last executing test programs: 2.067283434s ago: executing program 3 (id=11609): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010200000000000b0000070000000900010073797a300000000014000000020a01010000000000000000000000002c000000180a05000000000000000000070000010900010073797a30000000000c0005400000000000000002580000000b0a01010000000000000000070000090800034000000008090001"], 0x392c}}, 0x0) 1.788855553s ago: executing program 3 (id=11611): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000500)={'gre0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x2500, 0x2500, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x7d, 0x2f, 0x0, @empty, @private}}}}) 1.640476183s ago: executing program 1 (id=11613): mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) add_key$fscrypt_provisioning(&(0x7f0000000000), 0x0, 0x0, 0x0, 0xfffffffffffffff9) 1.487459403s ago: executing program 3 (id=11615): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x4, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000000800000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r0, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 1.297143735s ago: executing program 1 (id=11618): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0x13, 0x5, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x28}, [@map_val={0x18, 0x4, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x578f}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) 1.22445177s ago: executing program 3 (id=11619): pipe(&(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_inet_sctp_SIOCINQ(r0, 0x5761, 0x0) 1.190739882s ago: executing program 2 (id=11620): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000180)={0x70, 0x21, 0x9, 0x2, 0x25dfdbff, {0x2}, [@typed={0x59, 0x1, 0x0, 0x0, @str='/dev/rnlb0\x00\xe1\xb6y\xe7\xa3\xd3o\x8a\x84\xb7@~Z\xb4t\x87\x19\x87\xa6u\x80\xe4\x81\xad\xe7\xb4 \xc9\xcd\xd5o\xb6V\xc3\xebs\x8f\xba\xd5\xc4wm6\xb5\x85\xa2\x89<\fY\xc6K\xef[\xd0\x9a($R[C\x1d\x13/\x93\xea\x9f\xd1\xf8r\xca:\x88\x8d'}]}, 0x70}, 0x1, 0x0, 0x0, 0x24000810}, 0x4000) 1.125021036s ago: executing program 0 (id=11621): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f00000002c0)=ANY=[@ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="2f000000282000000401b0ffba29"], 0x20) 1.028294413s ago: executing program 1 (id=11622): r0 = getpid() ioprio_get$pid(0x2, r0) 957.709588ms ago: executing program 0 (id=11623): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x3, 0x5}, 0x4) 941.660999ms ago: executing program 2 (id=11624): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0xffffffffffffffdc, &(0x7f0000000200)={&(0x7f0000000780)=@newlink={0x58, 0x10, 0xffffff23, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x0, 0x15610}, [@IFLA_LINKINFO={0x30, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x20, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, @IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}]}}}, @IFLA_MTU={0x8, 0x4, 0x500}]}, 0x58}, 0x1, 0x0, 0x0, 0x20040001}, 0x8000) 927.940529ms ago: executing program 3 (id=11625): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000040)='./bus\x00', 0x3800844, &(0x7f0000000340)=ANY=[@ANYBLOB='nfs,nonumtail=0,uni_xlate=0,iocharset=cp950,utf8=0,uni_xlate=0,shortname=lower,codepage=866,umask=00000000000000000100002,shortname=win95,shortname=lower,uni_xlate=0,\x00aS'], 0x3, 0x366, &(0x7f0000000840)="$eJzs3U9om2UYAPAn+9KkHdT2IAwF4dOboGWteNBTy+hgmItK8M9BDK5TaeqgwWB3aFov4lHwqCdvCnrwsLMIinjz4NUJMhUPutvA4SfJl79N2nVg68p+v0N48rzPs/f99n00XxPy9tXlWL84FZdu3Lge09OFKC6fW46bhZiPJHp2YlxpQg4AOBluZln8leUO1zFVOOo1AQBHq/P6//rsUObdbw6qz7z6A8CJ1/39fyZ/lkysmd6v+fKRLQsAOEJj7/8/MjJcGv2ov7jPHQIAcJI8/9LLz6xUIp5L0+mIjfea1WY1nh6Mr1yKN6Mea3E25uJWRH6j0H4odB7PX6isnk3TtBW/zke13dGsRmy0mtX8TmEl6fSXYzHmYr7b373byLIsOf9lZXUxTdO087nCTqszf2wUmtWpON2d/6fTsRZLkcb9Y/0RFyqrS2kuqhu9/lbE7uB9i/b6F2IufngtLkc9Lka7t3dbU1ndXkzTc1llpL9ZLXfqctPx2eyxnRIAAAAAAAAAAAAAAAAAAAAAAO4BC2nffH//m2ywf8/CwoTxzv44eX93f6DdfH+grJxFlv35zuPV95MY2R9o7/48zWoxTv2/hw4AAAAAAAAAAAAAAAAAAAB3jcZWKWr1+tpmY+vK+nDQ2mxsnYqIduat7z7/eibGa24TFLtzDA2l3dSV9VqW9IqzJK+ZGWlP2pP3Mp9e7a94uKbcP4qJyyjvP1Svzz78y0eDzENJ71/+Z1CTxOQDTPYsYzjYuC9f0p38R/WDpdvUXMuybL/27VfGu6IQUbzzE3dwkLWDb6+/8cATjTNPdjJfZblHH5t74dqHn/y+Xqu3Z47OGSxtNm5l67Xu88kX2/5BMnT9FCIPCsNXQvGg9t3RTC358Y8XH/zg+8PNng0yhfrbE2qS/HC+2DtUyoP2MvcM9a/w0tCVORXFgy/j/yY48/Fy7er2z78dtmvoh4SNOgAAAAAAAAAAAAAAAAAA4FgMfVe8q/tl36mDup569uhXBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADHZ/D3/4eC3bHMeFCOvZm/WzFeXF7bbESUJk++c9xHCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAverfAAAA//+Gb2jU") openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) 762.64105ms ago: executing program 1 (id=11626): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x600, 0x0, 0x0, 0x6}, [@IFLA_ADDRESS={0xa, 0x3, @random="08e7eebc872f"}, @IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @wireguard={{0xe}, {0x4}}}]}, 0x44}}, 0x0) 762.07618ms ago: executing program 0 (id=11627): r0 = socket$inet6(0xa, 0x2, 0x3a) sendmmsg$inet6(r0, &(0x7f0000000240)=[{{&(0x7f00000000c0)={0xa, 0x0, 0x0, @empty, 0xb}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000100)="8000102e7577d401", 0x8}], 0x1, &(0x7f00000005c0)=ANY=[@ANYBLOB="14000000000000002900000004"], 0x18}}], 0x1, 0x20000000) 671.615626ms ago: executing program 2 (id=11628): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f00000000c0)={0x6}, 0xaf) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000180), &(0x7f0000000280), 0x8}, 0x20) 527.216606ms ago: executing program 0 (id=11629): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0xffffffffffffffff, 0x70bd27, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, 0x51b12, 0x10222}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @loopback}, @IFLA_IPTUN_TTL={0x5}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x404c054}, 0x20040040) 516.650047ms ago: executing program 1 (id=11630): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000002c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x7, [@enum={0x5}]}, {0x0, [0x0, 0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x2b, 0x0, 0x1}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001400)=@base={0xb, 0x6, 0x4, 0x3a7, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x1}, 0x48) 441.875901ms ago: executing program 2 (id=11631): r0 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) setsockopt$bt_BT_SECURITY(r0, 0x112, 0x4, &(0x7f0000000080)={0xd}, 0x2) 289.335232ms ago: executing program 1 (id=11632): syz_mount_image$ext4(&(0x7f0000000340)='ext4\x00', &(0x7f0000000980)='./file0\x00', 0x3000010, &(0x7f0000000100)={[{@resuid}, {@nobh}]}, 0x1, 0x519, &(0x7f00000009c0)="$eJzs3cFvI1cZAPBvJvE2u5tiFxAqlSgVLcpWsHbS0DZCCMoFTpWA5b6ExImi2HEUO2UTVZCK/wAhgcSJExck/gCkqgfEGVWqBBfEAQECIdjCAQnoII/HJevYSaBJnI1/P+mt35sZz/e9ifw8M56dCWBiPRURL0XEVEQ8GxHlYnpalDjole5yb99/daVbksiyO39JIimm9dfVbU9HxM3ibTMR8ZUvRnw9ORq3vbe/udxo1HeKdq3T3K619/ZvbzSX1+vr9a3FxYUXll5cen5pPiu8p35W+pUffeGzr3/yG7+9+6db3+ym9ZkPRSkG+nGWel0v5duir7uNds4j2BhMFf0pjTsRAABOpbuP//6I+Fi+/1+OqXxvbsDUODIDAAAAzkr2udn4VxKRAQAAAFdWGhGzkaTV4lqA2UjTa8W5gQ/GjbTRanc+sdba3VrtzouoRCld22jU54trhStRSrrtheIa2377uYH2YkQ8FhHfLV/P29WVVmN1zOc+AAAAYFLcHDj+/3s5zesnG/L/BAAAAIDLqzKyAQAAAFwVDvkBAADg6hs8/n99THkAAAAA5+JLL7/cLVn/+derr+ztbrZeub1ab29Wm7sr1ZXWznZ1vdVaz+/Z1zxpfY1Wa/tTsbV7r9aptzu19t7+3WZrd6tzd+OBR2ADAAAAF+ixj77xqyQiDj59PS9R3AcQ4AG/H3cCwFmaGncCwNi4izdMrlK/cm28eQDjk5ww38U7AADw8Jv78NHf//unAkpjzQw4b671AYDJ4/d/mFwlVwDCREsj4n296iOjlhn5+/8vThslyyLeLB+e4vwiAABcrNm8JGm1OA6YjTStViMejUgrUUrWNhr1+eL44Jfl0iPd9kL+zuTEa4YBAAAAAAAAAAAAAAAAAAAAAAAAgJ4sSyIDAAAArrSI9I9Jfjf/iLnyM7OD5weuJf8oxx+Kxg/ufO/ecqezs9Cd/tf8WV7XIqLz/TulfPpzIx8fBgAAAJy15GDkrN5xevG6cKFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAB3r7/6kq/XGTcP38+IirD4k/HTP46E6WIuPG3JKYPvS+JiKkziH/wWkQ8Pix+Eu9kWVYpshgW//o5x6/km2Z4/DQibp5BfJhkb3THn5eGff7SeCp/Hf75my7KezV6/EuLyI/n49yw8efRI2trDo3xxFs/qY2M/1rEE9PDx5/++JuMiP/0kbX9M8uyozG+9tX9/VHxsx9GzA39/kkeiFXrNLdr7b392xvN5fX6en1rcXHhhaUXl55fmq+tbTTqxb9DY3znIz9957j+3xgS/ze/7o2/x/X/mVErHfDvt+7d/0CvWhoW/9bTQ79/Z2JE/LT47vt4Ue/On+vXD3r1w5788ZtPHtf/1RHb/6S//61T9v/ZL3/7d6dcFAC4AO29/c3lRqO+c0xl5hTLPIyVn81cijT+x0r2rd5f7rLk8/9Wunur/53S79UlSOxQJbuwWFNxSbr8bmWswxIAAHAOfv7uTv+4MwEAAAAAAAAAAAAAAAAAAIDJdRG3ExuMeTCergIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHOs/AQAA//9GB9/T") lchown(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) 270.308293ms ago: executing program 2 (id=11633): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000240)=@newlink={0x3c, 0x10, 0x401, 0x0, 0xfffffffd, {0x0, 0x0, 0x0, 0x0, 0x3000, 0x400}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_DOWNDELAY={0x8, 0x1f, 0x4}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x8081}, 0x0) 195.119078ms ago: executing program 0 (id=11634): r0 = syz_open_dev$video4linux(&(0x7f0000001c80), 0xd36, 0x18bc80) ioctl$VIDIOC_S_STD(r0, 0x40085618, &(0x7f0000001cc0)=0x8000) 165.340589ms ago: executing program 3 (id=11635): syz_usb_connect(0x3, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x200, 0x4b, 0x3, 0x9, 0x10, 0x1199, 0x9015, 0x992d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x3, 0x7f, 0x7, 0x10, 0x5, [{{0x9, 0x4, 0x0, 0x9, 0x0, 0x45, 0x83, 0xd6, 0x3}}, {{0x9, 0x4, 0x1, 0xe, 0x0, 0xff, 0xff, 0xff, 0x8}}, {{0x9, 0x4, 0x66, 0xc, 0x0, 0xff, 0xff, 0xff, 0x8}}]}}]}}, 0x0) ioctl$VHOST_SET_VRING_KICK(0xffffffffffffffff, 0x4008af20, 0x0) 92.571265ms ago: executing program 2 (id=11636): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0x1, 0x5, 0x9fd, 0x84}, 0x48) bpf$MAP_UPDATE_BATCH(0x18, &(0x7f0000000300)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0xff, r0}, 0x38) 0s ago: executing program 0 (id=11637): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBSENT(r0, 0x4b49, &(0x7f00000006c0)={0xfd, "8f76421247bd4279b8a00868ef1197c4a751899d167f00000000000000ba6822a1ec41341a40523fe11b69e5b847f8324867d903e3249dd1a707f7e82b8add8c785273fe486b30305bf7513960b3ad5667427ccdd863b58217d9e3c806df25cd7268c4ca0dd90700000000000000a8c966e054d50fa0214f7f44e6953ba5f094d4274d5cb423bcb213fd7e5b39de70a04c68858daa91c890c17664b458c298591fa7fd4b16423da5e2220be04a183bd8e2e07b6b66de7c053b55427f08e9baf0f15da462b7e2f3a84778ccf4a79b0a54614319a7a7d82cac3f75cba00356544fee8e98310e947f92955b337a2fb9c31349d6f7b241724c8e05e4e5cf6c100e8dbdfe94fec9e5310ac572d450b9521520ccd79091f646162f58eeb9dc674b6f3606434c67f2988125d75bcaf6c277f0bca239f640df6eece8a52f56c71eb1bd6b3e8d6d9bccae13220ec7782ef5adf91bea06da8186f7e28437e7671dd2a3db0fc544b772c46aea3a262caaaf8c60539b71d39c759c042140a864713a118b0000000000000004e53e6b62c9f7a81dee1574ad84bd2646cbe893444c1f8a23cd9897819a53ccef613daed28b6eed7cb517f97fb1d822173ad25afe7fd0e4ddff2b50ee785d624822aea8ecc9224182c1b015dc942b3df8823cd9315b4d36f7e12976d88ccc711202eb20fcf29b4ce237471e565e415973ccd837a3d678d72872dd"}) kernel console output (not intermixed with test programs): 295 subj=unconfined op=collect_data cause=failed comm="syz.3.9772" name=20019CCFFCD4A25729EB5393A7C72DEB dev="mqueue" ino=68143 res=0 errno=0 [ 1295.002004][T28029] binder: 28028:28029 ioctl c018620c 2000000001c0 returned -22 [ 1295.164235][T28006] loop0: detected capacity change from 0 to 32768 [ 1295.287084][T28006] ERROR: (device loop0): dbAllocAG: unable to allocate blocks [ 1295.287084][T28006] [ 1295.304940][T28006] jfs_create: dtInsert returned -EIO [ 1295.324240][T28006] ERROR: (device loop0): jfs_create: [ 1295.324240][T28006] [ 1295.522059][T17799] usb 1-1: USB disconnect, device number 33 [ 1295.573660][ T8] usb 2-1: new full-speed USB device number 49 using dummy_hcd [ 1295.829893][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1295.851424][ T8] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1295.891054][ T8] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ac.7e [ 1295.904999][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1295.924720][ T8] usb 2-1: Product: syz [ 1295.933808][ T8] usb 2-1: Manufacturer: syz [ 1295.958590][ T8] usb 2-1: SerialNumber: syz [ 1295.978837][T28027] loop2: detected capacity change from 0 to 32768 [ 1295.986886][ T8] usb 2-1: config 0 descriptor?? [ 1295.996092][ T8] hub 2-1:0.0: bad descriptor, ignoring hub [ 1296.003499][ T8] hub: probe of 2-1:0.0 failed with error -5 [ 1296.037277][ T8] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input82 [ 1296.094303][T28027] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1296.420847][T28027] XFS (loop2): Ending clean mount [ 1296.443205][ T8] usb 2-1: USB disconnect, device number 49 [ 1296.727269][ T6432] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1297.348906][T28081] loop0: detected capacity change from 0 to 64 [ 1297.383953][T28083] netlink: 'syz.1.9798': attribute type 11 has an invalid length. [ 1297.398539][T28083] netlink: 440 bytes leftover after parsing attributes in process `syz.1.9798'. [ 1297.417269][T28081] syz.0.9797: attempt to access beyond end of device [ 1297.417269][T28081] loop0: rw=0, sector=65534, nr_sectors = 2 limit=64 [ 1297.466138][T28081] Buffer I/O error on dev loop0, logical block 32767, async page read [ 1297.697309][T28067] loop3: detected capacity change from 0 to 32768 [ 1297.719873][T28067] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop3 scanned by syz.3.9790 (28067) [ 1297.773637][T28067] BTRFS info (device loop3): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 1297.791134][T28067] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm [ 1297.817077][T28087] loop1: detected capacity change from 0 to 4096 [ 1297.828153][T28067] BTRFS info (device loop3): using free space tree [ 1297.850910][T28087] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1297.896156][T28087] ntfs3: loop1: Failed to initialize $Secure (-22). [ 1298.075228][T28067] BTRFS info (device loop3): enabling ssd optimizations [ 1298.085848][T28067] BTRFS info (device loop3): auto enabling async discard [ 1298.310541][T28116] comedi comedi2: pcmda12: I/O port conflict (0x8,16) [ 1298.412009][ T6438] BTRFS info (device loop3): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 1298.424115][T28109] wg1 speed is unknown, defaulting to 1000 [ 1298.870335][T28127] loop3: detected capacity change from 0 to 1024 [ 1298.917342][T28127] hfsplus: write access to a journaled filesystem is not supported, use the force option at your own risk, mounting read-only. [ 1300.505136][T28141] loop0: detected capacity change from 0 to 32768 [ 1300.525833][T28141] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop0 scanned by syz.0.9816 (28141) [ 1300.567596][T28141] BTRFS info (device loop0): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 1300.606869][T28167] netlink: 'syz.3.9831': attribute type 8 has an invalid length. [ 1300.617541][T28141] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 1300.647759][T28141] BTRFS info (device loop0): using free space tree [ 1300.885137][T28141] BTRFS info (device loop0): enabling ssd optimizations [ 1300.920486][T28141] BTRFS info (device loop0): auto enabling async discard [ 1300.953914][T28188] bond2: entered promiscuous mode [ 1300.959390][T28188] bond2: entered allmulticast mode [ 1300.961106][T28196] loop2: detected capacity change from 0 to 24 [ 1300.987659][T28196] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 1301.000623][T28188] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1301.023657][T28196] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 1301.154116][T28196] VFS: Lookup of 'file0' in romfs loop2 would have caused loop [ 1301.218773][ T6435] BTRFS info (device loop0): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 1301.869061][T28216] dvmrp0: entered allmulticast mode [ 1301.956676][ T6391] IPVS: starting estimator thread 0... [ 1302.073760][T28219] IPVS: using max 19 ests per chain, 45600 per kthread [ 1302.074264][T28223] loop3: detected capacity change from 0 to 512 [ 1302.247013][T28223] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1302.433329][T28223] EXT4-fs error (device loop3): ext4_validate_block_bitmap:421: comm syz.3.9849: bg 0: bad block bitmap checksum [ 1302.513211][T28238] loop1: detected capacity change from 0 to 256 [ 1302.519914][T28223] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6637: Filesystem failed CRC [ 1302.677632][ T6438] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1302.863128][T28244] loop2: detected capacity change from 0 to 1024 [ 1302.923303][T28244] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1302.945038][T28244] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1302.988678][T28244] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1303.035627][T27669] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1303.078009][ T6432] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1303.238850][T27669] usb 1-1: Using ep0 maxpacket: 8 [ 1303.254104][T27669] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 1303.322752][T27669] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 1303.338131][T27669] usb 1-1: Product: syz [ 1303.342492][T27669] usb 1-1: Manufacturer: syz [ 1303.358607][T27669] usb 1-1: SerialNumber: syz [ 1303.376579][T27669] usb 1-1: config 0 descriptor?? [ 1303.388991][ T6391] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 1303.417126][T27669] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 1303.597308][ T6391] usb 4-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 1303.621043][ T6391] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1303.630686][ T6391] usb 4-1: Product: syz [ 1303.635393][ T6391] usb 4-1: Manufacturer: syz [ 1303.640591][ T6391] usb 4-1: SerialNumber: syz [ 1303.661141][ T6391] r8152-cfgselector 4-1: config 0 descriptor?? [ 1303.837534][T27669] gspca_zc3xx: reg_r err -71 [ 1303.842366][T27669] gspca_zc3xx: probe of 1-1:0.0 failed with error -71 [ 1303.859241][T27669] usb 1-1: USB disconnect, device number 34 [ 1303.902630][T28271] loop1: detected capacity change from 0 to 4096 [ 1303.931067][T28271] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1304.120563][T28271] ntfs3: loop1: failed to convert "c46c" to cp865 [ 1304.138382][ T6391] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1304.158342][ T6391] r8152-cfgselector 4-1: USB disconnect, device number 47 [ 1305.171940][T28303] loop1: detected capacity change from 0 to 1764 [ 1305.543376][T28287] loop0: detected capacity change from 0 to 32768 [ 1305.643829][T28287] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1305.987751][T28287] XFS (loop0): Ending clean mount [ 1306.015066][ T8] XFS (loop0): Corruption warning: Metadata has LSN (2:128) ahead of current LSN (1:640). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 1306.076423][ T8] XFS (loop0): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xd0, xfs_finobt block 0x10 [ 1306.116609][ T8] XFS (loop0): Unmount and run xfs_repair [ 1306.122480][ T8] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 1306.156373][ T8] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 1306.162746][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1306.179113][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1306.204032][ T8] 00000010: 00 00 00 00 00 00 00 10 00 00 00 02 00 00 00 80 ................ [ 1306.245188][ T8] 00000020: bf dc 47 fc 10 d8 4e ed a5 62 11 a8 31 b3 f7 91 ..G...N..b..1... [ 1306.284433][ T8] 00000030: 00 00 00 00 37 43 cf 4c 00 00 24 40 00 00 40 37 ....7C.L..$@..@7 [ 1306.305278][ T8] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 1306.332761][ T8] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1306.361530][ T8] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1306.377042][ T8] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 1306.399781][T28287] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x10 len 4 error 74 [ 1306.427049][T28287] XFS (loop0): Failed to initialize disk quotas. [ 1306.526287][ T6435] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1306.660545][ T6391] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1306.895741][ T6391] usb 4-1: Using ep0 maxpacket: 16 [ 1306.917749][ T6391] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 112, changing to 10 [ 1306.959098][ T6391] usb 4-1: New USB device found, idVendor=05ac, idProduct=0224, bcdDevice= 0.00 [ 1306.974738][ T6391] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1307.014515][ T6391] usb 4-1: config 0 descriptor?? [ 1307.128186][T28353] netlink: 224 bytes leftover after parsing attributes in process `syz.2.9908'. [ 1307.239021][ T6391] usb 4-1: string descriptor 0 read error: -71 [ 1307.274901][ T6391] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input83 [ 1307.320080][ T5142] bcm5974 4-1:0.0: could not read from device [ 1307.362715][ T5142] bcm5974 4-1:0.0: could not read from device [ 1307.392928][ T5142] bcm5974 4-1:0.0: could not read from device [ 1307.397767][ T6391] usb 4-1: USB disconnect, device number 48 [ 1307.926939][T28379] loop3: detected capacity change from 0 to 256 [ 1307.962752][T28379] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1308.006815][ T8] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1308.015696][T28381] loop1: detected capacity change from 0 to 1024 [ 1308.027911][T28383] xt_TCPMSS: Only works on TCP SYN packets [ 1308.059491][T28381] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1308.098635][T28381] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1308.130915][T28381] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1308.233545][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 1308.265472][ T8] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1308.279859][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1308.302876][ T8] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1308.366205][ T8] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1308.394640][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1308.414910][ T8] usb 1-1: Product: syz [ 1308.419672][ T8] usb 1-1: Manufacturer: syz [ 1308.425706][ T8] usb 1-1: SerialNumber: syz [ 1308.802860][T28402] loop2: detected capacity change from 0 to 512 [ 1308.832255][T28402] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1308.995642][ T8] usb 1-1: cannot find UAC_HEADER [ 1309.029211][T28402] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1309.086624][T28402] ext4 filesystem being mounted at /2380/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1309.100149][ T8] snd-usb-audio: probe of 1-1:1.0 failed with error -22 [ 1309.136156][ T8] usb 1-1: USB disconnect, device number 35 [ 1309.178942][T28398] loop1: detected capacity change from 0 to 32768 [ 1309.198015][ T6371] udevd[6371]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1309.274335][T28398] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 1309.291557][ T6432] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1309.314158][T28398] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1309.424728][ T6442] ocfs2: Unmounting device (7,1) on (node local) [ 1309.599142][T28415] loop3: detected capacity change from 0 to 1024 [ 1309.941788][ T28] audit: type=1326 audit(1760403042.581:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28422 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686198eec9 code=0x7ffc0000 [ 1310.024720][ T28] audit: type=1326 audit(1760403042.581:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28422 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686198eec9 code=0x7ffc0000 [ 1310.075133][T28420] loop0: detected capacity change from 0 to 4096 [ 1310.120444][ T28] audit: type=1326 audit(1760403042.618:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28422 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f686198eec9 code=0x7ffc0000 [ 1310.147788][T28420] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 1310.197422][ T28] audit: type=1326 audit(1760403042.618:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28422 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686198eec9 code=0x7ffc0000 [ 1310.281335][ T28] audit: type=1326 audit(1760403042.618:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28422 comm="syz.3.9940" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f686198eec9 code=0x7ffc0000 [ 1310.903826][T28445] netlink: 8 bytes leftover after parsing attributes in process `syz.2.9950'. [ 1310.972779][T28449] loop1: detected capacity change from 0 to 256 [ 1311.690450][T28474] xt_hashlimit: Unknown mode mask E2, kernel too old? [ 1311.832475][T28475] wg1 speed is unknown, defaulting to 1000 [ 1312.077168][T28485] block device autoloading is deprecated and will be removed. [ 1312.294259][T28492] netlink: 24 bytes leftover after parsing attributes in process `syz.2.9971'. [ 1312.429128][T28494] loop3: detected capacity change from 0 to 256 [ 1312.462812][T28494] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1312.762095][T28480] loop1: detected capacity change from 0 to 40427 [ 1312.797500][T28480] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 1312.805807][T28480] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 1312.894655][T28480] F2FS-fs (loop1): invalid crc value [ 1312.940773][T28480] F2FS-fs (loop1): Found nat_bits in checkpoint [ 1313.067034][T28512] loop2: detected capacity change from 0 to 2048 [ 1313.105561][T28480] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 1313.126340][T28480] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 1313.135935][T28512] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1313.238587][ T28] audit: type=1800 audit(1760403045.668:93): pid=28512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.9979" name="file1" dev="loop2" ino=1367 res=0 errno=0 [ 1313.959169][T28534] loop0: detected capacity change from 0 to 512 [ 1314.005958][T28534] EXT4-fs: Ignoring removed bh option [ 1314.111762][T28534] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1314.248641][T28534] ext4 filesystem being mounted at /2419/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1314.487922][ T6435] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1314.599238][T28558] loop3: detected capacity change from 0 to 256 [ 1314.945096][T28566] netlink: 8 bytes leftover after parsing attributes in process `syz.3.10004'. [ 1315.038057][T28570] loop2: detected capacity change from 0 to 4096 [ 1315.047343][T28570] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1315.149049][T28570] ntfs: (device loop2): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1315.212312][T28570] ntfs: (device loop2): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1315.306434][T28570] ntfs: volume version 3.1. [ 1315.591079][T28587] xfrm0: entered promiscuous mode [ 1315.596300][T28587] xfrm0: entered allmulticast mode [ 1315.876113][T28593] loop3: detected capacity change from 0 to 512 [ 1315.916865][T28593] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 1316.000180][T28593] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1316.077073][T28593] ext4 filesystem being mounted at /2323/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1316.373159][ T6438] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1316.619917][T28619] loop3: detected capacity change from 0 to 1024 [ 1316.657488][T28619] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 1316.681114][ T28] audit: type=1326 audit(1760403048.886:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28622 comm="syz.2.10031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1316.718819][T28619] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1316.777782][T28619] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 1316.784612][ T28] audit: type=1326 audit(1760403048.886:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28622 comm="syz.2.10031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1316.816382][T28619] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1316.825576][ T28] audit: type=1326 audit(1760403048.904:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28622 comm="syz.2.10031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1316.858857][ T28] audit: type=1326 audit(1760403048.904:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28622 comm="syz.2.10031" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1316.863749][T28619] EXT4-fs error (device loop3): ext4_read_inode_bitmap:168: comm syz.3.10028: Inode bitmap for bg 0 marked uninitialized [ 1316.882444][T28621] wg1 speed is unknown, defaulting to 1000 [ 1317.000612][T28619] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1317.114960][T28619] EXT4-fs (loop3): ext4_remount: Checksum for group 0 failed (32298!=35945) [ 1317.234496][ T6438] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1317.326386][T28638] netlink: 'syz.0.10037': attribute type 9 has an invalid length. [ 1317.636815][T28650] loop3: detected capacity change from 0 to 512 [ 1317.651613][T28650] EXT4-fs: Ignoring removed mblk_io_submit option [ 1317.719838][T28650] EXT4-fs (loop3): orphan cleanup on readonly fs [ 1317.754666][T28650] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -13 [ 1317.809800][T28650] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.10042: attempt to clear invalid blocks 2 len 1 [ 1317.893573][T28650] EXT4-fs (loop3): Remounting filesystem read-only [ 1317.928221][T28650] EXT4-fs (loop3): 1 truncate cleaned up [ 1317.942797][T28650] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1318.051460][T28650] EXT4-fs (loop3): Quota file not on filesystem root. Journaled quota will not work [ 1318.163918][ T6438] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1318.567923][T28677] loop2: detected capacity change from 0 to 256 [ 1318.975412][T28688] netlink: 2 bytes leftover after parsing attributes in process `syz.1.10060'. [ 1319.171803][T28695] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1319.344065][T28701] ipt_REJECT: TCP_RESET invalid for non-tcp [ 1319.524359][T28707] netlink: 115 bytes leftover after parsing attributes in process `syz.2.10070'. [ 1319.791427][T28715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10074'. [ 1319.820011][T28715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10074'. [ 1319.829835][T28715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10074'. [ 1319.849078][T28715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10074'. [ 1319.876061][T28715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10074'. [ 1319.882970][T28693] loop0: detected capacity change from 0 to 32768 [ 1319.885470][T28715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10074'. [ 1319.901365][T28715] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10074'. [ 1319.926204][T28693] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.10062 (28693) [ 1319.970002][T28693] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1320.024842][T28693] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm [ 1320.065760][T28693] BTRFS info (device loop0): using free space tree [ 1320.217967][T28730] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1320.330170][T28693] BTRFS info (device loop0): enabling ssd optimizations [ 1320.370466][T28693] BTRFS info (device loop0): auto enabling async discard [ 1320.429377][T28743] loop1: detected capacity change from 0 to 512 [ 1320.496505][T28743] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 1320.529325][T28748] netlink: 'syz.3.10080': attribute type 10 has an invalid length. [ 1320.575938][T28743] EXT4-fs (loop1): 1 truncate cleaned up [ 1320.595258][T28743] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1320.632727][ T6435] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 1320.743906][T28743] EXT4-fs error (device loop1): ext4_append:79: inode #2: comm syz.1.10078: Logical block already allocated [ 1320.813543][T28748] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1320.837144][T28743] EXT4-fs (loop1): Remounting filesystem read-only [ 1320.962332][T28752] __nla_validate_parse: 48 callbacks suppressed [ 1320.962354][T28752] netlink: 8 bytes leftover after parsing attributes in process `syz.2.10083'. [ 1321.013180][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1321.266108][T28758] netlink: 20 bytes leftover after parsing attributes in process `syz.2.10086'. [ 1321.292384][T28758] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 1321.352764][T28762] loop0: detected capacity change from 0 to 1024 [ 1321.424725][T28762] EXT4-fs: Ignoring removed bh option [ 1321.470934][T28762] EXT4-fs (loop0): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1321.564974][T28762] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1321.723273][T28770] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 1321.784511][T28774] netdevsim netdevsim3: Firmware load for '..' refused, path contains '..' component [ 1321.823131][ T6435] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1323.063996][T28812] netlink: 192436 bytes leftover after parsing attributes in process `syz.3.10112'. [ 1323.107567][T28812] openvswitch: netlink: Message has 13056 unknown bytes. [ 1323.388428][T28784] loop0: detected capacity change from 0 to 40427 [ 1323.417113][T28784] F2FS-fs (loop0): invalid crc value [ 1323.453786][T28784] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1323.674653][T28784] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1324.255777][T28844] netlink: 2 bytes leftover after parsing attributes in process `syz.3.10125'. [ 1324.456628][T28848] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10126'. [ 1324.486738][T28848] netlink: 56 bytes leftover after parsing attributes in process `syz.1.10126'. [ 1324.730153][T28858] netlink: 'syz.1.10132': attribute type 10 has an invalid length. [ 1324.773141][T28858] team0: Cannot enslave team device to itself [ 1325.111412][T28869] netlink: 'syz.1.10137': attribute type 10 has an invalid length. [ 1325.205824][T28869] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 1325.302994][T28874] bridge2: trying to set multicast query interval above maximum, setting to 8640000 (86400000ms) [ 1326.045441][T28893] loop2: detected capacity change from 0 to 4096 [ 1326.294291][T28908] ax25_connect(): syz.0.10156 uses autobind, please contact jreuter@yaina.de [ 1326.392730][T28907] loop1: detected capacity change from 0 to 8192 [ 1326.452110][T28907] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1326.499665][T28907] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001) [ 1326.522480][T28907] FAT-fs (loop1): Filesystem has been set read-only [ 1326.665333][ T6442] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001) [ 1327.007839][T28910] loop3: detected capacity change from 0 to 32768 [ 1327.221295][T28923] binder: 28922:28923 unknown command 1074553619 [ 1327.239167][T28923] binder: 28922:28923 ioctl c0306201 200000000540 returned -22 [ 1327.549451][T28931] netlink: 12 bytes leftover after parsing attributes in process `syz.1.10167'. [ 1327.559393][T28931] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10167'. [ 1327.789679][T28938] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1327.863032][T28940] netlink: 830 bytes leftover after parsing attributes in process `syz.1.10172'. [ 1327.892849][T28942] loop3: detected capacity change from 0 to 1024 [ 1327.980682][T28942] hfsplus: xattr searching failed [ 1328.070889][T28946] loop0: detected capacity change from 0 to 256 [ 1328.894487][T28971] loop3: detected capacity change from 0 to 128 [ 1328.920625][T28971] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 1329.001153][T28971] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1330.275559][T29017] loop2: detected capacity change from 0 to 256 [ 1330.283052][T29017] exfat: Deprecated parameter 'namecase' [ 1330.318142][T29017] exfat: Deprecated parameter 'utf8' [ 1330.346338][T29017] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 1330.626686][T29020] loop0: detected capacity change from 0 to 4096 [ 1330.747561][T29020] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 1330.973405][T29028] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1331.041490][T29026] loop2: detected capacity change from 0 to 4096 [ 1331.647639][T29018] loop3: detected capacity change from 0 to 32768 [ 1332.059111][T29045] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10225'. [ 1332.121280][T29048] netlink: 32 bytes leftover after parsing attributes in process `syz.2.10227'. [ 1332.380217][T29054] netlink: 20 bytes leftover after parsing attributes in process `syz.3.10228'. [ 1332.424238][T29054] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1332.430658][T29058] netlink: 24 bytes leftover after parsing attributes in process `syz.0.10229'. [ 1332.432429][T29054] IPv6: NLM_F_CREATE should be set when creating new route [ 1332.449180][T29054] IPv6: NLM_F_CREATE should be set when creating new route [ 1333.000477][T29074] __vm_enough_memory: pid: 29074, comm: syz.1.10240, not enough memory for the allocation [ 1333.774671][T29099] bridge1: entered promiscuous mode [ 1333.945823][T29109] capability: warning: `syz.2.10256' uses 32-bit capabilities (legacy support in use) [ 1334.255975][T29116] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10260'. [ 1334.294205][T29116] netlink: 108 bytes leftover after parsing attributes in process `syz.2.10260'. [ 1334.294284][T29118] binfmt_misc: register: failed to install interpreter file ./bus [ 1334.320829][T29116] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10260'. [ 1334.407593][T29119] loop1: detected capacity change from 0 to 4096 [ 1334.437192][T29119] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 1334.530398][T29119] ntfs3: loop1: failed to convert "c46c" to cp1250 [ 1335.104316][T29141] loop1: detected capacity change from 0 to 512 [ 1335.202293][T29141] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1335.458973][T29151] netlink: 'syz.0.10276': attribute type 3 has an invalid length. [ 1335.499179][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1335.635765][T29156] loop0: detected capacity change from 0 to 256 [ 1335.654737][T29159] nft_compat: unsupported protocol 1 [ 1335.661563][T29156] exfat: Deprecated parameter 'namecase' [ 1335.681905][T29156] exfat: Deprecated parameter 'utf8' [ 1335.754281][T29160] loop1: detected capacity change from 0 to 1024 [ 1335.763462][T29156] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x3f800a9b, utbl_chksum : 0xe619d30d) [ 1335.888106][T29162] netlink: 'syz.2.10281': attribute type 13 has an invalid length. [ 1335.922107][T29164] loop3: detected capacity change from 0 to 164 [ 1335.992579][T29162] gretap0: refused to change device tx_queue_len [ 1336.038920][T29162] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1337.641469][ T28] audit: type=1326 audit(1760403068.492:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29216 comm="syz.1.10308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f118f78eec9 code=0x7ffc0000 [ 1337.664305][ C0] vkms_vblank_simulate: vblank timer overrun [ 1337.715094][ T28] audit: type=1326 audit(1760403068.492:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29216 comm="syz.1.10308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f118f78eec9 code=0x7ffc0000 [ 1337.738434][ C0] vkms_vblank_simulate: vblank timer overrun [ 1337.780183][ T28] audit: type=1326 audit(1760403068.501:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29216 comm="syz.1.10308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f118f78eec9 code=0x7ffc0000 [ 1337.814099][T29193] loop0: detected capacity change from 0 to 32768 [ 1337.896398][ T28] audit: type=1326 audit(1760403068.501:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29216 comm="syz.1.10308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f118f78eec9 code=0x7ffc0000 [ 1337.957435][T29193] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1338.018033][ T28] audit: type=1326 audit(1760403068.501:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29216 comm="syz.1.10308" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f118f78eec9 code=0x7ffc0000 [ 1338.040502][ C0] vkms_vblank_simulate: vblank timer overrun [ 1338.095552][T29205] loop2: detected capacity change from 0 to 32768 [ 1338.287515][T29193] XFS (loop0): Ending clean mount [ 1338.379494][T29235] loop1: detected capacity change from 0 to 764 [ 1338.476114][T29235] Symlink component flag not implemented [ 1338.483985][T29235] Symlink component flag not implemented (116) [ 1338.602023][ T6435] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1338.998965][ T8] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1339.212641][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 1339.228135][ T8] usb 3-1: config 0 has an invalid interface number: 31 but max is 0 [ 1339.238011][ T8] usb 3-1: config 0 has no interface number 0 [ 1339.255846][ T8] usb 3-1: New USB device found, idVendor=046d, idProduct=08c3, bcdDevice=6b.16 [ 1339.299523][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1339.325005][ T8] usb 3-1: Product: syz [ 1339.329760][ T8] usb 3-1: Manufacturer: syz [ 1339.340539][ T8] usb 3-1: SerialNumber: syz [ 1339.354673][ T8] usb 3-1: config 0 descriptor?? [ 1339.584969][ T8] usb 3-1: Found UVC 0.04 device syz (046d:08c3) [ 1339.597861][ T8] usb 3-1: No valid video chain found. [ 1339.620928][ T8] usb 3-1: USB disconnect, device number 50 [ 1340.387348][T29258] loop1: detected capacity change from 0 to 32768 [ 1340.480940][T29258] ERROR: (device loop1): dbAlloc: the hint is outside the map [ 1340.480940][T29258] [ 1340.570789][T29258] ERROR: (device loop1): remounting filesystem as read-only [ 1341.620167][T29315] loop2: detected capacity change from 0 to 512 [ 1341.755732][T29315] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1342.030570][ T6432] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1342.222069][T29338] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10364'. [ 1342.257313][T29338] netlink: 24 bytes leftover after parsing attributes in process `syz.1.10364'. [ 1342.499043][T29350] netlink: 'syz.2.10368': attribute type 32 has an invalid length. [ 1342.881111][T29362] netlink: 'syz.2.10375': attribute type 1 has an invalid length. [ 1343.110892][T29372] loop0: detected capacity change from 0 to 1024 [ 1343.179245][T29376] netlink: 12 bytes leftover after parsing attributes in process `syz.3.10382'. [ 1343.303203][T27674] hfsplus: b-tree write err: -5, ino 4 [ 1344.668660][T29394] loop0: detected capacity change from 0 to 32768 [ 1344.679720][T29392] loop3: detected capacity change from 0 to 32768 [ 1344.714605][T29394] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 scanned by syz.0.10391 (29394) [ 1344.750142][T29392] ERROR: (device loop3): dtSearch: DT_GETPAGE: dtree page corrupt [ 1344.750142][T29392] [ 1344.773984][T29394] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 1344.795083][T29394] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 1344.804197][T29392] ERROR: (device loop3): remounting filesystem as read-only [ 1344.811705][T29392] jfs_lookup: dtSearch returned -5 [ 1344.827353][T29394] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 1344.846643][T29394] BTRFS info (device loop0): use lzo compression, level 0 [ 1344.856776][T29394] BTRFS info (device loop0): force clearing of disk cache [ 1344.877813][T29394] BTRFS info (device loop0): using free space tree [ 1345.091261][T29394] BTRFS info (device loop0): enabling ssd optimizations [ 1345.103370][T29394] BTRFS info (device loop0): auto enabling async discard [ 1345.133199][T29394] BTRFS info (device loop0): rebuilding free space tree [ 1345.247004][T29442] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 1345.248200][T29442] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1345.617417][T29448] loop2: detected capacity change from 0 to 512 [ 1345.649077][T29448] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem [ 1345.698656][ T6435] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0 [ 1345.711047][T29448] EXT4-fs error (device loop2): mb_free_blocks:1938: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 1345.735961][T29450] loop1: detected capacity change from 0 to 16 [ 1345.765804][T29448] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #11: comm syz.2.10410: corrupted inode contents [ 1345.781639][T29448] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #11: comm syz.2.10410: mark_inode_dirty error [ 1345.789119][T29450] erofs: (device loop1): mounted with root inode @ nid 36. [ 1345.794910][T29448] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.10410: invalid indirect mapped block 1 (level 1) [ 1345.803646][T29453] loop3: detected capacity change from 0 to 128 [ 1345.853685][T29448] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #11: comm syz.2.10410: corrupted inode contents [ 1345.892520][T29448] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 1345.941263][T10737] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 11 /dev/loop0 scanned by udevd (10737) [ 1345.954341][T29453] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 1345.986504][T29448] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #11: comm syz.2.10410: corrupted inode contents [ 1346.000553][T29450] erofs: (device loop1): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 46 [ 1346.041640][T29448] EXT4-fs error (device loop2): ext4_truncate:4288: inode #11: comm syz.2.10410: mark_inode_dirty error [ 1346.067213][T29453] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1346.115396][T29448] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 1346.168756][T29448] EXT4-fs (loop2): 1 truncate cleaned up [ 1346.177189][T29448] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1346.461284][T29462] binder: 29461:29462 unknown command 0 [ 1346.466931][T29462] binder: 29461:29462 ioctl c0306201 200000000480 returned -22 [ 1346.537120][ T6432] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1346.681596][T29464] loop1: detected capacity change from 0 to 2048 [ 1346.717506][T29464] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1346.779182][T29468] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1346.791414][T29464] syz.1.10417: attempt to access beyond end of device [ 1346.791414][T29464] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1346.998368][T29464] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 1347.100081][T29464] Remounting filesystem read-only [ 1347.116693][T29464] NILFS (loop1): error -5 truncating bmap (ino=16) [ 1347.350077][ T6442] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 1347.357240][ T6442] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 1347.424298][ T6442] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1347.449363][ T6442] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1347.483203][ T6442] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 1347.515492][ T6442] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 1347.976861][T29476] loop2: detected capacity change from 0 to 32768 [ 1348.032136][T29502] loop0: detected capacity change from 0 to 1024 [ 1348.065017][T17799] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 1348.065749][T29502] EXT4-fs: Ignoring removed bh option [ 1348.108490][T29476] ERROR: (device loop2): dbAllocAG: unable to allocate blocks [ 1348.108490][T29476] [ 1348.137763][T29502] EXT4-fs: inline encryption not supported [ 1348.147134][T29476] ERROR: (device loop2): remounting filesystem as read-only [ 1348.163427][T29502] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1348.183179][T29476] jfs_create: dtInsert returned -EIO [ 1348.196980][T29476] ERROR: (device loop2): jfs_create: [ 1348.196980][T29476] [ 1348.227312][T29502] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 1348.246620][T29502] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.10434: lblock 2 mapped to illegal pblock 2 (length 1) [ 1348.283236][T29502] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 1348.289056][T17799] usb 2-1: Using ep0 maxpacket: 32 [ 1348.304280][T29502] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 48: comm syz.0.10434: lblock 0 mapped to illegal pblock 48 (length 1) [ 1348.309997][T17799] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1348.364405][T17799] usb 2-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1348.373828][T17799] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1348.383817][T29502] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 1348.400662][T17799] usb 2-1: Product: syz [ 1348.404931][T17799] usb 2-1: Manufacturer: syz [ 1348.417725][T29502] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.10434: Failed to acquire dquot type 0 [ 1348.448198][T17799] usb 2-1: SerialNumber: syz [ 1348.463002][T29502] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 1348.482808][T17799] usb 2-1: config 0 descriptor?? [ 1348.492950][T29502] EXT4-fs error (device loop0): ext4_evict_inode:252: inode #11: comm syz.0.10434: mark_inode_dirty error [ 1348.504427][T17799] usb 2-1: bad CDC descriptors [ 1348.505097][T17799] usb 2-1: unsupported MDLM descriptors [ 1348.523075][T29502] EXT4-fs warning (device loop0): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 1348.555332][T29502] EXT4-fs (loop0): 1 orphan inode deleted [ 1348.573493][ T1003] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 1348.596409][T29502] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1348.625457][ T1003] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 1348.673878][ T1003] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:5: Failed to release dquot type 0 [ 1348.770135][ T8] usb 2-1: USB disconnect, device number 50 [ 1348.784019][T14426] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm kworker/u4:1: lblock 2 mapped to illegal pblock 2 (length 1) [ 1348.857173][T14426] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 1348.877586][T14426] EXT4-fs error (device loop0): ext4_write_dquot:6920: comm kworker/u4:1: Failed to commit dquot type 0 [ 1348.916087][T14426] Quota error (device loop0): dquot_write_dquot: Can't write quota structure (error -117). Quota may get out of sync! [ 1348.948995][ T6435] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1348.978024][ T6435] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz-executor: Invalid inode table block 1 in block_group 0 [ 1349.026584][ T6435] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 1349.053352][ T6435] EXT4-fs error (device loop0): ext4_quota_off:7224: inode #3: comm syz-executor: mark_inode_dirty error [ 1349.121285][T29516] mac80211_hwsim hwsim4 wlan0: entered promiscuous mode [ 1349.143168][T29516] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 1349.329272][T29510] loop3: detected capacity change from 0 to 32768 [ 1349.392121][T29510] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 1349.416780][T29510] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1349.459829][T29510] (syz.3.10439,29510,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len is too small for name_len - offset=0, inode=65, rec_len=16, name_len=9 [ 1349.490675][T29510] (syz.3.10439,29510,0):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 1349.519707][T29510] (syz.3.10439,29510,1):ocfs2_mknod:298 ERROR: status = -2 [ 1349.527905][T29510] (syz.3.10439,29510,1):ocfs2_mknod:502 ERROR: status = -2 [ 1349.536490][T29510] (syz.3.10439,29510,1):ocfs2_mkdir:659 ERROR: status = -2 [ 1349.672447][ T6438] ocfs2: Unmounting device (7,3) on (node local) [ 1350.082906][T29541] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 1350.715891][ T6525] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1350.772216][T29567] net veth1_virt_wifi ÿÿÿÿÿÿ: renamed from virt_wifi0 [ 1350.925791][ T6525] usb 3-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1350.935578][ T6525] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1350.957118][ T6525] usb 3-1: Product: syz [ 1350.961387][ T6525] usb 3-1: Manufacturer: syz [ 1350.979373][ T6525] usb 3-1: SerialNumber: syz [ 1350.992037][ T6525] usb 3-1: config 0 descriptor?? [ 1351.195845][T29581] netlink: 'syz.3.10471': attribute type 10 has an invalid length. [ 1351.204088][T29581] net veth1_virt_wifi virt_wifi0: entered allmulticast mode [ 1351.220306][T17799] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 1351.233097][T29581] net veth1_virt_wifi virt_wifi0: entered promiscuous mode [ 1351.241629][T29581] team0: Port device virt_wifi0 added [ 1351.257811][ T6525] hso 3-1:0.0: Failed to find BULK IN ep [ 1351.277697][ T6525] usb-storage 3-1:0.0: USB Mass Storage device detected [ 1351.421612][T17799] usb 2-1: Using ep0 maxpacket: 8 [ 1351.438954][T17799] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1351.464119][T17799] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1351.492299][T17799] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1351.511598][T17799] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1351.555756][T17799] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1351.573062][ T9] usb 3-1: USB disconnect, device number 51 [ 1351.589928][T29591] loop0: detected capacity change from 0 to 4096 [ 1351.599979][T17799] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1351.632360][T17799] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1351.640159][T29591] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1351.662292][T29591] ntfs3: loop0: Failed to load $Extend (-22). [ 1351.676612][T29591] ntfs3: loop0: Failed to initialize $Extend. [ 1352.169892][ T6525] usb 2-1: USB disconnect, device number 51 [ 1352.641197][T29621] netlink: 'syz.0.10490': attribute type 1 has an invalid length. [ 1352.659516][T29623] netlink: 'syz.2.10491': attribute type 1 has an invalid length. [ 1352.663991][T29621] netlink: 4 bytes leftover after parsing attributes in process `syz.0.10490'. [ 1353.153418][ T6525] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1353.286421][T29645] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.10501'. [ 1353.359505][ T6525] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1353.374048][ T6525] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1353.396465][T29649] netlink: 36 bytes leftover after parsing attributes in process `syz.1.10504'. [ 1353.423792][ T6525] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1353.449463][ T6525] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 1353.467017][ T6525] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 1353.484686][ T6525] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1353.517843][ T6525] usb 4-1: config 0 descriptor?? [ 1353.583522][T29653] loop1: detected capacity change from 0 to 256 [ 1353.598998][T29653] exfat: Deprecated parameter 'utf8' [ 1353.661389][T29653] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xf6dff195, utbl_chksum : 0xe619d30d) [ 1353.759365][ T6525] hdpvr 4-1:0.0: firmware version 0x8 dated [ 1353.877085][T29659] loop0: detected capacity change from 0 to 512 [ 1353.914140][T29659] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1353.982811][ T6525] hdpvr 4-1:0.0: device init failed [ 1353.989997][T29659] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1354.003179][ T6525] hdpvr: probe of 4-1:0.0 failed with error -12 [ 1354.026957][T29659] ext4 filesystem being mounted at /2533/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1354.071251][ T6525] usb 4-1: USB disconnect, device number 49 [ 1354.193664][T29670] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10512'. [ 1354.237401][T29670] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10512'. [ 1354.272466][ T6435] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1355.051722][T29703] netlink: 28 bytes leftover after parsing attributes in process `syz.1.10529'. [ 1355.207114][T29707] trusted_key: encrypted_key: master key parameter '' is invalid [ 1355.537738][T29718] loop0: detected capacity change from 0 to 256 [ 1355.656488][T29718] FAT-fs (loop0): Directory bread(block 64) failed [ 1355.663441][T29718] FAT-fs (loop0): Directory bread(block 65) failed [ 1355.708817][T29718] FAT-fs (loop0): Directory bread(block 66) failed [ 1355.715837][T29718] FAT-fs (loop0): Directory bread(block 67) failed [ 1355.730076][T29718] FAT-fs (loop0): Directory bread(block 68) failed [ 1355.737775][T29718] FAT-fs (loop0): Directory bread(block 69) failed [ 1355.758892][T29718] FAT-fs (loop0): Directory bread(block 70) failed [ 1355.780413][T29718] FAT-fs (loop0): Directory bread(block 71) failed [ 1355.796054][T29718] FAT-fs (loop0): Directory bread(block 72) failed [ 1355.812623][T29718] FAT-fs (loop0): Directory bread(block 73) failed [ 1356.283954][T29744] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10546'. [ 1356.403139][ T9] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 1356.616988][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1356.641242][ T9] usb 2-1: config 4 has an invalid interface number: 51 but max is 0 [ 1356.665864][ T9] usb 2-1: config 4 has no interface number 0 [ 1356.685799][ T9] usb 2-1: config 4 interface 51 altsetting 2 bulk endpoint 0x1 has invalid maxpacket 16 [ 1356.696940][ T9] usb 2-1: config 4 interface 51 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1356.713090][ T9] usb 2-1: config 4 interface 51 has no altsetting 0 [ 1356.730768][ T9] usb 2-1: New USB device found, idVendor=954f, idProduct=4199, bcdDevice= f.76 [ 1356.745214][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1356.766592][ T9] usb 2-1: Product: syz [ 1356.773089][ T9] usb 2-1: Manufacturer: syz [ 1356.789205][ T9] usb 2-1: SerialNumber: syz [ 1356.810284][T29738] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1356.817957][T29738] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1356.864652][T29761] loop3: detected capacity change from 0 to 4096 [ 1356.911198][T29761] ntfs: (device loop3): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1356.945325][T29761] ntfs: (device loop3): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1356.978393][T29761] ntfs: (device loop3): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1357.010288][T29761] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1357.050047][T29738] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1357.086064][T29761] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1357.087591][T29738] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1357.143262][T29761] ntfs: volume version 3.1. [ 1357.153373][ T9] cdc_eem 2-1:4.51 usb0: register 'cdc_eem' at usb-dummy_hcd.1-1, CDC EEM Device, 46:d4:c3:5a:99:f7 [ 1357.181331][T29761] ntfs: (device loop3): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1357.210734][T29761] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1357.234452][T29761] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1357.262186][T29761] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1357.276473][T29761] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1357.324724][T29768] overlayfs: conflicting options: nfs_export=on,index=off [ 1357.388006][ T6525] usb 2-1: USB disconnect, device number 52 [ 1357.395975][ T6525] cdc_eem 2-1:4.51 usb0: unregister 'cdc_eem' usb-dummy_hcd.1-1, CDC EEM Device [ 1357.497477][T29758] loop2: detected capacity change from 0 to 32768 [ 1357.549822][T29758] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 11 [ 1357.707640][T29774] ERROR: device name not specified. [ 1357.817478][ T6371] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 11 [ 1358.173118][T29783] loop3: detected capacity change from 0 to 4096 [ 1358.251495][T29783] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1358.270152][T29783] ntfs3: loop3: Failed to load $Extend (-22). [ 1358.278604][T29783] ntfs3: loop3: Failed to initialize $Extend. [ 1358.580770][T29796] netlink: 152 bytes leftover after parsing attributes in process `syz.0.10571'. [ 1358.637458][T29796] netlink: 12 bytes leftover after parsing attributes in process `syz.0.10571'. [ 1358.769205][T29802] loop1: detected capacity change from 0 to 1024 [ 1358.882758][T29798] loop2: detected capacity change from 0 to 8192 [ 1358.958144][T29798] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 1358.996009][T29802] hfsplus: xattr searching failed [ 1359.055195][T29798] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal [ 1359.126670][T29798] REISERFS (device loop2): using ordered data mode [ 1359.175239][T29798] reiserfs: using flush barriers [ 1359.201236][T29798] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 1359.247980][T29818] binder: 29817:29818 ioctl 40046205 0 returned -22 [ 1359.267685][T29798] REISERFS (device loop2): checking transaction log (loop2) [ 1359.326977][T29798] REISERFS (device loop2): Using r5 hash to sort names [ 1359.358814][T29798] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 1359.372200][T29821] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10580'. [ 1359.392110][T29821] netlink: 20 bytes leftover after parsing attributes in process `syz.1.10580'. [ 1360.070074][T29844] netlink: 52 bytes leftover after parsing attributes in process `syz.0.10587'. [ 1360.475013][T29857] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10592'. [ 1360.538732][T29857] netlink: 24 bytes leftover after parsing attributes in process `syz.2.10592'. [ 1360.855509][T29828] loop1: detected capacity change from 0 to 32768 [ 1360.904434][T29828] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.10582 (29828) [ 1361.003389][T29828] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1361.066939][T29828] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm [ 1361.095546][T29828] BTRFS info (device loop1): using free space tree [ 1361.299513][T29828] BTRFS info (device loop1): enabling ssd optimizations [ 1361.306730][T29828] BTRFS info (device loop1): auto enabling async discard [ 1361.963515][ T6442] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1362.589501][T29927] netlink: 'syz.2.10617': attribute type 1 has an invalid length. [ 1362.664272][T29930] loop1: detected capacity change from 0 to 512 [ 1362.672811][T29931] __vm_enough_memory: pid: 29931, comm: syz.3.10619, not enough memory for the allocation [ 1362.703166][T17799] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1362.776681][T29930] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1362.871431][T29930] ext4 filesystem being mounted at /2441/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1362.935179][T17799] usb 1-1: config index 0 descriptor too short (expected 39, got 27) [ 1362.943479][T17799] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 1362.970102][T17799] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1362.981984][T17799] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 1363.010581][T17799] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1363.019013][T17799] usb 1-1: Product: syz [ 1363.044346][T17799] usb 1-1: Manufacturer: syz [ 1363.054533][T17799] usb 1-1: SerialNumber: syz [ 1363.071806][T17799] usb 1-1: config 0 descriptor?? [ 1363.103121][T17799] hub 1-1:0.0: bad descriptor, ignoring hub [ 1363.127712][T17799] hub: probe of 1-1:0.0 failed with error -5 [ 1363.137541][T17799] usb 1-1: selecting invalid altsetting 0 [ 1363.147828][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1363.333321][ T9] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1363.547073][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 1363.559519][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1363.579559][ T9] usb 4-1: config 7 has an invalid interface number: 187 but max is 0 [ 1363.608548][ T9] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1363.618904][ T9] usb 4-1: config 7 has no interface number 0 [ 1363.625630][ T8] usb 1-1: USB disconnect, device number 36 [ 1363.642643][ T9] usb 4-1: config 7 interface 187 altsetting 6 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1363.655655][ T9] usb 4-1: config 7 interface 187 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1363.670367][ T9] usb 4-1: config 7 interface 187 has no altsetting 0 [ 1363.692162][ T9] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1363.726763][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1363.735016][ T9] usb 4-1: Product: syz [ 1363.753329][ T9] usb 4-1: Manufacturer: syz [ 1363.758032][ T9] usb 4-1: SerialNumber: syz [ 1363.832872][T29960] netlink: 'syz.2.10632': attribute type 1 has an invalid length. [ 1363.948346][T29962] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10633'. [ 1364.005700][ T9] usb 4-1: Limiting number of CPorts to U8_MAX [ 1364.045355][ T9] usb 4-1: Unknown endpoint type found, address 0x07 [ 1364.089710][ T9] usb 4-1: Not enough endpoints found in device, aborting! [ 1364.292343][ T8] usb 4-1: USB disconnect, device number 50 [ 1364.346354][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 1364.346373][ T28] audit: type=1326 audit(1760403093.457:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29971 comm="syz.2.10638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1364.464646][ T28] audit: type=1326 audit(1760403093.457:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29971 comm="syz.2.10638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1364.537424][ T28] audit: type=1326 audit(1760403093.514:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29971 comm="syz.2.10638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1364.568898][ T28] audit: type=1326 audit(1760403093.514:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29971 comm="syz.2.10638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1364.604440][T29980] xt_ecn: cannot match TCP bits for non-tcp packets [ 1364.624211][ T28] audit: type=1326 audit(1760403093.514:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=29971 comm="syz.2.10638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1364.852827][T29988] loop2: detected capacity change from 0 to 256 [ 1364.900801][T29988] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 1365.298151][ T6391] usb 2-1: new full-speed USB device number 53 using dummy_hcd [ 1365.413569][T30004] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1365.542386][ T6391] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 1365.552340][ T6391] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1365.597947][ T6391] usb 2-1: config 0 descriptor?? [ 1365.606644][ T6391] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 1365.854014][ T9] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1366.043853][ T6391] gp8psk: usb in 137 operation failed. [ 1366.062937][ T6391] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 1366.072447][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 1366.096217][ T6391] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 1366.097132][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1366.128216][ T6391] usb 2-1: USB disconnect, device number 53 [ 1366.129357][ T9] usb 3-1: config 7 has an invalid interface number: 187 but max is 0 [ 1366.159769][ T9] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 1366.188567][ T9] usb 3-1: config 7 has no interface number 0 [ 1366.195213][ T9] usb 3-1: config 7 interface 187 altsetting 6 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1366.226051][ T9] usb 3-1: config 7 interface 187 altsetting 6 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1366.264973][ T9] usb 3-1: config 7 interface 187 has no altsetting 0 [ 1366.291211][ T9] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 1366.308468][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1366.331727][ T9] usb 3-1: Product: syz [ 1366.336950][ T9] usb 3-1: Manufacturer: syz [ 1366.341701][ T9] usb 3-1: SerialNumber: syz [ 1366.436427][T30036] cifs: Unknown parameter 'ÿÿITäŒ&¬æ:ÅèÙ"‚Õëï1:ºÃÃÓ­'Ä4,Zz-#FÇ<æõ]%gCžÊ [ 1366.436427][T30036] SÃȘØÈžZ§6ŸÂ' [ 1366.602877][ T9] usb 3-1: Limiting number of CPorts to U8_MAX [ 1366.610374][ T9] usb 3-1: Unknown endpoint type found, address 0x07 [ 1366.619479][ T9] usb 3-1: Not enough endpoints found in device, aborting! [ 1366.898546][ T9] usb 3-1: USB disconnect, device number 52 [ 1367.224638][T30059] loop0: detected capacity change from 0 to 736 [ 1367.355784][T30059] rock: directory entry would overflow storage [ 1367.366911][T30059] rock: sig=0x3b10, size=4, remaining=3 [ 1367.732084][T30048] loop3: detected capacity change from 0 to 32768 [ 1367.795647][T30048] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1368.115270][T30087] loop1: detected capacity change from 0 to 64 [ 1368.168583][T30048] XFS (loop3): Ending clean mount [ 1368.430269][ T6438] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 1368.714688][T30083] loop2: detected capacity change from 0 to 32768 [ 1368.759525][T30083] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.10690 (30083) [ 1368.827686][T30083] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1368.878569][T30083] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 1368.932569][T30083] BTRFS info (device loop2): using free space tree [ 1368.961812][T30102] loop1: detected capacity change from 0 to 512 [ 1369.069566][T30102] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1369.132130][T30102] ext4 filesystem being mounted at /2461/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1369.199848][T30083] BTRFS info (device loop2): enabling ssd optimizations [ 1369.218275][T30083] BTRFS info (device loop2): auto enabling async discard [ 1369.253448][T30102] EXT4-fs error (device loop1): ext4_xattr_block_list:768: inode #15: comm syz.1.10699: corrupted xattr block 19: overlapping e_value [ 1369.420343][T30130] netlink: 'syz.0.10703': attribute type 10 has an invalid length. [ 1369.431622][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1369.529563][T30130] team0: Device hsr_slave_0 failed to register rx_handler [ 1369.683367][T30134] xt_socket: unknown flags 0x4 [ 1369.774500][ T6432] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1370.119888][T30145] loop1: detected capacity change from 0 to 256 [ 1370.543053][T30155] libceph: resolve 'c' (ret=-3): failed [ 1371.020285][T30169] loop1: detected capacity change from 0 to 2048 [ 1371.081384][ T28] audit: type=1326 audit(1760403099.771:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30172 comm="syz.2.10722" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x0 [ 1371.122630][T30169] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1371.310836][T30179] loop2: detected capacity change from 0 to 64 [ 1371.482733][T30185] loop3: detected capacity change from 0 to 256 [ 1371.702066][T30188] xt_hashlimit: invalid interval [ 1371.704399][T30191] loop0: detected capacity change from 0 to 512 [ 1371.759185][T30191] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 1371.807056][T30191] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 1371.837277][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1371.844791][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1371.881096][T30191] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 1371.913005][T30191] System zones: 0-2, 18-18, 34-35 [ 1371.966627][T30196] loop1: detected capacity change from 0 to 1764 [ 1371.976601][T30191] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 1372.078834][T30196] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 1372.123506][ T6435] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1372.506706][T30211] loop3: detected capacity change from 0 to 4096 [ 1372.524884][T30211] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 1372.899262][T30222] xt_ecn: cannot match TCP bits for non-tcp packets [ 1373.315473][T30216] loop0: detected capacity change from 0 to 32768 [ 1373.345591][T30216] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop0 scanned by syz.0.10745 (30216) [ 1373.398655][T30216] BTRFS info (device loop0): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1373.413580][T30216] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 1373.426141][T30216] BTRFS info (device loop0): using free space tree [ 1373.445022][T30235] loop3: detected capacity change from 0 to 128 [ 1373.474804][T30235] FAT-fs (loop3): Invalid FSINFO signature: 0x41610000, 0x61417272 (sector = 1) [ 1373.505476][T30243] loop2: detected capacity change from 0 to 2048 [ 1373.510950][T30216] BTRFS info (device loop0): enabling ssd optimizations [ 1373.520082][T30216] BTRFS info (device loop0): auto enabling async discard [ 1373.545147][T30243] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 1373.555332][T30235] FAT-fs (loop3): Directory bread(block 162) failed [ 1373.562753][T30235] FAT-fs (loop3): Directory bread(block 163) failed [ 1373.584787][T30235] FAT-fs (loop3): Directory bread(block 164) failed [ 1373.595828][T30235] FAT-fs (loop3): Directory bread(block 165) failed [ 1373.602912][T30235] FAT-fs (loop3): Directory bread(block 166) failed [ 1373.622277][T30252] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1373.633770][T30243] syz.2.10754: attempt to access beyond end of device [ 1373.633770][T30243] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 1373.650425][T30235] FAT-fs (loop3): Directory bread(block 167) failed [ 1373.657258][T30235] FAT-fs (loop3): Directory bread(block 168) failed [ 1373.681210][T30235] FAT-fs (loop3): Directory bread(block 169) failed [ 1373.725224][T30243] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: directory entry across blocks - offset=104, inode=16, rec_len=1816, name_len=0 [ 1373.750996][T30235] FAT-fs (loop3): Directory bread(block 162) failed [ 1373.775935][T30235] FAT-fs (loop3): Directory bread(block 163) failed [ 1373.779626][T30243] Remounting filesystem read-only [ 1373.809822][T30235] syz.3.10755: attempt to access beyond end of device [ 1373.809822][T30235] loop3: rw=3, sector=210, nr_sectors = 6 limit=128 [ 1373.870785][T30235] syz.3.10755: attempt to access beyond end of device [ 1373.870785][T30235] loop3: rw=2051, sector=216, nr_sectors = 2 limit=128 [ 1374.018349][ T6435] BTRFS info (device loop0): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 1374.029465][ T3538] FAT-fs (loop3): Invalid FSINFO signature: 0x41610000, 0x61417272 (sector = 1) [ 1374.149618][ T6371] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 10 /dev/loop0 scanned by udevd (6371) [ 1375.395619][T30288] loop0: detected capacity change from 0 to 1024 [ 1375.720615][T30294] netlink: 'syz.0.10775': attribute type 2 has an invalid length. [ 1375.890849][T30275] loop3: detected capacity change from 0 to 32768 [ 1375.923953][T30275] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 1375.987988][T30300] loop0: detected capacity change from 0 to 1024 [ 1376.182709][ T42] hfsplus: b-tree write err: -5, ino 4 [ 1376.207217][T30302] loop2: detected capacity change from 0 to 4096 [ 1376.293773][T30302] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 1376.299668][ T6371] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 1376.327590][T30302] ntfs3: loop2: Failed to load $Extend (-22). [ 1376.392659][T30302] ntfs3: loop2: Failed to initialize $Extend. [ 1376.781771][T30314] loop2: detected capacity change from 0 to 764 [ 1377.389109][T27669] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1377.608041][T27669] usb 3-1: Using ep0 maxpacket: 8 [ 1377.616926][T27669] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 1377.634740][T27669] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1377.649242][T27669] usb 3-1: config 0 has no interface number 0 [ 1377.655487][T27669] usb 3-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1377.702220][T30345] loop0: detected capacity change from 0 to 736 [ 1377.719505][T27669] usb 3-1: config 0 interface 52 has no altsetting 0 [ 1377.742070][T27669] usb 3-1: New USB device found, idVendor=06cb, idProduct=0009, bcdDevice= 8.00 [ 1377.757025][T30346] netlink: 'syz.1.10801': attribute type 1 has an invalid length. [ 1377.765307][T27669] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=184 [ 1377.794326][T27669] usb 3-1: SerialNumber: syz [ 1377.814672][T27669] usb 3-1: config 0 descriptor?? [ 1378.314572][ T6525] usb 3-1: USB disconnect, device number 53 [ 1378.819417][T30376] netlink: 8 bytes leftover after parsing attributes in process `syz.1.10816'. [ 1379.354763][T30390] loop2: detected capacity change from 0 to 512 [ 1379.393586][T30390] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1379.464605][T30370] loop0: detected capacity change from 0 to 40427 [ 1379.487502][T30390] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1379.506973][T30390] ext4 filesystem being mounted at /2606/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1379.525525][T30370] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x7ffff [ 1379.555166][T30370] F2FS-fs (loop0): invalid crc value [ 1379.586446][T30400] netlink: 4 bytes leftover after parsing attributes in process `syz.3.10827'. [ 1379.653675][T30370] F2FS-fs (loop0): Found nat_bits in checkpoint [ 1379.715193][T30390] Quota error (device loop2): find_tree_dqentry: Cycle in quota tree detected: block 4 index 0 [ 1379.763246][T30390] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 1379.776182][T30390] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.10823: Failed to acquire dquot type 1 [ 1379.813269][T30370] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 1379.965802][ T6432] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1380.098228][T30413] loop1: detected capacity change from 0 to 1024 [ 1380.206812][T30413] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1380.492057][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1381.019825][T30437] loop3: detected capacity change from 0 to 2048 [ 1381.124922][T30446] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1381.319819][T30441] loop1: detected capacity change from 0 to 4096 [ 1381.552534][T30441] ntfs3: loop1: ino=b, Correct links count -> 1. [ 1381.585437][T30456] xt_connbytes: Forcing CT accounting to be enabled [ 1381.590411][T30441] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 1381.665434][T30456] xt_bpf: check failed: parse error [ 1382.230208][T30472] comedi comedi1: das16m1: I/O port conflict (0x501,8) [ 1382.425114][T30477] netlink: 32 bytes leftover after parsing attributes in process `syz.0.10854'. [ 1382.479669][T30477] netlink: 32 bytes leftover after parsing attributes in process `syz.0.10854'. [ 1383.287701][T30471] loop1: detected capacity change from 0 to 32768 [ 1383.357001][T30511] netlink: 72 bytes leftover after parsing attributes in process `syz.2.10865'. [ 1383.366897][T30511] netlink: 'syz.2.10865': attribute type 1 has an invalid length. [ 1383.374764][T30511] netlink: 'syz.2.10865': attribute type 2 has an invalid length. [ 1383.385996][T30511] netlink: 116 bytes leftover after parsing attributes in process `syz.2.10865'. [ 1383.406680][T30471] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1383.584736][T30525] loop0: detected capacity change from 0 to 16 [ 1383.605462][T30471] XFS (loop1): Ending clean mount [ 1383.612780][T30525] erofs: (device loop0): mounted with root inode @ nid 36. [ 1383.636290][T30471] XFS (loop1): Quotacheck needed: Please wait. [ 1383.698973][T30525] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 1383.755310][T30525] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -44 in[46, 4050] out[1851] [ 1383.776865][T30525] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 1383.843758][T30471] XFS (loop1): Quotacheck: Done. [ 1384.106709][ T6442] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 1384.157463][T30537] (unnamed net_device) (uninitialized): option ad_select: invalid value (4) [ 1384.250839][T30534] loop3: detected capacity change from 0 to 4096 [ 1384.442070][T30534] ntfs3: loop3: ino=b, Correct links count -> 1. [ 1384.498542][T30534] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 1384.525812][T30541] loop0: detected capacity change from 0 to 2048 [ 1384.620854][T30541] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1385.318598][T30560] netlink: 'syz.3.10880': attribute type 1 has an invalid length. [ 1385.349194][T30560] netlink: 224 bytes leftover after parsing attributes in process `syz.3.10880'. [ 1385.394476][T30530] loop2: detected capacity change from 0 to 32768 [ 1385.536786][ T28] audit: type=1800 audit(1760403113.288:109): pid=30530 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.10871" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 1385.820995][T30574] netlink: 'syz.1.10886': attribute type 2 has an invalid length. [ 1385.843237][T30576] netlink: 16 bytes leftover after parsing attributes in process `syz.0.10887'. [ 1386.844685][T30610] netlink: 32 bytes leftover after parsing attributes in process `syz.1.10902'. [ 1387.072462][T30619] loop2: detected capacity change from 0 to 16 [ 1387.090663][T30619] erofs: (device loop2): mounted with root inode @ nid 36. [ 1387.379916][T30624] loop1: detected capacity change from 0 to 4096 [ 1387.399288][T30629] comedi comedi0: pcl816: I/O port conflict (0x6,16) [ 1387.440775][T30624] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1387.453155][T30624] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1387.480253][T30624] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1387.501905][T30624] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1387.541906][T30624] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1387.565924][T30624] ntfs: volume version 3.1. [ 1387.616376][T30624] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1387.648728][T30624] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1387.708180][T30624] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1387.758069][T30624] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1387.840486][T30639] Scaler: ================= START STATUS ================= [ 1387.864597][T30639] Scaler: ================== END STATUS ================== [ 1388.186047][T30651] netlink: 16 bytes leftover after parsing attributes in process `syz.2.10923'. [ 1389.580243][T30687] loop1: detected capacity change from 0 to 256 [ 1389.614415][T30687] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 1389.708164][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1389.751918][T30687] FAT-fs (loop1): Filesystem has been set read-only [ 1389.790342][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1389.818715][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1389.854062][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1389.875640][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1389.905541][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1389.936659][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1389.977353][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.009129][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.052440][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.086360][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.127985][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.149636][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.188303][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.208456][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.217355][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.246737][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.282016][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.290757][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.333078][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.342909][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.353404][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.407591][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.420296][T30707] loop3: detected capacity change from 0 to 1764 [ 1390.422325][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.458902][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.514420][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.536720][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.603751][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.645609][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.654263][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.677391][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.686148][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.725633][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.754893][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.773661][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.793541][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.816357][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.825535][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.848545][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.857332][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.900679][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.920971][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.937995][T30721] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10958'. [ 1390.948602][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.957694][T30721] netlink: 28 bytes leftover after parsing attributes in process `syz.2.10958'. [ 1390.976683][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1390.985380][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.015769][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.026593][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.073947][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.082697][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.091652][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.100541][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.109630][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.118736][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.127978][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.137001][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.145907][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.196018][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.206291][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.244964][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.268857][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.295876][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.297896][T30731] loop0: detected capacity change from 0 to 256 [ 1391.320314][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.329021][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.341902][T30731] exfat: Deprecated parameter 'namecase' [ 1391.347870][T30731] exfat: Deprecated parameter 'namecase' [ 1391.354030][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.357412][T30731] exfat: Deprecated parameter 'namecase' [ 1391.390640][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.399911][T30731] exFAT-fs (loop0): Medium has reported failures. Some data may be lost. [ 1391.420120][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.446988][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.455732][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.495189][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.525090][T30731] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d) [ 1391.525762][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.575374][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.590157][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.607391][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.638495][T30687] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 1391.673082][ T28] kauditd_printk_skb: 7 callbacks suppressed [ 1391.673100][ T28] audit: type=1800 audit(1760403119.031:110): pid=30687 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.10940" name="file1" dev="loop1" ino=1048673 res=0 errno=0 [ 1391.815817][ T28] audit: type=1326 audit(1760403119.172:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30742 comm="syz.2.10969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1391.863660][ T28] audit: type=1326 audit(1760403119.172:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30742 comm="syz.2.10969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1391.962348][ T28] audit: type=1326 audit(1760403119.190:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30742 comm="syz.2.10969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=443 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1392.043316][ T28] audit: type=1326 audit(1760403119.190:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30742 comm="syz.2.10969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1392.168216][ T28] audit: type=1326 audit(1760403119.200:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30742 comm="syz.2.10969" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b378eec9 code=0x7ffc0000 [ 1392.238264][T30753] misc userio: Invalid payload size [ 1392.488577][T30764] loop1: detected capacity change from 0 to 64 [ 1392.772886][T30773] tmpfs: Bad value for 'mpol' [ 1393.291850][T30788] loop1: detected capacity change from 0 to 1024 [ 1393.316746][T30788] EXT4-fs: Ignoring removed oldalloc option [ 1393.339357][T30788] EXT4-fs: Ignoring removed orlov option [ 1393.345221][T30788] EXT4-fs: Ignoring removed oldalloc option [ 1393.366972][T30788] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1393.466321][T30788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1393.558447][T30804] netlink: 'syz.0.10996': attribute type 9 has an invalid length. [ 1393.591311][T30788] EXT4-fs error (device loop1): ext4_xattr_set_entry:1677: inode #13: comm syz.1.10991: corrupted xattr entries [ 1393.625947][T30804] netlink: 'syz.0.10996': attribute type 7 has an invalid length. [ 1393.646217][T30804] netlink: 'syz.0.10996': attribute type 8 has an invalid length. [ 1393.684328][T30808] tc_dump_action: action bad kind [ 1393.835045][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1393.862454][T30814] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11000'. [ 1393.910154][T30814] netlink: 28 bytes leftover after parsing attributes in process `syz.2.11000'. [ 1394.020693][T30816] loop3: detected capacity change from 0 to 2048 [ 1394.057905][T30816] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1394.148789][T30822] netlink: 'syz.2.11005': attribute type 75 has an invalid length. [ 1394.543575][T30834] netlink: 152 bytes leftover after parsing attributes in process `syz.2.11011'. [ 1394.996341][ T5776] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1395.239692][ T5776] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1395.268468][ T5776] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1395.278552][ T5776] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1395.305008][ T5776] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1395.333269][T30839] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1395.346141][ T5776] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 1395.796648][T30872] ieee802154 phy0 wpan0: encryption failed: -22 [ 1395.818521][ T6391] usb 3-1: USB disconnect, device number 54 [ 1396.598135][T30896] loop3: detected capacity change from 0 to 16 [ 1396.622272][T30896] erofs: (device loop3): mounted with root inode @ nid 36. [ 1396.917156][T30908] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 1396.925767][T30908] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1397.089353][T30906] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11047'. [ 1397.120824][T30906] netlink: 24 bytes leftover after parsing attributes in process `syz.3.11047'. [ 1397.362939][T30914] loop2: detected capacity change from 0 to 2048 [ 1397.370320][T30918] loop0: detected capacity change from 0 to 8 [ 1397.393822][T30920] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1397.761318][T30931] loop3: detected capacity change from 0 to 64 [ 1398.053946][T30936] cgroup: none used incorrectly [ 1398.222250][T30939] loop3: detected capacity change from 0 to 4096 [ 1398.242150][T30939] ntfs: (device loop3): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 1398.257567][T30939] ntfs: (device loop3): ntfs_read_locked_inode(): Failed to lookup attribute list attribute. [ 1398.299402][T30939] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 1398.338667][T30939] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1398.371668][T30939] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1398.415015][T30939] ntfs: volume version 3.1. [ 1398.445784][T30939] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 1398.479398][T30939] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 1398.524381][T30939] ntfs: (device loop3): ntfs_check_logfile(): Error mapping $LogFile page (index 0). [ 1398.554175][T30939] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1398.606642][T30939] ntfs: (device loop3): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 1398.688423][T30955] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (6) [ 1400.171115][T31005] netlink: 'syz.3.11096': attribute type 13 has an invalid length. [ 1400.261664][T30979] loop0: detected capacity change from 0 to 32768 [ 1400.307620][T30979] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop0 scanned by syz.0.11083 (30979) [ 1400.356516][T30979] BTRFS info (device loop0): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1400.397753][T30979] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 1400.435104][T30979] BTRFS info (device loop0): turning off barriers [ 1400.481095][T30979] BTRFS info (device loop0): max_inline at 0 [ 1400.487289][T30979] BTRFS info (device loop0): enabling all of the rescue options [ 1400.508720][T30979] BTRFS info (device loop0): ignoring data csums [ 1400.532324][T30979] BTRFS info (device loop0): ignoring bad roots [ 1400.547190][T30979] BTRFS info (device loop0): disabling log replay at mount time [ 1400.580161][T30979] BTRFS info (device loop0): force zlib compression, level 3 [ 1400.594902][T31015] AppArmor: change_hat: Invalid input '0' [ 1400.601735][T30979] BTRFS info (device loop0): allowing degraded mounts [ 1400.648781][T30979] BTRFS info (device loop0): setting nodatacow [ 1400.683456][T30979] BTRFS info (device loop0): enabling ssd optimizations [ 1400.692235][T30979] BTRFS info (device loop0): using spread ssd allocation scheme [ 1400.747795][T30979] BTRFS info (device loop0): using free space tree [ 1400.757839][T30979] workqueue: max_active 2097158 requested for btrfs-worker is out of range, clamping between 1 and 512 [ 1400.828944][T30979] workqueue: max_active 2097158 requested for btrfs-delalloc is out of range, clamping between 1 and 512 [ 1400.865581][T30979] workqueue: max_active 2097158 requested for btrfs-endio is out of range, clamping between 1 and 512 [ 1400.938068][T30979] workqueue: max_active 2097158 requested for btrfs-endio-meta is out of range, clamping between 1 and 512 [ 1401.014103][T30979] workqueue: max_active 2097158 requested for btrfs-rmw is out of range, clamping between 1 and 512 [ 1401.046774][T30979] workqueue: max_active 2097158 requested for btrfs-endio-write is out of range, clamping between 1 and 512 [ 1401.066930][T30979] workqueue: max_active 2097158 requested for btrfs-compressed-write is out of range, clamping between 1 and 512 [ 1401.154764][ T3538] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0x3fff8ff18ac4f264f26c9b61444b99be3a51e4b9014c9227426415668fcd4ed9 level 0 [ 1401.257428][T30979] BTRFS error (device loop0): failed to load root extent [ 1401.265642][T31044] netlink: 'syz.2.11108': attribute type 1 has an invalid length. [ 1401.295081][ T3538] BTRFS warning (device loop0: state C): checksum verify failed on logical 5328896 mirror 1 wanted 0xe27e479340067083b74b333c1de55c530774f48d9bb4dbb5f2229db663324412 found 0x95f62be744ba79d2c7edda0b7f35c3ed250500c283e6cfbf6ba5d84a2ae65a3d level 1 [ 1401.416672][T31048] netdevsim netdevsim3: Direct firmware load for ..€ failed with error -2 [ 1401.453516][T31048] netdevsim netdevsim3: Falling back to sysfs fallback for: ..€ [ 1401.738990][ T6435] BTRFS info (device loop0: state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 1402.105476][ T5776] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 1402.311561][ T5776] usb 3-1: Using ep0 maxpacket: 8 [ 1402.334573][ T5776] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 1402.361195][ T5776] usb 3-1: config 6 has no interface number 0 [ 1402.378515][ T5776] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1402.399299][ T5776] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1402.418417][ T5776] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 1402.447925][ T5776] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1402.473316][ T5776] usb 3-1: Product: syz [ 1402.477677][ T5776] usb 3-1: Manufacturer: syz [ 1402.501697][ T5776] usb 3-1: SerialNumber: syz [ 1402.516001][ T5776] hso 3-1:6.2: Failed to find INT IN ep [ 1402.773619][ T5776] usb 3-1: USB disconnect, device number 55 [ 1403.456079][T31097] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 1403.486932][T31097] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1404.189728][T31125] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11148'. [ 1404.218593][T31125] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11148'. [ 1404.258964][T31125] netlink: 12 bytes leftover after parsing attributes in process `syz.2.11148'. [ 1404.273817][T31125] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11148'. [ 1404.295430][T31125] netlink: 104 bytes leftover after parsing attributes in process `syz.2.11148'. [ 1404.452962][T31134] overlayfs: option "uuid=on" requires an upper fs, falling back to uuid=null. [ 1404.479028][T31134] overlayfs: missing 'lowerdir' [ 1404.954308][T31143] loop1: detected capacity change from 0 to 8192 [ 1405.433917][T31166] loop2: detected capacity change from 0 to 256 [ 1405.554050][T31166] FAT-fs (loop2): Directory bread(block 64) failed [ 1405.561495][T31164] loop3: detected capacity change from 0 to 4096 [ 1405.590715][T31166] FAT-fs (loop2): Directory bread(block 65) failed [ 1405.633565][T31166] FAT-fs (loop2): Directory bread(block 66) failed [ 1405.640275][T31166] FAT-fs (loop2): Directory bread(block 67) failed [ 1405.682122][T31166] FAT-fs (loop2): Directory bread(block 68) failed [ 1405.689355][T31166] FAT-fs (loop2): Directory bread(block 69) failed [ 1405.696074][T31166] FAT-fs (loop2): Directory bread(block 70) failed [ 1405.701989][T31164] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1405.706792][T31166] FAT-fs (loop2): Directory bread(block 71) failed [ 1405.722629][T31166] FAT-fs (loop2): Directory bread(block 72) failed [ 1405.729859][T31166] FAT-fs (loop2): Directory bread(block 73) failed [ 1405.868801][ T6438] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1406.420501][T31184] loop1: detected capacity change from 0 to 4096 [ 1406.446454][T31184] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 1406.526251][T31196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.11180'. [ 1406.562510][T31196] netlink: 4 bytes leftover after parsing attributes in process `syz.3.11180'. [ 1406.606303][T31196] tc_dump_action: action bad kind [ 1406.607703][T31198] xt_connbytes: Forcing CT accounting to be enabled [ 1408.045536][T31213] loop1: detected capacity change from 0 to 32768 [ 1408.159321][T31213] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 1408.505248][ T6442] ocfs2: Unmounting device (7,1) on (node local) [ 1408.521419][T31260] netlink: 'syz.3.11210': attribute type 5 has an invalid length. [ 1408.578730][T31257] loop0: detected capacity change from 0 to 1764 [ 1408.627634][T31262] netlink: 24 bytes leftover after parsing attributes in process `syz.1.11211'. [ 1409.147887][T31275] netlink: 20 bytes leftover after parsing attributes in process `syz.3.11217'. [ 1409.597066][T31294] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1411.079072][T31343] loop3: detected capacity change from 0 to 512 [ 1411.119228][T31343] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1411.222825][T31343] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1411.245974][T31343] ext4 filesystem being mounted at /2653/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 1411.334827][ T6438] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1411.655337][T31363] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1411.713095][T31359] loop2: detected capacity change from 0 to 4096 [ 1411.728645][T31359] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 1411.767414][T31359] ntfs3: loop2: Failed to load $Extend (-22). [ 1411.780882][T31359] ntfs3: loop2: Failed to initialize $Extend. [ 1412.394835][T31385] SET target dimension over the limit! [ 1412.860592][T31403] netlink: 'syz.1.11279': attribute type 27 has an invalid length. [ 1412.995193][T31407] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11280'. [ 1413.147275][T31409] loop2: detected capacity change from 0 to 4096 [ 1413.238150][T31418] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 1413.333202][T31409] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11 [ 1413.673942][T31424] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 1413.749409][T31428] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 1413.981741][T31435] batadv1: entered promiscuous mode [ 1414.389064][T31448] netlink: 72 bytes leftover after parsing attributes in process `syz.1.11299'. [ 1414.411026][T31448] netlink: 172 bytes leftover after parsing attributes in process `syz.1.11299'. [ 1415.498871][T31492] netlink: 72 bytes leftover after parsing attributes in process `syz.1.11321'. [ 1415.535040][T31492] netlink: 36 bytes leftover after parsing attributes in process `syz.1.11321'. [ 1415.571045][T31492] vlan0: entered promiscuous mode [ 1415.981577][T31506] netlink: 8 bytes leftover after parsing attributes in process `syz.1.11329'. [ 1416.456346][T31494] loop3: detected capacity change from 0 to 32768 [ 1416.614498][ T6525] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 1416.858518][ T6525] usb 2-1: Using ep0 maxpacket: 16 [ 1416.867395][ T6525] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 1416.890963][ T6525] usb 2-1: config 0 descriptor has 1 excess byte, ignoring [ 1416.918867][ T6525] usb 2-1: config 0 has no interface number 0 [ 1416.929214][ T6525] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 1416.951752][ T6525] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1416.991973][ T6525] usb 2-1: Product: syz [ 1417.007294][ T6525] usb 2-1: Manufacturer: syz [ 1417.018412][ T6525] usb 2-1: SerialNumber: syz [ 1417.059779][ T6525] usb 2-1: config 0 descriptor?? [ 1417.091246][ T6525] usb 2-1: Found UVC 0.00 device syz (046d:08f3) [ 1417.110977][T31538] netlink: 7 bytes leftover after parsing attributes in process `syz.2.11344'. [ 1417.129449][ T6525] usb 2-1: No valid video chain found. [ 1417.144207][T31538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11344'. [ 1417.236936][T31534] loop3: detected capacity change from 0 to 4096 [ 1417.256598][T31534] __ntfs_warning: 3 callbacks suppressed [ 1417.256615][T31534] ntfs: (device loop3): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 1417.371204][ T6391] usb 2-1: USB disconnect, device number 54 [ 1417.380253][T31534] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 1417.405698][T31534] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 1417.430159][T31541] loop0: detected capacity change from 0 to 2048 [ 1417.434000][T31534] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 1417.459966][T31534] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1417.476371][T31541] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 1417.568784][T31534] ntfs: volume version 3.1. [ 1417.676608][T31534] ntfs: (device loop3): ntfs_nlstoucs(): Name using character set euc-jp contains characters that cannot be converted to Unicode. [ 1417.728640][T31534] ntfs: (device loop3): ntfs_lookup(): Failed to convert name to Unicode. [ 1418.117056][T31556] (unnamed net_device) (uninitialized): peer notification delay (9) is not a multiple of miimon (5), value rounded to 5 ms [ 1418.144629][T31556] (unnamed net_device) (uninitialized): option use_carrier: invalid value (6) [ 1418.455040][T31572] netlink: 'syz.3.11361': attribute type 10 has an invalid length. [ 1418.473345][T31572] macvlan1: entered allmulticast mode [ 1418.484104][T31572] veth1_vlan: entered allmulticast mode [ 1418.498223][T31572] team0: Device macvlan1 is up. Set it down before adding it as a team port [ 1418.592536][T31576] netlink: 'syz.0.11363': attribute type 7 has an invalid length. [ 1418.611835][ T6554] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 1418.629190][T31576] netlink: 'syz.0.11363': attribute type 8 has an invalid length. [ 1418.806549][T31582] netlink: 'syz.3.11367': attribute type 10 has an invalid length. [ 1418.806736][ T6554] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1418.824910][T31582] netlink: 2 bytes leftover after parsing attributes in process `syz.3.11367'. [ 1418.824953][T31582] ipvlan1: entered promiscuous mode [ 1418.825556][T31582] bridge0: port 3(ipvlan1) entered blocking state [ 1418.860386][ T6554] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1418.900364][ T6554] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1418.909210][T31582] bridge0: port 3(ipvlan1) entered disabled state [ 1418.916961][ T6554] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1418.917017][ T6554] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 1418.917051][ T6554] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1418.931688][ T6554] usb 3-1: config 0 descriptor?? [ 1418.980743][ T6554] gspca_main: spca561-2.14.0 probing abcd:cdee [ 1418.992953][T31582] ipvlan1: entered allmulticast mode [ 1419.004899][T31582] veth0_vlan: entered allmulticast mode [ 1419.013701][T31582] ipvlan1: left allmulticast mode [ 1419.020495][T31582] veth0_vlan: left allmulticast mode [ 1419.049735][T31588] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11369'. [ 1419.092981][T31588] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11369'. [ 1419.121463][T31588] bridge3: entered promiscuous mode [ 1419.135405][T31588] bridge3: entered allmulticast mode [ 1419.204510][ T6554] spca561: probe of 3-1:0.0 failed with error -22 [ 1419.233244][ T6554] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 1419.257471][ T6554] usb 3-1: MIDIStreaming interface descriptor not found [ 1419.388648][ T6554] snd-usb-audio: probe of 3-1:0.0 failed with error -12 [ 1419.437747][ T6554] usb 3-1: USB disconnect, device number 56 [ 1420.329777][T31623] loop1: detected capacity change from 0 to 512 [ 1420.404235][T31623] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1420.433574][T31623] ext4 filesystem being mounted at /2613/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1420.620515][ T6442] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1420.777705][T31637] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11391'. [ 1420.828196][T31637] netlink: 60 bytes leftover after parsing attributes in process `syz.2.11391'. [ 1420.854736][T31612] loop3: detected capacity change from 0 to 32768 [ 1420.973639][T31612] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1421.170146][T31612] XFS (loop3): Ending clean mount [ 1421.197903][T31612] XFS (loop3): Quotacheck needed: Please wait. [ 1421.300444][T31612] XFS (loop3): Quotacheck: Done. [ 1421.361248][ T6554] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 1421.516981][ T6438] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 1421.595777][ T6554] usb 3-1: Using ep0 maxpacket: 8 [ 1421.618738][ T6554] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1421.677086][ T6554] usb 3-1: config 8 has an invalid interface number: 255 but max is 0 [ 1421.701382][ T6554] usb 3-1: config 8 has no interface number 0 [ 1421.723232][ T6554] usb 3-1: config 8 interface 255 has no altsetting 0 [ 1421.735126][ T6554] usb 3-1: string descriptor 0 read error: -22 [ 1421.741584][ T6554] usb 3-1: New USB device found, idVendor=0423, idProduct=000c, bcdDevice=2e.bf [ 1421.781503][ T6554] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1421.802152][T31667] loop0: detected capacity change from 0 to 2048 [ 1421.918108][T31667] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1421.937007][T31667] ext4 filesystem being mounted at /2777/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 1422.098249][T31667] EXT4-fs error (device loop0): ext4_validate_block_bitmap:439: comm syz.0.11402: bg 0: block 345: padding at end of block bitmap is not set [ 1422.248971][ T6435] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1422.328026][ T6554] eth%d: CATC EL1210A NetMate USB Ethernet at usb-dummy_hcd.2-1, 00:00:00:00:00:00. [ 1422.396535][ T6554] usb 3-1: USB disconnect, device number 57 [ 1422.447716][T31683] loop0: detected capacity change from 0 to 16 [ 1422.494272][T31683] erofs: (device loop0): mounted with root inode @ nid 36. [ 1422.531251][T31683] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 1422.600138][T31683] erofs: (device loop0): z_erofs_lz4_decompress_mem: failed to decompress -10 in[58, 4038] out[1851] [ 1422.632193][T31683] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 1422.968489][T31679] loop3: detected capacity change from 0 to 32768 [ 1423.053609][T31679] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 1423.131623][T31679] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 1423.265601][T31679] syz.3.11406 (31679) used greatest stack depth: 18536 bytes left [ 1423.341719][T31702] loop0: detected capacity change from 0 to 8 [ 1423.370965][ T6438] ocfs2: Unmounting device (7,3) on (node local) [ 1423.446134][T31702] SQUASHFS error: Failed to read block 0x1ec: -5 [ 1423.452652][T31702] SQUASHFS error: Unable to read metadata cache entry [1ea] [ 1424.209877][T31732] loop3: detected capacity change from 0 to 64 [ 1424.584310][T31738] loop1: detected capacity change from 0 to 4096 [ 1424.643433][T31738] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1424.657444][T31744] netlink: 8 bytes leftover after parsing attributes in process `syz.2.11437'. [ 1424.677603][T31738] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1424.711547][T31738] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1424.742703][T31738] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1424.816285][T31738] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1424.841233][T31747] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.11440'. [ 1424.869352][T31738] ntfs: volume version 3.1. [ 1424.905450][T31738] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1424.935992][T31738] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1425.012956][T31738] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1425.057160][T31738] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1425.099511][T31755] netlink: 132 bytes leftover after parsing attributes in process `syz.0.11443'. [ 1425.104654][T31738] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1425.331889][T31762] netlink: 8 bytes leftover after parsing attributes in process `syz.0.11446'. [ 1425.648757][ T1003] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1425.675079][ T1003] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1425.691587][T31775] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1425.702517][T31774] cgroup: Unknown subsys name 'smackfshat' [ 1425.736476][T31770] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1427.086879][T31825] binder: 31824:31825 ioctl c0046209 0 returned -22 [ 1427.320916][T31833] loop1: detected capacity change from 0 to 512 [ 1427.365054][T31833] ext4: Unknown parameter '.' [ 1428.649447][T31837] loop3: detected capacity change from 0 to 32768 [ 1428.689614][T31837] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 1428.716540][T31837] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 1428.748067][T31837] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 1428.896071][T31837] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 1429.827040][ T9] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 1429.930026][T31906] sp0: Synchronizing with TNC [ 1430.040718][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 1430.049107][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1430.066293][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1430.081202][T31911] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11520'. [ 1430.091234][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1430.114920][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1430.123180][ T9] usb 2-1: Product: syz [ 1430.145400][ T9] usb 2-1: Manufacturer: syz [ 1430.157137][ T9] usb 2-1: SerialNumber: syz [ 1430.419928][ T9] usb 2-1: 0:2 : does not exist [ 1430.467033][ T9] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 1430.510686][ T9] usb 2-1: USB disconnect, device number 55 [ 1430.580555][ T6371] udevd[6371]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1430.924094][T31936] netlink: 'syz.0.11533': attribute type 2 has an invalid length. [ 1431.264337][T31945] netlink: 20 bytes leftover after parsing attributes in process `syz.1.11536'. [ 1431.292721][T31945] netlink: 40 bytes leftover after parsing attributes in process `syz.1.11536'. [ 1431.376519][ T6525] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1431.576600][T31933] loop3: detected capacity change from 0 to 32768 [ 1431.579842][T31953] loop2: detected capacity change from 0 to 128 [ 1431.590469][ T6525] usb 1-1: Using ep0 maxpacket: 32 [ 1431.598141][ T6525] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1431.613852][ T6525] usb 1-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1431.635668][ T6525] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1431.662703][ T6525] usb 1-1: Product: syz [ 1431.667185][T31953] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 1431.692992][ T6525] usb 1-1: Manufacturer: syz [ 1431.700586][T31953] System zones: 1-3, 19-19, 35-36 [ 1431.718431][ T6525] usb 1-1: SerialNumber: syz [ 1431.748067][T31953] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 1431.768235][ T6525] usb 1-1: config 0 descriptor?? [ 1431.779976][T31953] ext4 filesystem being mounted at /2787/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 1431.783234][ T6525] usb 1-1: bad CDC descriptors [ 1431.796262][ T6391] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 1431.817166][ T6525] usb 1-1: unsupported MDLM descriptors [ 1431.866034][ T6432] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 1431.995716][T31959] netlink: 1010 bytes leftover after parsing attributes in process `syz.2.11543'. [ 1432.006518][T31959] bridge: RTM_NEWNEIGH with invalid state 0x1d25 [ 1432.013158][ T6391] usb 2-1: Using ep0 maxpacket: 16 [ 1432.022026][ T6391] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1432.043206][ T6391] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1432.064234][ T6391] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1432.080546][ T9] usb 1-1: USB disconnect, device number 37 [ 1432.097008][ T6391] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 1432.117043][ T6391] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1432.140822][ T6391] usb 2-1: config 0 descriptor?? [ 1432.154374][ T6391] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input90 [ 1432.179502][ T5142] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.210642][ T5142] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.232819][ T5142] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.260369][ T5142] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.284896][ T5142] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.304327][T10737] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.328057][ T5142] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.457174][T31951] pxrc 2-1:0.0: pxrc_open - usb_submit_urb failed, error: -90 [ 1432.470819][T31965] openvswitch: netlink: Actions may not be safe on all matching packets [ 1432.478043][ T6525] usb 2-1: USB disconnect, device number 56 [ 1432.952320][T31979] loop0: detected capacity change from 0 to 2368 [ 1433.086912][ T6525] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 1433.311355][ T6525] usb 3-1: Using ep0 maxpacket: 8 [ 1433.325046][ T6525] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1433.332987][ T5776] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1433.352394][ T6525] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1433.379141][ T6525] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1433.453505][ T6525] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1433.468460][ T6525] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1433.491258][ T6525] usb 3-1: Product: syz [ 1433.508333][ T6525] usb 3-1: Manufacturer: syz [ 1433.513064][ T6525] usb 3-1: SerialNumber: syz [ 1433.539745][ T6525] cdc_ncm 3-1:1.0: NCM or ECM functional descriptors missing [ 1433.548992][ T5776] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1433.558473][ T6525] cdc_ncm 3-1:1.0: bind() failure [ 1433.574710][ T5776] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1433.601658][ T5776] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1433.623344][ T5776] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=67 [ 1433.631815][ T5776] usb 4-1: SerialNumber: syz [ 1433.644281][T31995] loop0: detected capacity change from 0 to 4096 [ 1433.655774][T31995] ntfs3: loop0: ino=3, Correct links count -> 2. [ 1433.768071][T31997] loop1: detected capacity change from 0 to 1024 [ 1433.775617][ T6525] cdc_mbim 3-1:1.1: CDC Union missing and no IAD found [ 1433.789383][ T6525] cdc_mbim 3-1:1.1: bind() failure [ 1433.928130][ T1003] hfsplus: b-tree write err: -5, ino 4 [ 1433.989026][ T5776] usb 4-1: 0:2 : does not exist [ 1434.073227][T27669] usb 3-1: USB disconnect, device number 58 [ 1434.107248][ T5776] usb 4-1: USB disconnect, device number 51 [ 1434.253166][ T6371] udevd[6371]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1434.272261][T32003] netlink: 72 bytes leftover after parsing attributes in process `syz.0.11564'. [ 1434.316018][T32003] netlink: 12 bytes leftover after parsing attributes in process `syz.0.11564'. [ 1434.329582][T32003] netlink: 16 bytes leftover after parsing attributes in process `syz.0.11564'. [ 1434.573272][T32013] netlink: 4 bytes leftover after parsing attributes in process `syz.0.11568'. [ 1434.964107][T32019] loop0: detected capacity change from 0 to 4096 [ 1435.026507][T32019] __ntfs_error: 16 callbacks suppressed [ 1435.026527][T32019] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 1435.072090][T32019] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 1435.093690][T32019] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 1435.106005][T32019] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 1435.130429][T32019] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 1435.196800][T32019] ntfs: volume version 3.1. [ 1435.209938][T32019] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 1435.239886][T32019] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 1435.257577][T32019] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 1435.276725][T32019] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 1435.300201][T32033] loop3: detected capacity change from 0 to 64 [ 1435.343065][T32019] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 1435.904291][T32050] netlink: 'syz.1.11588': attribute type 1 has an invalid length. [ 1435.924422][T32051] geneve2: entered promiscuous mode [ 1435.930038][T32051] geneve2: entered allmulticast mode [ 1435.941223][T32050] netlink: 224 bytes leftover after parsing attributes in process `syz.1.11588'. [ 1436.076141][T32053] netlink: 830 bytes leftover after parsing attributes in process `syz.0.11589'. [ 1436.494847][T32064] loop0: detected capacity change from 0 to 4096 [ 1436.579514][T32064] ntfs: volume version 3.1. [ 1436.825953][T32079] cgroup: Name too long [ 1436.982525][T32083] bpf: Bad value for 'mode' [ 1437.179582][T32085] loop1: detected capacity change from 0 to 4096 [ 1437.300343][T32089] loop0: detected capacity change from 0 to 4096 [ 1437.308395][T32094] netlink: 48 bytes leftover after parsing attributes in process `syz.3.11609'. [ 1437.343905][T32085] ntfs: volume version 3.1. [ 1437.350982][T32089] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 1437.395820][T32089] ntfs3: loop0: Failed to load $Extend (-22). [ 1437.437192][T32089] ntfs3: loop0: Failed to initialize $Extend. [ 1437.517390][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1437.535216][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1438.234357][T32116] netlink: 'syz.2.11620': attribute type 1 has an invalid length. [ 1438.442466][T32126] loop3: detected capacity change from 0 to 256 [ 1438.516270][T32126] FAT-fs (loop3): Directory bread(block 64) failed [ 1438.534872][T32126] FAT-fs (loop3): Directory bread(block 65) failed [ 1438.580052][T32126] FAT-fs (loop3): Directory bread(block 66) failed [ 1438.610198][T32126] FAT-fs (loop3): Directory bread(block 67) failed [ 1438.632998][T32126] FAT-fs (loop3): Directory bread(block 68) failed [ 1438.685038][T32126] FAT-fs (loop3): Directory bread(block 69) failed [ 1438.710775][T32126] FAT-fs (loop3): Directory bread(block 70) failed [ 1438.717393][T32126] FAT-fs (loop3): Directory bread(block 71) failed [ 1438.752929][T32126] FAT-fs (loop3): Directory bread(block 72) failed [ 1438.759813][T32126] FAT-fs (loop3): Directory bread(block 73) failed [ 1438.867811][T32135] ipip0: entered allmulticast mode [ 1439.124669][T32143] loop1: detected capacity change from 0 to 512 [ 1439.224682][T32143] EXT4-fs: Ignoring removed nobh option [ 1439.260858][T32143] ================================================================== [ 1439.269172][T32143] BUG: KASAN: slab-use-after-free in __ext4_iget+0x2bd/0x3e70 [ 1439.276777][T32143] Read of size 8 at addr ffff88805c32a050 by task syz.1.11632/32143 [ 1439.285100][T32143] [ 1439.287747][T32143] CPU: 1 PID: 32143 Comm: syz.1.11632 Not tainted syzkaller #0 [ 1439.295696][T32143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1439.305888][T32143] Call Trace: [ 1439.309213][T32143] [ 1439.312286][T32143] dump_stack_lvl+0x16c/0x230 [ 1439.317034][T32143] ? __lock_acquire+0x7c80/0x7c80 [ 1439.322195][T32143] ? show_regs_print_info+0x20/0x20 [ 1439.327466][T32143] ? load_image+0x3b0/0x3b0 [ 1439.332118][T32143] ? __virt_addr_valid+0x469/0x540 [ 1439.337291][T32143] print_report+0xac/0x220 [ 1439.341834][T32143] ? __ext4_iget+0x2bd/0x3e70 [ 1439.346681][T32143] kasan_report+0x117/0x150 [ 1439.351365][T32143] ? do_raw_spin_unlock+0x121/0x230 [ 1439.356638][T32143] ? __ext4_iget+0x2bd/0x3e70 [ 1439.361476][T32143] __ext4_iget+0x2bd/0x3e70 [ 1439.366313][T32143] ? apply_workqueue_attrs+0x180/0x180 [ 1439.371937][T32143] ? ext4_get_projid+0x140/0x140 [ 1439.376941][T32143] ? mb_cache_create+0x433/0x530 [ 1439.381950][T32143] ext4_fill_super+0x4b09/0x66c0 [ 1439.387081][T32143] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1439.393552][T32143] ? vscnprintf+0x80/0x80 [ 1439.397956][T32143] ? down_read_killable+0x340/0x340 [ 1439.403374][T32143] ? setup_bdev_super+0x56b/0x660 [ 1439.408459][T32143] get_tree_bdev+0x3e4/0x510 [ 1439.413185][T32143] ? vfs_parse_fs_string+0x160/0x160 [ 1439.418691][T32143] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1439.425415][T32143] ? setup_bdev_super+0x660/0x660 [ 1439.430585][T32143] ? apparmor_capable+0x137/0x1a0 [ 1439.435856][T32143] ? bpf_lsm_capable+0x9/0x10 [ 1439.440945][T32143] ? security_capable+0x89/0xb0 [ 1439.446229][T32143] vfs_get_tree+0x8c/0x280 [ 1439.450877][T32143] do_new_mount+0x24b/0xa40 [ 1439.455455][T32143] __se_sys_mount+0x2da/0x3c0 [ 1439.460190][T32143] ? __x64_sys_mount+0xc0/0xc0 [ 1439.464990][T32143] ? lockdep_hardirqs_on+0x98/0x150 [ 1439.470249][T32143] ? __x64_sys_mount+0x20/0xc0 [ 1439.475321][T32143] do_syscall_64+0x55/0xb0 [ 1439.479786][T32143] ? clear_bhb_loop+0x40/0x90 [ 1439.484518][T32143] ? clear_bhb_loop+0x40/0x90 [ 1439.489261][T32143] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1439.495471][T32143] RIP: 0033:0x7f118f79066a [ 1439.500107][T32143] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1439.520210][T32143] RSP: 002b:00007f1190573e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1439.528689][T32143] RAX: ffffffffffffffda RBX: 00007f1190573ef0 RCX: 00007f118f79066a [ 1439.537161][T32143] RDX: 0000200000000340 RSI: 0000200000000980 RDI: 00007f1190573eb0 [ 1439.545600][T32143] RBP: 0000200000000340 R08: 00007f1190573ef0 R09: 0000000003000010 [ 1439.553633][T32143] R10: 0000000003000010 R11: 0000000000000246 R12: 0000200000000980 [ 1439.561653][T32143] R13: 00007f1190573eb0 R14: 0000000000000519 R15: 0000200000000100 [ 1439.569854][T32143] [ 1439.573086][T32143] [ 1439.575544][T32143] Allocated by task 15272: [ 1439.580262][T32143] kasan_set_track+0x4e/0x70 [ 1439.584983][T32143] __kasan_slab_alloc+0x6c/0x80 [ 1439.589989][T32143] slab_post_alloc_hook+0x6e/0x4d0 [ 1439.595247][T32143] kmem_cache_alloc_lru+0x115/0x2e0 [ 1439.600737][T32143] reiserfs_alloc_inode+0x2a/0xc0 [ 1439.605830][T32143] new_inode_pseudo+0x63/0x1d0 [ 1439.611025][T32143] new_inode+0x22/0x1b0 [ 1439.615218][T32143] reiserfs_mkdir+0x189/0x970 [ 1439.620119][T32143] reiserfs_xattr_init+0x33c/0x6a0 [ 1439.625462][T32143] reiserfs_fill_super+0x1f85/0x2340 [ 1439.630842][T32143] mount_bdev+0x22b/0x2d0 [ 1439.635394][T32143] legacy_get_tree+0xea/0x180 [ 1439.640129][T32143] vfs_get_tree+0x8c/0x280 [ 1439.644875][T32143] do_new_mount+0x24b/0xa40 [ 1439.650567][T32143] __se_sys_mount+0x2da/0x3c0 [ 1439.655660][T32143] do_syscall_64+0x55/0xb0 [ 1439.660521][T32143] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1439.666661][T32143] [ 1439.669101][T32143] Last potentially related work creation: [ 1439.674937][T32143] kasan_save_stack+0x3e/0x60 [ 1439.679858][T32143] __kasan_record_aux_stack+0xaf/0xc0 [ 1439.685340][T32143] call_rcu+0x158/0x930 [ 1439.685375][T32143] evict+0x7db/0x870 [ 1439.685397][T32143] evict_inodes+0x5fe/0x690 [ 1439.685416][T32143] generic_shutdown_super+0x97/0x2b0 [ 1439.685445][T32143] kill_block_super+0x44/0x90 [ 1439.685463][T32143] deactivate_locked_super+0x97/0x100 [ 1439.685492][T32143] cleanup_mnt+0x429/0x4c0 [ 1439.685510][T32143] task_work_run+0x1ce/0x250 [ 1439.685534][T32143] exit_to_user_mode_loop+0xe6/0x110 [ 1439.685559][T32143] exit_to_user_mode_prepare+0xf6/0x180 [ 1439.685584][T32143] syscall_exit_to_user_mode+0x1a/0x50 [ 1439.685647][T32143] do_syscall_64+0x61/0xb0 [ 1439.685670][T32143] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1439.685690][T32143] [ 1439.685695][T32143] The buggy address belongs to the object at ffff88805c329a80 [ 1439.685695][T32143] which belongs to the cache reiser_inode_cache of size 1568 [ 1439.685714][T32143] The buggy address is located 1488 bytes inside of [ 1439.685714][T32143] freed 1568-byte region [ffff88805c329a80, ffff88805c32a0a0) [ 1439.685736][T32143] [ 1439.685741][T32143] The buggy address belongs to the physical page: [ 1439.685761][T32143] page:ffffea000170ca00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805c32e360 pfn:0x5c328 [ 1439.685786][T32143] head:ffffea000170ca00 order:3 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1439.685805][T32143] memcg:ffff888025d6bc01 [ 1439.685814][T32143] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 1439.685834][T32143] page_type: 0xffffffff() [ 1439.685852][T32143] raw: 00fff00000000840 ffff8880187d0780 dead000000000122 0000000000000000 [ 1439.685871][T32143] raw: ffff88805c32e360 0000000080130006 00000001ffffffff ffff888025d6bc01 [ 1439.685882][T32143] page dumped because: kasan: bad access detected [ 1439.685892][T32143] page_owner tracks the page as allocated [ 1439.685898][T32143] page last allocated via order 3, migratetype Reclaimable, gfp_mask 0x1d20d0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL|__GFP_RECLAIMABLE), pid 9910, tgid 9909 (syz.2.2024), ts 317960923356, free_ts 298979352082 [ 1439.685943][T32143] post_alloc_hook+0x1cd/0x210 [ 1439.685974][T32143] get_page_from_freelist+0x195c/0x19f0 [ 1439.686004][T32143] __alloc_pages+0x1e3/0x460 [ 1439.686032][T32143] alloc_slab_page+0x5d/0x170 [ 1439.686061][T32143] new_slab+0x87/0x2e0 [ 1439.686087][T32143] ___slab_alloc+0xc6d/0x1300 [ 1439.686114][T32143] kmem_cache_alloc_lru+0x1ae/0x2e0 [ 1439.686144][T32143] reiserfs_alloc_inode+0x2a/0xc0 [ 1439.686167][T32143] iget5_locked+0xa2/0x260 [ 1439.686185][T32143] reiserfs_fill_super+0x1170/0x2340 [ 1439.686208][T32143] mount_bdev+0x22b/0x2d0 [ 1439.686224][T32143] legacy_get_tree+0xea/0x180 [ 1439.686246][T32143] vfs_get_tree+0x8c/0x280 [ 1439.686263][T32143] do_new_mount+0x24b/0xa40 [ 1439.686279][T32143] __se_sys_mount+0x2da/0x3c0 [ 1439.686295][T32143] do_syscall_64+0x55/0xb0 [ 1439.686316][T32143] page last free stack trace: [ 1439.686323][T32143] free_unref_page_prepare+0x7ce/0x8e0 [ 1439.686352][T32143] free_unref_page+0x32/0x2e0 [ 1439.686380][T32143] __slab_free+0x35e/0x410 [ 1439.686407][T32143] qlist_free_all+0x75/0xe0 [ 1439.686432][T32143] kasan_quarantine_reduce+0x143/0x160 [ 1439.686460][T32143] __kasan_slab_alloc+0x22/0x80 [ 1439.686481][T32143] slab_post_alloc_hook+0x6e/0x4d0 [ 1439.686508][T32143] kmem_cache_alloc+0x11e/0x2e0 [ 1439.686535][T32143] getname_flags+0xbb/0x500 [ 1439.686562][T32143] user_path_at_empty+0x2c/0x60 [ 1439.686590][T32143] do_readlinkat+0xd8/0x480 [ 1439.686621][T32143] __x64_sys_readlink+0x7f/0x90 [ 1439.686641][T32143] do_syscall_64+0x55/0xb0 [ 1439.686665][T32143] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1439.686684][T32143] [ 1439.686689][T32143] Memory state around the buggy address: [ 1439.686700][T32143] ffff88805c329f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1439.686714][T32143] ffff88805c329f80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1439.686727][T32143] >ffff88805c32a000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1439.686736][T32143] ^ [ 1439.686748][T32143] ffff88805c32a080: fb fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 1439.686761][T32143] ffff88805c32a100: fc fc fc fc 00 00 00 00 00 00 00 00 00 00 00 00 [ 1439.686771][T32143] ================================================================== [ 1439.686880][ C1] vkms_vblank_simulate: vblank timer overrun [ 1439.688946][T32143] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1439.688966][T32143] CPU: 0 PID: 32143 Comm: syz.1.11632 Not tainted syzkaller #0 [ 1439.688991][T32143] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 1439.689005][T32143] Call Trace: [ 1439.689015][T32143] [ 1439.689025][T32143] dump_stack_lvl+0x16c/0x230 [ 1439.689063][T32143] ? show_regs_print_info+0x20/0x20 [ 1439.689094][T32143] ? load_image+0x3b0/0x3b0 [ 1439.689125][T32143] panic+0x2c0/0x710 [ 1439.689150][T32143] ? bpf_jit_dump+0xd0/0xd0 [ 1439.689172][T32143] ? _raw_spin_unlock_irqrestore+0xfa/0x110 [ 1439.689198][T32143] ? _raw_spin_unlock+0x40/0x40 [ 1439.689219][T32143] ? print_memory_metadata+0x314/0x400 [ 1439.689250][T32143] ? __ext4_iget+0x2bd/0x3e70 [ 1439.689282][T32143] check_panic_on_warn+0x84/0xa0 [ 1439.689312][T32143] ? __ext4_iget+0x2bd/0x3e70 [ 1439.689342][T32143] end_report+0x6f/0x140 [ 1439.689375][T32143] kasan_report+0x128/0x150 [ 1439.689400][T32143] ? do_raw_spin_unlock+0x121/0x230 [ 1439.689431][T32143] ? __ext4_iget+0x2bd/0x3e70 [ 1439.689466][T32143] __ext4_iget+0x2bd/0x3e70 [ 1439.689510][T32143] ? apply_workqueue_attrs+0x180/0x180 [ 1439.689535][T32143] ? ext4_get_projid+0x140/0x140 [ 1439.689565][T32143] ? mb_cache_create+0x433/0x530 [ 1439.689601][T32143] ext4_fill_super+0x4b09/0x66c0 [ 1439.689642][T32143] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1439.689671][T32143] ? vscnprintf+0x80/0x80 [ 1439.689697][T32143] ? down_read_killable+0x340/0x340 [ 1439.689734][T32143] ? setup_bdev_super+0x56b/0x660 [ 1439.689758][T32143] get_tree_bdev+0x3e4/0x510 [ 1439.689780][T32143] ? vfs_parse_fs_string+0x160/0x160 [ 1439.689807][T32143] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 1439.689835][T32143] ? setup_bdev_super+0x660/0x660 [ 1439.689855][T32143] ? apparmor_capable+0x137/0x1a0 [ 1439.689880][T32143] ? bpf_lsm_capable+0x9/0x10 [ 1439.689914][T32143] ? security_capable+0x89/0xb0 [ 1439.689942][T32143] vfs_get_tree+0x8c/0x280 [ 1439.689965][T32143] do_new_mount+0x24b/0xa40 [ 1439.689992][T32143] __se_sys_mount+0x2da/0x3c0 [ 1439.690018][T32143] ? __x64_sys_mount+0xc0/0xc0 [ 1439.690042][T32143] ? lockdep_hardirqs_on+0x98/0x150 [ 1439.690076][T32143] ? __x64_sys_mount+0x20/0xc0 [ 1439.690099][T32143] do_syscall_64+0x55/0xb0 [ 1439.690127][T32143] ? clear_bhb_loop+0x40/0x90 [ 1439.690149][T32143] ? clear_bhb_loop+0x40/0x90 [ 1439.690175][T32143] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1439.690199][T32143] RIP: 0033:0x7f118f79066a [ 1439.690219][T32143] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1439.690240][T32143] RSP: 002b:00007f1190573e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 1439.690265][T32143] RAX: ffffffffffffffda RBX: 00007f1190573ef0 RCX: 00007f118f79066a [ 1439.690283][T32143] RDX: 0000200000000340 RSI: 0000200000000980 RDI: 00007f1190573eb0 [ 1439.690298][T32143] RBP: 0000200000000340 R08: 00007f1190573ef0 R09: 0000000003000010 [ 1439.690315][T32143] R10: 0000000003000010 R11: 0000000000000246 R12: 0000200000000980 [ 1439.690331][T32143] R13: 00007f1190573eb0 R14: 0000000000000519 R15: 0000200000000100 [ 1439.690357][T32143] [ 1439.692255][T32143] Kernel Offset: disabled