last executing test programs: 2m32.883404363s ago: executing program 2 (id=1840): r0 = io_uring_setup(0x26d7, &(0x7f00000000c0)={0x0, 0x0, 0x3000, 0x0, 0x3}) io_uring_enter(r0, 0x0, 0x0, 0xf, &(0x7f0000000000), 0x18) 2m32.75987536s ago: executing program 2 (id=1842): r0 = openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000180)=@multiplanar_mmap={0x40000004, 0x7, 0x4, 0x0, 0x800, {0x0, 0x2710}, {0x2, 0xc, 0x3, 0x0, 0x17, 0x0, "307580b7"}, 0x3, 0x1, {0x0}, 0x7}) 2m32.630285348s ago: executing program 2 (id=1844): r0 = gettid() rt_tgsigqueueinfo(r0, r0, 0x40, &(0x7f0000000000)={0x6, 0x9729, 0x80}) 2m32.496998286s ago: executing program 2 (id=1846): syz_mount_image$iso9660(&(0x7f0000000380), &(0x7f00000000c0)='./file0\x00', 0x204818, &(0x7f00000003c0)={[{@map_off}, {@check_strict}, {@overriderock}, {@map_off}, {@unhide}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@map_off}, {@mode={'mode', 0x3d, 0x483}}]}, 0x1, 0x544, &(0x7f0000001000)="$eJzs3V9v01YfwPGfS/sQ5ZGqRw8TQlWBQ9mkIpXgJBAUceU5J+mBxI5sB7VXqKIpqkhhokxae8O4YZu0vQh2uRexd4T2EjbZTvqHJjHQv6u+nwjOiX3s8zup5Z/cxscCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADEcmu2XbSkabzOkhrNrQV+a/dtf+sDC+TWvmJMvyJW/E9yObmSLrry1e7qy/F/czKbvpuVXFzkZPu/l//34NLkxGD7MQF/lt+/cE+bW9vPV3q97qujCuQMunpx9LqG9kzom5bT0MqEvqpWKvadxXqo6qapw+Uw0i3lBtqJ/EDNu7dUsVotK11Y9jteo+Y09WDh/dsl266oh4W2doLQ9+48LITuomk2jddI2sSr4zb34wPxkYlUpJ2WUmvrvW45awBxo+KnNCplNSrZpVKxWCoVK/eq9+7b9uSBBfZH5ECLozto8e90hGdv4HAm+vlfmmLEk44siRr6cqUmgfjSGrG+b5D/v7mjx/a7N/8PsvyV3dUzkuT/a+m7a6Py/4hYTu61KVuyLc9lRXrSk668OvWITvbVEC2eGAnFFyMtcZIlqr9ESVUqUhFbnsii1CUUJXUx0hQtoSxLKJHo5IhyJRAtjkTiSyBK5sWVW6KkKFWpSlmUaCnIsvjSEU8aUhMn2cuarCefe1mUNSrGnUbFkcPID467rpTGjJb8j8M70vM3cBh/D/I/AAAAAAA4t6zkt+/x9f+UXE1qddPU9mmHBQAAAAAAjlDyl//ZuJiKa1fF4vofAAAAAIDzxkrusbNEJC/X09qaWMntUvwSAAAAAACAcyL5+/+1uEjmQLku1s50KVz/AwAAAABwTvycOcd+2L5o/fmXBMGU9ba99LW1kczN62xcSLe78PEeo/qMNd3fSVJU0mJy0tWzVi5ttDMJ5od+sZYVh7UbgLMTwI+fE8ClSflVbqRtbqym5epgTdpLvm6auuD6zQdFcZzpiUgvRd+/WP9BkuH/4rWmrZys97qFpy97q0ksb+O9vN3oT6B4YB7FMbG8TuZbSO65GDriqeRGjH6/eUvW1ntde+/4J9LNJ/b3+GZ6TJ/vZC5tNdef8Ta/f/y5uM9iYdTo+1EUDznyd3IzbXNz/mZaDImilBVFaW8Uwz+Lw0dRzoqifMgoAOC0rGVkIUsO5N0vOMt9WXaXz8zu72Q+bTM/k5xYJ2eGnNHtrDO6fcjs9seBZyCNyrFxv799lFXfxxu8H9lv2CxZ8Ud44fXGd3J5c2v79vrGyrPus+6LUqlcse/a9r2STCXD6BfkHgDAEHufsWMNzf+ZT+Gx7mZcVf9/5ysFBXkqL6Unq7KQ3G2QfONg6F7ze76GsJBx1ZpP0mT6hJeFMVd1/0nuchjstzS27f4YyifwkwAA4OTMZeThT8n/CxnX3ftz+fir4/yep7UBAIDjoYMPVj76yQoC035SrFaLTrSoVeC7j1Rgag2tjBfpwF10vIZW7cCPfNdvxpXHpqZDFXbabT+IVN0PVNsPzVIyfaDqP/o91C3Hi4wbtpvaCbVyfS9y3EjVTOiqdufbpgkXdZBsHLa1a+rGdSLjeyr0O4GrC0qFWu9paGrai0zdxFVPtQPTcoKceuw3Oy2tajp0A9OO/HSHg76MV/eDVrLbwml/2AAAnBGbW9vPV3q97qtjrAztOHfiQwUAAH0ZWRoAAAAAAAAAAAAAAAAAAAAAAJwBJ3H/H5VzXhlMBX1W4qFyBJXMU8ebYz85AThW/wQAAP//rVVPjw==") mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0) 2m32.202172043s ago: executing program 2 (id=1850): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x80, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8}, {0x8, 0x2, @dev}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @multicast2}, {0x8, 0x2, @private}}}]}, @CTA_TIMEOUT={0x8}, @CTA_SEQ_ADJ_ORIG={0x1c, 0xf, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x9}, @CTA_SEQADJ_OFFSET_BEFORE={0x4}, @CTA_SEQADJ_OFFSET_AFTER={0x8}]}]}, 0x80}}, 0x0) 2m31.600991008s ago: executing program 2 (id=1857): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000e00)=@mangle={'mangle\x00', 0x44, 0x6, 0x478, 0x0, 0x1c8, 0x98, 0x0, 0x98, 0x3e0, 0x3e0, 0x3e0, 0x3e0, 0x3e0, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x6, 0x0, 0x1}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x20}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x3, 0x1}}}, {{@uncond, 0x0, 0xe8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1, 0x9af, @multicast1, 0x4e20}}}, {{@ip={@broadcast, @multicast2, 0x0, 0xff000000, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@inet=@iprange={{0x68}, {@ipv4=@remote, @ipv6=@mcast2, @ipv6=@dev={0xfe, 0x80, '\x00', 0x32}, @ipv6=@remote, 0x20}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x0, 0x8}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4d8) 2m31.238352859s ago: executing program 32 (id=1857): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000e00)=@mangle={'mangle\x00', 0x44, 0x6, 0x478, 0x0, 0x1c8, 0x98, 0x0, 0x98, 0x3e0, 0x3e0, 0x3e0, 0x3e0, 0x3e0, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {0xff}, {0xff}, 0x6, 0x0, 0x1}, 0x0, 0x70, 0x98}, @ECN={0x28, 'ECN\x00', 0x0, {0x20}}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @TTL={0x28, 'TTL\x00', 0x0, {0x3, 0x1}}}, {{@uncond, 0x0, 0xe8, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@osf={{0x50}, {'syz0\x00'}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x1, 0x9af, @multicast1, 0x4e20}}}, {{@ip={@broadcast, @multicast2, 0x0, 0xff000000, 'veth0_vlan\x00', 'macvtap0\x00'}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@inet=@iprange={{0x68}, {@ipv4=@remote, @ipv6=@mcast2, @ipv6=@dev={0xfe, 0x80, '\x00', 0x32}, @ipv6=@remote, 0x20}}]}, @TTL={0x28, 'TTL\x00', 0x0, {0x0, 0x8}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x4d8) 3.252033481s ago: executing program 1 (id=3976): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net/ipv6_route\x00') preadv(r0, &(0x7f0000000380)=[{&(0x7f00000001c0)=""/7, 0x7}], 0x1, 0xffffffbf, 0x0) 2.893092261s ago: executing program 1 (id=3982): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8002, 0xc95a, 0x1, 0x8, 0x7fffffff, 0x2, 0x8000b, 0x7f, 0x20000006, 0x4d, 0x6, 0x2000005f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x8, 0x3, 0x5e00, 0x5, 0x24, 0x1, 0x0, 0x3c5b, 0x1, 0x21, 0x6, 0x1, 0x5, 0x200, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c76, 0x80000000, 0x40000, 0x4, 0x0, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3a, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000003, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0x800, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x1, 0x2f, 0x10, 0x315, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x8, 0x6, 0x0, 0xff, 0x4000001, 0x1000005, 0x5f31, 0xd, 0x4e2, 0x2, 0x4, 0xb, 0x8, 0x20009, 0x9, 0x9, 0x9, 0x47, 0x8000, 0x4001, 0xfe000000, 0xffff, 0xfffffffb, 0x7, 0x9, 0x5, 0x3, 0x4, 0x9b, 0x3, 0x7, 0xbc45, 0x48c93690, 0x42, 0x3], [0x3, 0x408, 0x8004, 0x0, 0xfffffffe, 0x100, 0x8d2, 0x89, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x5, 0x9, 0x5, 0x4, 0x4a61eab3, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x2, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x1fd, 0x7b, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x5, 0xac8, 0x2000af, 0x2, 0x3, 0x7ff, 0x12e, 0x4, 0x1, 0x0, 0x7, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x8000b, 0x8, 0x938, 0x6, 0x6, 0x0, 0xb9, 0x8, 0x9, 0x3, 0x58, 0x451, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x4, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0x8, 0x9, 0xffffefff, 0x10003, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0x5, 0x7, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x8d67, 0x5, 0xf3e, 0x9, 0x1, 0xffd, 0xfffffffd, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) syz_usb_connect(0x0, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="120100001b16fc40dc0501000100000000010902120001000000000904"], 0x0) 2.352036423s ago: executing program 3 (id=3992): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r0, 0x800452d2, 0xffffffffffffffff) 2.282867157s ago: executing program 4 (id=3993): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$sock_bt_hci(r0, 0x400448c9, 0x0) 2.175012243s ago: executing program 3 (id=3996): r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./bus\x00', 0x42, 0x0) fanotify_mark(r0, 0x1, 0x8000000, r0, 0x0) 1.932065547s ago: executing program 3 (id=3998): r0 = socket(0x400000010, 0x3, 0x0) write(r0, &(0x7f0000000200)="fc0000001400073eac093a00090007000aab0800080000000400e293210001c000000000060000000100000009000000fa2c1eff8656aaa79bffffffff0000002d00024000036c6c256f1a272fdf0d11512fd633d4400007f60eb8fa2e6b00000016fd368934d07302ade01720d7d5bbc91a3e2e80772c05f70c9ddef2fe082038f4f8b29d3ef3d92883170efdffffff3ae4f50504000000000040d815b2ccd243f295edbabc7c3f1a5f4e023dd16b176e83df150c3b8829a1ad0a4f41f0d48f6f0000080548deac270e37429f3694dec896592d69d381873cf1582740000000000000001ace36f071d0c22700"/252, 0xfc) 1.829399053s ago: executing program 0 (id=4000): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x1, 0xa, 0x101, 0x0, 0x0, {0x1, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x24004000}, 0x4000) 1.7156769s ago: executing program 3 (id=4001): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x6a}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) 1.645842474s ago: executing program 0 (id=4002): syz_mount_image$exfat(&(0x7f00000009c0), &(0x7f0000000000)='./file1\x00', 0x800800, &(0x7f0000000280)={[{@utf8}, {@allow_utime={'allow_utime', 0x3d, 0x9}}, {@sys_tz}, {@namecase}, {@umask={'umask', 0x3d, 0x5}}, {@umask={'umask', 0x3d, 0x7f}}, {@iocharset={'iocharset', 0x3d, 'cp936'}}, {@fmask={'fmask', 0x3d, 0x2}}, {@errors_continue}, {@sys_tz}]}, 0x1, 0x152b, &(0x7f0000000a00)="$eJzs3AmYjtXbAPD7Puc8Y0zS2yTLcM65H95kOSZJsiTJkiRJkmRLSJrkLwmJIVvSkIRkGZJlCMkyMWns+74kJEmTJCHZkvNdir/66r8vvuub+3ddzzXnfs9zn+c87/0+8yyzfNN5SI1GNas2ICL4l+AvX5IBIBYABgDANQAQAEDZ+LLxF/pzSkz+1zbC/r0eSrvSM2BXEtc/e+P6Z29c/+yN65+9cf2zN65/9sb1z964/oxlZ5umFbiWl+y78PP/7IzP//+PZJUa88WaUtd3AYj5e1O4/tkb1///reDvWYnrn71x/bOr2Cs9AfZ/AB//2UGOv9jD9c/euP6MZWdX+vnzf36Rf7UfItnhPfgr+88YY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjP0XnPaXKQC41L7S82KMMcYYY4wxxti/j89xpWfAGGOMMcYYY4yx/zwEARIUBBADOSAWckIcCAC4GnLDNRCBayEeroM8cD3khXyQHwpAAhSEQqDBgAWCEApDEYjCDVAUboRiUBxKQElwUAoS4SYoDTdDGbgFysKtUA5ug/JQASpCJbgdKsMdUAXuhKpwF1SD6lADasLdUAvugdpwL9SB+6Au3A/14AGoDw9CA3gIGsLD0AgegcbwKDSBptAMmkOLfyr/BegOL0IP6AnJ0At6w0vQB/pCP+gPA+BlGAivwCB4FVJgMAyB12AovA7D4A0YDiNgJLwJo+AtGA1jYCyMg1QYDxPgbZgI78AkmAxTYCqkwTSYDu/CDJgJs+A9mA3vwxyYC/NgPqTDB7AAFkIGfAiL4CPIhMWwBJbCMlgOK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A474GPYCZ/ALtgNe/5cv38k/9Sv8j+FvdAFAQEFClSoMAZjMBZjMQ7jMBfmwtyYGyMYwXiMxzyYB/NiXsyP+TEBE7AQFkKDBgkJC2NhjGIUi2JRLIbFsASWQIcOEzERS+PNWAbLYFksi+WwHJbHClgBK2ElrIyVsQpWwapYFathNayBNfBuvBt7YW2sjXWwDtbFupceT2EDbIANsSE2wkbYGBtjE2yCzbAZtsAW2BJbYitshW2wDbbFttgO22ESJmF7bI8dsAN2xI7YCTthZ+yMXbArds16IQfgi/gi9sRqohf2xt7YB1Ny9MP+2B9fxoH4Cr6Cr2IKDsYh+Bq+hq/jMDyJw3EEjsSRWFm8haNxDJIYh6mYihNwAk7EiTgJJ+NknIppOA2n43ScgTNxJr6Hs/F9fB/n4lycj+mYjgtwIWZgBi7CU5iJi3EJLsVluByX4UpchStxDa7FNbge1+NG3IibcTNuxa24Hbfjx6gA8BPcjbsxBffiXtyH+3A/7scDeACzMAsP4kE8hIfwMB7GI3gEj+IxPI7H8ASewJN4Ck/jaTyLZ/EcPpfwVcOPi69OAXGBEkrEiBgRK2JFnIgTuUQukVvkFhEREfEiXuQReURekVfkF/lFgkgQhUQhYYQRJMIYABBRERVFRVFRTBQTJUQJ4YQTiSJRlBalRRlRRpQVt4py4jZRXlQQrV0lUUlUFm1cFXGnqCqqimqiuqghaoqaopaoJWqL2qKOqCPqirqinnhA1Be9sB8+JC5UppEYjI3FEGwimgp58QhoKYZhK9FatBFPiBE4HNuJli5JPC3ai9HYQfxJjMFnRScxDjuL50UX0VV0Ey+I7qKV6yF6iknYS/QWU7GP6Cv6if5iBlYX7+HsnDXEqyJFDBZDxGtiPr4uhok3xHAxQowUb4pR4i0xWowRY8U4kSrGiwnibTFRvCMmicliipgq0sQ0MV28K2aImWKWeE/MFu+LOWKumCfmi3TxgVggFooM8aFYJD4SmWKxWCKWimViuVghVopVYrVYI9aKdWK92CA2ik1is9gitoptYrvYIT4WO8UnYpfYLfaIT8Ve8ZnYJz4X+8UX4oD4UmSJr8RB8bU4JL4Rh8W34oj4ThwVx8Rx8b04IX4QJ8UpcVqcEWfFj+Kc+EmcF16ARCmklEoGMkbmkLEyp4yTV8lcMrj47l4r4+V1Mo+8XuaV+WR+WUAmyIKykNTSSCtJhrKwLCKj8gZZVN4oi8nisoQsKZ0sJRPlTbK0vFmWkbfIsvJWWU7eJsvLCrKirCRvl5XlHRIiv2yjmqwua8ia8m6ZDPfI2vJeWUfeJ+vK+2U9+YCsLx+UDeRDsqF8WDaSj8jG8lHZRDaVzWRz2UI+JlvKx2Ur2Vq2kU/ItvJJ2U4+JZPk07K99Bc/Is/KTvI52Vk+L7vIrrKb/Emel172kD0l9ALZW74k+8i+sp/sLwfIl+VA+YocJF+VKXKwHCJfk0Pl63KYfEMOlyPkSPmmHCXfkqPlGDlWjpOpcrycIN+WE+U7cpKcLKfIqTJNTpP9Lo40S8q/mf/2r/MvnHrlNDno561vlJvkZrlFbpXb5Ha5Q34sd8qdcpfcJffIPXKv3Cv3yX1yv9wvD8gDMktmyYPyoDwkD8nD8rA8Io/Io/KYPCO/lyfkD/KkPCVPyTPyrDwrz118D0ChEkoqpQIVo3KoWJVTxamrVC51tcqtrlERda2KV9epPOp6lVflU/lVAZWgCqpCSiujrCIVqsKqiIqqG/DiB0aVUCWVU6VUorrpH8lXRdWNqpgq/pv8S/NL/gvza6FaqJaqpWqlWqk2qo1qq9qqdqqdSlJJqr1qrzqoDqqj6qg6qU6qs+qsuqguqpvqprqr7qqH6qGSVbLqrV5SfVRf1U/1VwPUy2qgGqgGqUEqRaWoIWqIGqqGqmFqmBquhquRaqQapUap0Wq0GqvGqlSVqiaoCWqimqgmqUlqipqi0lSamq6mqxlqhpqlZqnZaraao+aoeWqeSlfpaoFaoDJUhlqkFqlMtVgtVkvVUrVcLVcr1Uq1Wq1Wa9VatV6tV5lqk9qktqgtapvapnaoHWqn2ql2qV1qj9qj9qq9ap/ap/ar/eqAOqCyVJY6qA6qQ+qQOqwOqyPqiDqqjqrj6rg6oU6ok+qkOq1Oq7PqrDqnzqnz6ryCQIAIRKACFcQEMUFsEBvEBXFBriBXkDvIHUSCSBAfxAd5guuDvEG+IH9QIEgICgaFAh2YwAbiYtGjwQ1B0eDGoFhQPCgRlAxcUCpIDG4KSgc3B2WCW4Kywa1BueC2oHxQIagYVApuDyoHdwRVgjuDqsFdQbWgelAjqBncHdQK7glqB/cGdYL7grrB/UG94IGgfvBg0CB4KGgYPBw0Ch4JGgePBk2CpkGzoHnQ4t86vvcn8z3ueuieOln30r31S7qP7qv76f56gH5ZD9Sv6EH6VZ2iB+sh+jU9VL+uh+k39HA9Qo/Ub+pR+i09Wo/RY/U4narH6wn6bT1Rv6Mn6cl6ip6q0/Q0PV2/q2fomXqWfk/P1u/rOXqunqfn63T9gV6gF+oM/aFepD/SmXqxXqKX6mV6uV6hV+pVerVeo9fqdXq93qA36k16s96it+pterveoT/WO/UnepferffoT/Ve/Znepz/X+/UX+oD+Umfpr/RB/bU+pL/Rh/W3+oj+Th/Vx/Rx/b0+oX/QJ/UpfVqf0Wf1j/qc/kmf1/7Cxf2F07tRRpkYE2NiTayJM3Eml8llcpvcJmIiJt7Emzwmj8lr8pr8Jr9JMAmmkClkLiBDprApbKImaoqaoqaYKWZKmBLGGWcSTaIpbUqbMqaMKWvKmnKmnClvypuKpqK53dxu7jB3mDvNneYuc5epbqqbmqamqWVqmdqmtqlj6pi6pq6pZ+qZ+qa+aWAamIamoWlkGpnGprFpYpqYZqaZaWFamJampWllWpk2po1pa9qadqadSTJJpr1pbzqYDqaj6Wg6mU6ms+lsupguppvpZrqb7qaH6WGSTbLpbXqbPqaP6Wf6mQFmgBloBppBZpBJMSlmiBlihpqhZpgZZoabEWbkhQtV85YZbcaYsWacSTWpZoKZYCaaiWaSmWSmmCkmzaSZ6Wa6mWFmmFlmlpltZps5Zo6ZZ+aZdJNuFpgFJsNkmEVmkck0mWaJWWKWmWVmhVlhVplVZo1ZY9bBOrPBbDCbzCazxWwx28w2s8PsMDvNTrPL7DJ7zB6z1+w1+8w+s9/sNwfMAZNlssxBc9AcMofMYXPYHDFHzFFz1Bw3x80Jc8KcNCfNaXPanDX5Lp4vvYm1OW2cvcrmslfb3PYa+7/j/LaATbAFbSGrbV6b7zexsdYWs8VtCVvSOlvKJtqbfheXtxVsRVvJ3m4r2ztsld/Ftew9tra919ax99ma9u7fxHXt/baefcTWRwSwTW1D29w2so/YxvZR28Q2tc1sc9vWPmnb2adskn3atrfP/C5eYBfaVXa1XWPX2l12tz1tz9hD9ht71v5oe9iedoB92Q60r9hB9lWbYgf/Lh5p37Sj7Ft2tB1jx9pxv4un2Kk2zU6z0+27doad+bs43X5gZ9sMO8fOtfPs/J/jC3PKsB/aRfYjm2kDWGKX2mV2uV1hV/55rkvtervBbrQ77Sd2i91qt9ntdselC2G72+6xn9q99jN70H5t99sv7AF72GbZr36OL+zfYfutPWK/s0ftMXvcfm9P2B/UpewL+/69/cmet94CIQFJUhRQDOWgWMpJcXQV5aKrKTddQxG6luLpOspD11Neykf5qQAlUEEqRJoMWSIKqTAVoSjdQJemV4JKkqNSlEg3UWm6mcrQLVSWbqVydBuVpwpUkSrR7VSZ7qAqdCdVpbuoGlWnGlST7qZadA/VpnupDt1Hdel+qkcPUH16kBrQQ9SQHqZG9Ag1pkepCTWlZtScWtBj1JIep1bUmtrQE9SWnqR29BQl0dPUnp6hDvQn6kjPUid6jjrT89SFulI3eoG604vUg3pSMvWi3vQS9aG+1I/60wB6mQbSKzSIXqUUGkxD6DUaSq/TMHqDhtMIGklv0ih6i0bTGBpL4yiVxtMEepsm0js0iSbTFJpKaTSNptO7NINm0ix6j2bT+zSH5tI8mk/p9AEtoIWUQR/SIvqIMmkxLaGltIyW0wpaSatoNa2htbSO1tMG2kibaDNtoa20jbbTDvqYdtIntIt20x76lPbSZ7SPPqf99AUdoC8pi76ig/Q1HaJv6DB963vSd3SUjtFx+p5O0A90kk7RaTpDZ+lHOkc/0XnyBCGGIpShCoMwJswRxoY5w7jwqjBXeHWYO7wmjITXhvHhdWGe8Powb5gvzB8WCBPCgmGhUIcmtCGFYVg4LBJGwxvCouGNYbGweFgiLBm6sFSYGN4Ulg5vDsuEt4Rlw1vDcuFtYfmwQvjIfZXC28PK4R1hlfDOsGp4V1gtrB7WCGuGd4e1wnvC2uG9YZ3wvrBMeH9YL3wgrB8+GDYIHwobhg+HjcJHwsbho2GTsGnYLGwetggfC1uGj4etwtZhm/CJsG34ZNgufCpMCp8O24fP/Nx//8K/3J8c9gp7hy+FL4Xe3yvnRedH06MfRBdEF0Yzoh9GF0U/imZGF0eXRJdGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGva+ZAxw64aRTLnAxLoeLdTldnLvK5XJXu9zuGhdx17p4d53L4653eV0+l98VcAmuoCvktDPOOnKhK+yKuKi7wRV1N7pirrgr4Uo650q5RNfctXAtXEv3uGvlWrs27gn3hHvSPemeck+5p11794zr4P7kOrpnXSf3nHvOPe+6uK6um3vBdXfjc/9yTCa73q636+P6uH6unxvgBriBbqAb5Aa5FJfihrghbqgb6oa5YW64G+5GupFulBvlRrvRbqwb61JdqpvgJriJbqKb5Ca5KW6KS3Npbrqb7ma4Ga7yzF+2MsfNcfPcPJfu0t0Cd+GaMcMtcotcpst0S9wSt8wtcyvcCrfKrXJr3Bq3zq1zG9wGt8ltclvcFrfNbXM73A630+10u/w1vwzq9rp9bp/b7/a7A+5Ll+W+cgfd1+6Q+8Yddt+6I+47d9Qdc8fd9+6E+8GddKfcaXfGnXU/unPuJ3feeZcaGR+ZEHk7MjHyTmRSZHJkSmRqJC0yLTI98m5kRmRmZFbkvcjsyPuROZG5kXmR+ZH0yAeRBZGFkYzIh5FFkY8imZHFkSWRpZFlkeUR7wtuCX1hX8RH/Q2+qL/RF/PFfQlf0jtfyif6m3xpf7Mv42/xZf2tvpy/zZf3FXxF/6hv4pv6Zr65b+Ef8y39476Vb+3b+Cd8W/+kb+ef8kn+ad/eP+M7+D/5jv5Z38k/5zv7530X39V38y/47v5F38P39Mm+l+/tX/J9fF/fz/f3A/zLfqB/xQ/yr/oUP9gP8a/5of51P8y/4Yf7EX5kzJt+1KVbZBjnU/14P8G/7Sf6d/wkP9lP8VN9mp/mp/t3/Qw/08/y7/nZ/n0/x8/18/x8n+4/8Av8Qp/hP/SL/Ec+0y++9FDSr/Ar/Sq/2q/xa/06v95v8Bv9Jr/Zb/Fb/Ta/3e/wH/ud/hO/y+/2e/ynfq//zO/zn/v9/gt/wH/ps/xX/qD/2h/y3/jD/lt/xH/nj/pj/rj/3p/wP/iT/pQ/7c/4s/5Hf87/5M/z36wxxhhjjP1dxl9uit/2/PI4v9cf5IhfrdwbAK7eWiDr1/0XrijX5f2l3VcktI0AwNM9Oz90aalWLTk5+eK6mRKCInMBLv0k6IIYuBwvhjbwJCRBayj9h/PvK7qepb8xfvRWgLhf5cTC5fjy+J8DYPIfjP/YEyMXlAtPx/+V8ecCFCtyOScnXI4XQ5ufn6+0hjJ/Yf75Wv6N+ef8IhWg1a9ycsHl+PL8E+FxeAaSfrMmY4wxxhhjjDH2i76iYsdL95+XfuPzj+7PE9TlnBxwOf5b9+eMMcYYY4wxxhi78p7t2u2px5KSWnf8xxtV/qmsv7vRGP5TI3PjDxveA1x6RQHAvzggwIWG/G/uxeb/yrZSLh46/7tr2RkfwP+NUv7zjbF/fuUKf2NijDHGGGOM/dtdvvr/7evqSk2IMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhjLhv4b/1fsSu8jY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxdqX9TwAAAP//HmP+kg==") mount$afs(&(0x7f0000000e00)=ANY=[@ANYBLOB='%s@z0:'], &(0x7f0000000e40)='.\x00', &(0x7f0000000e80), 0x3000000, 0x0) 1.631351855s ago: executing program 3 (id=4003): r0 = socket$alg(0x26, 0x5, 0x0) syz_usb_connect(0x5, 0x24, &(0x7f0000001080)=ANY=[@ANYBLOB="1201000079db8540da0b77010b7d000000010902120001000000000904", @ANYRES32, @ANYRES16=r0], 0x0) 1.456689315s ago: executing program 5 (id=4005): r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0xd5) 1.37038102s ago: executing program 1 (id=4006): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac1414000c00090008"], 0x30}}, 0x4004) 1.360097751s ago: executing program 0 (id=4007): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_DESTROY(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)={0x14, 0x3, 0x6, 0x101, 0x0, 0x0, {0x2, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x40841}, 0x4) 1.207594489s ago: executing program 5 (id=4008): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="a0000000000101040000000000000000020000002400018014000180080001000000000008000200ac1414000c0002800500010000000000240002800c00028005000100000000001400018008000100e0000002080002000000000008000740000000003c00188008000340000000000800024000000000080001"], 0xa0}}, 0x0) 1.2073105s ago: executing program 4 (id=4009): r0 = socket$kcm(0xa, 0x6, 0x0) setsockopt$sock_attach_bpf(r0, 0x10d, 0x4, 0x0, 0xf000000) 1.179705692s ago: executing program 1 (id=4010): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=@newlink={0x50, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macvlan={{0xc}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACVLAN_MODE={0x8, 0x1, 0x8}]}}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'macvlan0\x00'}]}, 0x50}}, 0x8000) 1.113076405s ago: executing program 0 (id=4011): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000f80)={'dummy0\x00', &(0x7f0000000f40)=@ethtool_stats={0x50}}) 1.048127059s ago: executing program 1 (id=4012): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001180)=ANY=[@ANYBLOB="68000000020601080000000600000000000000000e0003006269746d61703a697000000005000400000000000900020073797a30000000002000078005001400040000000c0001800800010080ffffff050003000000000005000500020000000500010006"], 0x68}}, 0x0) 938.740635ms ago: executing program 0 (id=4013): futex(&(0x7f000000cffc)=0x4, 0xb, 0x4, 0x0, &(0x7f0000048000)=0x2, 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, &(0x7f0000000040), &(0x7f0000048000), 0x0) 931.388456ms ago: executing program 5 (id=4014): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0) setsockopt$bt_BT_CHANNEL_POLICY(r0, 0x112, 0xa, &(0x7f0000000300)=0x8, 0x4) 830.911241ms ago: executing program 4 (id=4015): r0 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0x80044100, &(0x7f0000000080)) 765.995486ms ago: executing program 1 (id=4016): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file0\x00', 0x21c91c, &(0x7f0000000500)={[{@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800000}}, {@noblock_validity}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x200000}}, {@jqfmt_vfsold}, {@noinit_itable}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xe4a}}, {@noauto_da_alloc}, {@sysvgroups}, {@resgid, 0x32}]}, 0x1, 0x4e0, &(0x7f0000001a40)="$eJzs3d9rW9cdAPDvla0sP5zZYXvIAsvCkmGHLZIdL4nZQ7bB2J4C27L3zLNlYyxbxpKT2ITNYX/AYIy10Kc+9aXQP6BQ8ieUQqB9L21pKW3SPhTaRkVXUuI4UuwQWUqtzweOdO7Rvfqeo4uO7rn3cBVA3zoVEacj4kG1Wj0bEcON8kwjxWY91da7f+/WTC0lUa1e/SyJSOpltdXGtrznkcZmByPir3+K+EfyZNzy+sbidLFYWG0s5ytLK/ny+sa5haXp+cJ8YXlycuLi1KWpC1PjHWnnUERc/sNH///Pa3+8/Navbrx/7ZOxfyaN8ohH7ei0etOz6WfRNBgRq3sRrEcG0xYCAPB90DzO/3lEnI3hGEiP5gAAAID9pPrbofgmiagCAAAA+1YmnQObZHKNeQBDkcnkcvU5vD+Ow5liqVz55VxpbXm2Pld2JLKZuYViYbwxV3gksklteSLNP1o+v215MiKORcT/hg+ly7mZUnG21yc/AAAAoE8c2Tb+/3K4Pv7f4uueVQ4AAADonJFeVwAAAADYc8b/AAAAsP8Z/wMAAMC+9ucrV2qp2vz/69nr62uLpevnZgvlxdzS2kxuprS6kpsvlebTe/Yt7fR+xVJp5dexvHYzXymUK/ny+sa1pdLacuXawmN/gQ0AAAB00bGf3XkviYjN3xxKU82BXlcK6IrBZ1n5w72rB9B9A72uANAzz/T7D+wr2V5XAOi5ZIfX207eebvzdQEAAPbG6E9aX/8f2PHcwGamS1UE9ojzf9C/XP+H/uX6P/SvbAyEgTz0t51uAfr81/+r1WeqEAAA0HFDaUoyuYj0PMBQZDK5XMTRdEyQTeYWioXxiPhhRLw7nP1BbXki3TLZcc4wAAAAAAAAAAAAAAAAAAAAAAAAAFBXrSZRBQAAAPa1iMzHSXo3/4jR4TND288PHEi+Gk6fI+LGK1dfujldqaxO1Mo/f1heeblRfr4XZzAAAACA7Zrj9OY4HgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA66f69WzPN1M24n/4+IkZaxR+Mg+nzwchGxOEvkhjcsl0SEQMdiL95OyKOt4qf1KoVI41atIp/qMfxj3QgPvSzO7X+53etvn+ZOJU+t/7+XUx7qOfXvv/LPOz/BlrEr5Ud3WWME3ffyLeNfzvixGDr/qcZP2nT/5zeZfy//21jo91r1VcjRlv+/iSPxcpXllby5fWNcwtL0/OF+cLy5OTExalLUxemxvNzC8VC47FljP/+9M0HT2v/4TbxR3Zo/5ldtv/buzfv/aiezT7cPHkUf+x06/1/vE38TGP//6KRr70+2sxv1vNbnXz9nZNPa/9sm/bvtP/Hdtn+s3/59we7XBUA6ILy+sbidLFYWO3rzHN9GrXDoheiFS9mpva5vgDVaJn51x68c+3IvNft6kSmp90SAACwB54cAwMAAAAAAAAAAAAAAAAAAADd1o3biWW3xdxMHztx93wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM75LgAA///6fNJN") syz_mount_image$exfat(0x0, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2901842, 0x0, 0x0, 0x0, &(0x7f0000000100)) 707.058979ms ago: executing program 5 (id=4017): r0 = socket$inet6(0xa, 0x2, 0x0) sendmmsg$inet6(r0, &(0x7f0000007a80)=[{{&(0x7f00000000c0)={0xa, 0x4e20, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x8}, 0x1c, 0x0, 0x0, &(0x7f0000002740)=[@pktinfo={{0x24, 0x29, 0x32, {@mcast2}}}], 0x28}}], 0x1, 0x80) 706.519278ms ago: executing program 4 (id=4018): r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000000c0)="ff", 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_MOVE(0x1e, r0, 0xffffffffffffffff, 0x0, 0x0) 619.571434ms ago: executing program 0 (id=4019): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000580)={&(0x7f0000000140)={0x2, 0x3, 0x0, 0x9, 0xe, 0x0, 0x70bd2a, 0x0, [@sadb_address={0x5, 0x6, 0x33, 0x0, 0x0, @in6={0xa, 0x0, 0x2, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x2, 0xa, 0x0, 0x20000000}, @sadb_address={0x5, 0x5, 0x33, 0x0, 0x0, @in6={0xa, 0x1, 0x10001, @mcast1}}]}, 0x70}, 0x1, 0x7}, 0x4010) 535.057889ms ago: executing program 4 (id=4020): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x5, 0x10, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {}, {0x7, 0x0, 0xb, 0x9}}, @printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x76}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 430.547615ms ago: executing program 5 (id=4021): syz_mount_image$iso9660(&(0x7f00000000c0), &(0x7f0000000080)='./file0\x00', 0x4400, &(0x7f0000000240)=ANY=[@ANYBLOB='check=strict,session=0x0000000000000024,iocharset=ascii,overriderockperm,overriderockperm,gid=', @ANYRESOCT=0x0, @ANYRES16=0x0], 0xf6, 0xa1a, &(0x7f0000000d00)="$eJzs3c1vVOe9B/DvGWxjnIhLEm4uFyVhICJxEq6xzQ0IZXED9hic65fKNlJQW4UoQIWwmipppSTqgkhVV40aVVWltpsqy64ipYtmU7Frl111UanNf1BF3ZQuKldzZozf5gWMsSn9fEbDefs9b3POnIc5njlP+Fe2tLRUPje5fOGX21lZHjxnx7/45NOP6s8Pb6Qvu/Jy8eukP0k16flHeaz0jo3PzU53yeh6cinJzaRIsjuNaRt71ixdSvHDPLqyfDPFz3OgRbL+u2wcXS3xb22njz8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHggjY0PD48UmZqcufB6tb1yCPAO25ez+7wc9bv4vFuxRVLUn+nvXx7q+8D+lc1P1v85kqcaS081Rv7uzwePPLnvlSd6KsvpO1RoW7z7/gfX31xcvPLOyqreloE9zXbV53dvW/XuXN/mkp2rzUzOz05OnzlXq07Oz1ZPnzw5fPz8xHx1YjK1+YvzC7Xp6thc7czC7Fx1cOyF6sjp0yeqtaGLsxdmzo0PTdWWV576n9Hh4ZPV14a+UjszNz87c/y1ofmx85NTU5Mz58qY+uZ6zKn6gfj/kwvVhdqZ6Wr16rXFKye6VbIeNNJyS7E2aLRbTqPDo6MjI6OjIydfPv3yqeHhng0rhtfJhoidP2jZOb/a0nM33KNKs//PVCYzkwt5PdWWj7GMZy6zmW6zvWm5/z96vNax3NX9/3Ivf2Bl88GU/f8zjaVn2vX/berS/bG01Mh5s+mXH+/m/XyQ63kzi1nMlbxzzzluePx9i/Kp3ntrNz7OpZaZTGY+s5nMdM6Ua6rNNdWczsmczHDeyPlMZD7VTGQyU6llPhczn4XUyiNqLHOp5UwWMpu5VDOYsbyQakZyOqdzItXUMpSLmc2FzORcxnOmzOVqrpWv+4kOdbwdNHInQaMdgraq/+9rHuUP4v8Eud+29PwN92Kp2f/3tQ1YWp4bHNu2WgEAAABb6b9/l737H//tn5LePF1el5+YnKoN73S1AAAAgC1Ufl3vqfqktz73dAqf/wEAAOBhU5S/sSuSDORQY67xS6hdcREAAAAAHhLl3/+fqU8G6nOHUty+E8qlna4bAAAAsDW632O/a0RxbPn2v9XLjenlZkTzPr8DE5NTtaGx2alXRvJceZeB8pcGG3LblRS95c8PXszhRtThgcZ0YG2O/fWokaFXRvJijjQbMvhsffLsYIvI0Ubk843I5ztEnqhHAsDD7kiH/vhO+/8Xc6wRcexgT1+SnoMtetZhPSsAPCi6j7HTKaKn7P//d+Xzf28z2zX9/+O5+rfGVwqG8lbezmIu51j5a4PyGwdrcv3ax81rBre/hjCcY12uBizH/v5UJce6XA8YWDXQy7EuVwQasfl6cuL+7wgA2EZH2vTDd9b/L1//X/n8n42f/28PLXTFTwoB4IFwewT7+ziz020EANbSSwMAAAAAAAAAAAAAAAAAAAAAAAAAAMDW29K7/fdvMvmfm+P63d9hCDbM7Gm+BpvP50dJtq/OxRaXVdmCfJaSbNf+2r6Z7Es2/aq2PIz7kux8u7rO9DTfEtffXNypMxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbqUh2tVpfSXYnGU5yfPtrdf/c2OkKbL//W71Q3MqtvJe9O1cdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICHU/P+/5U0po80VqWnkhxNcinJV3e6jlvp1k5XYIvs2WS6Vff/r+/zLBXpaez2FL1j43Oz0/XdX479UPnik08/qj9XJd99p+WUgZV1g0s0S1gf+4tHl+ceK1MNjF959/q33/5WdfxsKunL2YWJqfHpc3OvriR5svgsqabxXLZc3+8e/c3HLVr+Wb2lra0vd6J8ccY3lvtfrVJ3LreTa4tXRuslLdReX/jON6+9t2rT4zmcPDuYDK4t6Rv1Z5uSDqe3U2nFl8X3i735SS6V+7/+ahRLRX0X/UfZ/j1Xry1eGXrr7cXLbeq0L4eSXE76O9fpw1WbD5Xnk5bKo67SWy91uAyq/7O/Sxs7WpXjSJs2PFYeMgPNNvS1bcNq1fZtKK163SuttjdqdKJNjZ7Icy329NLupH2Nnuu8p1srviz+WJzPH/K9VeN/VOr7/2javzvXZlFGrjpS2kZWGpFly0dXb3hjfeRffnpHtW85TA136wdr3ryVVef/5r7aovPRUtHxfLSqxLt7X6wrcd1R0eF9UfZI+9elaJ592qVp1nN/I6pNPf8zLyU9BzudFTf01i91OaPcTv9q682bff//rBjMX3PD+D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCDr0h2tVpfSY4m2be8XE2W7iLb3e02VAaKu63ilrpx+5+HQuVuExS3civvZe/9qQ4AAAAAAAAA2+3s+BeffPpR/Vnsaa5q/n2/mvQk2Vf8eE/G52anu2TUm1xKcrM+399ie4c/99fT5dGV5Zv1pQN32xIA4E79MwAA///gvF8m") openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0, 0x1c6) 123.515943ms ago: executing program 4 (id=4022): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000a80)=@raw={'raw\x00', 0x8, 0x3, 0x2e0, 0x148, 0x11, 0x148, 0x0, 0x0, 0x248, 0x2a8, 0x2a8, 0x248, 0x2a8, 0x3, 0x0, {[{{@uncond, 0x0, 0x100, 0x148, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'ip_vti0\x00', {0x0, 0x0, 0x9, 0x0, 0x0, 0x3, 0x7}}}, @common=@unspec=@owner={{0x38}, {0x0, 0x0, 0x0, 0x0, 0x2, 0x1}}]}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x800000, 'netbios-ns\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}, @common=@unspec=@quota={{0x38}}]}, @common=@inet=@SET2={0x30, 'SET\x00', 0x2, {{0x0, 0x5, 0x3}, {0x0, 0x3, 0x4}, 0xffffffff, 0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x340) 17.275989ms ago: executing program 5 (id=4023): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x3) 0s ago: executing program 3 (id=4024): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, 0x0, 0x1a) kernel console output (not intermixed with test programs): node 0x1a as bad. Run chkdsk. [ 254.322617][ T9297] ntfs: (device loop0): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 254.390030][ T9297] ntfs: (device loop0): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 254.806248][ T9329] loop1: detected capacity change from 0 to 256 [ 254.928403][ T9329] FAT-fs (loop1): Directory bread(block 64) failed [ 254.953748][ T9329] FAT-fs (loop1): Directory bread(block 65) failed [ 254.975110][ T9329] FAT-fs (loop1): Directory bread(block 66) failed [ 254.983326][ T9333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2164'. [ 255.010327][ T9329] FAT-fs (loop1): Directory bread(block 67) failed [ 255.038743][ T9333] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2164'. [ 255.048375][ T9329] FAT-fs (loop1): Directory bread(block 68) failed [ 255.060206][ T9329] FAT-fs (loop1): Directory bread(block 69) failed [ 255.106836][ T9329] FAT-fs (loop1): Directory bread(block 70) failed [ 255.138830][ T9329] FAT-fs (loop1): Directory bread(block 71) failed [ 255.164426][ T9329] FAT-fs (loop1): Directory bread(block 72) failed [ 255.185984][ T9329] FAT-fs (loop1): Directory bread(block 73) failed [ 255.515614][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.572632][ T9348] loop5: detected capacity change from 0 to 4096 [ 255.628568][ T9348] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 255.742127][ T9348] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 256.683947][ T26] audit: type=1400 audit(1770379753.660:82): apparmor="DENIED" operation="change_onexec" info="label not found" error=-2 profile="unconfined" name=3AA009F5 pid=9393 comm="syz.3.2191" [ 257.326346][ T9382] loop0: detected capacity change from 0 to 32768 [ 257.411362][ T9382] JBD2: Ignoring recovery information on journal [ 257.567770][ T9417] loop3: detected capacity change from 0 to 4096 [ 257.573230][ T9382] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 257.633411][ T9417] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 257.887133][ T9431] netlink: 12 bytes leftover after parsing attributes in process `syz.5.2208'. [ 257.901779][ T4269] ocfs2: Unmounting device (7,0) on (node local) [ 258.322134][ T9441] loop5: detected capacity change from 0 to 4096 [ 258.375130][ T9441] ntfs3: loop5: ino=3, Correct links count -> 2. [ 258.620236][ T9451] loop0: detected capacity change from 0 to 4096 [ 258.693667][ T9451] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 259.687120][ T9494] loop1: detected capacity change from 0 to 1024 [ 259.882415][ T75] hfsplus: b-tree write err: -5, ino 4 [ 259.976251][ T9503] netlink: 180900 bytes leftover after parsing attributes in process `syz.4.2239'. [ 260.048017][ T9503] openvswitch: netlink: Flow actions attr not present in new flow. [ 260.150669][ T9475] loop5: detected capacity change from 0 to 32768 [ 260.193482][ T9511] netlink: 'syz.1.2244': attribute type 27 has an invalid length. [ 260.218411][ T9511] netlink: 164 bytes leftover after parsing attributes in process `syz.1.2244'. [ 260.330609][ T9475] XFS (loop5): DAX unsupported by block device. Turning off DAX. [ 260.377993][ T9475] XFS (loop5): Mounting V5 Filesystem [ 260.502941][ T9475] XFS (loop5): Ending clean mount [ 260.525323][ T9475] XFS (loop5): Quotacheck needed: Please wait. [ 260.602128][ T9475] XFS (loop5): Quotacheck: Done. [ 260.723180][ T8580] XFS (loop5): Unmounting Filesystem [ 260.886172][ T9543] autofs4:pid:9543:autofs_fill_super: called with bogus options [ 261.237420][ T9557] loop1: detected capacity change from 0 to 64 [ 261.255418][ T9558] nft_compat: unsupported protocol 5 [ 261.444906][ T6078] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 261.454279][ T9562] loop0: detected capacity change from 0 to 64 [ 261.653801][ T6078] usb 4-1: Using ep0 maxpacket: 32 [ 261.688766][ T6078] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9 [ 261.723383][ T6078] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 261.765637][ T6078] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.784158][ T6078] usb 4-1: Product: syz [ 261.788473][ T6078] usb 4-1: Manufacturer: syz [ 261.820251][ T6078] usb 4-1: SerialNumber: syz [ 261.863993][ T6078] usb 4-1: config 0 descriptor?? [ 261.869695][ T9552] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 261.878203][ T9573] netlink: 'syz.1.2269': attribute type 2 has an invalid length. [ 261.899136][ T6078] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input16 [ 262.210915][ T14] usb 4-1: USB disconnect, device number 13 [ 262.211134][ C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 262.303691][ T6078] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 262.493868][ T6078] usb 1-1: Using ep0 maxpacket: 32 [ 262.501700][ T6078] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 262.527553][ T6078] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 262.550172][ T9593] program syz.4.2278 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 262.551679][ T6078] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 262.595577][ T6078] usb 1-1: Product: syz [ 262.603750][ T6078] usb 1-1: Manufacturer: syz [ 262.611779][ T6078] usb 1-1: SerialNumber: syz [ 262.638078][ T6078] usb 1-1: config 0 descriptor?? [ 262.650751][ T9584] loop1: detected capacity change from 0 to 32768 [ 262.658918][ T6078] quatech2 1-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 262.683523][ T9584] (syz.1.2273,9584,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 262.766615][ T9584] (syz.1.2273,9584,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 262.859748][ T9584] JBD2: Ignoring recovery information on journal [ 262.895177][ T6078] usb 1-1: qt2_setup_urbs - submit read urb failed -8 [ 262.918269][ T9600] loop3: detected capacity change from 0 to 256 [ 262.928734][ T6078] quatech2: probe of 1-1:0.0 failed with error -8 [ 262.990157][ T9584] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 263.010043][ T9600] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 263.121839][ T14] usb 1-1: USB disconnect, device number 8 [ 263.188948][ T9584] (syz.1.2273,9584,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x438, computed 0x1cec3d0f. Applying ECC. [ 263.233408][ T9584] (syz.1.2273,9584,1):ocfs2_block_check_validate:416 ERROR: Fixed CRC32 failed: stored: 0x438, computed 0x1cec3d0f [ 263.314667][ T9584] (syz.1.2273,9584,1):ocfs2_read_quota_phys_block:160 ERROR: status = -5 [ 263.338777][ T9584] (syz.1.2273,9584,1):ocfs2_quota_read:201 ERROR: status = -5 [ 263.380944][ T9584] Quota error (device loop1): find_tree_dqentry: Can't read quota tree block 4 [ 263.422066][ T9584] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 263.481311][ T9584] (syz.1.2273,9584,1):ocfs2_acquire_dquot:878 ERROR: status = -5 [ 263.521502][ T9584] (syz.1.2273,9584,1):ocfs2_symlink:1879 ERROR: status = -5 [ 263.554866][ T9584] (syz.1.2273,9584,1):ocfs2_symlink:2065 ERROR: status = -5 [ 263.606935][ T9617] autofs4:pid:9617:autofs_fill_super: called with bogus options [ 263.616209][ T9615] loop3: detected capacity change from 0 to 2048 [ 263.689482][ T4270] ocfs2: Unmounting device (7,1) on (node local) [ 263.712534][ T9615] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 263.792286][ T9615] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 264.726290][ T9657] loop3: detected capacity change from 0 to 1764 [ 264.751805][ T9646] loop1: detected capacity change from 0 to 4096 [ 264.823068][ T9646] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 264.982660][ T9646] ntfs3: loop1: failed to convert "c46c" to cp863 [ 265.132841][ T9669] netlink: 'syz.3.2312': attribute type 27 has an invalid length. [ 265.187309][ T9669] netlink: 164 bytes leftover after parsing attributes in process `syz.3.2312'. [ 265.296188][ T9675] netlink: 'syz.1.2314': attribute type 11 has an invalid length. [ 265.324209][ T9678] netlink: 'syz.5.2315': attribute type 1 has an invalid length. [ 265.354259][ T9675] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2314'. [ 265.481817][ T26] audit: type=1326 audit(1770379762.450:83): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 265.584067][ T26] audit: type=1326 audit(1770379762.490:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=210 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 265.672036][ T9687] loop1: detected capacity change from 0 to 256 [ 265.708505][ T26] audit: type=1326 audit(1770379762.490:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 265.794257][ T9696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2322'. [ 265.803276][ T26] audit: type=1326 audit(1770379762.490:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9681 comm="syz.4.2316" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 265.826314][ T9692] x_tables: duplicate underflow at hook 4 [ 265.867064][ T9696] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2322'. [ 265.916065][ T9696] netlink: 7 bytes leftover after parsing attributes in process `syz.4.2322'. [ 266.280523][ T9707] netdevsim netdevsim4 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 266.340811][ T9707] netdevsim netdevsim4 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 266.385688][ T9707] netdevsim netdevsim4 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 266.450890][ T9707] netdevsim netdevsim4 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 267.123181][ T9735] netlink: 'syz.1.2339': attribute type 4 has an invalid length. [ 267.173762][ T9735] netlink: 'syz.1.2339': attribute type 10 has an invalid length. [ 267.233753][ T9735] netlink: 152 bytes leftover after parsing attributes in process `syz.1.2339'. [ 267.375125][ T9736] loop4: detected capacity change from 0 to 4096 [ 267.494445][ T9736] ntfs3: loop4: Failed to load $Extend. [ 267.595248][ T9736] ntfs3: loop4: ino=5, "/" directory corrupted [ 268.178097][ T9772] ieee802154 phy1 wpan1: encryption failed: -22 [ 268.239378][ T9777] loop0: detected capacity change from 0 to 512 [ 268.264684][ T9777] EXT4-fs: Ignoring removed mblk_io_submit option [ 268.281491][ T9778] ip6gretap1: default qdisc (pfifo_fast) fail, fallback to noqueue [ 268.351193][ T9774] loop5: detected capacity change from 0 to 4096 [ 268.368760][ T9777] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 268.426870][ T9777] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.2356: attempt to clear invalid blocks 2 len 1 [ 268.511242][ T9786] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 268.529610][ T9777] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 268.583239][ T9774] syz.5.2355: attempt to access beyond end of device [ 268.583239][ T9774] loop5: rw=524288, sector=2097320, nr_sectors = 8 limit=4096 [ 268.617510][ T9777] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2356: invalid indirect mapped block 1819239214 (level 0) [ 268.662439][ T9789] x_tables: ip_tables: REDIRECT target: used from hooks POSTROUTING, but only usable from PREROUTING/OUTPUT [ 268.685196][ T9774] syz.5.2355: attempt to access beyond end of device [ 268.685196][ T9774] loop5: rw=0, sector=2097320, nr_sectors = 8 limit=4096 [ 268.733794][ T9777] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2356: invalid indirect mapped block 1819239214 (level 1) [ 268.774367][ T26] audit: type=1800 audit(1770379765.750:87): pid=9774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.2355" name="file2" dev="loop5" ino=16 res=0 errno=0 [ 268.825145][ T9794] loop3: detected capacity change from 0 to 512 [ 268.859343][ T9777] EXT4-fs (loop0): 1 truncate cleaned up [ 268.881917][ T9777] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 268.900153][ T9794] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 268.971804][ T9794] EXT4-fs (loop3): orphan cleanup on readonly fs [ 269.015045][ T9794] EXT4-fs error (device loop3): mb_free_blocks:1826: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 269.167489][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.186367][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 269.196403][ T9794] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #11: comm syz.3.2362: corrupted inode contents [ 269.279414][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.322393][ T9794] EXT4-fs error (device loop3): ext4_dirty_inode:6137: inode #11: comm syz.3.2362: mark_inode_dirty error [ 269.378751][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.407959][ T9794] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.2362: invalid indirect mapped block 327680 (level 0) [ 269.474202][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.481125][ T9794] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #11: comm syz.3.2362: corrupted inode contents [ 269.579530][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.587702][ T9794] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 269.621763][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.633716][ T9794] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #11: comm syz.3.2362: corrupted inode contents [ 269.683688][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.700492][ T9794] EXT4-fs error (device loop3): ext4_truncate:4318: inode #11: comm syz.3.2362: mark_inode_dirty error [ 269.743195][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.757428][ T9794] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 269.793728][ T9794] EXT4-fs (loop3): Remounting filesystem read-only [ 269.810952][ T9794] EXT4-fs (loop3): 1 truncate cleaned up [ 269.832227][ T9794] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 270.098826][ T4283] EXT4-fs (loop3): unmounting filesystem. [ 270.235735][ T9835] netlink: 56 bytes leftover after parsing attributes in process `syz.5.2379'. [ 270.583459][ T9850] loop5: detected capacity change from 0 to 1024 [ 270.904439][ T9864] loop0: detected capacity change from 0 to 256 [ 271.003819][ T9864] FAT-fs (loop0): Directory bread(block 64) failed [ 271.022425][ T9864] FAT-fs (loop0): Directory bread(block 65) failed [ 271.043787][ T9864] FAT-fs (loop0): Directory bread(block 66) failed [ 271.070801][ T9864] FAT-fs (loop0): Directory bread(block 67) failed [ 271.089530][ T9864] FAT-fs (loop0): Directory bread(block 68) failed [ 271.116332][ T9864] FAT-fs (loop0): Directory bread(block 69) failed [ 271.164034][ T9864] FAT-fs (loop0): Directory bread(block 70) failed [ 271.176052][ T9864] FAT-fs (loop0): Directory bread(block 71) failed [ 271.186819][ T9867] loop4: detected capacity change from 0 to 4096 [ 271.193482][ T9864] FAT-fs (loop0): Directory bread(block 72) failed [ 271.235198][ T9864] FAT-fs (loop0): Directory bread(block 73) failed [ 271.241862][ T9867] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 271.305645][ T9875] netlink: 'syz.5.2394': attribute type 4 has an invalid length. [ 271.357932][ T9875] netlink: 'syz.5.2394': attribute type 10 has an invalid length. [ 271.386480][ T9875] netlink: 152 bytes leftover after parsing attributes in process `syz.5.2394'. [ 271.396320][ T9867] ntfs3: loop4: failed to convert "c46c" to cp863 [ 271.595664][ T9875] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 271.957168][ T9890] netlink: 'syz.0.2401': attribute type 1 has an invalid length. [ 272.780343][ T9926] loop5: detected capacity change from 0 to 64 [ 272.790697][ T9925] netlink: 'syz.0.2415': attribute type 8 has an invalid length. [ 272.871121][ T9926] Trying to free block not in datazone [ 272.910760][ T9926] Trying to free block not in datazone [ 272.919818][ T9926] Trying to free block not in datazone [ 272.982071][ T9926] Trying to free block not in datazone [ 273.099554][ T9932] loop1: detected capacity change from 0 to 2048 [ 273.198773][ T9938] loop0: detected capacity change from 0 to 256 [ 273.205359][ T9939] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 273.381563][ T9932] NILFS (loop1): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0 [ 273.428895][ T9932] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 273.535058][ T9932] Remounting filesystem read-only [ 273.558464][ T9932] NILFS (loop1): bad btree node (ino=16, blocknr=12): level = 0, flags = 0x0, nchildren = 0 [ 273.585372][ T9932] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 273.647014][ T9932] NILFS (loop1): error -5 truncating bmap (ino=16) [ 273.823847][ T4270] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 273.845087][ T9953] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2425'. [ 273.944834][ T9957] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 273.989588][ T9957] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 274.094198][ T9961] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2429'. [ 274.413730][ T4385] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 274.611264][ T4385] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 274.641871][ T4385] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 274.661249][ T4385] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 274.681503][ T4385] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 274.714132][ T4385] usb 6-1: SerialNumber: syz [ 274.796415][ T9988] loop3: detected capacity change from 0 to 256 [ 274.958398][ T4385] usb 6-1: 0:2 : does not exist [ 274.983819][ T4385] usb 6-1: unit 5: unexpected type 0x03 [ 275.049680][ T4385] usb 6-1: USB disconnect, device number 3 [ 275.111753][ T4407] udevd[4407]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 275.966036][T10031] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2456'. [ 276.143656][ T4385] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 276.162559][T10005] loop4: detected capacity change from 0 to 32768 [ 276.195289][T10005] jfs_strtoUCS: char2uni returned -22. [ 276.201017][T10005] charset = cp936, char = 0xd4 [ 276.345437][ T4385] usb 6-1: config 0 has an invalid interface number: 199 but max is 1 [ 276.371499][ T4385] usb 6-1: config 0 has no interface number 1 [ 276.384243][ T4385] usb 6-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 276.392320][T10042] loop0: detected capacity change from 0 to 256 [ 276.438501][ T4385] usb 6-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 276.460794][ T4385] usb 6-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 276.489642][ T4385] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 276.508400][ T4385] usb 6-1: SerialNumber: syz [ 276.524132][ T4385] usb 6-1: config 0 descriptor?? [ 276.551486][T10042] FAT-fs (loop0): Directory bread(block 64) failed [ 276.562533][ T4385] usb 6-1: Found UVC 0.00 device (0002:0000) [ 276.569999][T10042] FAT-fs (loop0): Directory bread(block 65) failed [ 276.584110][T10042] FAT-fs (loop0): Directory bread(block 66) failed [ 276.600975][T10042] FAT-fs (loop0): Directory bread(block 67) failed [ 276.608182][ T4385] usb 6-1: No valid video chain found. [ 276.644543][T10042] FAT-fs (loop0): Directory bread(block 68) failed [ 276.651160][T10042] FAT-fs (loop0): Directory bread(block 69) failed [ 276.685067][T10042] FAT-fs (loop0): Directory bread(block 70) failed [ 276.699890][T10042] FAT-fs (loop0): Directory bread(block 71) failed [ 276.732909][T10042] FAT-fs (loop0): Directory bread(block 72) failed [ 276.753100][T10042] FAT-fs (loop0): Directory bread(block 73) failed [ 276.766416][ T4385] usb 6-1: USB disconnect, device number 4 [ 277.056615][T10059] netlink: 'syz.4.2466': attribute type 2 has an invalid length. [ 277.074109][T10059] netlink: 'syz.4.2466': attribute type 1 has an invalid length. [ 277.102656][T10059] netlink: 'syz.4.2466': attribute type 2 has an invalid length. [ 277.118682][T10059] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2466'. [ 277.267844][T10063] loop3: detected capacity change from 0 to 2048 [ 277.301239][T10063] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d [ 277.349536][T10063] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 277.638197][T10075] device wlan0 entered promiscuous mode [ 277.943878][ T4385] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 277.997188][T10092] loop4: detected capacity change from 0 to 16 [ 278.017446][T10092] erofs: (device loop4): mounted with root inode @ nid 36. [ 278.064919][ T4287] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress 4876 in[4096, 0] out[9000] [ 278.093390][T10092] erofs: (device loop4): z_erofs_lz4_decompress_mem: failed to decompress 4876 in[4096, 0] out[8192] [ 278.114167][ T26] audit: type=1800 audit(1770379775.090:88): pid=10092 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.2480" name="file2" dev="loop4" ino=89 res=0 errno=0 [ 278.143731][ T4385] usb 6-1: Using ep0 maxpacket: 16 [ 278.150572][ T4385] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 278.219462][ T4385] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 278.270051][ T4385] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 278.337755][ T4385] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.365774][ T4385] usb 6-1: Product: syz [ 278.380246][ T4385] usb 6-1: Manufacturer: syz [ 278.390385][ T4385] usb 6-1: SerialNumber: syz [ 278.417745][ T4385] r8152-cfgselector 6-1: config 0 descriptor?? [ 278.646203][ T4385] usbip-host 6-1: 6-1 is not in match_busid table... skip! [ 278.736777][T10108] netlink: 'syz.4.2485': attribute type 3 has an invalid length. [ 278.832799][T10087] loop3: detected capacity change from 0 to 32768 [ 278.848705][ T14] usb 6-1: USB disconnect, device number 5 [ 279.010155][ T4298] read_mapping_page failed! [ 279.015387][ T4298] ERROR: (device loop3): txCommit: [ 279.015387][ T4298] [ 279.064030][ T4298] jfs_write_inode: jfs_commit_inode failed! [ 279.950610][T10153] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2500'. [ 280.023815][T10153] netlink: 31 bytes leftover after parsing attributes in process `syz.1.2500'. [ 280.093773][T10153] netlink: 'syz.1.2500': attribute type 3 has an invalid length. [ 280.133772][T10153] netlink: 'syz.1.2500': attribute type 2 has an invalid length. [ 280.169644][T10153] netlink: 31 bytes leftover after parsing attributes in process `syz.1.2500'. [ 280.449092][T10176] netlink: 'syz.3.2509': attribute type 8 has an invalid length. [ 280.723905][T10184] loop1: detected capacity change from 0 to 128 [ 281.162146][T10196] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 281.467611][T10215] ADFS-fs (nullb0): unrecognised mount option "arrier" or missing value [ 281.701427][T10225] netlink: 'syz.3.2531': attribute type 1 has an invalid length. [ 281.793679][T10225] netlink: 112865 bytes leftover after parsing attributes in process `syz.3.2531'. [ 281.885560][T10231] loop1: detected capacity change from 0 to 8 [ 282.191509][T10239] delete_channel: no stack [ 282.503395][T10257] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2545'. [ 282.529943][T10257] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2545'. [ 282.549073][T10256] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2546'. [ 282.699356][T10261] loop0: detected capacity change from 0 to 512 [ 282.920889][T10261] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 282.951325][T10261] ext4 filesystem being mounted at /502/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 283.138301][T10278] kernel profiling enabled (shift: 9) [ 283.185269][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 283.332802][T10284] loop1: detected capacity change from 0 to 1764 [ 283.364334][T10286] exfat: Deprecated parameter 'utf8' [ 283.416390][T10286] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 283.793737][T10300] loop5: detected capacity change from 0 to 256 [ 284.141474][T10310] (unnamed net_device) (uninitialized): option tlb_dynamic_lb: invalid value (6) [ 284.228204][T10312] loop0: detected capacity change from 0 to 16 [ 284.269656][T10312] cramfs: empty filesystem [ 284.385091][T10318] netlink: 15 bytes leftover after parsing attributes in process `syz.4.2575'. [ 284.403352][T10318] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2575'. [ 284.534377][T10322] SET target dimension over the limit! [ 284.541596][T10291] loop3: detected capacity change from 0 to 32768 [ 284.618083][T10291] ea_get: extended attribute size too large: 2617245744 > INT_MAX [ 284.883715][ T4349] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 285.105653][ T4349] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 285.123887][ T4349] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 285.166290][ T4349] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 285.186733][ T4349] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 285.207035][ T4349] usb 6-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 285.257618][ T4349] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.309447][ T4349] usb 6-1: config 0 descriptor?? [ 285.541435][ T4349] hdpvr 6-1:0.0: firmware version 0x1e dated q|RC@22[7BD^jvi0 [ 285.541435][ T4349] pY [ 285.760169][ T4349] hdpvr 6-1:0.0: device init failed [ 285.765930][ T4349] hdpvr: probe of 6-1:0.0 failed with error -12 [ 285.810196][ T4349] usb 6-1: USB disconnect, device number 6 [ 286.050973][T10375] loop1: detected capacity change from 0 to 256 [ 286.475597][ T26] audit: type=1326 audit(1770379783.450:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10391 comm="syz.1.2612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 286.551520][ T26] audit: type=1326 audit(1770379783.450:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10391 comm="syz.1.2612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 286.620535][ T26] audit: type=1326 audit(1770379783.490:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10391 comm="syz.1.2612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=193 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 286.663694][ T26] audit: type=1326 audit(1770379783.490:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10391 comm="syz.1.2612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 286.686417][T10395] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2613'. [ 286.734689][T10395] netlink: 32 bytes leftover after parsing attributes in process `syz.3.2613'. [ 286.750173][ T26] audit: type=1326 audit(1770379783.490:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10391 comm="syz.1.2612" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 286.992159][T10407] loop4: detected capacity change from 0 to 512 [ 287.052500][T10407] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 287.094709][T10407] EXT4-fs (loop4): mount failed [ 287.157536][ T4407] I/O error, dev loop4, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 287.574127][T10428] netlink: 'syz.4.2629': attribute type 1 has an invalid length. [ 287.650896][T10432] loop0: detected capacity change from 0 to 1024 [ 287.684545][T10432] EXT4-fs: Ignoring removed oldalloc option [ 287.716870][T10432] EXT4-fs: Ignoring removed orlov option [ 287.756031][T10432] EXT4-fs: Ignoring removed oldalloc option [ 287.762111][T10432] EXT4-fs: Ignoring removed nomblk_io_submit option [ 287.885083][T10432] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 287.990087][T10432] EXT4-fs error (device loop0): ext4_xattr_set_entry:1616: inode #13: comm syz.0.2630: corrupted xattr entries [ 288.043501][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 288.170277][T10449] --map-set only usable from mangle table [ 288.220278][T10410] loop1: detected capacity change from 0 to 32768 [ 288.275536][T10410] jfs_lookup: dtSearch returned -5 [ 289.214788][T10488] netlink: 'syz.5.2657': attribute type 21 has an invalid length. [ 289.252419][T10488] netlink: 128 bytes leftover after parsing attributes in process `syz.5.2657'. [ 289.269288][T10492] loop3: detected capacity change from 0 to 764 [ 289.279548][T10488] netlink: 'syz.5.2657': attribute type 5 has an invalid length. [ 289.303871][T10488] netlink: 'syz.5.2657': attribute type 6 has an invalid length. [ 289.333340][T10488] netlink: 3 bytes leftover after parsing attributes in process `syz.5.2657'. [ 289.354163][T10492] Symlink component flag not implemented [ 289.359902][T10492] Symlink component flag not implemented (101) [ 289.632065][T10504] cgroup: subsys name conflicts with all [ 290.051832][T10521] loop4: detected capacity change from 0 to 256 [ 290.130961][T10524] loop3: detected capacity change from 0 to 1024 [ 290.165658][T10521] FAT-fs (loop4): Directory bread(block 64) failed [ 290.172270][T10521] FAT-fs (loop4): Directory bread(block 65) failed [ 290.198762][T10524] hfsplus: Filesystem is marked locked, mounting read-only. [ 290.220652][T10521] FAT-fs (loop4): Directory bread(block 66) failed [ 290.239359][T10521] FAT-fs (loop4): Directory bread(block 67) failed [ 290.253472][T10529] loop0: detected capacity change from 0 to 1024 [ 290.293927][T10521] FAT-fs (loop4): Directory bread(block 68) failed [ 290.300565][T10521] FAT-fs (loop4): Directory bread(block 69) failed [ 290.366939][T10529] hfsplus: cannot replace xattr [ 290.384756][T10521] FAT-fs (loop4): Directory bread(block 70) failed [ 290.391381][T10521] FAT-fs (loop4): Directory bread(block 71) failed [ 290.472914][T10521] FAT-fs (loop4): Directory bread(block 72) failed [ 290.501288][T10521] FAT-fs (loop4): Directory bread(block 73) failed [ 290.582615][T10531] netlink: 'syz.5.2678': attribute type 1 has an invalid length. [ 291.248173][T10555] loop3: detected capacity change from 0 to 256 [ 291.284795][T10555] exfat: Deprecated parameter 'utf8' [ 291.338890][T10555] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 291.487176][T10559] sctp: [Deprecated]: syz.4.2692 (pid 10559) Use of int in max_burst socket option. [ 291.487176][T10559] Use struct sctp_assoc_value instead [ 291.599444][T10527] loop1: detected capacity change from 0 to 32768 [ 291.669153][T10527] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 291.716520][T10527] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 291.766338][T10527] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 291.766338][T10527] bh = 2072 (type: exp=4, found=8) [ 291.766338][T10527] function = gfs2_meta_buffer, file = fs/gfs2/meta_io.c, line = 492 [ 291.843717][T10527] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 291.860260][T10527] gfs2: fsid=syz:syz.0: File system withdrawn [ 291.940739][T10527] CPU: 1 PID: 10527 Comm: syz.1.2676 Not tainted syzkaller #0 [ 291.948291][T10527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 291.958419][T10527] Call Trace: [ 291.961761][T10527] [ 291.964787][T10527] dump_stack_lvl+0x188/0x24e [ 291.969573][T10527] ? kobject_uevent_env+0x35f/0x8a0 [ 291.974824][T10527] ? show_regs_print_info+0x12/0x12 [ 291.980091][T10527] ? load_image+0x400/0x400 [ 291.984659][T10527] ? kobject_uevent_env+0x35f/0x8a0 [ 291.989922][T10527] gfs2_withdraw+0x1398/0x16c0 [ 291.994747][T10527] ? gfs2_freeze_unlock+0x50/0x50 [ 291.999814][T10527] ? gfs2_lm+0x240/0x240 [ 292.004078][T10527] ? gfs2_meta_read+0x744/0x8f0 [ 292.008968][T10527] ? gfs2_meta_new+0x160/0x160 [ 292.013777][T10527] gfs2_metatype_check_ii+0x74/0x90 [ 292.019006][T10527] gfs2_meta_buffer+0x262/0x310 [ 292.023897][T10527] gfs2_inode_refresh+0xbb/0xfd0 [ 292.028870][T10527] ? gfs2_inode_metasync+0xf0/0xf0 [ 292.034029][T10527] ? gfs2_glock_nq+0xcf0/0x14e0 [ 292.038911][T10527] gfs2_instantiate+0x15e/0x210 [ 292.043804][T10527] gfs2_glock_wait+0x1d0/0x2a0 [ 292.048608][T10527] gfs2_lookupi+0x42d/0x680 [ 292.053144][T10527] ? verify_lock_unused+0x140/0x140 [ 292.058389][T10527] ? gfs2_lookup_simple+0x100/0x100 [ 292.063630][T10527] ? gfs2_lookup_simple+0xab/0x100 [ 292.068773][T10527] ? crc32_le_base+0x755/0xcf0 [ 292.073585][T10527] gfs2_lookup_simple+0xab/0x100 [ 292.078572][T10527] ? gfs2_lookup_by_inum+0xf0/0xf0 [ 292.083712][T10527] ? memset+0x1e/0x40 [ 292.087726][T10527] init_journal+0x1c3/0x23e0 [ 292.092346][T10527] ? pointer+0x1030/0x1030 [ 292.096803][T10527] ? _compound_head+0x120/0x120 [ 292.101684][T10527] ? vsnprintf+0x1b21/0x1c20 [ 292.106323][T10527] ? snprintf+0xe5/0x140 [ 292.110600][T10527] ? vscnprintf+0x80/0x80 [ 292.114961][T10527] ? gfs2_glock_nq_num+0x17f/0x1c0 [ 292.120104][T10527] init_inodes+0xdb/0x320 [ 292.124463][T10527] gfs2_fill_super+0x1749/0x1fb0 [ 292.129617][T10527] ? gfs2_reconfigure+0xd30/0xd30 [ 292.134692][T10527] ? init_locking+0xb8/0x200 [ 292.139312][T10527] ? sb_set_blocksize+0xa5/0xe0 [ 292.144191][T10527] get_tree_bdev+0x3f1/0x610 [ 292.148810][T10527] ? gfs2_reconfigure+0xd30/0xd30 [ 292.153856][T10527] gfs2_get_tree+0x4d/0x1e0 [ 292.158385][T10527] vfs_get_tree+0x88/0x270 [ 292.162831][T10527] do_new_mount+0x24a/0xa40 [ 292.167362][T10527] __se_sys_mount+0x2e3/0x3d0 [ 292.172079][T10527] ? __x64_sys_mount+0xc0/0xc0 [ 292.176869][T10527] ? lockdep_hardirqs_on+0x94/0x140 [ 292.182095][T10527] ? __x64_sys_mount+0x1c/0xc0 [ 292.186882][T10527] do_syscall_64+0x4c/0xa0 [ 292.191331][T10527] ? clear_bhb_loop+0x60/0xb0 [ 292.196053][T10527] ? clear_bhb_loop+0x60/0xb0 [ 292.200765][T10527] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 292.206687][T10527] RIP: 0033:0x7f57dd59c14a [ 292.211135][T10527] Code: 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 292.230775][T10527] RSP: 002b:00007f57de438e58 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 292.239221][T10527] RAX: ffffffffffffffda RBX: 00007f57de438ee0 RCX: 00007f57dd59c14a [ 292.247225][T10527] RDX: 00002000000124c0 RSI: 0000200000012500 RDI: 00007f57de438ea0 [ 292.255224][T10527] RBP: 00002000000124c0 R08: 00007f57de438ee0 R09: 0000000000000013 [ 292.263227][T10527] R10: 0000000000000013 R11: 0000000000000246 R12: 0000200000012500 [ 292.271231][T10527] R13: 00007f57de438ea0 R14: 00000000000125f0 R15: 0000200000000180 [ 292.279251][T10527] [ 292.366220][T10572] 9pnet_fd: Insufficient options for proto=fd [ 292.379302][T10527] gfs2: fsid=syz:syz.0: can't lookup journal index: 0 [ 292.630960][T10581] kAFS: unable to lookup cell '' [ 293.429911][T10612] loop4: detected capacity change from 0 to 1024 [ 293.556476][T10619] netlink: 'syz.5.2721': attribute type 2 has an invalid length. [ 293.632040][T10619] netlink: 25 bytes leftover after parsing attributes in process `syz.5.2721'. [ 293.666742][ T4301] hfsplus: b-tree write err: -5, ino 4 [ 294.131562][T10639] loop3: detected capacity change from 0 to 512 [ 294.255742][T10639] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 294.285526][T10639] ext4 filesystem being mounted at /564/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 294.477552][T10651] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 294.514822][T10623] loop0: detected capacity change from 0 to 32768 [ 294.578411][ T4283] EXT4-fs (loop3): unmounting filesystem. [ 294.606521][T10623] ea_get: extended attribute size too large: 2617245744 > INT_MAX [ 295.158469][T10674] [U] [ 295.161889][T10674] [U] [ 295.164639][T10674] [U] [ 295.167372][T10674] [U] [ 295.236769][T10674] [U] [ 295.239588][T10674] [U] [ 295.242330][T10674] [U] [ 295.245091][T10674] [U] [ 295.309125][T10674] [U] [ 295.311912][T10674] [U] [ 295.314647][T10674] [U] [ 295.354994][T10671] [U] [ 295.417759][T10684] 9pnet_fd: Insufficient options for proto=fd [ 295.767239][T10695] loop4: detected capacity change from 0 to 256 [ 295.930666][T10702] device wlan0 entered promiscuous mode [ 296.219987][ T26] audit: type=1326 audit(1770379793.190:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 296.222237][T10715] MTD: Attempt to mount non-MTD device "/dev/nbd3" [ 296.312991][ T26] audit: type=1326 audit(1770379793.240:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 296.343116][T10721] loop4: detected capacity change from 0 to 256 [ 296.411461][T10721] FAT-fs (loop4): Directory bread(block 64) failed [ 296.433082][ T52] block nbd3: Attempted send on invalid socket [ 296.440561][ T52] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 296.440826][ T26] audit: type=1326 audit(1770379793.240:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 296.473244][T10717] loop5: detected capacity change from 0 to 4096 [ 296.500917][T10717] ntfs3: loop5: Different NTFS' sector size (4096) and media sector size (512) [ 296.519439][T10721] FAT-fs (loop4): Directory bread(block 65) failed [ 296.534349][T10721] FAT-fs (loop4): Directory bread(block 66) failed [ 296.540948][T10721] FAT-fs (loop4): Directory bread(block 67) failed [ 296.568599][T10721] FAT-fs (loop4): Directory bread(block 68) failed [ 296.612617][T10721] FAT-fs (loop4): Directory bread(block 69) failed [ 296.632555][ T26] audit: type=1326 audit(1770379793.240:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 296.674729][T10721] FAT-fs (loop4): Directory bread(block 70) failed [ 296.681370][T10721] FAT-fs (loop4): Directory bread(block 71) failed [ 296.690962][T10717] ntfs3: loop5: failed to convert "c46c" to cp862 [ 296.711352][ T26] audit: type=1326 audit(1770379793.240:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 296.734579][T10721] FAT-fs (loop4): Directory bread(block 72) failed [ 296.741181][T10721] FAT-fs (loop4): Directory bread(block 73) failed [ 296.779783][ T26] audit: type=1326 audit(1770379793.240:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 296.913706][ T26] audit: type=1326 audit(1770379793.240:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 297.012281][ T26] audit: type=1326 audit(1770379793.240:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10713 comm="syz.0.2763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 297.690751][T10757] loop4: detected capacity change from 0 to 2048 [ 297.775233][T10757] NILFS (loop4): device size too small [ 299.819951][T10847] loop3: detected capacity change from 0 to 512 [ 299.836031][T10850] comedi comedi2: s526: a I/O base address must be specified [ 299.862150][T10847] EXT4-fs (loop3): orphan cleanup on readonly fs [ 299.883458][T10847] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #15: comm syz.3.2828: corrupted inode contents [ 299.913969][T10847] EXT4-fs (loop3): Remounting filesystem read-only [ 299.928998][T10847] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 299.954244][T10847] EXT4-fs (loop3): Remounting filesystem read-only [ 299.961041][T10847] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #15: comm syz.3.2828: corrupted inode contents [ 300.064211][T10847] EXT4-fs (loop3): Remounting filesystem read-only [ 300.070820][T10847] EXT4-fs error (device loop3): ext4_evict_inode:327: inode #15: comm syz.3.2828: mark_inode_dirty error [ 300.134140][T10847] EXT4-fs (loop3): Remounting filesystem read-only [ 300.156763][T10847] EXT4-fs (loop3): 1 orphan inode deleted [ 300.173687][T10847] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 300.321301][ T4283] EXT4-fs (loop3): unmounting filesystem. [ 300.421253][T10838] loop5: detected capacity change from 0 to 32768 [ 300.483038][T10838] ERROR: (device loop5): diAllocAG: error reading iag [ 300.483038][T10838] [ 300.508289][T10838] ialloc: diAlloc returned -5! [ 300.581051][T10867] program syz.0.2838 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 300.831270][T10876] netlink: 256 bytes leftover after parsing attributes in process `syz.0.2843'. [ 301.161016][T10889] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2849'. [ 301.372682][T10897] loop3: detected capacity change from 0 to 512 [ 301.447429][T10897] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 301.491708][T10897] ext4 filesystem being mounted at /591/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 301.612306][ T2309] pvrusb2: request_firmware fatal error with code=-110 [ 301.615609][ T4283] EXT4-fs (loop3): unmounting filesystem. [ 301.657147][ T2309] pvrusb2: Failure uploading firmware1 [ 301.662719][ T2309] pvrusb2: Device initialization was not successful. [ 301.685766][T10910] loop4: detected capacity change from 0 to 256 [ 301.712024][ T2309] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 301.753100][ T2309] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 301.816991][ T4321] pvrusb2: Device being rendered inoperable [ 301.845608][T10910] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36bd6320, utbl_chksum : 0xe619d30d) [ 302.223765][ T4321] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 302.249206][T10924] xt_recent: Unsupported userspace flags (000000de) [ 302.423748][ T4321] usb 2-1: Using ep0 maxpacket: 16 [ 302.430635][ T4321] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 302.457728][ T4321] usb 2-1: config 0 interface 0 has no altsetting 0 [ 302.495148][ T4321] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 302.533714][ T4321] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.564518][ T4321] usb 2-1: Product: syz [ 302.568765][ T4321] usb 2-1: Manufacturer: syz [ 302.591032][ T4321] usb 2-1: SerialNumber: syz [ 302.617365][ T4321] usb 2-1: config 0 descriptor?? [ 302.853805][T10946] netlink: 'syz.0.2874': attribute type 10 has an invalid length. [ 302.861843][T10946] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2874'. [ 302.875714][T10946] netlink: 'syz.0.2874': attribute type 10 has an invalid length. [ 302.884789][T10946] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2874'. [ 302.944669][T10948] netlink: 'syz.4.2877': attribute type 17 has an invalid length. [ 302.977089][T10948] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 303.086180][ T5994] usb 2-1: USB disconnect, device number 15 [ 303.341781][T10962] loop5: detected capacity change from 0 to 256 [ 304.074019][T10990] netlink: 'syz.4.2898': attribute type 2 has an invalid length. [ 304.794114][ T4349] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 304.986598][ T4349] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 305.009563][ T4349] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.047895][ T4349] usb 5-1: config 0 descriptor?? [ 305.069578][ T4349] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 305.280953][T11040] netlink: 'syz.3.2923': attribute type 21 has an invalid length. [ 305.306191][T11040] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2923'. [ 305.331262][T11040] netlink: 'syz.3.2923': attribute type 4 has an invalid length. [ 305.342345][T11040] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2923'. [ 305.500319][ T4349] gspca_cpia1: usb_control_msg 03, error -71 [ 305.511243][ T4349] gspca_cpia1: usb_control_msg 01, error -71 [ 305.528781][ T4349] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 305.553936][ T4349] usb 5-1: USB disconnect, device number 10 [ 306.426130][T11084] AppArmor: change_hat: Invalid input '' [ 306.573740][ T26] audit: type=1326 audit(2000000000.790:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11089 comm="syz.1.2948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 306.698607][T11093] loop5: detected capacity change from 0 to 1024 [ 306.705412][ T26] audit: type=1326 audit(2000000000.790:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11089 comm="syz.1.2948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=90 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 306.727724][ C1] vkms_vblank_simulate: vblank timer overrun [ 306.739131][T11093] EXT4-fs: Ignoring removed orlov option [ 306.772810][T11093] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 306.887534][ T26] audit: type=1326 audit(2000000000.790:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11089 comm="syz.1.2948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 306.936366][T11105] program syz.4.2953 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 306.952461][ T26] audit: type=1326 audit(2000000000.790:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11089 comm="syz.1.2948" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 307.002944][ T26] audit: type=1326 audit(2000000001.030:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11095 comm="syz.3.2950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da219aeb9 code=0x7ffc0000 [ 307.168884][ T26] audit: type=1326 audit(2000000001.030:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11095 comm="syz.3.2950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da219aeb9 code=0x7ffc0000 [ 307.191372][ C1] vkms_vblank_simulate: vblank timer overrun [ 307.262613][ T26] audit: type=1326 audit(2000000001.050:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11095 comm="syz.3.2950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f0da219aeb9 code=0x7ffc0000 [ 307.322575][ T8580] EXT4-fs (loop5): unmounting filesystem. [ 307.354659][ T26] audit: type=1326 audit(2000000001.050:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11095 comm="syz.3.2950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da219aeb9 code=0x7ffc0000 [ 307.377160][ C1] vkms_vblank_simulate: vblank timer overrun [ 307.491750][ T26] audit: type=1326 audit(2000000001.050:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11095 comm="syz.3.2950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0da219aeb9 code=0x7ffc0000 [ 307.525748][T11117] IPVS: length: 132 != 8 [ 308.493609][ T4349] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 308.713736][ T4349] usb 5-1: Using ep0 maxpacket: 32 [ 308.739764][ T4349] usb 5-1: unable to get BOS descriptor or descriptor too short [ 308.766087][ T4349] usb 5-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 308.811350][ T4349] usb 5-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 308.842279][ T4349] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.859966][ T4349] usb 5-1: Product: syz [ 308.870678][ T4349] usb 5-1: Manufacturer: syz [ 308.897292][ T4349] usb 5-1: SerialNumber: syz [ 309.131903][ T4349] usb 5-1: Limiting number of CPorts to U8_MAX [ 309.152747][ T4349] usb 5-1: Not enough endpoints found in device, aborting! [ 309.180119][T11191] usb usb8: usbfs: process 11191 (syz.0.2992) did not claim interface 0 before use [ 309.387993][ T4349] usb 5-1: USB disconnect, device number 11 [ 309.462117][T11198] loop1: detected capacity change from 0 to 1024 [ 309.502989][T11198] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 309.563409][T11198] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 309.606815][T11203] loop0: detected capacity change from 0 to 2048 [ 309.635789][T11198] EXT4-fs (loop1): unmounting filesystem. [ 309.662758][T11206] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 309.705880][T11203] NILFS error (device loop0): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=0, inode=7, rec_len=16, name_len=1 [ 309.779335][T11203] Remounting filesystem read-only [ 310.685986][T11239] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3016'. [ 310.711559][T11200] loop5: detected capacity change from 0 to 32768 [ 310.714051][T11239] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3016'. [ 310.722697][T11200] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 scanned by syz.5.2999 (11200) [ 310.751920][T11200] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 310.764110][T11239] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3016'. [ 310.781154][T11200] BTRFS info (device loop5): using blake2b (blake2b-256-generic) checksum algorithm [ 310.803535][ T4349] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 310.810017][T11200] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_LZO (0x8) [ 310.870624][T11200] BTRFS info (device loop5): use lzo compression, level 0 [ 310.883889][T11200] BTRFS info (device loop5): max_inline at 0 [ 310.890059][T11200] BTRFS info (device loop5): using free space tree [ 311.002013][T11253] IPVS: stopping backup sync thread 6447 ... [ 311.013346][ T4349] usb 1-1: Using ep0 maxpacket: 16 [ 311.024457][ T4349] usb 1-1: config 0 has no interfaces? [ 311.049517][ T4349] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 311.080908][ T4349] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 311.101321][ T4349] usb 1-1: Product: syz [ 311.111908][ T4349] usb 1-1: Manufacturer: syz [ 311.117679][ T4349] usb 1-1: SerialNumber: syz [ 311.132262][ T4349] r8152-cfgselector 1-1: config 0 descriptor?? [ 311.144813][T11200] BTRFS info (device loop5): enabling ssd optimizations [ 311.204354][T11200] BTRFS error (device loop5: state M): unrecognized mount option '0x000000000000000018446744073709551615' [ 311.338477][ T8580] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 311.364457][ T4349] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 311.804785][T11283] usb 1-1: USB disconnect, device number 9 [ 311.837936][T11287] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 312.012717][T11293] netlink: 'syz.1.3032': attribute type 2 has an invalid length. [ 312.048132][T11293] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3032'. [ 312.377310][ T26] audit: type=1326 audit(2000000006.590:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11305 comm="syz.1.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 312.489421][ T26] audit: type=1326 audit(2000000006.610:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11305 comm="syz.1.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 312.560955][ T26] audit: type=1326 audit(2000000006.620:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11305 comm="syz.1.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 312.622769][T11312] loop1: detected capacity change from 0 to 128 [ 312.649472][ T26] audit: type=1326 audit(2000000006.620:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11305 comm="syz.1.3038" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f57dd59aeb9 code=0x7ffc0000 [ 312.719678][T11312] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 312.734930][T11312] ext4 filesystem being mounted at /600/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 312.991526][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 313.142503][T11331] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3050'. [ 313.307240][T11325] loop3: detected capacity change from 0 to 8192 [ 313.674201][T11309] loop5: detected capacity change from 0 to 32768 [ 313.762972][T11309] ocfs2: Slot 0 on device (7,5) was already allocated to this node! [ 313.838907][T11309] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 313.848774][T11345] loop3: detected capacity change from 0 to 4096 [ 313.892991][T11309] (syz.5.3040,11309,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=0, inode=65, rec_len=16, name_len=9 [ 313.925401][T11309] (syz.5.3040,11309,1):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 313.942292][T11345] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 313.945975][T11309] (syz.5.3040,11309,1):ocfs2_mknod:298 ERROR: status = -2 [ 313.968219][T11309] (syz.5.3040,11309,1):ocfs2_mknod:502 ERROR: status = -2 [ 313.977890][ T4385] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 314.015690][T11309] (syz.5.3040,11309,1):ocfs2_create:676 ERROR: status = -2 [ 314.038178][T11345] ntfs3: loop3: Failed to load $Extend. [ 314.193173][ T4385] usb 2-1: Using ep0 maxpacket: 8 [ 314.200765][ T8580] ocfs2: Unmounting device (7,5) on (node local) [ 314.209946][ T4385] usb 2-1: unable to get BOS descriptor or descriptor too short [ 314.266152][ T4385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 314.305741][ T4385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 314.361566][ T4385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 314.374841][T11355] loop0: detected capacity change from 0 to 2048 [ 314.404908][ T4385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 65535, setting to 1024 [ 314.443145][ T4385] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0xC has invalid maxpacket 1024 [ 314.462106][T11355] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 314.483357][ T4385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 314.507152][ T4385] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 314.545668][ T4385] usb 2-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 314.609891][ T4385] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.654149][ T4385] usb 2-1: Product: syz [ 314.658407][ T4385] usb 2-1: Manufacturer: syz [ 314.678882][ T4385] usb 2-1: SerialNumber: syz [ 314.703925][ T4385] usb 2-1: config 0 descriptor?? [ 314.710018][T11343] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 314.823341][T11365] netlink: zone id is out of range [ 314.889870][ T4389] udevd[4389]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 314.940713][T11283] usb 2-1: USB disconnect, device number 16 [ 315.456843][T11388] loop4: detected capacity change from 0 to 1024 [ 315.582331][T11388] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 315.664565][T11388] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 315.684674][T11395] loop1: detected capacity change from 0 to 2048 [ 315.685201][T11388] EXT4-fs (loop4): unmounting filesystem. [ 315.791254][T11399] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 315.829556][T11395] NILFS error (device loop1): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=0, inode=7, rec_len=16, name_len=1 [ 315.924065][T11395] Remounting filesystem read-only [ 316.264326][T11412] loop0: detected capacity change from 0 to 256 [ 316.340081][T11403] xt_CT: No such helper "netbios-ns" [ 316.446280][T11389] loop3: detected capacity change from 0 to 32768 [ 316.955159][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.143999][T11442] overlayfs: missing 'lowerdir' [ 317.185175][T11444] loop0: detected capacity change from 0 to 512 [ 317.260220][T11444] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 317.369526][T11444] EXT4-fs (loop0): 1 truncate cleaned up [ 317.417392][T11444] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 317.462361][T11444] EXT4-fs error (device loop0): ext4_find_dest_de:2115: inode #2: block 13: comm syz.0.3101: bad entry in directory: '.' directory cannot be the last in data block - offset=0, inode=2, rec_len=1024, size=1024 fake=1 [ 317.641453][ T4269] EXT4-fs (loop0): unmounting filesystem. [ 318.395583][T11491] trusted_key: encrypted_key: master key parameter is missing [ 318.851737][T11507] netlink: 188 bytes leftover after parsing attributes in process `syz.3.3131'. [ 318.914618][T11511] CIFS mount error: No usable UNC path provided in device string! [ 318.914618][T11511] [ 318.948662][T11511] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 319.167547][T11524] netlink: 'syz.4.3138': attribute type 3 has an invalid length. [ 319.189338][T11524] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.3138'. [ 319.402917][T11286] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 319.613720][T11286] usb 4-1: Using ep0 maxpacket: 8 [ 319.631589][T11286] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 319.670453][ T26] audit: type=1326 audit(2000000013.880:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11540 comm="syz.0.3148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x0 [ 319.694938][T11286] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.704274][T11286] usb 4-1: Product: syz [ 319.708495][T11286] usb 4-1: Manufacturer: syz [ 319.713804][T11286] usb 4-1: SerialNumber: syz [ 319.759819][T11286] usb 4-1: config 0 descriptor?? [ 319.788400][T11286] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 319.842739][T11286] dvb-usb: bulk message failed: -22 (2/0) [ 319.849493][T11286] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 319.878751][T11545] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 319.891977][T11286] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 319.917243][T11545] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 319.920991][T11286] usb 4-1: media controller created [ 319.931716][T11548] loop5: detected capacity change from 0 to 256 [ 319.955693][T11545] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 319.969662][T11286] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 319.986099][T11551] loop1: detected capacity change from 0 to 1024 [ 320.059024][T11286] dvb-usb: bulk message failed: -22 (1/0) [ 320.113335][T11286] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 320.185373][T11286] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input17 [ 320.226421][T11286] dvb-usb: schedule remote query interval to 50 msecs. [ 320.236875][ T4301] hfsplus: b-tree write err: -5, ino 4 [ 320.243708][T11286] dvb-usb: bulk message failed: -22 (2/0) [ 320.249507][T11286] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 320.324685][T11286] usb 4-1: USB disconnect, device number 14 [ 320.437442][T11286] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 320.666798][T11563] loop1: detected capacity change from 0 to 256 [ 320.740739][T11569] overlayfs: bad mount option "redirect_dir=nofollow:/" [ 320.763075][T11563] FAT-fs (loop1): Directory bread(block 64) failed [ 320.769713][T11563] FAT-fs (loop1): Directory bread(block 65) failed [ 320.793523][T11563] FAT-fs (loop1): Directory bread(block 66) failed [ 320.808712][T11563] FAT-fs (loop1): Directory bread(block 67) failed [ 320.835892][T11563] FAT-fs (loop1): Directory bread(block 68) failed [ 320.842517][T11563] FAT-fs (loop1): Directory bread(block 69) failed [ 320.882976][T11563] FAT-fs (loop1): Directory bread(block 70) failed [ 320.889656][T11563] FAT-fs (loop1): Directory bread(block 71) failed [ 320.913099][T11563] FAT-fs (loop1): Directory bread(block 72) failed [ 320.930394][T11563] FAT-fs (loop1): Directory bread(block 73) failed [ 321.019249][T11563] syz.1.3159: attempt to access beyond end of device [ 321.019249][T11563] loop1: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 321.059106][T11563] syz.1.3159: attempt to access beyond end of device [ 321.059106][T11563] loop1: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 321.114154][T11286] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 321.127458][ T26] audit: type=1800 audit(2000000015.340:116): pid=11563 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3159" name="file0" dev="loop1" ino=1048629 res=0 errno=0 [ 321.336234][T11286] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 321.370907][T11561] loop0: detected capacity change from 0 to 40427 [ 321.377533][T11286] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 321.394764][T11286] usb 4-1: config 0 descriptor?? [ 321.425960][T11579] x_tables: arp_tables: .0 target: invalid size 8 (kernel) != (user) 0 [ 321.468536][T11561] F2FS-fs (loop0): invalid crc value [ 321.507847][T11561] F2FS-fs (loop0): Found nat_bits in checkpoint [ 321.569307][ T26] audit: type=1326 audit(2000000015.780:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11581 comm="syz.5.3169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 321.639350][ T26] audit: type=1326 audit(2000000015.800:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11581 comm="syz.5.3169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 321.732728][T11561] F2FS-fs (loop0): Start checkpoint disabled! [ 321.754224][ T26] audit: type=1326 audit(2000000015.800:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11581 comm="syz.5.3169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=137 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 321.807414][ T26] audit: type=1326 audit(2000000015.800:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11581 comm="syz.5.3169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 321.830422][T11561] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 321.838292][T11286] [drm:udl_init] *ERROR* Selecting channel failed [ 321.885611][T11286] [drm] Initialized udl 0.0.1 20120220 for 4-1:0.0 on minor 2 [ 321.893447][ T26] audit: type=1326 audit(2000000015.800:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11581 comm="syz.5.3169" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 321.916601][T11286] [drm] Initialized udl on minor 2 [ 321.925942][T11286] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 321.938631][T11286] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 321.943562][ T4350] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 321.956548][T11286] usb 4-1: USB disconnect, device number 15 [ 321.966218][ T4349] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 321.996211][ T4349] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 322.014959][ T4349] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 322.145617][T11593] netlink: 'syz.4.3173': attribute type 1 has an invalid length. [ 322.168028][ T4350] usb 2-1: New USB device found, idVendor=0c72, idProduct=0012, bcdDevice=22.96 [ 322.187845][ T4350] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.218176][ T4350] usb 2-1: Product: syz [ 322.222453][ T4350] usb 2-1: Manufacturer: syz [ 322.238443][ T4350] usb 2-1: SerialNumber: syz [ 322.251251][ T4350] usb 2-1: config 0 descriptor?? [ 322.501918][ T4350] peak_usb 2-1:0.0: PEAK-System PCAN-USB FD v0 fw v0.0.0 (1 channels) [ 322.632689][T11286] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 322.659135][T11589] loop5: detected capacity change from 0 to 32768 [ 322.699417][T11589] (syz.5.3171,11589,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 322.713745][ T4350] peak_usb 2-1:0.0 can0: unable to request usb[type=2 value=5] err=-71 [ 322.732129][ T4350] peak_usb 2-1:0.0: unable to tell PCAN-USB FD driver is loaded (err -71) [ 322.753229][T11589] (syz.5.3171,11589,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 322.807453][T11589] JBD2: Ignoring recovery information on journal [ 322.815119][ T4350] peak_usb: probe of 2-1:0.0 failed with error -71 [ 322.823457][T11286] usb 5-1: Using ep0 maxpacket: 32 [ 322.835157][ T4350] usb 2-1: USB disconnect, device number 17 [ 322.850624][T11286] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 322.892063][T11286] usb 5-1: config 0 has no interface number 0 [ 322.911568][T11589] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode. [ 322.931228][T11286] usb 5-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 322.995832][T11286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 323.042507][T11286] usb 5-1: Product: syz [ 323.053371][ T8580] ocfs2: Unmounting device (7,5) on (node local) [ 323.058214][T11286] usb 5-1: Manufacturer: syz [ 323.089765][T11286] usb 5-1: SerialNumber: syz [ 323.120620][T11286] usb 5-1: config 0 descriptor?? [ 323.155092][T11286] etas_es58x 5-1:0.2: Starting syz syz (Serial Number syz) [ 323.362916][T11286] etas_es58x 5-1:0.2: Product info: 424242424242 [ 323.580316][T11286] usb 5-1: USB disconnect, device number 12 [ 323.601387][T11286] etas_es58x 5-1:0.2: Disconnecting syz syz [ 323.946434][T11635] cgroup: name respecified [ 323.972665][T11637] ieee802154 phy1 wpan1: encryption failed: -22 [ 324.992837][ T4385] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 325.108702][T11682] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744072924056005) [ 325.157487][T11682] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647 [ 325.190456][ T4385] usb 2-1: Using ep0 maxpacket: 8 [ 325.197554][ T4385] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 325.223370][ T4385] usb 2-1: config 0 has no interface number 0 [ 325.242804][ T4385] usb 2-1: config 0 interface 1 has no altsetting 0 [ 325.264721][ T4385] usb 2-1: New USB device found, idVendor=10c4, idProduct=eac1, bcdDevice=70.2f [ 325.303298][ T4385] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 325.331833][ T4385] usb 2-1: Product: syz [ 325.338892][ T26] audit: type=1326 audit(2000000019.551:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 325.348562][ T4385] usb 2-1: Manufacturer: syz [ 325.412693][ T26] audit: type=1326 audit(2000000019.601:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 325.457885][ T4385] usb 2-1: SerialNumber: syz [ 325.490747][ T4385] usb 2-1: config 0 descriptor?? [ 325.497415][ T26] audit: type=1326 audit(2000000019.601:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 325.538867][T11690] netlink: 'syz.3.3214': attribute type 3 has an invalid length. [ 325.597776][ T26] audit: type=1326 audit(2000000019.601:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 325.728692][ T26] audit: type=1326 audit(2000000019.601:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 325.743649][ T4385] i2c-cp2615: probe of 2-1:0.1 failed with error -22 [ 325.826595][ T26] audit: type=1326 audit(2000000019.601:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 325.899183][ T26] audit: type=1326 audit(2000000019.601:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 325.958690][ T26] audit: type=1326 audit(2000000019.621:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 326.022837][ T4385] usb 2-1: USB disconnect, device number 18 [ 326.032302][ T26] audit: type=1326 audit(2000000019.621:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11686 comm="syz.4.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 326.563429][ T26] audit: type=1326 audit(2000000020.781:131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11710 comm="syz.4.3222" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8779d9aeb9 code=0x7ffc0000 [ 326.907008][T11692] loop0: detected capacity change from 0 to 32768 [ 327.000744][T11692] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.3213 (11692) [ 327.091420][T11692] BTRFS info (device loop0): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 327.132815][T11692] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 327.171112][T11692] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 327.258789][T11692] BTRFS info (device loop0): use lzo compression, level 0 [ 327.302433][T11692] BTRFS info (device loop0): max_inline at 0 [ 327.308573][T11692] BTRFS info (device loop0): using free space tree [ 327.707157][T11763] netlink: 'syz.4.3237': attribute type 3 has an invalid length. [ 327.725320][T11692] BTRFS info (device loop0): enabling ssd optimizations [ 327.770405][T11692] BTRFS error (device loop0: state M): unrecognized mount option '0x000000000000000018446744073709551615' [ 328.002730][ T4269] BTRFS info (device loop0): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 328.046638][T11774] loop4: detected capacity change from 0 to 128 [ 328.151609][T11774] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 328.208940][T11774] ext4 filesystem being mounted at /702/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 328.390455][T11782] x_tables: unsorted underflow at hook 2 [ 328.500263][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 329.079623][T11809] netlink: 'syz.4.3252': attribute type 1 has an invalid length. [ 329.296810][T11816] loop3: detected capacity change from 0 to 764 [ 329.337062][T11818] loop5: detected capacity change from 0 to 256 [ 329.383020][T11816] rock: directory entry would overflow storage [ 329.400254][T11816] rock: sig=0x4654, size=5, remaining=4 [ 329.440170][T11816] isofs: Unable to find the ".." directory for NFS. [ 330.107547][T11846] netlink: 1096 bytes leftover after parsing attributes in process `syz.5.3270'. [ 330.198158][T11848] loop4: detected capacity change from 0 to 2048 [ 330.237176][T11852] netlink: 32 bytes leftover after parsing attributes in process `syz.1.3273'. [ 330.238242][T11848] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 330.301307][T11848] UDF-fs: error (device loop4): udf_verify_fi: directory (ino 1376) has entry where CRC length (0) does not match entry length (32) [ 330.326834][T11285] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 330.482725][T11286] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 330.524599][T11285] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 330.556359][T11285] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 330.584836][T11285] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 330.595805][T11285] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 330.605932][T11285] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 330.616805][T11285] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.627528][T11285] usb 4-1: config 0 descriptor?? [ 330.707918][T11286] usb 1-1: Using ep0 maxpacket: 8 [ 330.727000][T11286] usb 1-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d9.40 [ 330.761070][T11286] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.771080][T11286] usb 1-1: Product: syz [ 330.780182][T11286] usb 1-1: Manufacturer: syz [ 330.787256][T11286] usb 1-1: SerialNumber: syz [ 330.818938][T11286] usb 1-1: config 0 descriptor?? [ 330.847069][T11285] hdpvr 4-1:0.0: firmware version 0x15 dated &S3;x&X^ wΖ g/ n# [ 331.053624][T11285] hdpvr 4-1:0.0: device init failed [ 331.059008][T11285] hdpvr: probe of 4-1:0.0 failed with error -12 [ 331.082210][T11783] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 331.109168][T11285] usb 4-1: USB disconnect, device number 16 [ 331.222506][T11880] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3287'. [ 331.235555][T11286] usb 1-1: USB disconnect, device number 10 [ 331.272306][T11783] usb 6-1: Using ep0 maxpacket: 16 [ 331.279458][T11783] usb 6-1: config 0 has no interfaces? [ 331.325316][T11783] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 331.367569][T11783] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.391954][T11783] usb 6-1: Product: syz [ 331.401636][T11783] usb 6-1: Manufacturer: syz [ 331.430463][T11783] usb 6-1: SerialNumber: syz [ 331.444611][T11783] r8152-cfgselector 6-1: config 0 descriptor?? [ 331.668162][T11783] usbip-host 6-1: 6-1 is not in match_busid table... skip! [ 331.838329][T11897] netlink: 'syz.0.3295': attribute type 10 has an invalid length. [ 331.887693][ T4277] usb 6-1: USB disconnect, device number 7 [ 332.772096][T11933] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3312'. [ 332.784981][T11934] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 333.029880][T11944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3318'. [ 333.312267][T11957] loop3: detected capacity change from 0 to 764 [ 333.356987][T11957] rock: directory entry would overflow storage [ 333.378041][T11957] rock: sig=0x4654, size=5, remaining=4 [ 333.714381][T11970] device geneve3 entered promiscuous mode [ 333.841676][T11976] netlink: 'syz.0.3333': attribute type 10 has an invalid length. [ 334.292108][ T4720] usb 6-1: new full-speed USB device number 8 using dummy_hcd [ 334.494690][ T4720] usb 6-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 334.512412][ T4720] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 334.548548][ T4720] usb 6-1: config 0 descriptor?? [ 334.561398][T12008] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3350'. [ 334.892362][T12018] 9pnet: Found fid 0 not clunked [ 334.983208][ T4720] [drm:udl_init] *ERROR* Selecting channel failed [ 335.026630][ T4720] [drm] Initialized udl 0.0.1 20120220 for 6-1:0.0 on minor 2 [ 335.068064][ T4720] [drm] Initialized udl on minor 2 [ 335.088868][ T4720] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 335.121771][ T4720] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 335.162467][ T4720] usb 6-1: USB disconnect, device number 8 [ 335.181418][T11783] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 335.209100][T11783] udl 6-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 335.239676][T11783] udl 6-1:0.0: [drm] Cannot find any crtc or sizes [ 335.562749][T12040] netlink: 'syz.0.3366': attribute type 3 has an invalid length. [ 335.907195][T12056] netlink: 'syz.1.3374': attribute type 21 has an invalid length. [ 335.949828][T12056] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3374'. [ 336.278176][T12061] loop0: detected capacity change from 0 to 4096 [ 337.201864][ T4720] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 337.341966][T11286] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 337.391956][ T4720] usb 4-1: Using ep0 maxpacket: 16 [ 337.430316][ T4720] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 337.462011][ T4720] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.470090][ T4720] usb 4-1: Product: syz [ 337.502044][ T4720] usb 4-1: Manufacturer: syz [ 337.510371][ T4720] usb 4-1: SerialNumber: syz [ 337.539523][ T4720] r8152-cfgselector 4-1: config 0 descriptor?? [ 337.551882][T11286] usb 2-1: Using ep0 maxpacket: 8 [ 337.561144][T11286] usb 2-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d9.40 [ 337.576290][T11286] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.607897][T11286] usb 2-1: Product: syz [ 337.628129][T11286] usb 2-1: Manufacturer: syz [ 337.642416][T11286] usb 2-1: SerialNumber: syz [ 337.678349][T11286] usb 2-1: config 0 descriptor?? [ 338.012578][ T4720] r8152-cfgselector 4-1: Unknown version 0x0000 [ 338.047675][ T4720] r8152-cfgselector 4-1: USB disconnect, device number 17 [ 338.123166][T11286] usb 2-1: USB disconnect, device number 19 [ 338.446726][T12135] loop4: detected capacity change from 0 to 256 [ 338.491585][ T4684] udevd[4684]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 338.701832][T11783] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 338.891968][T11783] usb 1-1: Using ep0 maxpacket: 32 [ 338.905747][T11783] usb 1-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 338.933258][T11783] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.950748][T11783] usb 1-1: Product: syz [ 338.956054][T12149] trusted_key: encrypted_key: keylen for the ecryptfs format must be equal to 64 bytes [ 338.971293][T11783] usb 1-1: Manufacturer: syz [ 338.977358][T11783] usb 1-1: SerialNumber: syz [ 338.988675][T12151] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3419'. [ 339.204826][T11783] visor 1-1:1.0: Handspring Visor / Palm OS converter detected [ 339.231066][T12156] xt_hashlimit: size too large, truncated to 1048576 [ 339.234580][T11783] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 339.240771][T12156] xt_hashlimit: invalid rate [ 339.285003][T11783] usb 1-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 339.416815][T11783] usb 1-1: USB disconnect, device number 11 [ 339.437206][T11783] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 339.489862][T11783] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 339.528293][T11783] visor 1-1:1.0: device disconnected [ 339.551156][T12166] netlink: 'syz.5.3426': attribute type 10 has an invalid length. [ 339.644000][T12166] team0: Device hsr_slave_0 failed to register rx_handler [ 339.695030][T12168] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3427'. [ 339.839544][T12173] loop1: detected capacity change from 0 to 16 [ 339.866424][T12174] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3429'. [ 339.886139][T12173] erofs: (device loop1): mounted with root inode @ nid 36. [ 339.914031][T12173] erofs: (device loop1): z_erofs_readahead: readahead error at page 2 @ nid 89 [ 339.942120][ T4287] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -33 in[4096, 0] out[8192] [ 339.959257][T12173] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -33 in[4096, 0] out[4096] [ 339.980126][ T26] kauditd_printk_skb: 3 callbacks suppressed [ 339.980142][ T26] audit: type=1800 audit(2000000034.181:135): pid=12173 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.3430" name="file3" dev="loop1" ino=89 res=0 errno=0 [ 340.313749][T12184] loop0: detected capacity change from 0 to 2048 [ 340.343010][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.394757][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.487651][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.598298][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.661235][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.735623][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.758054][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.792601][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.836941][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.870173][T12202] IPVS: set_ctl: invalid protocol: 60 10.1.1.1:20003 [ 340.902495][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 340.945859][T12184] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=385, location=385 [ 340.993742][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 341.040359][T12184] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 341.101711][T12184] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 341.246072][T12216] netlink: 16 bytes leftover after parsing attributes in process `syz.5.3450'. [ 341.925279][T12239] loop1: detected capacity change from 0 to 2048 [ 342.007064][T12239] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 342.084524][T12248] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 342.171674][T12248] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 342.280824][T12248] overlayfs: missing 'lowerdir' [ 342.586206][T12264] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3474'. [ 342.965147][T12280] loop4: detected capacity change from 0 to 47 [ 343.410030][T12294] netlink: 'syz.0.3488': attribute type 1 has an invalid length. [ 343.491160][T12298] A link change request failed with some changes committed already. Interface veth1_to_hsr may have been left with an inconsistent configuration, please check. [ 343.670621][T12274] loop3: detected capacity change from 0 to 32768 [ 343.738139][T12274] ERROR: (device loop3): dbAlloc: unable to allocate blocks [ 343.738139][T12274] [ 343.751992][T12301] loop5: detected capacity change from 0 to 4096 [ 343.793681][T12301] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 343.840907][T12306] siw: device registration error -23 [ 344.399860][T12313] loop3: detected capacity change from 0 to 4096 [ 345.048790][T12341] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3511'. [ 345.271896][ T4729] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 345.463068][ T4729] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 345.490034][ T4729] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 345.531479][ T4729] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.553026][ T4729] usb 1-1: config 0 descriptor?? [ 345.774603][ T4729] ath6kl: Failed to submit usb control message: -71 [ 345.782112][ T4729] ath6kl: unable to send the bmi data to the device: -71 [ 345.789325][ T4729] ath6kl: Unable to send get target info: -71 [ 345.798025][ T4729] ath6kl: Failed to init ath6kl core: -71 [ 345.867816][T12371] xt_HMARK: spi-set and port-set can't be combined [ 345.874903][ T4729] ath6kl_usb: probe of 1-1:0.0 failed with error -71 [ 345.904624][ T4729] usb 1-1: USB disconnect, device number 12 [ 346.338374][T12390] netlink: 666 bytes leftover after parsing attributes in process `syz.1.3534'. [ 346.421360][ T4729] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 346.631896][ T4729] usb 6-1: config 0 interface 0 has no altsetting 0 [ 346.638748][ T4729] usb 6-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=5e.ad [ 346.710900][ T4729] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.754643][ T4729] usb 6-1: config 0 descriptor?? [ 346.767762][ T4729] usb 6-1: selecting invalid altsetting 0 [ 346.794500][ T4729] usb 6-1: can't set first interface for hiFace device. [ 346.821330][ T4729] snd-usb-hiface: probe of 6-1:0.0 failed with error -5 [ 346.935234][T12405] loop0: detected capacity change from 0 to 4096 [ 346.974135][T12405] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 346.995052][T11285] usb 6-1: USB disconnect, device number 9 [ 347.100115][T12405] ntfs: (device loop0): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 347.137000][T12405] ntfs: (device loop0): ntfs_read_locked_inode(): $DATA attribute is missing. [ 347.174847][T12405] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 347.209702][T12405] ntfs: (device loop0): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 347.294989][T12417] loop4: detected capacity change from 0 to 256 [ 347.301809][T12416] netlink: 'syz.1.3548': attribute type 2 has an invalid length. [ 347.349317][T12416] netlink: 'syz.1.3548': attribute type 1 has an invalid length. [ 347.358827][T12405] ntfs: volume version 3.1. [ 347.384357][T12405] ntfs: (device loop0): load_and_init_quota(): Failed to find inode number for $Quota. [ 347.414705][T12405] ntfs: (device loop0): load_system_files(): Failed to load $Quota. Will not be able to remount read-write. Run chkdsk. [ 347.752339][T12423] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3551'. [ 347.837045][T12427] sctp: [Deprecated]: syz.5.3553 (pid 12427) Use of int in maxseg socket option. [ 347.837045][T12427] Use struct sctp_assoc_value instead [ 348.198477][T12437] overlayfs: The uuid=off requires a single fs for lower and upper, falling back to uuid=on. [ 348.263033][T12437] overlayfs: overlapping lowerdir path [ 348.386009][T12443] netlink: 'syz.4.3560': attribute type 1 has an invalid length. [ 348.423679][T12441] netlink: 28 bytes leftover after parsing attributes in process `syz.5.3561'. [ 348.447850][T12419] loop3: detected capacity change from 0 to 32768 [ 348.592656][T12419] XFS (loop3): Mounting V5 Filesystem [ 348.768979][T12419] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 348.870393][T12419] XFS (loop3): Starting recovery (logdev: internal) [ 349.007205][T12419] XFS (loop3): Ending recovery (logdev: internal) [ 349.167584][T12419] XFS (loop3): AG 0: Corrupt btree 5 pointer at level 1 index 0. [ 349.299861][ T4283] XFS (loop3): Unmounting Filesystem [ 349.561180][T11285] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 349.690977][ T26] audit: type=1326 audit(2000000043.892:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12494 comm="syz.0.3584" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x0 [ 349.771199][T11285] usb 6-1: Using ep0 maxpacket: 16 [ 349.784845][T11285] usb 6-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 349.821981][T11285] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 349.839130][T11285] usb 6-1: Product: syz [ 349.875831][T11285] usb 6-1: Manufacturer: syz [ 349.880559][T11285] usb 6-1: SerialNumber: syz [ 349.912822][T11285] r8152-cfgselector 6-1: config 0 descriptor?? [ 349.968597][T12501] device veth1_to_bond entered promiscuous mode [ 350.029628][T12501] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 350.303407][T12511] netlink: 'syz.1.3591': attribute type 6 has an invalid length. [ 350.329018][T11285] r8152-cfgselector 6-1: Unknown version 0x0000 [ 350.337689][T12511] netlink: 127868 bytes leftover after parsing attributes in process `syz.1.3591'. [ 350.355363][T11285] r8152-cfgselector 6-1: USB disconnect, device number 10 [ 350.495031][T12517] loop4: detected capacity change from 0 to 256 [ 350.608507][T12517] FAT-fs (loop4): Directory bread(block 64) failed [ 350.651357][T12517] FAT-fs (loop4): Directory bread(block 65) failed [ 350.658085][T12517] FAT-fs (loop4): Directory bread(block 66) failed [ 350.695258][T12517] FAT-fs (loop4): Directory bread(block 67) failed [ 350.727590][T12517] FAT-fs (loop4): Directory bread(block 68) failed [ 350.748235][T12517] FAT-fs (loop4): Directory bread(block 69) failed [ 350.776421][T12517] FAT-fs (loop4): Directory bread(block 70) failed [ 350.806364][T12527] loop0: detected capacity change from 0 to 128 [ 350.808972][T12517] FAT-fs (loop4): Directory bread(block 71) failed [ 350.829758][T12517] FAT-fs (loop4): Directory bread(block 72) failed [ 350.844954][T12527] autofs4:pid:12527:autofs_fill_super: called with bogus options [ 350.871112][T12517] FAT-fs (loop4): Directory bread(block 73) failed [ 351.270661][T12545] xt_hashlimit: max too large, truncated to 1048576 [ 351.368549][T12548] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3609'. [ 351.508072][T12551] loop5: detected capacity change from 0 to 512 [ 351.550825][T12551] EXT4-fs error (device loop5): ext4_orphan_get:1425: comm syz.5.3611: bad orphan inode 13 [ 351.638422][T12551] ext4_test_bit(bit=12, block=4) = 1 [ 351.663352][T12551] is_bad_inode(inode)=0 [ 351.667673][T12551] NEXT_ORPHAN(inode)=0 [ 351.700561][T12551] max_ino=32 [ 351.725805][T12551] i_nlink=1 [ 351.725893][T12551] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 351.739887][T12551] EXT4-fs warning (device loop5): dx_probe:845: inode #2: comm syz.5.3611: Hash code is SIPHASH, but hash not in dirent [ 351.739964][T12551] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.3611: Corrupt directory, running e2fsck is recommended [ 351.740169][T12551] EXT4-fs warning (device loop5): dx_probe:845: inode #2: comm syz.5.3611: Hash code is SIPHASH, but hash not in dirent [ 351.740196][T12551] EXT4-fs warning (device loop5): dx_probe:966: inode #2: comm syz.5.3611: Corrupt directory, running e2fsck is recommended [ 351.740252][T12551] EXT4-fs error (device loop5): ext4_find_dest_de:2115: inode #2: block 13: comm syz.5.3611: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=0, rec_len=6, size=1024 fake=0 [ 352.071763][ T8580] EXT4-fs (loop5): unmounting filesystem. [ 352.216196][T12575] loop3: detected capacity change from 0 to 256 [ 352.259746][T12575] exfat: Deprecated parameter 'namecase' [ 352.291073][T12575] exfat: Deprecated parameter 'namecase' [ 352.327277][T12575] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 352.341010][T11783] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 352.541038][T11783] usb 5-1: Using ep0 maxpacket: 32 [ 352.548731][T11783] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 352.586816][T11783] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 352.615362][T12581] loop5: detected capacity change from 0 to 4096 [ 352.627673][T11783] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 352.649987][T12583] loop0: detected capacity change from 0 to 1024 [ 352.670271][T11783] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.699250][T11783] usb 5-1: config 0 descriptor?? [ 352.753210][T11783] hub 5-1:0.0: USB hub found [ 352.874764][T12585] netlink: 36 bytes leftover after parsing attributes in process `syz.3.3626'. [ 352.959347][T11783] hub 5-1:0.0: 28 ports detected [ 352.981146][T11783] hub 5-1:0.0: insufficient power available to use all downstream ports [ 353.018780][T12571] loop1: detected capacity change from 0 to 32768 [ 353.070182][T12589] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3628'. [ 353.122701][T12589] netlink: 60 bytes leftover after parsing attributes in process `syz.0.3628'. [ 353.123429][T12571] ERROR: (device loop1): diAllocBit: iag inconsistent [ 353.123429][T12571] [ 353.176405][T11783] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 353.191298][T11783] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 353.227478][T12571] ialloc: diAlloc returned -5! [ 353.250478][T11783] usbhid 5-1:0.0: can't add hid device: -71 [ 353.277180][T11783] usbhid: probe of 5-1:0.0 failed with error -71 [ 353.341779][T11783] usb 5-1: USB disconnect, device number 13 [ 353.391636][T12593] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 353.491065][T12593] overlayfs: missing 'lowerdir' [ 353.694810][T12603] loop5: detected capacity change from 0 to 256 [ 353.781017][ T4720] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 353.791897][T12603] FAT-fs (loop5): Directory bread(block 64) failed [ 353.822672][T12603] FAT-fs (loop5): Directory bread(block 65) failed [ 353.829380][T12603] FAT-fs (loop5): Directory bread(block 66) failed [ 353.879904][T12603] FAT-fs (loop5): Directory bread(block 67) failed [ 353.913576][T12603] FAT-fs (loop5): Directory bread(block 68) failed [ 353.928652][T12603] FAT-fs (loop5): Directory bread(block 69) failed [ 353.953007][T12603] FAT-fs (loop5): Directory bread(block 70) failed [ 353.971268][T12603] FAT-fs (loop5): Directory bread(block 71) failed [ 353.977954][T12603] FAT-fs (loop5): Directory bread(block 72) failed [ 353.981767][ T4720] usb 4-1: Using ep0 maxpacket: 16 [ 354.001708][ T4720] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 354.050774][ T4720] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 354.066161][T12603] FAT-fs (loop5): Directory bread(block 73) failed [ 354.081004][ T4720] usb 4-1: config 0 has no interface number 0 [ 354.103488][ T4720] usb 4-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 354.139252][T12612] netlink: 'syz.0.3639': attribute type 1 has an invalid length. [ 354.146780][ T4720] usb 4-1: New USB device strings: Mfr=5, Product=2, SerialNumber=3 [ 354.160938][ T4720] usb 4-1: Product: syz [ 354.165171][ T4720] usb 4-1: Manufacturer: syz [ 354.180226][ T4720] usb 4-1: SerialNumber: syz [ 354.225319][ T4720] usb 4-1: config 0 descriptor?? [ 354.364303][T12619] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3643'. [ 354.455196][ T4720] usb 4-1: Found UVC 0.00 device syz (046c:14e8) [ 354.478382][ T4720] usb 4-1: No valid video chain found. [ 354.511062][ T4720] usb 4-1: USB disconnect, device number 18 [ 354.881056][ T4287] Bluetooth: hci1: command 0x0406 tx timeout [ 355.229603][ T26] audit: type=1326 audit(2000000049.432:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12650 comm="syz.5.3660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 355.323889][ T26] audit: type=1326 audit(2000000049.482:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12650 comm="syz.5.3660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=440 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 355.355045][T12655] loop1: detected capacity change from 0 to 2048 [ 355.372521][ T26] audit: type=1326 audit(2000000049.482:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12650 comm="syz.5.3660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 355.443508][T12655] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 355.501082][ T26] audit: type=1326 audit(2000000049.482:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12650 comm="syz.5.3660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 355.530157][T12655] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 355.603451][T12655] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 355.636725][T12655] UDF-fs: Scanning with blocksize 512 failed [ 355.710324][ T52] block nbd4: Attempted send on invalid socket [ 355.717171][ T52] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 355.738303][T12655] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 355.768936][T12670] netlink: 144 bytes leftover after parsing attributes in process `syz.0.3668'. [ 356.536682][T12696] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3680'. [ 356.957173][T12714] Lens A: ================= START STATUS ================= [ 356.975057][T12714] Lens A: Focus, Absolute: 0 [ 356.980437][T12714] Lens A: ================== END STATUS ================== [ 357.089709][T11783] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 357.180866][ T4720] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 357.281556][T11783] usb 4-1: too many configurations: 241, using maximum allowed: 8 [ 357.324505][T11783] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 357.355020][T11783] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.372727][ T4720] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 357.388319][T11783] usb 4-1: Product: syz [ 357.393080][ T4720] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 357.409110][T11783] usb 4-1: Manufacturer: syz [ 357.414613][T11783] usb 4-1: SerialNumber: syz [ 357.420440][ T4720] usb 2-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 357.431418][ T4720] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 357.441839][T11783] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 357.453135][ T4720] usb 2-1: config 0 descriptor?? [ 357.486353][ T4385] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 357.681418][ T4720] usb 2-1: USB disconnect, device number 20 [ 357.729004][ C1] usb 4-1: ath9k_htc: over RX MAX_PKT_NUM [ 357.933906][T11286] usb 4-1: USB disconnect, device number 19 [ 358.042919][T12728] loop0: detected capacity change from 0 to 32768 [ 358.122051][T12728] XFS (loop0): Mounting V5 Filesystem [ 358.263427][T12728] XFS (loop0): Ending clean mount [ 358.286883][T12728] XFS (loop0): Quotacheck needed: Please wait. [ 358.344917][T12756] netlink: 'syz.5.3706': attribute type 11 has an invalid length. [ 358.381346][T12728] XFS (loop0): Quotacheck: Done. [ 358.550712][ T4385] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 358.587706][ T4385] ath9k_htc: Failed to initialize the device [ 358.614481][T11286] usb 4-1: ath9k_htc: USB layer deinitialized [ 358.649609][ T4269] XFS (loop0): Unmounting Filesystem [ 358.833880][T12767] loop4: detected capacity change from 0 to 1024 [ 358.845516][T12770] loop1: detected capacity change from 0 to 256 [ 358.913210][T12770] FAT-fs (loop1): Directory bread(block 64) failed [ 358.986284][T12770] FAT-fs (loop1): Directory bread(block 65) failed [ 359.034622][T12770] FAT-fs (loop1): Directory bread(block 66) failed [ 359.065991][T12774] loop5: detected capacity change from 0 to 256 [ 359.097029][T12770] FAT-fs (loop1): Directory bread(block 67) failed [ 359.116102][T12770] FAT-fs (loop1): Directory bread(block 68) failed [ 359.133123][T12776] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 359.150729][T12770] FAT-fs (loop1): Directory bread(block 69) failed [ 359.157406][T12770] FAT-fs (loop1): Directory bread(block 70) failed [ 359.201866][T12770] FAT-fs (loop1): Directory bread(block 71) failed [ 359.208562][T12774] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 359.221828][T12770] FAT-fs (loop1): Directory bread(block 72) failed [ 359.228411][T12770] FAT-fs (loop1): Directory bread(block 73) failed [ 359.660981][T12788] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3721'. [ 359.670108][T12788] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3721'. [ 359.800720][T12788] netlink: 20 bytes leftover after parsing attributes in process `syz.5.3721'. [ 359.889029][T12790] loop1: detected capacity change from 0 to 4096 [ 359.961541][T12790] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 360.105345][T12790] ntfs3: loop1: failed to convert "c46c" to cp1251 [ 360.283254][T12808] libceph: resolve '4.' (ret=-3): failed [ 360.948911][T12836] netlink: 'syz.1.3746': attribute type 11 has an invalid length. [ 361.229629][T12847] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3751'. [ 362.008691][T12879] loop4: detected capacity change from 0 to 256 [ 362.334956][T12883] loop5: detected capacity change from 0 to 4096 [ 362.417563][T12883] ntfs3: loop5: ntfs_set_state r=3 failed, -22. [ 362.616750][ T4298] ntfs3: loop5: ntfs3_write_inode r=3 failed, -22. [ 362.623736][ T8580] ntfs3: loop5: ntfs_set_state r=3 failed, -22. [ 362.630033][ T8580] ntfs3: loop5: Mark volume as dirty due to NTFS errors [ 362.664447][ T8580] ntfs3: loop5: ntfs_set_state r=3 failed, -22. [ 362.690486][ T9] ntfs3: loop5: ntfs3_write_inode r=3 failed, -22. [ 362.697784][ T8580] ntfs3: loop5: ntfs_evict_inode r=3 failed, -22. [ 362.927605][T12909] loop1: detected capacity change from 0 to 2048 [ 362.987376][T12909] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 363.046389][T12907] loop4: detected capacity change from 0 to 4096 [ 363.112472][T12916] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 363.123677][T12909] syz.1.3781: attempt to access beyond end of device [ 363.123677][T12909] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 363.203462][T12909] syz.1.3781: attempt to access beyond end of device [ 363.203462][T12909] loop1: rw=0, sector=33554430, nr_sectors = 2 limit=2048 [ 363.256234][T12918] loop0: detected capacity change from 0 to 16 [ 363.290065][T12909] NILFS (loop1): I/O error reading meta-data file (ino=6, block-offset=3) [ 363.337187][T12918] erofs: (device loop0): mounted with root inode @ nid 36. [ 363.344562][T12909] NILFS (loop1): error -5 reading inode: ino=12 [ 363.376164][T12918] erofs: (device loop0): erofs_read_inode: bogus i_mode (4355) @ nid 46 [ 364.679191][T12967] autofs4:pid:12967:autofs_fill_super: called with bogus options [ 364.957058][T12982] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 365.373952][T12998] loop0: detected capacity change from 0 to 64 [ 365.469741][T13000] netlink: 256 bytes leftover after parsing attributes in process `syz.4.3824'. [ 365.532900][T13002] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3825'. [ 365.544540][T12997] loop1: detected capacity change from 0 to 4096 [ 365.590503][T13002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3825'. [ 365.631633][T13002] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3825'. [ 365.698249][T12997] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 365.833155][T12997] Quota error (device loop1): find_block_dqentry: Quota for id 0 referenced but not present [ 365.910717][T12997] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 365.938295][T12997] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.3823: Failed to acquire dquot type 0 [ 366.214587][T13024] netlink: 14 bytes leftover after parsing attributes in process `syz.0.3834'. [ 366.231598][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 366.452461][T13031] ieee802154 phy1 wpan1: encryption failed: -22 [ 366.565664][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.596331][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.616544][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.645157][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.671349][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.695941][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.713809][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.734094][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.759568][T13045] loop3: detected capacity change from 0 to 128 [ 366.771053][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.778517][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.816948][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.837193][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.865922][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.897624][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.917890][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.928024][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.948256][ T4385] hid-generic C990:0003:007F.0001: unknown main item tag 0x0 [ 366.989280][ T4385] hid-generic C990:0003:007F.0001: hidraw0: HID v0.00 Device [syz0] on syz1 [ 367.451594][T13066] loop0: detected capacity change from 0 to 256 [ 367.555500][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.619838][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.660475][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.669281][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.686905][T13042] loop4: detected capacity change from 0 to 32768 [ 367.695531][T13063] fido_id[13063]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 367.729945][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.760147][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.778391][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.805300][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.816961][T13042] XFS (loop4): Mounting V5 Filesystem [ 367.818000][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.833285][T13066] FAT-fs (loop0): error, fat_get_cluster: invalid cluster chain (i_pos 196) [ 367.849728][ T26] audit: type=1800 audit(2000000062.063:141): pid=13066 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.3854" name="file1" dev="loop0" ino=1048640 res=0 errno=0 [ 367.925708][T13066] FAT-fs (loop0): error, fat_free_clusters: deleting FAT entry beyond EOF [ 367.963303][T13042] XFS (loop4): Ending clean mount [ 367.977189][T13042] XFS (loop4): Quotacheck needed: Please wait. [ 368.002471][T13066] syz.0.3854 (13066) used greatest stack depth: 20184 bytes left [ 368.039661][T13084] loop5: detected capacity change from 0 to 2048 [ 368.114923][T13084] loop5: p1 < > p3 [ 368.170185][T13084] loop5: p3 size 134217728 extends beyond EOD, truncated [ 368.181105][T13042] XFS (loop4): Quotacheck: Done. [ 368.441877][ T4272] XFS (loop4): Unmounting Filesystem [ 368.564052][ T8417] udevd[8417]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 368.611288][ T4568] udevd[4568]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 368.681893][ T4568] udevd[4568]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory [ 368.729163][ T8417] udevd[8417]: inotify_add_watch(7, /dev/loop5p1, 10) failed: No such file or directory [ 369.070385][T13110] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3872'. [ 369.153063][T13114] x_tables: duplicate underflow at hook 3 [ 369.276881][T13116] loop4: detected capacity change from 0 to 512 [ 369.338206][T13116] EXT4-fs: Ignoring removed orlov option [ 369.380960][T13116] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 369.445449][T13116] EXT4-fs (loop4): orphan cleanup on readonly fs [ 369.490540][T13116] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.3875: bg 0: block 248: padding at end of block bitmap is not set [ 369.553488][T13127] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3881'. [ 369.564123][T13129] netlink: 'syz.3.3880': attribute type 10 has an invalid length. [ 369.621817][T13116] Quota error (device loop4): write_blk: dquota write failed [ 369.652275][T13116] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 369.670810][T13129] bond0: (slave wlan1): Releasing backup interface [ 369.673459][T13116] EXT4-fs error (device loop4): ext4_acquire_dquot:6835: comm syz.4.3875: Failed to acquire dquot type 1 [ 369.747766][T13116] EXT4-fs (loop4): 1 truncate cleaned up [ 369.783068][T13116] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 369.920805][T13116] EXT4-fs: Ignoring removed orlov option [ 369.939084][T13116] EXT4-fs: can't change dax mount option while remounting [ 370.060075][ T4720] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 370.121046][ T4272] EXT4-fs (loop4): unmounting filesystem. [ 370.260217][ T4720] usb 2-1: Using ep0 maxpacket: 16 [ 370.270865][ T4720] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 370.310076][ T4720] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.328397][ T4720] usb 2-1: Product: syz [ 370.348647][ T4720] usb 2-1: Manufacturer: syz [ 370.358765][ T4720] usb 2-1: SerialNumber: syz [ 370.383750][ T4720] r8152-cfgselector 2-1: config 0 descriptor?? [ 370.556770][T13162] loop0: detected capacity change from 0 to 256 [ 370.581983][T13162] exfat: Deprecated parameter 'utf8' [ 370.597808][T13162] exfat: Deprecated parameter 'utf8' [ 370.687038][T13162] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 370.821629][ T4720] r8152-cfgselector 2-1: Unknown version 0x0000 [ 370.835332][ T4720] r8152-cfgselector 2-1: bad CDC descriptors [ 370.895847][ T4720] r8152-cfgselector 2-1: Unknown version 0x0000 [ 370.928663][ T4720] r8152-cfgselector 2-1: USB disconnect, device number 21 [ 370.984269][T13171] loop3: detected capacity change from 0 to 512 [ 371.086767][T13171] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #15: comm syz.3.3902: inode has both inline data and extents flags [ 371.205538][T13171] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.3902: couldn't read orphan inode 15 (err -117) [ 371.243140][T13184] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3904'. [ 371.280461][T13171] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 371.512250][ T4283] EXT4-fs (loop3): unmounting filesystem. [ 371.761999][T13197] loop3: detected capacity change from 0 to 1764 [ 372.174250][T13215] loop1: detected capacity change from 0 to 4096 [ 372.215473][T13215] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 372.226949][T13218] IPv6: sit2: Disabled Multicast RS [ 372.320646][T13215] ntfs3: loop1: failed to convert "c46c" to macromanian [ 372.614581][T13229] A link change request failed with some changes committed already. Interface bond_slave_0 may have been left with an inconsistent configuration, please check. [ 372.842590][ T26] audit: type=1326 audit(2000000067.053:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13237 comm="syz.5.3933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 372.893813][T13241] loop4: detected capacity change from 0 to 8 [ 372.940161][ T26] audit: type=1326 audit(2000000067.103:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13237 comm="syz.5.3933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 373.029975][ T26] audit: type=1326 audit(2000000067.103:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13237 comm="syz.5.3933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 373.078523][T13241] SQUASHFS error: lzo decompression failed, data probably corrupt [ 373.101405][T13241] SQUASHFS error: Failed to read block 0x1dd: -5 [ 373.108134][T13241] SQUASHFS error: Unable to read metadata cache entry [1db] [ 373.125853][T13241] SQUASHFS error: Unable to read inode 0xa7 [ 373.145881][ T26] audit: type=1326 audit(2000000067.103:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13237 comm="syz.5.3933" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe6a639aeb9 code=0x7ffc0000 [ 373.245936][T13250] loop5: detected capacity change from 0 to 256 [ 373.297650][T13250] exFAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 373.350588][T13250] exFAT-fs (loop5): Medium has reported failures. Some data may be lost. [ 373.421866][T13250] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0xe5674ec2, utbl_chksum : 0xe619d30d) [ 373.617283][T13261] loop1: detected capacity change from 0 to 136 [ 373.720083][ T5994] usb 5-1: new full-speed USB device number 14 using dummy_hcd [ 373.870006][ T26] audit: type=1400 audit(2000000068.083:146): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="unconfined" name=2626200D3A950D02494F07333A pid=13268 comm="syz.3.3948" [ 373.898430][T13271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3947'. [ 373.944237][ T5994] usb 5-1: unable to get BOS descriptor or descriptor too short [ 373.961791][ T5994] usb 5-1: not running at top speed; connect to a high speed hub [ 373.974864][T13271] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3947'. [ 373.999317][ T5994] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 374.049227][ T5994] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 374.071832][ T5994] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.109779][ T5994] usb 5-1: Product: syz [ 374.119931][ T5994] usb 5-1: Manufacturer: syz [ 374.134907][ T5994] usb 5-1: SerialNumber: syz [ 374.156464][ T5994] usb 5-1: selecting invalid altsetting 1 [ 374.175125][T13277] loop3: detected capacity change from 0 to 1024 [ 374.200886][T13277] EXT4-fs: Ignoring removed nomblk_io_submit option [ 374.230093][T13280] loop5: detected capacity change from 0 to 64 [ 374.246814][T13277] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 374.312936][T13277] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 374.351137][ T26] audit: type=1326 audit(2000000068.563:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13282 comm="syz.0.3955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 374.410631][ T26] audit: type=1326 audit(2000000068.593:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13282 comm="syz.0.3955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=72 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 374.433502][ T26] audit: type=1326 audit(2000000068.593:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13282 comm="syz.0.3955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 374.456113][ T26] audit: type=1326 audit(2000000068.593:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13282 comm="syz.0.3955" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe83659aeb9 code=0x7ffc0000 [ 374.493867][T13277] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 374.634797][ T5994] cdc_ncm 5-1:1.0: failed GET_NTB_PARAMETERS [ 374.649182][ T5994] cdc_ncm 5-1:1.0: bind() failure [ 374.714194][ T5994] usb 5-1: USB disconnect, device number 14 [ 374.778840][ T4283] EXT4-fs (loop3): unmounting filesystem. [ 375.333217][T13312] netlink: 100 bytes leftover after parsing attributes in process `syz.0.3967'. [ 375.371552][T13312] A link change request failed with some changes committed already. Interface veth1_to_team may have been left with an inconsistent configuration, please check. [ 375.574405][T13325] loop4: detected capacity change from 0 to 256 [ 375.688757][T13325] FAT-fs (loop4): Directory bread(block 64) failed [ 375.748067][T13325] FAT-fs (loop4): Directory bread(block 65) failed [ 375.767705][T13325] FAT-fs (loop4): Directory bread(block 66) failed [ 375.785257][T13325] FAT-fs (loop4): Directory bread(block 67) failed [ 375.806043][T13325] FAT-fs (loop4): Directory bread(block 68) failed [ 375.860831][T13325] FAT-fs (loop4): Directory bread(block 69) failed [ 375.867558][T13325] FAT-fs (loop4): Directory bread(block 70) failed [ 375.939735][T13325] FAT-fs (loop4): Directory bread(block 71) failed [ 375.950240][T13325] FAT-fs (loop4): Directory bread(block 72) failed [ 375.972433][T13325] FAT-fs (loop4): Directory bread(block 73) failed [ 376.094016][ T26] audit: type=1800 audit(2000000070.303:151): pid=13325 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3974" name="file1" dev="loop4" ino=1048642 res=0 errno=0 [ 376.439635][ T4729] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 376.639707][ T4729] usb 2-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 376.680481][ T4729] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.708811][ T4729] usb 2-1: config 0 descriptor?? [ 376.752476][ T4729] ums-jumpshot 2-1:0.0: USB Mass Storage device detected [ 376.821468][ T4729] ums-jumpshot 2-1:0.0: Quirks match for vid 05dc pid 0001: 2 [ 376.862105][T13369] loop0: detected capacity change from 0 to 1024 [ 376.967032][ T5994] usb 2-1: USB disconnect, device number 22 [ 377.080335][ T4370] hfsplus: b-tree write err: -5, ino 4 [ 377.133850][T13377] netlink: 140 bytes leftover after parsing attributes in process `syz.3.3998'. [ 377.367635][T13385] loop0: detected capacity change from 0 to 256 [ 377.388834][T13385] exfat: Deprecated parameter 'utf8' [ 377.399737][T13385] exfat: Deprecated parameter 'namecase' [ 377.429389][T13385] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x11bbdf60, utbl_chksum : 0xe619d30d) [ 377.460358][T13385] kAFS: unable to lookup cell 's@z0' [ 377.571299][T13363] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 377.591995][ T4729] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 377.802070][ T4729] usb 4-1: config 0 has an invalid interface number: 255 but max is 0 [ 377.810961][T13397] netlink: 32 bytes leftover after parsing attributes in process `syz.5.4008'. [ 377.831028][ T4729] usb 4-1: config 0 has no interface number 0 [ 377.837314][ T4729] usb 4-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 377.881434][T13400] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 377.889743][ T4729] usb 4-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 377.889856][ T4729] usb 4-1: config 0 interface 255 has no altsetting 0 [ 377.889889][ T4729] usb 4-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 377.889910][ T4729] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.904348][ T4729] usb 4-1: config 0 descriptor?? [ 378.012765][ T4729] ums-realtek 4-1:0.255: USB Mass Storage device detected [ 378.254134][ T5994] usb 4-1: USB disconnect, device number 20 [ 378.264304][T13414] loop1: detected capacity change from 0 to 512 [ 378.299883][T13414] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 378.324470][T13414] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 378.394147][ T1273] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.438753][T13414] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:3852: comm syz.1.4016: Allocating blocks 41-42 which overlap fs metadata [ 378.511230][T13414] Quota error (device loop1): write_blk: dquota write failed [ 378.522342][T13414] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 378.536609][T13414] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 378.547483][T13414] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.4016: Failed to acquire dquot type 1 [ 378.563735][T13414] EXT4-fs error (device loop1): mb_free_blocks:1826: group 0, inode 12: block 14:freeing already freed block (bit 14); block bitmap corrupt. [ 378.582582][T13414] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.4016: corrupted inode contents [ 378.604226][T13414] EXT4-fs error (device loop1): ext4_dirty_inode:6137: inode #12: comm syz.1.4016: mark_inode_dirty error [ 378.616696][T13414] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.4016: corrupted inode contents [ 378.629822][T13414] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #12: comm syz.1.4016: mark_inode_dirty error [ 378.642309][T13414] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.4016: corrupted inode contents [ 378.658551][T13414] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 378.678230][T13414] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #12: comm syz.1.4016: corrupted inode contents [ 378.695200][T13428] loop5: detected capacity change from 0 to 1764 [ 378.710325][T13414] EXT4-fs error (device loop1): ext4_truncate:4318: inode #12: comm syz.1.4016: mark_inode_dirty error [ 378.763970][T13414] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 378.829241][T13414] EXT4-fs (loop1): 1 truncate cleaned up [ 378.836306][T13414] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 378.999056][T13414] [ 379.001566][T13414] ====================================================== [ 379.008618][T13414] WARNING: possible circular locking dependency detected [ 379.015685][T13414] syzkaller #0 Not tainted [ 379.020137][T13414] ------------------------------------------------------ [ 379.027203][T13414] syz.1.4016/13414 is trying to acquire lock: [ 379.033310][T13414] ffff888070777068 (&dquot->dq_lock){+.+.}-{3:3}, at: dquot_commit+0x5a/0x410 [ 379.042276][T13414] [ 379.042276][T13414] but task is already holding lock: [ 379.049691][T13414] ffff88807074e6d8 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_map_blocks+0x910/0x1b70 [ 379.059259][T13414] [ 379.059259][T13414] which lock already depends on the new lock. [ 379.059259][T13414] [ 379.069679][T13414] [ 379.069679][T13414] the existing dependency chain (in reverse order) is: [ 379.078710][T13414] [ 379.078710][T13414] -> #2 (&ei->i_data_sem/2){++++}-{3:3}: [ 379.086581][T13414] down_read+0x42/0x2d0 [ 379.091289][T13414] ext4_map_blocks+0x323/0x1b70 [ 379.096724][T13414] ext4_getblk+0x1cc/0x6f0 [ 379.101699][T13414] ext4_bread+0x26/0x170 [ 379.106520][T13414] ext4_quota_write+0x236/0x580 [ 379.111911][T13414] get_free_dqblk+0x312/0x660 [ 379.117131][T13414] do_insert_tree+0x22b/0x1040 [ 379.122458][T13414] do_insert_tree+0x9eb/0x1040 [ 379.127764][T13414] do_insert_tree+0x9ae/0x1040 [ 379.133075][T13414] do_insert_tree+0x9ae/0x1040 [ 379.138383][T13414] qtree_write_dquot+0x49d/0x5d0 [ 379.143856][T13414] v2_write_dquot+0x108/0x190 [ 379.149081][T13414] dquot_acquire+0x2d5/0x520 [ 379.154206][T13414] ext4_acquire_dquot+0x2d9/0x4a0 [ 379.159776][T13414] dqget+0x778/0xeb0 [ 379.164212][T13414] dquot_transfer+0x5f2/0x7e0 [ 379.169425][T13414] ext4_setattr+0x93d/0x19f0 [ 379.174552][T13414] notify_change+0xc74/0xf40 [ 379.179680][T13414] chown_common+0x4a0/0x660 [ 379.184723][T13414] do_fchownat+0x147/0x240 [ 379.189677][T13414] __x64_sys_chown+0x7e/0x90 [ 379.194813][T13414] do_syscall_64+0x4c/0xa0 [ 379.199769][T13414] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 379.206205][T13414] [ 379.206205][T13414] -> #1 (&s->s_dquot.dqio_sem){++++}-{3:3}: [ 379.214299][T13414] down_read+0x42/0x2d0 [ 379.219000][T13414] v2_read_dquot+0x4a/0x110 [ 379.224043][T13414] dquot_acquire+0x152/0x520 [ 379.229189][T13414] ext4_acquire_dquot+0x2d9/0x4a0 [ 379.234755][T13414] dqget+0x778/0xeb0 [ 379.239186][T13414] __dquot_initialize+0x3c3/0xcd0 [ 379.244751][T13414] ext4_rmdir+0x141/0xb10 [ 379.249634][T13414] vfs_rmdir+0x36c/0x4d0 [ 379.254420][T13414] do_rmdir+0x29a/0x5c0 [ 379.259115][T13414] __x64_sys_unlinkat+0xc0/0xe0 [ 379.264505][T13414] do_syscall_64+0x4c/0xa0 [ 379.269468][T13414] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 379.275916][T13414] [ 379.275916][T13414] -> #0 (&dquot->dq_lock){+.+.}-{3:3}: [ 379.283585][T13414] __lock_acquire+0x2d07/0x7d10 [ 379.288986][T13414] lock_acquire+0x1bb/0x4a0 [ 379.294034][T13414] __mutex_lock+0x12d/0xaf0 [ 379.299088][T13414] dquot_commit+0x5a/0x410 [ 379.304056][T13414] ext4_write_dquot+0x1f0/0x360 [ 379.309455][T13414] mark_all_dquot_dirty+0x1e3/0x400 [ 379.315194][T13414] __dquot_alloc_space+0x5fc/0xe60 [ 379.320861][T13414] ext4_mb_new_blocks+0xf8d/0x4760 [ 379.326535][T13414] ext4_ext_map_blocks+0x195b/0x6810 [ 379.332368][T13414] ext4_map_blocks+0x9de/0x1b70 [ 379.337766][T13414] ext4_getblk+0x1cc/0x6f0 [ 379.342736][T13414] ext4_bread+0x26/0x170 [ 379.347532][T13414] ext4_append+0x2be/0x560 [ 379.352502][T13414] ext4_init_new_dir+0x2b8/0x570 [ 379.358006][T13414] ext4_mkdir+0x4fb/0xce0 [ 379.362884][T13414] vfs_mkdir+0x387/0x570 [ 379.367665][T13414] do_mkdirat+0x1d8/0x440 [ 379.372543][T13414] __x64_sys_mkdirat+0x85/0x90 [ 379.377895][T13414] do_syscall_64+0x4c/0xa0 [ 379.382860][T13414] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 379.389297][T13414] [ 379.389297][T13414] other info that might help us debug this: [ 379.389297][T13414] [ 379.399539][T13414] Chain exists of: [ 379.399539][T13414] &dquot->dq_lock --> &s->s_dquot.dqio_sem --> &ei->i_data_sem/2 [ 379.399539][T13414] [ 379.413209][T13414] Possible unsafe locking scenario: [ 379.413209][T13414] [ 379.420674][T13414] CPU0 CPU1 [ 379.426051][T13414] ---- ---- [ 379.431462][T13414] lock(&ei->i_data_sem/2); [ 379.436105][T13414] lock(&s->s_dquot.dqio_sem); [ 379.443505][T13414] lock(&ei->i_data_sem/2); [ 379.450640][T13414] lock(&dquot->dq_lock); [ 379.455073][T13414] [ 379.455073][T13414] *** DEADLOCK *** [ 379.455073][T13414] [ 379.463236][T13414] 4 locks held by syz.1.4016/13414: [ 379.468445][T13414] #0: ffff88805413a460 (sb_writers#4){.+.+}-{0:0}, at: mnt_want_write+0x3d/0x90 [ 379.477622][T13414] #1: ffff8880557fc030 (&type->i_mutex_dir_key#3/1){+.+.}-{3:3}, at: filename_create+0x208/0x470 [ 379.488274][T13414] #2: ffff88807074e6d8 (&ei->i_data_sem/2){++++}-{3:3}, at: ext4_map_blocks+0x910/0x1b70 [ 379.498245][T13414] #3: ffffffff8cc74988 (dquot_srcu){....}-{0:0}, at: __dquot_alloc_space+0x173/0xe60 [ 379.507845][T13414] [ 379.507845][T13414] stack backtrace: [ 379.513744][T13414] CPU: 1 PID: 13414 Comm: syz.1.4016 Not tainted syzkaller #0 [ 379.521231][T13414] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/24/2026 [ 379.531319][T13414] Call Trace: [ 379.534625][T13414] [ 379.537582][T13414] dump_stack_lvl+0x188/0x24e [ 379.542285][T13414] ? load_image+0x400/0x400 [ 379.546810][T13414] ? show_regs_print_info+0x12/0x12 [ 379.552034][T13414] ? print_circular_bug+0x12b/0x1a0 [ 379.557260][T13414] check_noncircular+0x296/0x330 [ 379.562250][T13414] ? add_chain_block+0x940/0x940 [ 379.567248][T13414] ? lockdep_lock+0xf1/0x1f0 [ 379.571888][T13414] ? _find_first_zero_bit+0xcf/0x100 [ 379.577220][T13414] __lock_acquire+0x2d07/0x7d10 [ 379.582189][T13414] ? check_path+0x40/0x40 [ 379.586553][T13414] ? check_noncircular+0x189/0x330 [ 379.591694][T13414] ? add_chain_block+0x940/0x940 [ 379.596659][T13414] ? lockdep_unlock+0x142/0x2e0 [ 379.601532][T13414] ? lockdep_lock+0x1f0/0x1f0 [ 379.606230][T13414] ? verify_lock_unused+0x140/0x140 [ 379.611457][T13414] ? __lock_acquire+0x28c4/0x7d10 [ 379.616560][T13414] lock_acquire+0x1bb/0x4a0 [ 379.621087][T13414] ? dquot_commit+0x5a/0x410 [ 379.625731][T13414] ? __might_sleep+0xd0/0xd0 [ 379.630380][T13414] ? read_lock_is_recursive+0x10/0x10 [ 379.635822][T13414] __mutex_lock+0x12d/0xaf0 [ 379.640399][T13414] ? dquot_commit+0x5a/0x410 [ 379.645017][T13414] ? __might_sleep+0xd0/0xd0 [ 379.649630][T13414] ? dquot_commit+0x5a/0x410 [ 379.654241][T13414] ? mutex_lock_nested+0x10/0x10 [ 379.659214][T13414] ? ext4_journal_check_start+0x17e/0x240 [ 379.664965][T13414] dquot_commit+0x5a/0x410 [ 379.669427][T13414] ext4_write_dquot+0x1f0/0x360 [ 379.674317][T13414] mark_all_dquot_dirty+0x1e3/0x400 [ 379.679542][T13414] __dquot_alloc_space+0x5fc/0xe60 [ 379.684682][T13414] ? __dquot_alloc_space+0x173/0xe60 [ 379.690024][T13414] ext4_mb_new_blocks+0xf8d/0x4760 [ 379.695195][T13414] ? ext4_find_extent+0x367/0xe00 [ 379.700248][T13414] ? rcu_is_watching+0x11/0xa0 [ 379.705058][T13414] ? memset+0x1e/0x40 [ 379.709067][T13414] ? ext4_mb_pa_callback+0xd0/0xd0 [ 379.714206][T13414] ? ext4_ext_check_overlap+0x15f/0x560 [ 379.719776][T13414] ? ext4_inode_to_goal_block+0x313/0x450 [ 379.725534][T13414] ext4_ext_map_blocks+0x195b/0x6810 [ 379.730852][T13414] ? ext4_ext_release+0x10/0x10 [ 379.735727][T13414] ? rwsem_write_trylock+0x135/0x1c0 [ 379.741040][T13414] ? ext4_es_lookup_extent+0x645/0xb10 [ 379.746534][T13414] ext4_map_blocks+0x9de/0x1b70 [ 379.751430][T13414] ? ext4_issue_zeroout+0x250/0x250 [ 379.756662][T13414] ext4_getblk+0x1cc/0x6f0 [ 379.761136][T13414] ? ext4_get_block_unwritten+0x100/0x100 [ 379.766890][T13414] ? __ext4_new_inode+0x31ba/0x3ad0 [ 379.772118][T13414] ext4_bread+0x26/0x170 [ 379.776394][T13414] ext4_append+0x2be/0x560 [ 379.780838][T13414] ? ext4_init_new_dir+0x570/0x570 [ 379.785982][T13414] ? dquot_initialize+0x20/0x20 [ 379.790853][T13414] ext4_init_new_dir+0x2b8/0x570 [ 379.795823][T13414] ext4_mkdir+0x4fb/0xce0 [ 379.800179][T13414] ? ext4_symlink+0x970/0x970 [ 379.804890][T13414] ? inode_permission+0xef/0x480 [ 379.809856][T13414] ? bpf_lsm_inode_mkdir+0x5/0x10 [ 379.814908][T13414] ? security_inode_mkdir+0xb3/0x100 [ 379.820223][T13414] vfs_mkdir+0x387/0x570 [ 379.824494][T13414] do_mkdirat+0x1d8/0x440 [ 379.828844][T13414] ? vfs_mkdir+0x570/0x570 [ 379.833283][T13414] __x64_sys_mkdirat+0x85/0x90 [ 379.838064][T13414] do_syscall_64+0x4c/0xa0 [ 379.842586][T13414] ? clear_bhb_loop+0x60/0xb0 [ 379.847290][T13414] ? clear_bhb_loop+0x60/0xb0 [ 379.851989][T13414] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 379.857898][T13414] RIP: 0033:0x7f57dd599d97 [ 379.862333][T13414] Code: 00 66 90 48 89 f2 b9 00 01 00 00 48 89 fe bf 9c ff ff ff e9 db f7 ff ff 66 2e 0f 1f 84 00 00 00 00 00 90 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 379.881958][T13414] RSP: 002b:00007f57de438e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 379.890391][T13414] RAX: ffffffffffffffda RBX: 00007f57de438ee0 RCX: 00007f57dd599d97 [ 379.898386][T13414] RDX: 00000000000001ff RSI: 0000200000000040 RDI: 00000000ffffff9c [ 379.906389][T13414] RBP: 0000000000000000 R08: 0000200000000100 R09: 0000000000000000 [ 379.914374][T13414] R10: 0000000000000000 R11: 0000000000000246 R12: 0000200000000040 [ 379.922361][T13414] R13: 00007f57de438ea0 R14: 0000000000000000 R15: 0000000000000000 [ 379.930362][T13414] [ 379.933469][ C1] vkms_vblank_simulate: vblank timer overrun [ 380.062703][ T4270] EXT4-fs (loop1): unmounting filesystem. [ 380.068843][ T4370] Quota error (device loop1): remove_tree: Cycle in quota tree detected: block 4 index 0 [ 380.081370][ T4370] EXT4-fs error (device loop1): ext4_release_dquot:6871: comm kworker/u4:7: Failed to release dquot type 1