truncate cleaned up [ 372.381644][T12924] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000007 ro without journal. Quota mode: none. [ 372.393742][ T23] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 372.480098][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000007. [ 372.586479][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 372.593961][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.595281][T12932] netlink: 'syz.1.2336': attribute type 10 has an invalid length. [ 372.615686][ T23] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.635934][ T23] usb 3-1: New USB device found, idVendor=046d, idProduct=c343, bcdDevice= 0.00 [ 372.648283][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.668476][ T23] usb 3-1: config 0 descriptor?? [ 372.733473][T12932] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 372.856224][T12938] loop1: detected capacity change from 0 to 256 [ 372.915169][T12938] FAT-fs (loop1): Directory bread(block 64) failed [ 372.942379][T12938] FAT-fs (loop1): Directory bread(block 65) failed [ 372.963721][T12938] FAT-fs (loop1): Directory bread(block 66) failed [ 372.986483][T12938] FAT-fs (loop1): Directory bread(block 67) failed [ 373.006496][T12938] FAT-fs (loop1): Directory bread(block 68) failed [ 373.013187][T12938] FAT-fs (loop1): Directory bread(block 69) failed [ 373.046609][T12938] FAT-fs (loop1): Directory bread(block 70) failed [ 373.065519][T12938] FAT-fs (loop1): Directory bread(block 71) failed [ 373.084968][T12938] FAT-fs (loop1): Directory bread(block 72) failed [ 373.094149][ T23] logitech-hidpp-device 0003:046D:C343.0013: hidraw0: USB HID v3.0e Device [HID 046d:c343] on usb-dummy_hcd.2-1/input0 [ 373.101907][T12938] FAT-fs (loop1): Directory bread(block 73) failed [ 373.299035][ T27] usb 3-1: USB disconnect, device number 18 [ 373.481098][T12941] loop3: detected capacity change from 0 to 40427 [ 373.510210][T12941] F2FS-fs (loop3): Found nat_bits in checkpoint [ 373.566148][T12941] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 373.626086][T12941] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 373.709829][ T6767] syz-executor: attempt to access beyond end of device [ 373.709829][ T6767] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 373.724272][ T6767] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 373.745572][T12966] overlayfs: missing 'lowerdir' [ 373.943678][T12974] loop2: detected capacity change from 0 to 256 [ 373.987010][T12974] FAT-fs (loop2): bogus number of FAT sectors [ 373.993229][T12974] FAT-fs (loop2): Can't find a valid FAT filesystem [ 374.304879][T12982] netlink: 748 bytes leftover after parsing attributes in process `syz.1.2359'. [ 374.334644][T12986] loop2: detected capacity change from 0 to 64 [ 374.346659][T12982] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 374.827057][T12976] loop4: detected capacity change from 0 to 40427 [ 374.846582][T12976] F2FS-fs (loop4): invalid crc value [ 374.862684][T12976] F2FS-fs (loop4): Found nat_bits in checkpoint [ 374.916907][ T28] audit: type=1326 audit(1752877076.674:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05498e9a9 code=0x7ffc0000 [ 374.961453][ T28] audit: type=1326 audit(1752877076.674:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05498e9a9 code=0x7ffc0000 [ 374.984781][T12976] F2FS-fs (loop4): Start checkpoint disabled! [ 374.991549][ T28] audit: type=1326 audit(1752877076.714:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fc05498e9a9 code=0x7ffc0000 [ 375.017624][ T28] audit: type=1326 audit(1752877076.714:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05498e9a9 code=0x7ffc0000 [ 375.048722][T12976] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 375.059220][ T28] audit: type=1326 audit(1752877076.714:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05498e9a9 code=0x7ffc0000 [ 375.109621][ T28] audit: type=1326 audit(1752877076.714:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc05498d310 code=0x7ffc0000 [ 375.175378][ T28] audit: type=1326 audit(1752877076.714:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc05498e9a9 code=0x7ffc0000 [ 375.219859][ T28] audit: type=1326 audit(1752877076.714:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13007 comm="syz.3.2370" exe="/root/syz-executor" sig=0 arch=c000003e syscall=221 compat=0 ip=0x7fc05498e9a9 code=0x7ffc0000 [ 375.286485][ T965] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 375.349488][ T12] kworker/u4:1: attempt to access beyond end of device [ 375.349488][ T12] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 375.369893][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 375.386110][ T12] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 375.390135][T13019] sch_tbf: burst 0 is lower than device veth0_to_team mtu (1514) ! [ 375.468767][ T965] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 375.479273][ T965] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1023 [ 375.501140][ T965] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 375.515921][ T965] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.534385][ T965] usb 3-1: Product: syz [ 375.540562][ T965] usb 3-1: Manufacturer: syz [ 375.555491][ T965] usb 3-1: SerialNumber: syz [ 375.686469][ T5859] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 375.781036][ T965] cdc_ncm 3-1:1.0: bind() failure [ 375.798494][ T965] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 375.817295][ T965] cdc_ncm 3-1:1.1: bind() failure [ 375.830211][T13032] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2373'. [ 375.832990][ T965] usb 3-1: USB disconnect, device number 19 [ 375.880218][ T5859] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 375.905966][ T5859] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 375.918525][ T5859] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 375.936785][ T5859] usb 4-1: config 1 has no interface number 0 [ 375.942968][ T5859] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 375.970465][ T5859] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 375.984982][ T5859] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 376.000690][ T5859] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.023347][ T5859] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 376.580848][ T5859] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 376.807899][ T5859] usb 4-1: USB disconnect, device number 18 [ 376.819359][ T5859] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 376.956634][ T12] wlan1: Trigger new scan to find an IBSS to join [ 377.031452][ T1136] ------------[ cut here ]------------ [ 377.035671][T13071] loop2: detected capacity change from 0 to 512 [ 377.037922][ T1136] no supported rates for sta (null) (0xffffffff, band 0) in rate_mask 0xffffffff with flags 0x20 [ 377.038880][ T1136] WARNING: CPU: 0 PID: 1136 at net/mac80211/rate.c:385 __rate_control_send_low+0x635/0x880 [ 377.064958][ T1136] Modules linked in: [ 377.068941][ T1136] CPU: 0 PID: 1136 Comm: kworker/u4:7 Not tainted 6.6.99-syzkaller #0 [ 377.077186][ T1136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 377.087336][ T1136] Workqueue: events_unbound cfg80211_wiphy_work [ 377.093641][ T1136] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 377.100001][ T1136] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 a0 7f be 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 cb f9 6a f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 377.119717][ T1136] RSP: 0018:ffffc9000437f380 EFLAGS: 00010246 [ 377.125858][ T1136] RAX: 0f836284e2746d00 RBX: 000000000000000c RCX: ffff8880236c8000 [ 377.133919][ T1136] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 377.141977][ T1136] RBP: 0000000000000084 R08: ffffffff90da2617 R09: 1ffffffff21b44c2 [ 377.150029][ T1136] R10: dffffc0000000000 R11: fffffbfff21b44c3 R12: 0000000000000020 [ 377.158077][ T1136] R13: dffffc0000000000 R14: ffff88807a153358 R15: ffff88807eac2168 [ 377.166087][ T1136] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 377.175094][ T1136] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 377.181778][ T1136] CR2: 000055557a546588 CR3: 000000005136f000 CR4: 00000000003506f0 [ 377.189830][ T1136] Call Trace: [ 377.193233][ T1136] [ 377.196232][ T1136] rate_control_send_low+0x194/0x790 [ 377.201654][ T1136] rate_control_get_rate+0x20b/0x5c0 [ 377.207032][ T1136] ieee80211_tx_h_rate_ctrl+0xb2d/0x1770 [ 377.212733][ T1136] ? ieee80211_tx_h_select_key+0x18f0/0x18f0 [ 377.218819][ T1136] ? __lock_acquire+0x1260/0x7c80 [ 377.223906][ T1136] ? ieee80211_is_bufferable_mmpdu+0xfb/0x1f0 [ 377.230087][ T1136] invoke_tx_handlers_late+0xb6/0x1810 [ 377.234536][T13071] EXT4-fs (loop2): orphan cleanup on readonly fs [ 377.235594][ T1136] ? ieee80211_tx_h_select_key+0x13cc/0x18f0 [ 377.235644][ T1136] ? invoke_tx_handlers_early+0xa11/0x1cf0 [ 377.247789][T13071] __quota_error: 2 callbacks suppressed [ 377.247807][T13071] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 2 index 0 [ 377.248059][T13071] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 377.253845][ T1136] ieee80211_tx+0x2ad/0x420 [ 377.253889][ T1136] ? ieee80211_skb_resize+0x630/0x630 [ 377.253937][ T1136] ? ieee80211_set_qos_hdr+0x1ca/0x510 [ 377.253965][ T1136] ? __bpf_trace_tasklet+0x140/0x140 [ 377.253991][ T1136] ? ieee80211_xmit+0x310/0x3f0 [ 377.260572][T13071] EXT4-fs error (device loop2): ext4_acquire_dquot:6938: comm syz.2.2396: Failed to acquire dquot type 1 [ 377.270300][ T1136] ? __ieee80211_tx_skb_tid_band+0x490/0x610 [ 377.287788][T13071] EXT4-fs (loop2): 1 truncate cleaned up [ 377.289649][ T1136] __ieee80211_tx_skb_tid_band+0x4d5/0x610 [ 377.334109][ T1136] ? ieee80211_scan_state_send_probe+0x4b4/0x930 [ 377.340599][ T1136] ieee80211_scan_state_send_probe+0x560/0x930 [ 377.346861][ T1136] ieee80211_scan_work+0x4e8/0x1d20 [ 377.352165][ T1136] cfg80211_wiphy_work+0x225/0x260 [ 377.357380][ T1136] ? process_scheduled_works+0x957/0x15b0 [ 377.363239][ T1136] process_scheduled_works+0xa45/0x15b0 [ 377.368901][ T1136] ? assign_work+0x400/0x400 [ 377.373536][ T1136] ? assign_work+0x39e/0x400 [ 377.378209][ T1136] worker_thread+0xa55/0xfc0 [ 377.382874][ T1136] kthread+0x2fa/0x390 [ 377.387023][ T1136] ? pr_cont_work+0x560/0x560 [ 377.391748][ T1136] ? kthread_blkcg+0xd0/0xd0 [ 377.396419][ T1136] ret_from_fork+0x48/0x80 [ 377.400883][ T1136] ? kthread_blkcg+0xd0/0xd0 [ 377.405499][ T1136] ret_from_fork_asm+0x11/0x20 [ 377.410331][ T1136] [ 377.413366][ T1136] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 377.420737][ T1136] CPU: 0 PID: 1136 Comm: kworker/u4:7 Not tainted 6.6.99-syzkaller #0 [ 377.428902][ T1136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 377.438975][ T1136] Workqueue: events_unbound cfg80211_wiphy_work [ 377.445259][ T1136] Call Trace: [ 377.448548][ T1136] [ 377.451494][ T1136] dump_stack_lvl+0x16c/0x230 [ 377.456189][ T1136] ? show_regs_print_info+0x20/0x20 [ 377.461406][ T1136] ? load_image+0x3b0/0x3b0 [ 377.465931][ T1136] panic+0x2c0/0x710 [ 377.469857][ T1136] ? bpf_jit_dump+0xd0/0xd0 [ 377.474413][ T1136] ? ret_from_fork_asm+0x11/0x20 [ 377.479389][ T1136] __warn+0x2e0/0x470 [ 377.483399][ T1136] ? __rate_control_send_low+0x635/0x880 [ 377.489079][ T1136] ? __rate_control_send_low+0x635/0x880 [ 377.494754][ T1136] report_bug+0x2be/0x4f0 [ 377.499102][ T1136] ? __rate_control_send_low+0x635/0x880 [ 377.504777][ T1136] ? __rate_control_send_low+0x635/0x880 [ 377.510445][ T1136] ? __rate_control_send_low+0x637/0x880 [ 377.516088][ T1136] handle_bug+0xcf/0x120 [ 377.520342][ T1136] exc_invalid_op+0x1a/0x50 [ 377.524850][ T1136] asm_exc_invalid_op+0x1a/0x20 [ 377.529735][ T1136] RIP: 0010:__rate_control_send_low+0x635/0x880 [ 377.535989][ T1136] Code: 30 42 0f b6 04 28 84 c0 0f 85 e6 01 00 00 41 8b 0e 48 c7 c7 a0 7f be 8b 48 8b 74 24 10 44 8b 44 24 1c 45 89 e1 e8 cb f9 6a f7 <0f> 0b e9 78 fe ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fa ff [ 377.555610][ T1136] RSP: 0018:ffffc9000437f380 EFLAGS: 00010246 [ 377.561702][ T1136] RAX: 0f836284e2746d00 RBX: 000000000000000c RCX: ffff8880236c8000 [ 377.569712][ T1136] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002 [ 377.577697][ T1136] RBP: 0000000000000084 R08: ffffffff90da2617 R09: 1ffffffff21b44c2 [ 377.585697][ T1136] R10: dffffc0000000000 R11: fffffbfff21b44c3 R12: 0000000000000020 [ 377.594763][ T1136] R13: dffffc0000000000 R14: ffff88807a153358 R15: ffff88807eac2168 [ 377.602777][ T1136] rate_control_send_low+0x194/0x790 [ 377.608107][ T1136] rate_control_get_rate+0x20b/0x5c0 [ 377.613427][ T1136] ieee80211_tx_h_rate_ctrl+0xb2d/0x1770 [ 377.619112][ T1136] ? ieee80211_tx_h_select_key+0x18f0/0x18f0 [ 377.625134][ T1136] ? __lock_acquire+0x1260/0x7c80 [ 377.630693][ T1136] ? ieee80211_is_bufferable_mmpdu+0xfb/0x1f0 [ 377.636802][ T1136] invoke_tx_handlers_late+0xb6/0x1810 [ 377.642298][ T1136] ? ieee80211_tx_h_select_key+0x13cc/0x18f0 [ 377.648314][ T1136] ? invoke_tx_handlers_early+0xa11/0x1cf0 [ 377.654152][ T1136] ieee80211_tx+0x2ad/0x420 [ 377.658685][ T1136] ? ieee80211_skb_resize+0x630/0x630 [ 377.664166][ T1136] ? ieee80211_set_qos_hdr+0x1ca/0x510 [ 377.669675][ T1136] ? __bpf_trace_tasklet+0x140/0x140 [ 377.674979][ T1136] ? ieee80211_xmit+0x310/0x3f0 [ 377.679854][ T1136] ? __ieee80211_tx_skb_tid_band+0x490/0x610 [ 377.685871][ T1136] __ieee80211_tx_skb_tid_band+0x4d5/0x610 [ 377.691716][ T1136] ? ieee80211_scan_state_send_probe+0x4b4/0x930 [ 377.698073][ T1136] ieee80211_scan_state_send_probe+0x560/0x930 [ 377.704284][ T1136] ieee80211_scan_work+0x4e8/0x1d20 [ 377.709535][ T1136] cfg80211_wiphy_work+0x225/0x260 [ 377.714662][ T1136] ? process_scheduled_works+0x957/0x15b0 [ 377.720397][ T1136] process_scheduled_works+0xa45/0x15b0 [ 377.726066][ T1136] ? assign_work+0x400/0x400 [ 377.730666][ T1136] ? assign_work+0x39e/0x400 [ 377.735271][ T1136] worker_thread+0xa55/0xfc0 [ 377.739949][ T1136] kthread+0x2fa/0x390 [ 377.744060][ T1136] ? pr_cont_work+0x560/0x560 [ 377.748809][ T1136] ? kthread_blkcg+0xd0/0xd0 [ 377.753445][ T1136] ret_from_fork+0x48/0x80 [ 377.757908][ T1136] ? kthread_blkcg+0xd0/0xd0 [ 377.762534][ T1136] ret_from_fork_asm+0x11/0x20 [ 377.767334][ T1136] [ 377.770656][ T1136] Kernel Offset: disabled [ 377.775137][ T1136] Rebooting in 86400 seconds..