last executing test programs: 3.422056187s ago: executing program 3 (id=2477): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x11c) mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0xc106, 0x0) 3.297914128s ago: executing program 2 (id=2479): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000040)=[@in={0x2, 0x4e21, @empty}], 0x10) r1 = dup(r0) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r1, 0x84, 0x6d, &(0x7f0000000740), &(0x7f00000000c0)=0x8) 3.263095813s ago: executing program 3 (id=2481): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_serviced\x00', 0x0, 0x0) read$FUSE(r1, &(0x7f0000000880)={0x2020}, 0x2020) 3.223257701s ago: executing program 2 (id=2482): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) pselect6(0x40, &(0x7f0000000000)={0x7, 0x6, 0x3, 0x200000000000, 0x1, 0xa2, 0x1}, &(0x7f0000000200)={0x1f, 0x0, 0x5, 0x2128, 0x1, 0x0, 0x7, 0x4}, 0x0, 0x0, 0x0) 3.106274877s ago: executing program 3 (id=2484): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000380)='xprt_reserve\x00', r1, 0x0, 0xfb3}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 2.930269087s ago: executing program 2 (id=2488): r0 = open(&(0x7f00009e1000)='./file0\x00', 0x48141, 0x0) fcntl$setlease(r0, 0x400, 0x1) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) fcntl$getflags(r0, 0x401) 2.82686587s ago: executing program 3 (id=2490): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x6, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) ioctl$DMA_BUF_IOCTL_SYNC(r2, 0x40086200, &(0x7f00000000c0)) 2.788454428s ago: executing program 4 (id=2491): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0a000000050000000200000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000400008500000001000000850000005000000095"], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x6, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='signal_generate\x00', r1}, 0x18) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 2.784251736s ago: executing program 2 (id=2492): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='GPL\x00', 0x6, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f00000000c0)='rpc_stats_latency\x00', r1, 0x0, 0xf}, 0x18) sendmsg$netlink(r0, &(0x7f0000000040)={0x0, 0x20, &(0x7f0000002580)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="140000002500010000000000f100000006"], 0x14}], 0x1, 0x0, 0x0, 0x400048c0}, 0x0) 2.670662186s ago: executing program 3 (id=2495): mknodat$null(0xffffffffffffff9c, &(0x7f0000002440)='./file0\x00', 0x8000, 0x103) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000500)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[{@posixacl}]}}) 2.637420176s ago: executing program 4 (id=2496): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x42202) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000280)={0x0, 0x0, 0x0, 'queue1\x00', 0x1}) write$sndseq(r0, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0x4058534c, &(0x7f00000000c0)={0x80, 0x5, 0x7fff, 0x9, 0xfffff4f1, 0x4}) 2.627158332s ago: executing program 2 (id=2497): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000300)={0x2c, &(0x7f00000000c0)={0x0, 0x11, 0x5, {0x5, 0x21, "2ff465"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 2.604286628s ago: executing program 0 (id=2498): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_CAP_HYPERV_SYNIC(r2, 0x4068aea3, &(0x7f0000000240)) 2.444299049s ago: executing program 3 (id=2500): r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000001080), 0x8841, 0x0) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000040)=0x5) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f0000000240)=0x6) 2.443399718s ago: executing program 4 (id=2501): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000080)={0x1, 0x0, [{0x1c5, 0x0, 0x5}]}) 2.310751904s ago: executing program 0 (id=2502): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB='(\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010004000000fbdbdf253900000008000300", @ANYRES32=r2, @ANYBLOB="0c005a800400008004000382"], 0x28}, 0x1, 0x0, 0x0, 0x4000801}, 0x10) 2.281504683s ago: executing program 0 (id=2503): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x6, 0x1, &(0x7f0000000080)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getpgid(0xffffffffffffffff) 1.6720123s ago: executing program 0 (id=2504): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000180)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="cf04000000000000000012ffffee08000300", @ANYRES32=r2, @ANYBLOB="0400130006001a0102"], 0x48}, 0x1, 0x0, 0x0, 0x40480c0}, 0x4000004) 1.555386044s ago: executing program 0 (id=2505): r0 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="120100000cb768405e0483020b990102030109021b000100000000090400000101290000090509"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x0, 0x0, &(0x7f0000000000)='syzkaller\x00'}, 0x94) syz_open_dev$audion(&(0x7f00000011c0), 0x3, 0x8c4201) 1.330782418s ago: executing program 4 (id=2506): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0) set_mempolicy_home_node(&(0x7f0000146000/0x1000)=nil, 0x1000, 0x0, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x0) 912.877561ms ago: executing program 4 (id=2508): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000180)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_GET_HW_INFO(r0, 0x3b8a, &(0x7f0000000380)={0x28, 0x0, r2, 0x7, &(0x7f0000019080)=""/33}) 846.101807ms ago: executing program 4 (id=2509): r0 = msgget$private(0x0, 0x3ac) msgrcv(r0, 0x0, 0x0, 0x3, 0x2000) msgrcv(r0, 0x0, 0x0, 0xe4b43f0e2aa28c96, 0x2000) msgsnd(r0, &(0x7f0000001040)=ANY=[@ANYBLOB="0300000000007676"], 0x8, 0x8fa2496c381b7ad5) 640.830367ms ago: executing program 2 (id=2510): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000000c0)=[@in6={0xa, 0x5e22, 0x8000, @local, 0x1}], 0x1c) listen(r0, 0xfff) accept4(r0, &(0x7f0000000000)=@sco={0x1f, @none}, &(0x7f0000000080)=0xfffffdf1, 0x800) 256.051581ms ago: executing program 1 (id=2513): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="f80000001600010000000000000000006401010000000000000000000000000000000000000000000000ffff000000000000000000000000000080a000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe80000000000000000000000000003d0000000033"], 0xf8}, 0x1, 0x0, 0x0, 0x40040}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="20010000120013070000000000000000e0000001000000000000000000000000fc00"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000072c42572f64a264410b000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbc18c8582fc7800000000000000000000000050019000000000028001a"], 0x120}}, 0x0) 206.881414ms ago: executing program 1 (id=2514): setresuid(0x0, 0xee01, 0xee00) r0 = shmget$private(0x0, 0x1000, 0x54000000, &(0x7f0000ffe000/0x1000)=nil) shmctl$SHM_LOCK(r0, 0xb) shmctl$SHM_UNLOCK(r0, 0xc) 165.005583ms ago: executing program 1 (id=2515): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=@bridge_newvlan={0x28, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2}, [@BRIDGE_VLANDB_ENTRY={0x10, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_TUNNEL_INFO={0x4, 0x4, 0x0, 0x1, @BRIDGE_VLANDB_TINFO_ID={0x8, 0x1, 0x34000}}}]}, 0x28}}, 0x0) 125.604359ms ago: executing program 1 (id=2516): openat$vmci(0xffffffffffffff9c, &(0x7f0000000500), 0x2, 0x0) r0 = syz_io_uring_setup(0x1e1e, &(0x7f0000000380)={0x0, 0x86f7, 0x10100}, &(0x7f0000002000)=0x0, &(0x7f0000000280)=0x0) syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x22}) io_uring_enter(r0, 0x48e9, 0x0, 0x2, 0x0, 0x0) 89.721895ms ago: executing program 0 (id=2517): syz_mount_image$udf(&(0x7f0000000000), &(0x7f0000000c80)='./file1\x00', 0x0, &(0x7f0000000180)=ANY=[], 0x41, 0xc4d, &(0x7f0000001b40)="$eJzs3V1sXGdaB/DnnWMndsqyU9qmXbpIsxSxaZoE56OtUVrkbIy1K0VtVMcLNyCP40kY1R67trNKK1gFCbgBQVCRVsAFuUHigovcIKEVQhE3iwRIEajSIpAItI1WQoBXsLBiJYzOzDv22BvXbr6cNL/fbvKfc+Y9M++Z9jlzpprnTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEV/46RNDh9NOzwIAuJ9eG39j6Kj3fwB4pJzx+R8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgK2lKOKtSPHe2HKabC93DJxqti5cnBgdu/VmgylSVKJojy//DBw+cvTYiy+9PNzNj97+bvtMvD5+5kTt5Nzs/EJjcbExXZtoNc/OTTe2/Qh3uv1G+9svQG32zQvT584t1o4cOrru7ovVm7sf21s9Pvzsgee7YydGx8bGe8b09d/2s3+fdPceik+QXVHEFyPFNw5+K9UjohJ3XgtbHDvutcHoK+uvvRMTo2PtHZlp1ltL5Z2pkkf1RVR7Nhrp1sh9qMU7MhJxqfznVE54f7l74/P1hfrUTKN2ur6w1FxqzrVSpTPbcn+qUYnhFDEfEcvFTk+eB01/FPFqpLj5veU0FRFFtw5eeG38jaGjm2/Ydx8nucnTV4uI6/EQ1Cw8oHZHEb8dKd6dHIqzua7aZfNBxOfLfCXirTKvpbicl1N5gBiO+Lb3E3io9UURfxMp5tJymu7Wfvu88tSXa19qnZvrGds9r3zoPx/cT85NeIANRBFT7TP+5XT7/7ELAAAAAAAAAAAAALg/ivh6pLg6uy/NR29PabN1vnamPjXT+VZw97v/tbzVysrKSjV1spZzKOdIztM5J3PO57yU83LOKzmv5ryW83rOGzmXc0YlP3/OWs6hnCM5T+eczDmf81LOyzmvdLLb0bhyLa+/nvNGzuWcoe8JAAAAAAAAAAAAAAAAAACAu2wwiviNSPHvv/+V9u9KR/t36T99fPjkqU/1/mb8M1s8Tjn2UER8Pbb3m7y78m+Np0r5v7u/X8DWBqKIr+bf//vlnZ4MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwQKhEEb8SKb72neUUKSJGIiajkzeKnZ4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDanYp4NVL87O+OrK7ri4jU/n/HvvKvYzFS5HyizFdi5HA7KyMnyhyIOLQD8wdu3+Lb77xZn5lpLLjhhhturN7Y6SMTAAAAAAAAAAAAAAAAADzCUhF/Hyl+8veWUzUiLlZv7n5sb/X48LMHni+iaF8EIPWOf338zInaybnZ+YXG4mJjujbRap6dm25s9+kGTjVbFy5OjI7dk53Z0uA9nv/gwMm5+bcXmud/YemW9+8ZODG1uLRQP3vru2Mw+iKGetfsb094YnSsPemZZr3V3jRVNplgX0RtuzvDI29PKuJ/I8V7B78Zj+d1+fof/Z2lter/w19cW/rhvvW5+q9j+/jx6ePDJ/c8t53babsT3d8uvLIQxsZ7VvflWf5Qz7pqnte2HxseUWX9vxApfv6PitStoVz/P9BZKlbH/s9X12rq+IZctUP1/0TPuuP5qNXfFzGwNDvf/3TEwOLb7xxsztbPN843WseOvPzS8LGXXzz2Uv+uiIFzzZnG0Nqtbb92AAAAAAAAAAAAAAAAAHCv9KcivhApfunv/nK1bzz3/32qs7TW/9fb/7tvw+P0Xjdgs9u37PXboq+vV/mcKRXxVKR49s+eac83xR4973Cb9qQivlvW0/QX0+fyulz/ubP/1vV/aUOu2qH+38d71l3Kx4n/iBSP/8Ez8bme48TG7t5y3F9Eiqkf+WweF7vKcd3H6/REdxqDy7FfiRTvn14/tts3/cTa2MPb3S3YSWX9z0aKf/itv40fzevWX//j1vW/Z0Ou2qH6f7J3nyJi8e133qzPzDQWFrf9UsAjp6z/X48Uf/0n34zn8rqPuv5P9zo/+55bn4PdQTtU/0/1rKvmef3Yx3wtAAAAAAAAAAAA4GGxJxXxT5Hiz//0QDqY123n+7/TG3LVDn3/7+meddPrvv97725s+0UGAIAHRH8q4icixR9Pf5C6vbGb9v++stb/M7rxxL19Tv+D7T7/j3Wu/zH6/8vnTKmI/8t9vUNb9PX+eKT4tZ86kMelveW4ke50238PvDbXOnhiZmbubH2pPjXTqI3P1882ym33R4p//bfP5m0r7T7fbn90pzd4rSf4dyLFz33YHdvpCe72Uj65NvZwOfZgpPju++vHdvuunlobe6Qc+5uRYuy/bz1279rYo+XYf4wU//lurTt2Tzm2+3nu6bWxh87OzXzfRzYAAAAAAAAAAAAAAAAAAAB2Xn8qIkWKaz9zZbU3fv31v7rXAVh//a+N7tXv/1fvzm4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwEMhRRH/FSneG1tON4pyuWPgVLN14eLE6NitNxtMkaISRXt8+Wfg8JGjx1586eXhbn709nfbZ+L18TMnaifnZucXGouLjenaRKt5dm66se1HuL3ti03v2d9+AWqzb16YPndusXbk0NF1d1+s3tz92N7q8eFnDzzfHTsxOjY23jOmr3/bs99SunsPxSfIrijiryLFNw5+K/1zEVGJ266FVVscO+61wegr66+9ExOjY+0dmWnWW0vlnamSR/VFVHs2GunWyH2oxTsyEnEpIirlhPeXuzc+X1+oT800aqfrC0vNpeZcK1U6sy33pxqVGE4R8xGxvPnRikdUfxRxLVLc/N5y+pei84bWroMXXht/Y+jo5hv23cdJbvL01SLiejwENQsPqN1RxJOR4t3JoXi/6NRVu2w+iPh8ma9EvFXmtRSX83IqDxDDEd/2fgIPtb4o4nSkmEvL6YMi1377vPLUl2tfap2b6xnbPa986D8f3E/OTXiADUQRH7bP+JfTh97PAQAAAAAAAAAAAOABV8SrkeLq7L7U7g9d7Sltts7XztSnZjpf6+9+97+Wt1pZWVmppk7Wcg7lHMl5Oudkzvmcl3Jeznkl59Wc13Jez3mjnbvbjYnlclTy8+es5RzKOZLzdM7JnPM5L+W8nPNKzqs5r+W8nvNGzuWcH9H1DwAAAAAAAAAAAAAAAAAAd6QSRfxqpPjad5bTStH5fdnJ6OSN9X2uu3ZqjsC98f8BAAD//3zgG/w=") openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xa0) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x5) lchown(&(0x7f0000000340)='./file1\x00', 0x0, 0x0) 53.689201ms ago: executing program 1 (id=2518): clock_settime(0x0, &(0x7f0000000240)={0x77359400}) clock_adjtime(0x0, &(0x7f0000000640)={0x7, 0x9, 0x380000, 0x8, 0xfffffffffffffff9, 0xfffffffffffffff7, 0x9, 0x0, 0xae, 0x6, 0x7, 0x0, 0xfffffffffffff04f, 0x7, 0x80000000, 0xfffffffffffffff8, 0xffffffffffffffff, 0x2, 0x0, 0x100, 0x4, 0x2, 0x5, 0x3, 0x8, 0x8}) clock_adjtime(0x0, &(0x7f0000000900)={0x6, 0x20000000e, 0xf, 0x0, 0xf, 0x8000000000000000, 0xa, 0x2, 0x9, 0x4, 0x5, 0x8000000000000000, 0xc, 0x9, 0x7, 0x9, 0x8, 0x3, 0xd24f, 0xfffffffffffffffa, 0x0, 0x5, 0x7, 0x7, 0x3, 0x6}) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) 0s ago: executing program 1 (id=2519): unshare(0x68040200) pread64(0xffffffffffffffff, &(0x7f0000000100)=""/253, 0xfd, 0xadc) syz_fuse_handle_req(0xffffffffffffffff, &(0x7f0000000000)="03684a7b99a4fde940f3ec0d105ea2c8267323117153aa4a4f099c3835a607cd5cbd77b83cc33d13bbb6c6bcae59db739af84a4b5d34bffc145f3cc27ed3d4f9d9b3103699a1e1cc4ddfb6c1afd07ddfc18e358cd62649479724ce867fefc0a15041bee9f6084842fb982d5c2cf1488d668b741c64f0a6fd2643e729ac5a56462a6b64d5a0a751fda4fadf63ba0dc2fd14ecbf546918db77095545b41ab170e5d6e8ec8bf9ce9b8d53b832e90c701fe52af7999f8fd509577ead1be27891ada8564167f2c7d2eea1c1c9c65d8e151c58ddee43ec34e74d330ec50cbbb2bb21892c7ca995066e3cbea8a69d94dc6bcef5f3c0ef630e774d092ea58627f3e09c66a9c7d1abcf4f8f8af87f4269df288aca9bbf758275ce9695256e764d185a91a7570fca3aab16c75ecaff6b8dda371c3226d6ec6e55c5c4d8cfc5c33892bacc956a3613bcfa849da1b5e070a7911d7488b3e628d9339718e8b821f1bb5d5c45f0316bb563d0a442801412dfd5a4d61ca657e04d6686f7d5863d57954400aeee8e79be8f3cc4cbb3d4b91269df039c3d3543e500b90a2bdc6eb60cc7afab7b5187d88fbd76e6212ea29e872b73f925287bdc808b4a4f8ec7f8aa08bc90b29e217c3eef69d8deae4141f4f9bd110b7bde9320e7b45f422e9a6111bcaf99c9911e46e219d3bab477926bd5d2e78d4cd0eca133c232b1e863fd7799dbf609f3670b323e5518e8f4bd36e9b3da2c68a28eaec9cac688b4dd0b73adc24a8c7acc264399b7facbc2f43e8e40b6cae9f8e956d1dbfe259f12bae75ad362c354050ffdd6e954f2d7615fafce888bd6f672a81c9fd4318caba765069c0a425e898bf7611b77f0fe61c27d318159dba42f011900246c64557d27b77aef928ab04a147baca37863cf998a2ac30b903c0314449ddb218887c309ec7184c8c733f5d4e7b2d79516e9531c9a5becf8294d6ccd777f285b13160e1c949d3069c6c66c0daa62bac679bc9b69825398d1c290d765e882fa2c8708b20ccec885ab6785dc22696b61c109ff84bc5407932c3e5bf12069a68b8e3333a26d3dd390ef9bc01b86013fbcb5c28a1f4d2b8084f1502fccc4027a124c3629d8f4a8befd14b597cebda5f94f36050a31b95087cbac347788a71a90e87f2187fae600aa42719c05c2859cb30ae0fd58a7bba681f7a6027a00583071def2c9a94456e5d9acb9fd2d11fdea524582489c02377bf7f590948985c769b3822cb6366681d79113c6a6c752f2475caba77b7b2e8f293d7fd9b991f63e254c98dec94f4f3def4fee9cdb56ff3ba7fe6a718cbe9a7f04710e257ea8a49d6605266048fc122d4f3173d4b04b3e282bd3c5198d7fcb72ec38e0b07dd8a541b2807e601e5a0a01f07a281e0e1a261c65977088a54597efd0997c59647aeebb2605a89705eeff3ec780e302e24b23a0cbe4f81367c3f118545f01328d22eb8e802667389143166a9db9477c9b58eb5c76a19b8f8b2692b0d356003f08ae54dfc820d8e357ecbf91fb7e212cbef1262171abaf2f613a5bb59b783cad476fec50d16ca0ac13c08a59a3097e6e3fde700a4b987d10311fc22d4aa210956cd859799f78010e4c0f25b715876aa253df15009490f71be3b0022875161f537c70b14bdb9e2d87a5a11b414a1198533c7de6fc4d22228133bc26b19d9f1e7627b14c72e3c39d3fa2186a42e50a0d1867dc312f94c7209d51475ed4aa80b2ccb0557a40422bf7317de2fdf3296727723a2d23babd5e23f7c3edf4942bb485b95a122e6aba41b8f80f684f84605462448d5a4fd66dfe9bbf80590b9999b4780d4f4f189a20f4400b2975df85b584c8c8f9fa3095f13aede1f52dac98be358b0a0d72bed4df71cd23973e326179580268c4e5d1be4b2ae2e1e2dba913998faa6088af128fc8fd3ae26203a898882b67d86d63f6ee8f8e216337330db6d928facf9d0ca273845ee5b33a0a136aeb48b7c52d3b95fe73efaf06197ec8753ee0349f19db8730917d0f18a2de9602d3b887bc583ff64dfee67e2bdf4d5cc1c341b89acd3dd5176d2c15ec2a77120b8a49591ca438ae36c52845e5dca550e539da9ba2a2eda49be316f3d6d4b7c83666bd4759940347c29dedd273adac722630a940e104316b4806553ded47132be4e31a50600f5a4dd56825b245b7aae853f56f79e0ec31f7b5db945ee3bb92865acb0d8828598e77446ee50ecd8bf5e7ccbd963445a09e3be215709b0b3bff2e9d12e6549924338f236b4ff973682e2e03fbf6b167e3b3a0f8c3f3c1e8d0e21a71937c918cabab50dd74c011a1a5531cfcf88a5df5fa58f17715f7c7b3a64d9dab6f20a596288969191420ed71daccbae7c1ec88bf74811b5e1f4bd306f3d810c4f3600df2903ffdf8db40ac7153fd93327a1065cf2c4590c8ba9f9391eb6aa600cb42aff8793e4721afeb3d470beda45dad9adfc6f4fdb24eafc63792f5015c656ca37cee82b7ee382bda31d786d6e03d4c8611c4ca464e2360ca747815c9eebd38c8fc7d5eea2db96b29d771a96dc5c884029077125bcc31980564555d21ecce5d0388e1bc1e618c7dfb31b02b1a6730db7eda387dd4ceb96f65178bb088e81133e5086f73c458f84139685ef930945a51979faeab539e4964244709dcb8b38f575d3a3ec1328a0df65fb34241db7cb3250b8ae0dbc44670d2b5cc3a1785d8d281c05256ef2beee3b202d8bce053e55ce1fb2bb208e65d488ae24484b00c2e343fc3544ca546406688022db6e29ceca9539ec095a2a2cfc5f516230f75fc961c5de1e8d33222331f57db02cac5f9208029c6114d041bb1cc7f959f77511f5790a564600c018afc253e5ecd5010bd769b45a04296ca09e87fb63bf3d3b51dd8b3f6d4426a03c0944d09dff654c5718ab1fef063caba34029be6811502e8bb785011dd1e34b0c192915adeeb40faad0725a8f9a62acf61b944a271d20567f350cdee22d76e3cc5966ba742d9c43823af19ba74c60da0df0c5f4e7e26af7224147774a1f8ae09f929066e1769ffb3c40ba9fed13d2670b9e865a155426ed5c83648c0ad34e46f5308b455e0835730fe529668b606f3f52b0d04534d0e14bc0ff0f742359550e6980ac9978455adb3de0f292af12a3700453e035a49eafe98fc0d7f26e42a6c41f380448607b7c96291f98fa6bbd7e32c249a49171f8fa81762a490a1ce5c39d66d35c6ed6c0679440c06197c2e24d48e1de81c711164c02820816afb5393d3d6c801c3c062ac46d1494f52c45ca36faf94894eec9d71e1be6c7256f4aee8dc080156b28623c821ef8d1826ebf0a41332620f42589270e142561374c825e828e2bd9ae41fd34959db48319d54ffe7a1b58ae8f7361cbaee8e26e0e7e1b7f125f8cd99788825efd01c38ec987904190a0ad52bc20cd36cc7209f9269ac87b2fa44d2456661d3056d893cf912c69ae6b2b83d0c781a6d6c33df1910867b71257ab74e244e3ebbac07445069418fe2e440a384e16feedf8e3165676e67866430eb6a8a5334620d8c2cda15b0328bb0c50630886353f95241cf4f3b647a4ff812c70e1b074c4befdc70fbfdbf868bcc81652034b5bfa831f1b686724046dcd17ac91ace83711e9ec7465d14c9d508bce93676a58ef7dae37221436865ad34ac2fd691e3b3e12aee6736dbdeec9b1c05fcedf8b9ced547259a1a40471ebe8b4bfda69d2f884da025e2809fb9f159150bbcb331ca3c502012a7fe76b4fc2771976aeb624ad7f2d72c707f5f19d8ded84581ac5afa697ff99d27d88c9588fe769839c9cc9d6786a0f814667527c53b6253b1825bfe17e7d734d96d61da0ae7349d0922774fa9b4baf332a4568e32cafa417ec659c4ad72cd656a1e2c59c8dee38890ed3acd8b4f8657de41f670106c38c38ba1a553f0f589a57c61f5105d70e0c0953459383cb9337ca972cda1d2cd3056eb07f21c1f5b995a04997fecf501bb201c67fd2afe4d44fedea595969b6b3706087b0f59d2ddbb099d60436a94f0ba33282b29f6e914fe92add4b33cf70b680b905cfa2b2ccb00b9967f99806e8d69783fd35a2d7fbb424e9fde2647609aecb0208bc3864bf95f05e50ba12123edaca8de927b338dfcb3cc597947c606c08315061a7fec98c48f480e2febd26fcc8dc12289aeb0adefa2c2be1766a5bc74ef1aab6c2cdbdfbf1810d956bc889c8e614b7b933ff6e336bb208db5b592775fe71c3ebfad5f47e0d074e1c0cb36761481ec677794f23c3698bd35875719f242e3fc939bc3668f9723f31effe189dabdf4ebbed073eab952c88f13059eee22230bc7724d7266b15726a0b0898cdd274e3e56d0a356166b5d16456249e9e92e84e39f61c0ecdf99ec2cd230440c03fd21cf68f27306628d35ea47367775f39d20a07f3959b38d49e3674061fc1018b647047ad39f77027878badd29927c5806f95aebde5f070fed28ed34052550678d3c6b677a3b5a46f76a98264c42206bf62caa95df5437092b68e025ee9ce2ad733b6db3ec97fd33cdc3b2f77ee90dd86d8bd289ae1a437c86f4153ddcff5e846347bfecc1499bb42980e4fa91790faee1b1991dfead5d7c460348631f0469b2b9e8f65207a00985511e0c41f441d9a3154f5a0298c172fd7135d4bf95c11cdf1769db1cc55f392aec309037599327a7c53c10a56d1ace8ad19186a2fc75dfa9d657c114eae99c1c1a6b4a58440718bea82290bd1c2a67048938c381648ea2b2c7110d748c9c8d782f20430b1427b51d7036e55b0997c6f75717db67a82c88d3647ee036b49392f0467d6010b32f9de3e5e79ef082c5bb975d11d2bf76a97f7159c11a7753db8a065d3126ccda9abbebd2c54374e389942c24b27435868fadb45bb060d3c1084b211e2afa8dfaa2d8dab8dc47fe10e6c32afece7c4976176a7c66d704125c0948c238c843b41b0246be1f50f8e07884cfe7ae8885ca06339a339c8d5978b079e0eb78facfa1dc67ca70733dfefc6c868ca149e0661b70e0134870a3107c8c46711fed14f892d6fc66d95306838688f13b19e904416a8d161cc33527878b38ad10b1c08db21457b2075608be7300d39748e4fcebe02b190f3e8ed32a0ef734b11ca43a21f5f809bba795f5aa0ea01050021d0f5213620af5b08fda6421a42b7c82804a20a6ef6d471babf76f46538327f943476d1d109a3f0dc531233d6f93d8dc27f4745735085f92adf63d617b373fba24f289035710e69eb80da12d36e8eaec22620ffaabadfb824bd5fc309a2c74959505856b5b890bba8f22bc571a9d87e93ba3b9aba6dcf26f7076c0c2e271641835ea25fd49d96c69d4fb8bb8731bd2cbc75146aed10d269f9060462339cde8830b535920be3dbf143eace0f1ea9469b95a64fbd7e5057eb880d4422cbf97cfc3f7140251d4923580ca2113f345cf24a66499ceffd2e39dc4fd74cf448638962957b409f0d218c165c13ffe107aa1dd1d9a02092cd46cf2b353dd2d2ca7b8a7ae8eda0ee18bba269bbffed0c7d400497aee4da0896cf6329d76ccea098fbef9075412d1c2a3644cf0f202b884303d204314ae92c56217b2feb5e7c1e15a99fbdd655fb8f6bbc3ab1259bf03b2ee17c5b7e9443695177ec5040eeff3fc36ceafe143393d76a3d735cfe6c9b632e52dbe64dc1265961e8a27ee9f76c0add9e0581e474d7678214f5b64c932903715befc6b766611f1d7e495573b9a3e009cfcb0ffef7ac57c3561badbfa41c119e541180aa2364de61a601699cd1bf3de01d15794b728e1444efd6ffa1e57d95489c8df91fbc057b66dd6d9f3a01b19f36bc99f0b54ed1f9905067dd1608bce47f5ff1981a25184aacd39e331d8ff3dfa7c012d7e667a69249cb4803b23f7eeaab8ed29c69ba3d2a1b88821ffefc5825650c53b6364f38e0a178312f5d29d5375423cceabc8e1c4e51a566ba3f9b176b858c8860440ff8ebdde725640d2dff6b9160bb69f188755b0ff766b410704cda4c33e1ae2c73b5799a00d2f55de73109728b350302b64df2ce3eaf2e0c6561009b60c2701ac493076305e97ed20c3b42f40b2bc7f13bba4ab8181e2085b07930c6f5579205dff696902be824e65ddc774e886e8d261fe74712a31e406b0f7725b4559d7ad0f27a1a870261aa5bb8a720e7c89ba933770d48821416de070df1abcc6eee1147c20bda090d940aeee2bd48c0f3d94675d9b9cf1a62ba50e31a7af0714dd8325d5fb7142e88c4d22ddb8f0278ee6ba88e361524e291b6d000f6523ad4188b021da9ef4a634ed09eb2002b9c726746c9ffc32f261edb448106aa1e2daaed865255fd1d296fedbbb2de3f7c1f15935e52006492b632ad125aa1e000c9d71bdb945792668e16b26122a3fd7cba1a40db8083068c5c48fd2aaa621c87d9f5621bba442fc26839030dbe4e37fda4046d6503bb03e0f928de25d4cd4e2a40ec93c9021dfcbb25f6e2c943cc85eba8123340d6364949581e8c8c2913d59dafe4297672c0b9e7418485f00cbcf672a588904beb3c074bebf339815b91c7c374ceed5a701e1ade8f5d87ca536120116307ac259577a8e12958425317c482d2c7089bf3d83e12318d1526107a050f3c094492de7255b22e18ca2ff261b3ed197f2f8e67b71b1c5a6a04b99158b58e9baad75201aabe13254617d0de0a9073af62491c67fc18d1ccbf7686a85a99b39e9d7d9c85a0777e47c9fd0e10c932c20f13ef287b44b9b706ec818aa0c48a10caac58a9b8355e84bc820698c2501f0c12e1b67df701cfcbe72dc47a2c87d43753ebfdb24cc838507e241d9fcd3d4955a373209ccda903a3ffced05e4232f2cca9bba197fdba8a9357cb1d6da6d9b4095027dc03e17d59ebc2d358e171da0044df102b193c79390ebcb58023b40c621df71e064b0056bfcf1eaee1eca85357cd1ac78feaa54bbbd85596977ba85003ea60d8685f4e3b756e4f81453077396590fa214f672929e81569442023667b798c24e06ee20dbf64cfccb51b2bca4e2a5b0df137bb37ab3e2854dc7e1b879866a72a5809b563596cc9fd3e53abdbccfd5dbc60662252ddc5c290d72230d79b7504b40fdb45ded2f02e926652c1e04ea4c1c488025ad1098adeebe98e385ab1caec4b9eb4d3bbd5ef3ddf1fd0d72784604a989558fd37f6d4fee20609090b3331e254fec98414a2c54589ee01c9429b7cb574b9167efede1d966a227bf2a8e422f38680d77d3c555cf1117e7d7e804ad730c36a78b7846473d6481bd0839bd3e6982ed47246c370a90b76e5b88de202346fb20b8b6b5ecb6a90b8478d17b175a1821df75b48ecc34866fe5c8960bf64d5ff92831bb9357474bec65e0dd1699b0f0340ee5ac5e9e9d3df66edca20201371fc21ad80aacd49c6b0abcfee9c876c15edcfccde823b55b61cb7b254487ef8c8781a22043f4adaf25df34580a6b3904fd014b50c59fa90eff75fa5fd32aaec9aa10df8a2b9b824952e475c964533942bbe30f4167a11fc15d548e0a31f911030569722f0c67e79e90483f6f0bee1c7f80face1a1b0f940c891be688cb16394f6c07fd29b5f248c211d1f76ec1292755d8bd963e191b3a8851472fbbd2cb732f4fd9fef3a8fb29aea097328173fdeaf56fa2279e86fb954306b040c960d0b601b3a741c96cf1f0bd1172f848585cb3b57d7d2e2a84914526f5a6f9895cf5aa4425b4dbf9f59037756a0321bba204a737e36277e86fd268f6047921f4f8fab69dfee137c07874f12f89084e7117e2c9221690a27f880f17d08d56f9dbc96ffef3920b55fb773dde72e1ba35f3e0c9872e339508281426ab04941df4885f7e0293149f1642c2573e2b6594b8fd953ae2468cf917cdaa0692cf461e3628860935def39af78af5e1540147ab1c70c3ab7f7c76abea0d8541feb43e632d7a2cc7bef15a4700304048ecf135968d0a9644ce899aad05b186a2224bab3836248cc6137472203ebceb29b3e87610df12417ee722f309c54b2e65591d8b929440f3ec43ee9ff8f7b7710668e4312610d1591303d5270394da0ab61e4515af5215dc81137f0dc90f951972731f8d98ceb8b4ea38da7d8dc153ccbae5068781eaf9a4a7b11b4319090261b61aa65a8536292eb5392020eb285b2db07f81e7f764d65037050f1e3748593474c6c1dc11cfcb56e1c916157280098a437265e1c682cbfed717e7275bc6c3bb6c6ef7f0f9fdd19ef82ff2c82284c3a061f57b21d3705aff97710108a7d1217a7ea3feda021d20f1fdca94bbef67e0aeaa3db6ccc2d060f7b33707fe19cb2d0232f1239373bb38e666cbbbf3a697c6d0e957ec6730f56034440e789a7a37304d09eb742f21019a77c608cf578162a55d0aea113c051b110b5281ed8b6638d2b31604e965cb019f2f106bc4e96d1313c70612f1ff18afdce7926270dd242c49cc53792f160d1e143e04d7eb3ca40828b153fac466bc53a084281987b47b806a4ef668859eb9035ef68e9c20bd6bb790fdf6f921569b4e97fae5b7edc761b4944c1d6d90f4df40bc3203ed838d4c61cdeb7a9bbb68d59b2cc00125eecaf06b759ac1b9dd68028225d0a60efa499e4436962362727011eef6cc55962dd4ffe2fd3892907e837045883cc9ba8892ab265a31924f3055d4dee68feff05d9f10ebdf1e8c1c1e7001b5b02a7fe26b9c0641e054ae37854187fb1bb6e9fae05b09e85a1e0e14bc801f2d8b9a178a9a72b147e137e0d83192664a88a3aca4fb6a4f0c5787b20c31bc5975dfbc8bcff8987573bd14b1ca434d93452e67ed01c60be99e535bb3f848888d224520b61cfc1de2d6b2ebef9f24674c31aada52784a0b7b60f351653c71d546cf951e6b4a0d917ac6afd0a713f41833f9f74a3a7d3c19b523299666da2b48676ca7aafebadef05b3bbf4b6b62834046f51d3d4582fb4c9de27a3f5e992853368e4f17f9dba27c8c4438307fc7405f53fb27cc81c1521452a1a5edb0cabdf7a73b1cab0675b619fd5a0fadb7147776e74695c042d9d8bfda045bcef7542b42249f34c7590605d0201a762390f2fee5f3cdb488426609c663c9fc4dc2a5277f3f589a14e6dcc202dfcd89bb148a368ff1792d230c19934143d2c260dbdfb334af863b856e415febd22fba01c568d8f48dba6d92f493cd1164a376f006d55db609cc2c9532a9f56da3b06e3db2a05f797eed57892e2fb677541324bcd763cf4669e7a871e322d0cc6e21befe3c767976f058dbe7a059d673c94c7ac5d49178bf19d32907b6fe66a92cc8ea30a858da43f74354390d6e97021da50812c59a78915e5b33221531bfa054c594ce3a2300e5a7d712773181901dfcf6922e980566fa62b1f2b669a27fbecce29e9be6d22058463e350163f33d18ce92a72d1b470857b6a37998aec5672521a8f0d66ab2bd01de516036ec47d1f63b95b437dc6d5a0168189d5a963cb0a80a9a5f20b03515396e3525f0ab13b0c1e5dd051b4c930da6d57ab6f7dd94ab3e689e0355af0b34871296152a76cce170d7b14d471ee4d9daa93de4ed755f30d45344f724288c17e4b22583158f1305ff55fecf7d526e207fa609886e14c9a168bf364b049409f63590f18a5515de8c1fd8c5a9710b6e33d2ecd01466b799f14be787612b8f17df0c05483a16097c0a504880249e28f1e067663c640a550a8c7ad9d090f7b2e902c5c20936869a5f3d3a014817f90babf847b43cf67ec23f120ae4abc63a418d1d99f359fc2c33a5bb34e1f5780576111a88c5ede834bc41e498548ddd128f9e884f4cd3e1bf1aaa1204079ce74e709306f38f2d6859128fc35d3a74c534ff1dccadfc8fe41f1be9510349af8710eb6d2dbc758be12b65622dad1cf48abc2fc409f5ed6a3af8d0b6548643c46dfba9db4e5827475e6e317c9c018a4dd5de391cc9cca85ec527537e26949e5091baca4f0b563d4c3969f15115e5ccdeb9e40788fe12f9d32d9488a70ae53b819726e4483ea6bbcb76f99775ca5e4f93c76edae462c08d596209f985aa55ef5e786701edcee8d831dd6dc0fee9ad01b6bdd63e886a5e55bdc593390c81e18dfd8c685b81306bad6b7a19a86b2bab5cbf4754708422e99f8f2497d798b3db565e709bcbba4c376c1c60b22b994fe8fdcb25215d505511cc1927f6a35344023d5da0a3ac0830e6aa80f5f7f0d94a67c99c6b22717078aecba2a599daa2acc054cda25e3965172e5fef464ec19aa71de5e84b6de30cc673fbab8c441ea37bfb3fc321a504371bc0996702e9be38db762e339ad7ad66dc2caa887e4ab60272d7963f85b14c941d31e545b85c640427302efe7142f0e0897a8c623ce57da213fbc2d1f90677142fd48cafca0b2934e572833ed6473218d0513dd1f6ecc578e5a1109ddae552b3be0cfe7246d7682a59fe9ae783a0f318d1800d5c466c80c5fd3facd0340f455f081068dd2cda5cda744018d902217152b6c05d37c090f8348b0471053152c2a4570fbab3f6dc30c8e49a63b88a00b3aac75180a633692e35ea976821694e133eb8bb4d31237d002fce1dd2ce55528dafcef2f0e00690562d144bb0e19576ce6ab72deac22067d8edac916b1b07e4eb57ff0b885b1b79f37dcf88135eedc17ffd948b61e4df4985033bcf891dd5b1448c8668947a271d93d03ce31216810a6bb45a6c5a12e290d97a60ad4b5c7384cf19421ac1ca64d346b50771e0b50e5caf1d9dfe056e8da247aa502ff04c8e29ca810a1d3ec7a89bc17dba2936f03a80228171f7999b3f2768617970efe57b14011c80666ac4999a568ebef74e2ca14df0ff6f0fcd47c538be96aaca1e65b53b98447101e49672b48167c0afc1afffe669b0f9718bd3305805c292db9738740b362564e4691cbdf061db1ed3f9db1f8bed82939f835d14f46818e3eb4e25f7a8d77d9d0d7913c45d8a81115c1a5e37b1d3bd1b7b5e6afaaefc81d9700bf83506fbf15457bc0f59f7008cc803efdcb6d39e388f6b28e80d47134265cc5438804b12d50e61a489da829dca05792d2ac182ba747331e88a7118f7dd38067f7d38f37be362260effacbc33863bb47aeebbadeae648a1090718266eedd2ed5a2c23f168759198aa92b2ac45c2a68ff212f29260e641a38541b066d39df4e95cd1c8e7e6ffae1b8017e6f629db3910b07496c8a81e4e66ac2321fd9e7ebfecf5bf6e922d7a79fb710a2d42dad1916c9b186c2c50c818fdb1afa19be867d943ee98f732fe3a01364281c0f6d0eb64a278721dc7bff5316256b0f4251abbd9b8ba7c7c12a3bf02a1fbc9ca94b965588fbc82343d07df8e06eaa5ed2137fec129351d80a9048a7d78b31ffaf2e388864a763c4af7aa53000e0bb2eb8ac0e4272cbb79dc6a7d65890f125c523c7cfddacdedbe87938aca915c92c807dab26be7d748827d4e3188676312ef1ac8460b29e8e715f4075e33104ce82e6785aadf17a7cf82d2a705e9f2d0fd25810ba33d76e54b48eda3effc01f37c89db38af81922fadc8c3361fe74ed51eac5e4437108106ffdedb339b406c082d62a8bf718989846d23f966e1ea39103010f767b3a6f0a0a2041b1dafcb787e69ffad75ed2a0081b92a4136ad5ae557c55a4b6219a390103428181ab36f329ad182a92957495c", 0x2000, 0x0) syz_emit_vhci(&(0x7f0000001100)=ANY=[@ANYBLOB="040e04061c0c"], 0x7) kernel console output (not intermixed with test programs): ice number 9 [ 235.717927][ T9808] macsec1: entered allmulticast mode [ 235.717993][ T9808] bridge0: entered allmulticast mode [ 235.720521][ T9808] bridge0: port 3(macsec1) entered blocking state [ 235.778384][ T9808] bridge0: port 3(macsec1) entered disabled state [ 235.789545][ T9813] netlink: 'syz.4.1529': attribute type 1 has an invalid length. [ 235.820722][ T9808] bridge0: left allmulticast mode [ 235.830417][ T9808] bridge0: left promiscuous mode [ 235.915922][ T9813] bond1: entered promiscuous mode [ 235.916729][ T9797] loop3: detected capacity change from 0 to 32768 [ 235.921875][ T9813] 8021q: adding VLAN 0 to HW filter on device bond1 [ 235.982505][ T9797] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 236.037075][ T9797] XFS (loop3): Ending clean mount [ 236.049253][ T9797] XFS (loop3): Quotacheck needed: Please wait. [ 236.091406][ T9797] XFS (loop3): Quotacheck: Done. [ 236.218633][ T5879] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 236.314026][ T9834] loop1: detected capacity change from 0 to 4096 [ 236.396699][ T9834] ntfs3(loop1): ino=1a, mi_enum_attr [ 236.422452][ T9834] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 237.136581][ T9836] loop0: detected capacity change from 0 to 40427 [ 237.155197][ T9836] F2FS-fs (loop0): invalid crc value [ 237.300862][ T9836] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 237.330194][ T9836] F2FS-fs (loop0): Start checkpoint disabled! [ 237.346266][ T9836] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 237.365378][ T9836] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 237.456978][ T30] audit: type=1800 audit(1758906392.188:81): pid=9836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1536" name="bus" dev="loop0" ino=10 res=0 errno=0 [ 237.515309][ T2994] kworker/u8:8: attempt to access beyond end of device [ 237.515309][ T2994] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 237.551112][ T2994] CPU: 1 UID: 0 PID: 2994 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) [ 237.551143][ T2994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 237.551158][ T2994] Workqueue: writeback wb_workfn (flush-7:0) [ 237.551199][ T2994] Call Trace: [ 237.551208][ T2994] [ 237.551217][ T2994] dump_stack_lvl+0x189/0x250 [ 237.551249][ T2994] ? __pfx_dump_stack_lvl+0x10/0x10 [ 237.551274][ T2994] ? __pfx_queue_work_on+0x10/0x10 [ 237.551291][ T2994] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 237.551316][ T2994] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 237.551356][ T2994] f2fs_handle_critical_error+0x37c/0x540 [ 237.551389][ T2994] f2fs_write_end_io+0x886/0xb60 [ 237.551438][ T2994] __submit_merged_bio+0x27a/0x6a0 [ 237.551469][ T2994] __submit_merged_write_cond+0x255/0x530 [ 237.551514][ T2994] f2fs_write_data_pages+0x261d/0x3000 [ 237.551585][ T2994] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 237.551630][ T2994] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 237.551703][ T2994] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 237.551726][ T2994] ? look_up_lock_class+0x74/0x170 [ 237.551765][ T2994] ? trace_f2fs_writepages+0x7f/0x200 [ 237.551789][ T2994] ? f2fs_write_node_pages+0x478/0x6e0 [ 237.551830][ T2994] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 237.551870][ T2994] ? __lock_acquire+0xab9/0xd20 [ 237.551909][ T2994] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 237.551936][ T2994] do_writepages+0x32e/0x550 [ 237.551964][ T2994] ? reacquire_held_locks+0x127/0x1d0 [ 237.551984][ T2994] ? writeback_sb_inodes+0x384/0x1010 [ 237.552019][ T2994] __writeback_single_inode+0x145/0xff0 [ 237.552052][ T2994] ? do_raw_spin_unlock+0x122/0x240 [ 237.552082][ T2994] writeback_sb_inodes+0x6c7/0x1010 [ 237.552143][ T2994] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 237.552223][ T2994] ? rcu_is_watching+0x15/0xb0 [ 237.552256][ T2994] wb_writeback+0x43b/0xaf0 [ 237.552290][ T2994] ? queue_io+0x351/0x590 [ 237.552328][ T2994] ? __pfx_wb_writeback+0x10/0x10 [ 237.552362][ T2994] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.552391][ T2994] wb_workfn+0x409/0xef0 [ 237.552441][ T2994] ? __pfx_wb_workfn+0x10/0x10 [ 237.552478][ T2994] ? __lock_acquire+0xab9/0xd20 [ 237.552520][ T2994] ? process_scheduled_works+0x9ef/0x17b0 [ 237.552575][ T2994] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.552597][ T2994] ? process_scheduled_works+0x9ef/0x17b0 [ 237.552627][ T2994] ? process_scheduled_works+0x9ef/0x17b0 [ 237.552658][ T2994] process_scheduled_works+0xae1/0x17b0 [ 237.552730][ T2994] ? __pfx_process_scheduled_works+0x10/0x10 [ 237.552785][ T2994] worker_thread+0x8a0/0xda0 [ 237.552854][ T2994] kthread+0x711/0x8a0 [ 237.552883][ T2994] ? __pfx_worker_thread+0x10/0x10 [ 237.552914][ T2994] ? __pfx_kthread+0x10/0x10 [ 237.552941][ T2994] ? _raw_spin_unlock_irq+0x23/0x50 [ 237.552963][ T2994] ? lockdep_hardirqs_on+0x9c/0x150 [ 237.552985][ T2994] ? __pfx_kthread+0x10/0x10 [ 237.553010][ T2994] ret_from_fork+0x4bc/0x870 [ 237.553051][ T2994] ? __pfx_ret_from_fork+0x10/0x10 [ 237.553093][ T2994] ? __switch_to_asm+0x39/0x70 [ 237.553117][ T2994] ? __switch_to_asm+0x33/0x70 [ 237.553140][ T2994] ? __pfx_kthread+0x10/0x10 [ 237.553166][ T2994] ret_from_fork_asm+0x1a/0x30 [ 237.553216][ T2994] [ 237.553225][ T2994] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 238.051500][ T9876] netlink: 224 bytes leftover after parsing attributes in process `syz.3.1552'. [ 238.061221][ T9876] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1552'. [ 238.099833][ T9876] tipc: Started in network mode [ 238.118544][ T9876] tipc: Node identity fffffe01, cluster identity 64 [ 238.153752][ T9876] tipc: Node number set to 4294966785 [ 238.590575][ T9888] loop0: detected capacity change from 0 to 64 [ 238.673000][ T30] audit: type=1800 audit(1758906393.398:82): pid=9888 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1550" name="file1" dev="loop0" ino=5 res=0 errno=0 [ 238.824319][ T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 238.976080][ T5950] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 239.000802][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 239.015992][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.034763][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 239.091118][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 239.143778][ T24] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 239.167068][ T5950] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 239.170800][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 239.194579][ T5950] usb 5-1: config 0 has no interface number 0 [ 239.231205][ T24] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 239.233539][ T5950] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 239.271189][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.282006][ T24] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 239.294768][ T5950] usb 5-1: Product: syz [ 239.299205][ T5950] usb 5-1: Manufacturer: syz [ 239.306404][ T24] usb 4-1: Manufacturer: syz [ 239.312799][ T5950] usb 5-1: SerialNumber: syz [ 239.334045][ T24] usb 4-1: config 0 descriptor?? [ 239.336329][ T5950] usb 5-1: config 0 descriptor?? [ 239.413175][ T9893] loop1: detected capacity change from 0 to 32768 [ 239.442570][ T9893] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1559 (9893) [ 239.517853][ T9893] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 239.532022][ T9893] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 239.583738][ T5950] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 239.607487][ T5950] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 239.629866][ T5950] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 239.638310][ T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 239.654281][ T5950] usb 5-1: media controller created [ 239.676439][ T24] rc_core: IR keymap rc-hauppauge not found [ 239.685366][ T24] Registered IR keymap rc-empty [ 239.690956][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.703979][ T5950] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 239.718506][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.740404][ T9893] BTRFS info (device loop1): enabling ssd optimizations [ 239.748688][ T24] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 239.764705][ T9893] BTRFS info (device loop1): enabling free space tree [ 239.767144][ T24] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input17 [ 239.791910][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.809612][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 239.824434][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.838490][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.857463][ T5950] i2c i2c-2: ec100: i2c rd failed=-71 reg=33 [ 239.865948][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.884568][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.904359][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.905465][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 239.934876][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.965953][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.985051][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 239.992765][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.014641][ T10] usb 1-1: config 0 descriptor?? [ 240.026303][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.027083][ T5186] Bluetooth: hci4: link tx timeout [ 240.038902][ T5186] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 240.051286][ T5950] usb 5-1: USB disconnect, device number 11 [ 240.059841][ T10] hub 1-1:0.0: USB hub found [ 240.084482][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.157330][ T7674] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 240.169259][ T24] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 240.203234][ T24] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 240.212643][ T24] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 240.256634][ T10] hub 1-1:0.0: config failed, can't read hub descriptor (err -90) [ 240.289480][ T24] usb 4-1: USB disconnect, device number 19 [ 240.662306][ T10] hid_parser_main: 50 callbacks suppressed [ 240.662332][ T10] hid-generic 0003:046D:C31C.000B: unknown main item tag 0x0 [ 240.724642][ T10] hid-generic 0003:046D:C31C.000B: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.0-1/input0 [ 240.974818][ T10] usb 1-1: USB disconnect, device number 14 [ 241.131570][ T9925] loop2: detected capacity change from 0 to 40427 [ 241.169212][ T9925] F2FS-fs (loop2): invalid crc value [ 241.290289][ T9957] netlink: 256 bytes leftover after parsing attributes in process `syz.1.1582'. [ 241.329286][ T9925] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 241.358295][ T9925] F2FS-fs (loop2): Start checkpoint disabled! [ 241.404348][ T9925] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 241.416753][ T9925] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 241.470935][ T30] audit: type=1800 audit(1758906396.198:83): pid=9925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1567" name="file1" dev="loop2" ino=10 res=0 errno=0 [ 241.572912][ T2994] kworker/u8:8: attempt to access beyond end of device [ 241.572912][ T2994] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 241.601448][ T2994] CPU: 0 UID: 0 PID: 2994 Comm: kworker/u8:8 Not tainted syzkaller #0 PREEMPT(full) [ 241.601476][ T2994] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 241.601489][ T2994] Workqueue: writeback wb_workfn (flush-7:2) [ 241.601542][ T2994] Call Trace: [ 241.601550][ T2994] [ 241.601559][ T2994] dump_stack_lvl+0x189/0x250 [ 241.601589][ T2994] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.601613][ T2994] ? __pfx_queue_work_on+0x10/0x10 [ 241.601631][ T2994] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 241.601662][ T2994] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 241.601701][ T2994] f2fs_handle_critical_error+0x37c/0x540 [ 241.601733][ T2994] f2fs_write_end_io+0x886/0xb60 [ 241.601780][ T2994] __submit_merged_bio+0x27a/0x6a0 [ 241.601810][ T2994] __submit_merged_write_cond+0x255/0x530 [ 241.601851][ T2994] f2fs_write_data_pages+0x261d/0x3000 [ 241.601915][ T2994] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 241.601956][ T2994] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 241.602024][ T2994] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 241.602047][ T2994] ? look_up_lock_class+0x74/0x170 [ 241.602084][ T2994] ? trace_f2fs_writepages+0x7f/0x200 [ 241.602107][ T2994] ? f2fs_write_node_pages+0x478/0x6e0 [ 241.602146][ T2994] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 241.602180][ T2994] ? __lock_acquire+0xab9/0xd20 [ 241.602217][ T2994] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 241.602241][ T2994] do_writepages+0x32e/0x550 [ 241.602269][ T2994] ? reacquire_held_locks+0x127/0x1d0 [ 241.602286][ T2994] ? writeback_sb_inodes+0x384/0x1010 [ 241.602321][ T2994] __writeback_single_inode+0x145/0xff0 [ 241.602343][ T2994] ? do_raw_spin_unlock+0x122/0x240 [ 241.602373][ T2994] writeback_sb_inodes+0x6c7/0x1010 [ 241.602430][ T2994] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 241.602509][ T2994] ? rcu_is_watching+0x15/0xb0 [ 241.602540][ T2994] wb_writeback+0x43b/0xaf0 [ 241.602573][ T2994] ? queue_io+0x351/0x590 [ 241.602600][ T2994] ? __pfx_wb_writeback+0x10/0x10 [ 241.602633][ T2994] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.602670][ T2994] wb_workfn+0x409/0xef0 [ 241.602721][ T2994] ? __pfx_wb_workfn+0x10/0x10 [ 241.602758][ T2994] ? __lock_acquire+0xab9/0xd20 [ 241.602800][ T2994] ? process_scheduled_works+0x9ef/0x17b0 [ 241.602838][ T2994] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.602859][ T2994] ? process_scheduled_works+0x9ef/0x17b0 [ 241.602886][ T2994] ? process_scheduled_works+0x9ef/0x17b0 [ 241.602919][ T2994] process_scheduled_works+0xae1/0x17b0 [ 241.602988][ T2994] ? __pfx_process_scheduled_works+0x10/0x10 [ 241.603041][ T2994] worker_thread+0x8a0/0xda0 [ 241.603108][ T2994] kthread+0x711/0x8a0 [ 241.603135][ T2994] ? __pfx_worker_thread+0x10/0x10 [ 241.603165][ T2994] ? __pfx_kthread+0x10/0x10 [ 241.603191][ T2994] ? _raw_spin_unlock_irq+0x23/0x50 [ 241.603230][ T2994] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.603252][ T2994] ? __pfx_kthread+0x10/0x10 [ 241.603278][ T2994] ret_from_fork+0x4bc/0x870 [ 241.603312][ T2994] ? __pfx_ret_from_fork+0x10/0x10 [ 241.603354][ T2994] ? __switch_to_asm+0x39/0x70 [ 241.603378][ T2994] ? __switch_to_asm+0x33/0x70 [ 241.603401][ T2994] ? __pfx_kthread+0x10/0x10 [ 241.603427][ T2994] ret_from_fork_asm+0x1a/0x30 [ 241.603479][ T2994] [ 241.603488][ T2994] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 241.986213][ T10] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 242.131207][ T5873] Bluetooth: hci4: command 0x0406 tx timeout [ 242.145214][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 242.159843][ T10] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 242.170605][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 242.186870][ T10] usb 5-1: Product: syz [ 242.191100][ T10] usb 5-1: Manufacturer: syz [ 242.195959][ T10] usb 5-1: SerialNumber: syz [ 242.217804][ T10] usb 5-1: config 0 descriptor?? [ 242.239682][ T10] gspca_main: se401-2.14.0 probing 047d:5003 [ 242.367469][ T9979] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 242.633781][ T10] gspca_se401: ExtraFeatures: 7 [ 242.774280][ T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 242.837913][ T10] input: se401 as /devices/platform/dummy_hcd.4/usb5/5-1/input/input18 [ 242.894571][ T10] usb 5-1: USB disconnect, device number 12 [ 242.946226][ T24] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 242.972822][ T24] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 243.002800][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 243.032560][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 243.076420][ T24] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 243.100657][ T24] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 243.120486][ T24] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 243.150872][ T24] usb 4-1: Product: syz [ 243.163998][ T24] usb 4-1: Manufacturer: syz [ 243.186950][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 243.202443][ T24] cdc_wdm 4-1:1.0: skipping garbage [ 243.222048][ T24] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 243.234294][ T24] cdc_wdm 4-1:1.0: Unknown control protocol [ 243.444015][ T24] usb 4-1: USB disconnect, device number 20 [ 243.651710][ T9987] loop0: detected capacity change from 0 to 32768 [ 243.680959][ T9987] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 243.709523][ T9987] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 243.760561][ T9987] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms [ 243.788783][ T5982] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 243.806320][ T5982] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 243.857128][ T6013] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 243.948657][ T5982] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 142ms [ 243.967499][ T5982] gfs2: fsid=syz:syz.0: jid=0: Done [ 243.972982][ T9987] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 244.034275][ T6013] usb 3-1: Using ep0 maxpacket: 8 [ 244.052940][ T6013] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 244.064229][ T6013] usb 3-1: config 179 has no interface number 0 [ 244.070574][ T6013] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 244.102256][ T6013] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 244.124107][ T6013] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 244.166106][ T6013] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 244.228338][ T6013] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 244.259582][ T6013] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 244.282191][ T6013] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.321309][T10023] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 244.338437][T10014] loop1: detected capacity change from 0 to 40427 [ 244.378407][T10014] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 244.412656][T10014] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 244.449465][T10014] F2FS-fs (loop1): invalid crc value [ 244.623646][ T6013] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input19 [ 244.782038][T10014] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 244.819364][T10014] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 244.837278][T10014] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 244.855390][T10052] hugetlbfs: syz.3.1607 (10052): Using mlock ulimits for SHM_HUGETLB is obsolete [ 244.905752][ T10] usb 3-1: USB disconnect, device number 10 [ 244.905760][ C1] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 244.920705][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 246.203689][T10094] loop0: detected capacity change from 0 to 1024 [ 246.240804][T10097] loop1: detected capacity change from 0 to 2048 [ 246.276967][T10094] hfsplus: xattr searching failed [ 246.306624][T10094] hfsplus: xattr searching failed [ 246.313862][T10097] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 246.377712][T10097] ext4 filesystem being mounted at /205/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 246.388577][ T5931] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 246.427839][ T12] hfsplus: b-tree write err: -5, ino 3 [ 246.567918][ T5931] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 246.576932][ T5931] usb 5-1: config 0 has no interface number 0 [ 246.594751][ T5931] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 246.610704][ T7674] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 246.634402][ T5931] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 246.657667][ T5931] usb 5-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 246.669614][ T5931] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.689562][ T5931] usb 5-1: config 0 descriptor?? [ 246.735468][T10093] loop2: detected capacity change from 0 to 32768 [ 246.765222][T10093] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1619 (10093) [ 246.798904][T10093] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 246.824364][T10093] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 246.958206][T10093] BTRFS info (device loop2): enabling ssd optimizations [ 246.988629][T10093] BTRFS info (device loop2): enabling free space tree [ 247.010454][T10093] BTRFS info (device loop2): use zstd compression, level 3 [ 247.123534][ T5931] prodikeys 0003:041E:2801.000C: unknown main item tag 0x0 [ 247.144265][ T5931] prodikeys 0003:041E:2801.000C: unknown main item tag 0x0 [ 247.161981][ T5931] prodikeys 0003:041E:2801.000C: item fetching failed at offset 4/7 [ 247.186108][ T5931] prodikeys 0003:041E:2801.000C: hid parse failed [ 247.204373][ T5931] prodikeys 0003:041E:2801.000C: probe with driver prodikeys failed with error -22 [ 247.290724][T10105] loop3: detected capacity change from 0 to 32768 [ 247.307122][T10140] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1627'. [ 247.321095][ T5931] usb 5-1: USB disconnect, device number 13 [ 247.369311][T10105] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 247.371374][T10140] macsec2: entered allmulticast mode [ 247.383704][T10140] bridge0: entered allmulticast mode [ 247.391460][T10140] bridge0: port 3(macsec2) entered blocking state [ 247.392245][ T5880] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 247.400454][T10140] bridge0: port 3(macsec2) entered disabled state [ 247.436923][T10140] bridge0: left allmulticast mode [ 247.491429][T10105] XFS (loop3): Ending clean mount [ 247.719821][ T5879] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 247.970344][ T30] audit: type=1326 audit(1758906402.698:84): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.074536][ T30] audit: type=1326 audit(1758906402.698:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.100701][ T30] audit: type=1326 audit(1758906402.698:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.138781][ T30] audit: type=1326 audit(1758906402.708:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.189806][ T30] audit: type=1326 audit(1758906402.708:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.264858][ T30] audit: type=1326 audit(1758906402.708:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.344645][ T30] audit: type=1326 audit(1758906402.708:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.390698][T10182] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1640'. [ 248.401738][ T30] audit: type=1326 audit(1758906402.708:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10167 comm="syz.4.1635" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f972c78eec9 code=0x7ffc0000 [ 248.954294][ T5950] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 248.965045][ T5931] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 249.148247][ T5931] usb 2-1: Using ep0 maxpacket: 16 [ 249.154684][ T5950] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 249.178365][ T5931] usb 2-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.199664][ T5950] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4 [ 249.233965][ T5931] usb 2-1: config 0 interface 0 has no altsetting 0 [ 249.255045][ T5931] usb 2-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00 [ 249.265846][ T5950] usb 3-1: New USB device found, idVendor=046d, idProduct=ca04, bcdDevice= 0.00 [ 249.283369][ T5931] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.307288][ T5950] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.340286][ T5931] usb 2-1: config 0 descriptor?? [ 249.347669][ T5950] usb 3-1: config 0 descriptor?? [ 249.353678][T10200] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 249.803871][ T5950] logitech 0003:046D:CA04.000D: unbalanced delimiter at end of report description [ 249.817087][ T5931] acrux 0003:1A34:0802.000E: item fetching failed at offset 3/5 [ 249.837237][ T9] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 249.849471][ T5931] acrux 0003:1A34:0802.000E: parse failed [ 249.866616][ T5950] logitech 0003:046D:CA04.000D: parse failed [ 249.872923][ T5950] logitech 0003:046D:CA04.000D: probe with driver logitech failed with error -22 [ 249.882875][ T5931] acrux 0003:1A34:0802.000E: probe with driver acrux failed with error -22 [ 250.004023][ T24] usb 3-1: USB disconnect, device number 11 [ 250.021200][ T5950] usb 2-1: USB disconnect, device number 7 [ 250.038674][ T9] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 250.047699][ T9] usb 5-1: config 0 has no interface number 0 [ 250.072144][ T9] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 250.101475][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.111293][ T9] usb 5-1: Product: syz [ 250.120905][ T9] usb 5-1: Manufacturer: syz [ 250.134761][ T9] usb 5-1: SerialNumber: syz [ 250.142270][ T9] usb 5-1: config 0 descriptor?? [ 250.361394][ T9] usb 5-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 250.388858][ T9] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 250.414581][ T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 250.422751][ T9] usb 5-1: media controller created [ 250.476228][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 250.573591][ T9] i2c i2c-2: ec100: i2c rd failed=-71 reg=33 [ 250.649967][ T9] usb 5-1: USB disconnect, device number 14 [ 250.691131][T10247] loop3: detected capacity change from 0 to 40427 [ 250.708513][T10247] F2FS-fs (loop3): build fault injection rate: 771 [ 250.746730][T10247] F2FS-fs (loop3): invalid crc value [ 250.882782][T10247] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 250.917813][T10247] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 250.958886][T10247] syz.3.1660: attempt to access beyond end of device [ 250.958886][T10247] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 251.028501][ T5879] syz-executor: attempt to access beyond end of device [ 251.028501][ T5879] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 251.054675][ T5879] CPU: 1 UID: 0 PID: 5879 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 251.054705][ T5879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 251.054719][ T5879] Call Trace: [ 251.054728][ T5879] [ 251.054737][ T5879] dump_stack_lvl+0x189/0x250 [ 251.054772][ T5879] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.054805][ T5879] ? __pfx_queue_work_on+0x10/0x10 [ 251.054823][ T5879] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 251.054849][ T5879] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 251.054889][ T5879] f2fs_handle_critical_error+0x37c/0x540 [ 251.054922][ T5879] f2fs_write_end_io+0x886/0xb60 [ 251.054972][ T5879] __submit_merged_bio+0x27a/0x6a0 [ 251.055004][ T5879] __submit_merged_write_cond+0x255/0x530 [ 251.055049][ T5879] f2fs_write_data_pages+0x261d/0x3000 [ 251.055073][ T5879] ? finish_task_switch+0x18b/0x950 [ 251.055144][ T5879] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 251.055245][ T5879] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 251.055301][ T5879] ? __lock_acquire+0xab9/0xd20 [ 251.055352][ T5879] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 251.055379][ T5879] do_writepages+0x32e/0x550 [ 251.055417][ T5879] ? do_raw_spin_unlock+0x122/0x240 [ 251.055448][ T5879] filemap_fdatawrite+0x199/0x240 [ 251.055471][ T5879] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 251.055560][ T5879] ? do_raw_spin_unlock+0x122/0x240 [ 251.055592][ T5879] f2fs_sync_dirty_inodes+0x31f/0x830 [ 251.055640][ T5879] f2fs_write_checkpoint+0x93e/0x2440 [ 251.055665][ T5879] ? stack_depot_save_flags+0x40/0x860 [ 251.055732][ T5879] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 251.055819][ T5879] ? f2fs_stop_gc_thread+0x7f/0xb0 [ 251.055847][ T5879] ? kfree+0x19a/0x6d0 [ 251.055882][ T5879] kill_f2fs_super+0x2cc/0x6d0 [ 251.055918][ T5879] ? __pfx_kill_f2fs_super+0x10/0x10 [ 251.055969][ T5879] ? shrinker_free+0x2ce/0x3e0 [ 251.056004][ T5879] deactivate_locked_super+0xbc/0x130 [ 251.056041][ T5879] cleanup_mnt+0x425/0x4c0 [ 251.056072][ T5879] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.056102][ T5879] task_work_run+0x1d4/0x260 [ 251.056133][ T5879] ? __pfx_task_work_run+0x10/0x10 [ 251.056155][ T5879] ? __x64_sys_umount+0x122/0x160 [ 251.056184][ T5879] ? exit_to_user_mode_loop+0x40/0x130 [ 251.056218][ T5879] exit_to_user_mode_loop+0xe9/0x130 [ 251.056248][ T5879] do_syscall_64+0x2bd/0xfa0 [ 251.056272][ T5879] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.056296][ T5879] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.056317][ T5879] ? clear_bhb_loop+0x60/0xb0 [ 251.056343][ T5879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.056364][ T5879] RIP: 0033:0x7f1db3d901f7 [ 251.056384][ T5879] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 251.056402][ T5879] RSP: 002b:00007fff3d900138 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 251.056424][ T5879] RAX: 0000000000000000 RBX: 00007f1db3e11d7d RCX: 00007f1db3d901f7 [ 251.056438][ T5879] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff3d9001f0 [ 251.056450][ T5879] RBP: 00007fff3d9001f0 R08: 0000000000000000 R09: 0000000000000000 [ 251.056463][ T5879] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff3d901280 [ 251.056476][ T5879] R13: 00007f1db3e11d7d R14: 000000000003d44b R15: 00007fff3d9012c0 [ 251.056517][ T5879] [ 251.057876][ T5879] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 251.544860][ T30] audit: type=1326 audit(1758906406.268:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10259 comm="syz.1.1666" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f994c98eec9 code=0x7fc00000 [ 251.909423][T10279] loop2: detected capacity change from 0 to 128 [ 251.941435][T10279] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 251.983205][T10279] hpfs: filesystem error: improperly stopped [ 252.007154][T10279] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 252.028439][T10279] hpfs: You really don't want any checks? You are crazy... [ 252.048370][T10279] hpfs: hpfs_map_sector(): read error [ 252.070554][T10279] hpfs: code page support is disabled [ 252.091413][T10279] hpfs: hpfs_map_4sectors(): unaligned read [ 252.104625][T10283] netlink: 'syz.3.1668': attribute type 11 has an invalid length. [ 252.107684][T10268] loop4: detected capacity change from 0 to 32768 [ 252.124377][T10279] hpfs: hpfs_map_4sectors(): unaligned read [ 252.130412][T10279] hpfs: filesystem error: unable to find root dir [ 252.390182][T10291] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1678'. [ 252.984638][ T5982] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 253.040064][T10289] loop2: detected capacity change from 0 to 32768 [ 253.085186][T10289] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 253.146276][T10289] XFS (loop2): Ending clean mount [ 253.164311][ T5982] usb 4-1: Using ep0 maxpacket: 8 [ 253.172659][ T5982] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 253.204006][ T5982] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 253.234455][ T5982] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 253.258441][ T5982] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 253.272430][ T5880] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 253.307478][ T5982] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 253.317003][ T5982] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 253.541854][ T5982] usb 4-1: GET_CAPABILITIES returned 0 [ 253.559559][ T5982] usbtmc 4-1:16.0: can't read capabilities [ 253.743950][ T24] usb 4-1: USB disconnect, device number 21 [ 253.883540][T10332] loop4: detected capacity change from 0 to 32768 [ 253.945448][T10332] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 254.047938][T10332] XFS (loop4): Ending clean mount [ 254.071885][T10332] XFS (loop4): Quotacheck needed: Please wait. [ 254.149707][T10332] XFS (loop4): Quotacheck: Done. [ 254.194781][T10332] afs: Unexpected value for 'dyn' [ 254.290150][T10342] loop2: detected capacity change from 0 to 32768 [ 254.313758][ T5867] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 254.337441][T10342] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 254.381315][T10377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1709'. [ 254.673517][ T30] audit: type=1326 audit(1758906409.398:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 254.717259][ T5880] ocfs2: Unmounting device (7,2) on (node local) [ 254.726189][ T30] audit: type=1326 audit(1758906409.428:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 254.789990][ T30] audit: type=1326 audit(1758906409.428:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 254.837857][ T30] audit: type=1326 audit(1758906409.428:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 254.889083][ T30] audit: type=1326 audit(1758906409.428:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 254.930938][ T30] audit: type=1326 audit(1758906409.428:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 254.956864][ T30] audit: type=1326 audit(1758906409.428:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 254.980829][ T30] audit: type=1326 audit(1758906409.428:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 255.059727][ T30] audit: type=1326 audit(1758906409.428:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 255.085525][ T30] audit: type=1326 audit(1758906409.428:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10388 comm="syz.0.1714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff167b8eec9 code=0x7ffc0000 [ 255.188037][T10401] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1719'. [ 255.655058][T10423] netlink: 'syz.4.1729': attribute type 8 has an invalid length. [ 255.722401][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.729216][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.940778][T10437] tap0: tun_chr_ioctl cmd 1074025677 [ 255.958699][T10437] tap0: linktype set to 774 [ 256.318824][T10455] loop3: detected capacity change from 0 to 1024 [ 256.378838][T10455] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 256.427094][T10455] EXT4-fs error (device loop3): ext4_read_inline_dir:1476: inode #12: block 7: comm syz.3.1744: path /338/file1/file0: bad entry in directory: inode out of bounds - offset=24, inode=150994957, rec_len=16, size=80 fake=0 [ 256.557947][ T5879] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 256.668003][T10434] loop4: detected capacity change from 0 to 40427 [ 256.681926][T10434] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 256.719033][T10434] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 256.747212][T10434] F2FS-fs (loop4): invalid crc value [ 256.893008][T10434] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 256.925365][T10434] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 256.954919][T10434] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 256.966155][ T24] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 257.035566][T10487] netlink: 196 bytes leftover after parsing attributes in process `syz.0.1755'. [ 257.145769][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 257.167638][ T24] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 257.194602][ T24] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 257.226670][ T24] usb 4-1: config 1 interface 1 has no altsetting 0 [ 257.235815][T10489] netlink: 168 bytes leftover after parsing attributes in process `syz.1.1757'. [ 257.246855][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 257.264557][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.272815][ T24] usb 4-1: Product: syz [ 257.290710][ T24] usb 4-1: Manufacturer: syz [ 257.304717][ T24] usb 4-1: SerialNumber: syz [ 257.742499][ T24] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 257.963446][T10493] loop0: detected capacity change from 0 to 32768 [ 258.022323][T10493] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 258.108071][T10493] XFS (loop0): Ending clean mount [ 258.129200][T10493] XFS (loop0): Quotacheck needed: Please wait. [ 258.180471][ T9] usb 4-1: USB disconnect, device number 22 [ 258.197806][T10493] XFS (loop0): Quotacheck: Done. [ 258.265125][T10493] XFS (loop0): User initiated shutdown received. [ 258.272215][T10537] gre0: Master is either lo or non-ether device [ 258.287695][T10493] XFS (loop0): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:472). Shutting down filesystem. [ 258.323365][T10493] XFS (loop0): Please unmount the filesystem and rectify the problem(s) [ 258.395651][ T5870] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 258.724091][T10550] random: crng reseeded on system resumption [ 258.972699][T10562] loop0: detected capacity change from 0 to 256 [ 258.990378][T10562] exfat: Deprecated parameter 'namecase' [ 258.998719][T10560] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 259.047568][T10562] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x2b52634e, utbl_chksum : 0xe619d30d) [ 259.238946][T10574] netlink: 184 bytes leftover after parsing attributes in process `syz.4.1791'. [ 259.286472][T10579] loop1: detected capacity change from 0 to 256 [ 259.299240][T10579] exfat: Unknown parameter 'ÿÿÿ0xffffffffffffffff0x0000000000000000' [ 259.664271][ T5931] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 259.695007][T10600] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.1804'. [ 259.824438][ T5931] usb 3-1: Using ep0 maxpacket: 8 [ 259.836359][ T5931] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.854316][ T5931] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 259.897205][ T5931] usb 3-1: New USB device found, idVendor=06cb, idProduct=81a7, bcdDevice= 0.00 [ 259.914293][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 259.935402][ T5931] usb 3-1: config 0 descriptor?? [ 260.008916][T10592] loop0: detected capacity change from 0 to 32768 [ 260.050067][T10592] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 260.093553][T10592] XFS (loop0): Ending clean mount [ 260.148517][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 260.161568][ T12] Bluetooth: hci5: received HCILL_GO_TO_SLEEP_ACK in state 0 [ 260.189110][ T5870] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 260.356726][ T5931] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0 [ 260.363943][ T5931] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0 [ 260.372646][ T5931] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0 [ 260.380746][ T5931] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0 [ 260.388022][ T5931] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0 [ 260.395470][ T5931] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0 [ 260.405085][ T5931] hid-rmi 0003:06CB:81A7.000F: unknown main item tag 0x0 [ 260.412223][ T5931] hid-rmi 0003:06CB:81A7.000F: unbalanced collection at end of report description [ 260.425556][ T5931] hid-rmi 0003:06CB:81A7.000F: parse failed [ 260.431609][ T5931] hid-rmi 0003:06CB:81A7.000F: probe with driver hid-rmi failed with error -22 [ 260.560274][ T5931] usb 3-1: USB disconnect, device number 12 [ 260.602909][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 260.602928][ T30] audit: type=1326 audit(1758906415.328:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10634 comm="syz.1.1817" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f994c98eec9 code=0x0 [ 261.024280][ T5878] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 261.174315][ T5878] usb 1-1: Using ep0 maxpacket: 32 [ 261.183867][ T5878] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 261.195332][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.209619][ T5878] usb 1-1: config 0 descriptor?? [ 261.421522][ T5878] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 261.451019][ T5878] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 261.467545][ T5878] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 261.485058][ T5878] usb 1-1: media controller created [ 261.515660][ T5878] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 261.798836][T10668] loop2: detected capacity change from 0 to 256 [ 261.831712][T10668] FAT-fs (loop2): Directory bread(block 64) failed [ 261.839928][T10668] FAT-fs (loop2): Directory bread(block 65) failed [ 261.847291][T10668] FAT-fs (loop2): Directory bread(block 66) failed [ 261.854033][T10668] FAT-fs (loop2): Directory bread(block 67) failed [ 261.864571][T10668] FAT-fs (loop2): Directory bread(block 68) failed [ 261.871263][T10668] FAT-fs (loop2): Directory bread(block 69) failed [ 261.872326][T10670] loop1: detected capacity change from 0 to 512 [ 261.881745][T10668] FAT-fs (loop2): Directory bread(block 70) failed [ 261.887249][T10670] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 261.891106][T10668] FAT-fs (loop2): Directory bread(block 71) failed [ 261.908059][T10668] FAT-fs (loop2): Directory bread(block 72) failed [ 261.911663][T10670] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2853: Unable to expand inode 11. Delete some EAs or run e2fsck. [ 261.914683][T10668] FAT-fs (loop2): Directory bread(block 73) failed [ 261.935465][T10670] EXT4-fs (loop1): 1 truncate cleaned up [ 261.942929][T10670] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 261.970211][T10670] EXT4-fs (loop1): shut down requested (2) [ 262.000500][ T7674] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.024630][ T5878] az6027: usb out operation failed. (-71) [ 262.032773][ T5878] stb0899_attach: Driver disabled by Kconfig [ 262.055108][ T5878] az6027: no front-end attached [ 262.055108][ T5878] [ 262.068629][ T5878] az6027: usb out operation failed. (-71) [ 262.074795][ T5878] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 262.087563][ T5878] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input20 [ 262.101028][ T5878] dvb-usb: schedule remote query interval to 400 msecs. [ 262.108404][ T5878] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 262.121768][ T5878] usb 1-1: USB disconnect, device number 15 [ 262.128198][T10614] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 262.194652][ T5873] Bluetooth: hci5: command 0x1003 tx timeout [ 262.196268][ T5186] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 262.235525][ T5878] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 262.505349][T10697] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1845'. [ 262.663727][T10709] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1851'. [ 262.788769][T10713] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1853'. [ 262.870607][T10719] loop3: detected capacity change from 0 to 1024 [ 262.913847][T10719] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 262.973193][ T5950] kernel write not supported for file /cpu/0/msr (pid: 5950 comm: kworker/0:6) [ 262.991839][ T5879] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 263.065007][ T5931] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 263.265215][ T5931] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 263.289721][ T5931] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.315932][ T5931] usb 1-1: config 0 descriptor?? [ 263.353975][T10748] overlayfs: failed to create directory ./file0/work (errno: 13); mounting read-only [ 263.376364][T10748] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off. [ 263.464831][T10751] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1871'. [ 263.482172][T10751] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1871'. [ 263.493029][T10751] netlink: 'syz.4.1871': attribute type 18 has an invalid length. [ 263.939003][ T5931] usb 1-1: Cannot set autoneg [ 263.947558][ T5931] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 263.965653][T10749] loop2: detected capacity change from 0 to 40427 [ 263.980097][T10749] F2FS-fs (loop2): invalid crc value [ 263.987171][ T5931] usb 1-1: USB disconnect, device number 16 [ 264.082892][T10749] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 264.095317][T10749] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 264.103674][T10769] loop1: detected capacity change from 0 to 256 [ 264.222090][ T5880] syz-executor: attempt to access beyond end of device [ 264.222090][ T5880] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 264.245271][ T5880] CPU: 0 UID: 0 PID: 5880 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 264.245302][ T5880] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 264.245316][ T5880] Call Trace: [ 264.245324][ T5880] [ 264.245333][ T5880] dump_stack_lvl+0x189/0x250 [ 264.245366][ T5880] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.245391][ T5880] ? __pfx_queue_work_on+0x10/0x10 [ 264.245409][ T5880] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 264.245433][ T5880] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 264.245470][ T5880] f2fs_handle_critical_error+0x37c/0x540 [ 264.245509][ T5880] f2fs_write_end_io+0x886/0xb60 [ 264.245554][ T5880] __submit_merged_bio+0x27a/0x6a0 [ 264.245583][ T5880] __submit_merged_write_cond+0x255/0x530 [ 264.245625][ T5880] f2fs_write_data_pages+0x261d/0x3000 [ 264.245687][ T5880] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 264.245760][ T5880] ? __mod_zone_page_state+0xd7/0x140 [ 264.245794][ T5880] ? folios_put_refs+0x58b/0x670 [ 264.245838][ T5880] ? __lock_acquire+0xab9/0xd20 [ 264.245877][ T5880] ? do_raw_spin_lock+0x121/0x290 [ 264.245913][ T5880] ? do_raw_spin_unlock+0x122/0x240 [ 264.245938][ T5880] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 264.245963][ T5880] do_writepages+0x32e/0x550 [ 264.245996][ T5880] ? do_raw_spin_unlock+0x122/0x240 [ 264.246025][ T5880] filemap_fdatawrite+0x199/0x240 [ 264.246047][ T5880] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 264.246117][ T5880] ? do_raw_spin_unlock+0x122/0x240 [ 264.246145][ T5880] f2fs_sync_dirty_inodes+0x31f/0x830 [ 264.246187][ T5880] f2fs_write_checkpoint+0x93e/0x2440 [ 264.246210][ T5880] ? __lock_acquire+0xab9/0xd20 [ 264.246267][ T5880] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 264.246354][ T5880] kill_f2fs_super+0x2cc/0x6d0 [ 264.246386][ T5880] ? __pfx_kill_f2fs_super+0x10/0x10 [ 264.246431][ T5880] ? shrinker_free+0x2ce/0x3e0 [ 264.246463][ T5880] deactivate_locked_super+0xbc/0x130 [ 264.246521][ T5880] cleanup_mnt+0x425/0x4c0 [ 264.246550][ T5880] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.246576][ T5880] task_work_run+0x1d4/0x260 [ 264.246603][ T5880] ? __pfx_task_work_run+0x10/0x10 [ 264.246623][ T5880] ? __x64_sys_umount+0x122/0x160 [ 264.246648][ T5880] ? exit_to_user_mode_loop+0x40/0x130 [ 264.246678][ T5880] exit_to_user_mode_loop+0xe9/0x130 [ 264.246705][ T5880] do_syscall_64+0x2bd/0xfa0 [ 264.246728][ T5880] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.246750][ T5880] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.246770][ T5880] ? clear_bhb_loop+0x60/0xb0 [ 264.246795][ T5880] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.246814][ T5880] RIP: 0033:0x7fbdee7901f7 [ 264.246832][ T5880] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 264.246847][ T5880] RSP: 002b:00007ffd2e0b94c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 264.246868][ T5880] RAX: 0000000000000000 RBX: 00007fbdee811d7d RCX: 00007fbdee7901f7 [ 264.246882][ T5880] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2e0b9580 [ 264.246894][ T5880] RBP: 00007ffd2e0b9580 R08: 0000000000000000 R09: 0000000000000000 [ 264.246906][ T5880] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd2e0ba610 [ 264.246918][ T5880] R13: 00007fbdee811d7d R14: 00000000000407ba R15: 00007ffd2e0ba650 [ 264.246952][ T5880] [ 264.246960][ T5880] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 264.734853][T10782] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1885'. [ 266.160815][T10806] loop1: detected capacity change from 0 to 40427 [ 266.186745][T10806] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 266.207924][T10806] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 266.399780][T10806] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 266.428714][T10806] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 266.434796][ T24] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 266.451714][T10806] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 266.624688][ T24] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 266.633012][ T24] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 266.645390][ T24] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 266.659821][ T24] usb 5-1: config 220 has no interface number 2 [ 266.666251][ T24] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 266.683847][ T24] usb 5-1: config 220 interface 0 has no altsetting 0 [ 266.702172][ T24] usb 5-1: config 220 interface 76 has no altsetting 0 [ 266.709513][ T24] usb 5-1: config 220 interface 1 has no altsetting 0 [ 266.737365][ T24] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 266.752739][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.771868][ T24] usb 5-1: Product: syz [ 266.781102][ T24] usb 5-1: Manufacturer: syz [ 266.789309][ T24] usb 5-1: SerialNumber: syz [ 267.033864][ T24] uvcvideo 5-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 267.048830][ T24] uvcvideo 5-1:220.0: No valid video chain found. [ 267.063154][T10864] loop2: detected capacity change from 0 to 512 [ 267.073140][ T24] usb 5-1: selecting invalid altsetting 0 [ 267.102647][ T24] usb 5-1: selecting invalid altsetting 0 [ 267.122183][T10864] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 267.146874][ T24] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 267.173326][ T24] usb 5-1: USB disconnect, device number 15 [ 267.184361][T10864] ext4 filesystem being mounted at /399/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 267.438261][ T30] audit: type=1800 audit(1758906422.128:106): pid=10864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1922" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 267.460781][ T30] audit: type=1800 audit(1758906422.158:107): pid=10864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1922" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 267.533189][ T5880] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 267.873755][T10889] loop1: detected capacity change from 0 to 2048 [ 267.890764][T10889] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 268.031778][T10895] overlayfs: missing 'lowerdir' [ 268.314602][T10907] overlayfs: overlapping lowerdir path [ 268.598541][T10921] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 268.605908][T10921] IPv6: NLM_F_CREATE should be set when creating new route [ 268.613175][T10921] IPv6: NLM_F_CREATE should be set when creating new route [ 268.620487][T10921] IPv6: NLM_F_CREATE should be set when creating new route [ 268.649798][T10925] loop4: detected capacity change from 0 to 64 [ 268.650522][T10921] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 268.821318][T10932] loop4: detected capacity change from 0 to 256 [ 268.860864][T10932] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 269.027716][T10913] loop1: detected capacity change from 0 to 40427 [ 269.041018][T10913] F2FS-fs (loop1): build fault injection rate: 25 [ 269.054605][T10913] F2FS-fs (loop1): build fault injection type: 0x7698c [ 269.067402][T10913] F2FS-fs (loop1): invalid crc value [ 269.077104][T10913] F2FS-fs (loop1): inject invalid blkaddr in f2fs_is_valid_blkaddr of f2fs_ra_meta_pages+0x1cb/0x970 [ 269.115349][T10913] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970 [ 269.229247][T10949] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1958'. [ 269.244530][T10949] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1958'. [ 269.286813][T10951] Bluetooth: hci0: load_link_keys: too big key_count value 2816 [ 269.311759][T10913] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 269.342859][T10913] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 269.407500][T10913] F2FS-fs (loop1): inject too big dir depth in f2fs_add_regular_entry of f2fs_add_dentry+0xda/0x1d0 [ 269.423509][T10958] loop4: detected capacity change from 0 to 128 [ 269.468678][T10913] syz.1.1940: attempt to access beyond end of device [ 269.468678][T10913] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 269.507606][T10913] CPU: 0 UID: 0 PID: 10913 Comm: syz.1.1940 Not tainted syzkaller #0 PREEMPT(full) [ 269.507638][T10913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 269.507651][T10913] Call Trace: [ 269.507659][T10913] [ 269.507668][T10913] dump_stack_lvl+0x189/0x250 [ 269.507781][T10913] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.507828][T10913] ? __pfx_queue_work_on+0x10/0x10 [ 269.507846][T10913] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 269.507871][T10913] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 269.507916][T10913] f2fs_handle_critical_error+0x37c/0x540 [ 269.507953][T10913] f2fs_write_end_io+0x886/0xb60 [ 269.507999][T10913] __submit_merged_bio+0x27a/0x6a0 [ 269.508030][T10913] __submit_merged_write_cond+0x255/0x530 [ 269.508072][T10913] f2fs_write_data_pages+0x261d/0x3000 [ 269.508135][T10913] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 269.508214][T10913] ? check_path+0x21/0x40 [ 269.508234][T10913] ? check_noncircular+0xe0/0x160 [ 269.508308][T10913] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 269.508332][T10913] do_writepages+0x32e/0x550 [ 269.508376][T10913] ? do_raw_spin_unlock+0x122/0x240 [ 269.508406][T10913] filemap_fdatawrite+0x199/0x240 [ 269.508428][T10913] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 269.508502][T10913] ? do_raw_spin_unlock+0x122/0x240 [ 269.508532][T10913] f2fs_sync_dirty_inodes+0x31f/0x830 [ 269.508577][T10913] f2fs_write_checkpoint+0x93e/0x2440 [ 269.508603][T10913] ? check_noncircular+0xe0/0x160 [ 269.508665][T10913] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 269.508739][T10913] ? down_write+0x162/0x1f0 [ 269.508770][T10913] ? __pfx_down_write+0x10/0x10 [ 269.508811][T10913] f2fs_issue_checkpoint+0x3b8/0x610 [ 269.508841][T10913] ? __pfx_f2fs_issue_checkpoint+0x10/0x10 [ 269.508885][T10913] ? __lock_acquire+0xab9/0xd20 [ 269.508956][T10913] ? f2fs_sync_fs+0x200/0x3d0 [ 269.508995][T10913] f2fs_do_sync_file+0x869/0x1860 [ 269.509034][T10913] ? __pfx_f2fs_do_sync_file+0x10/0x10 [ 269.509105][T10913] ? __mark_inode_dirty+0x3d2/0xe10 [ 269.509143][T10913] ? vfs_fsync_range+0x149/0x1c0 [ 269.509172][T10913] ? f2fs_sync_file+0xe9/0x160 [ 269.509201][T10913] f2fs_file_write_iter+0x753/0x2410 [ 269.509258][T10913] ? __pfx_f2fs_file_write_iter+0x10/0x10 [ 269.509286][T10913] ? rcu_read_lock_any_held+0xb3/0x120 [ 269.509327][T10913] vfs_write+0x5c9/0xb30 [ 269.509356][T10913] ? __pfx_f2fs_file_write_iter+0x10/0x10 [ 269.509385][T10913] ? __pfx_vfs_write+0x10/0x10 [ 269.509421][T10913] ? __fget_files+0x2a/0x420 [ 269.509459][T10913] __x64_sys_pwrite64+0x193/0x220 [ 269.509488][T10913] ? __pfx___x64_sys_pwrite64+0x10/0x10 [ 269.509519][T10913] ? do_syscall_64+0xbe/0xfa0 [ 269.509550][T10913] do_syscall_64+0xfa/0xfa0 [ 269.509574][T10913] ? lockdep_hardirqs_on+0x9c/0x150 [ 269.509599][T10913] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.509621][T10913] ? clear_bhb_loop+0x60/0xb0 [ 269.509691][T10913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 269.509713][T10913] RIP: 0033:0x7f994c98eec9 [ 269.509734][T10913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 269.509753][T10913] RSP: 002b:00007f994d840038 EFLAGS: 00000246 ORIG_RAX: 0000000000000012 [ 269.509776][T10913] RAX: ffffffffffffffda RBX: 00007f994cbe5fa0 RCX: 00007f994c98eec9 [ 269.509792][T10913] RDX: 0000000000000001 RSI: 00002000000004c0 RDI: 0000000000000004 [ 269.509805][T10913] RBP: 00007f994ca11f91 R08: 0000000000000000 R09: 0000000000000000 [ 269.509819][T10913] R10: 0000000000000002 R11: 0000000000000246 R12: 0000000000000000 [ 269.509832][T10913] R13: 00007f994cbe6038 R14: 00007f994cbe5fa0 R15: 00007ffe5e1d66a8 [ 269.509870][T10913] [ 269.510241][T10913] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 270.317613][T10983] netlink: 'syz.4.1975': attribute type 2 has an invalid length. [ 270.445086][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 270.523075][T10990] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 270.599673][T10992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 270.614372][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 270.615388][T10992] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1968'. [ 270.625647][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 270.655013][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 270.684248][ T5950] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 270.692047][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 270.713751][ T9] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 270.724042][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 270.748394][ T9] usb 1-1: config 0 descriptor?? [ 270.766384][T10979] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 270.775626][ T9] hub 1-1:0.0: USB hub found [ 270.874287][ T5950] usb 5-1: Using ep0 maxpacket: 8 [ 270.907583][ T5950] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 270.924351][ T5950] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.937420][ T5950] usb 5-1: Product: syz [ 270.941702][ T5950] usb 5-1: Manufacturer: syz [ 270.965762][ T5950] usb 5-1: SerialNumber: syz [ 270.977352][ T5950] usb 5-1: config 0 descriptor?? [ 270.997922][ T9] hub 1-1:0.0: config failed, hub doesn't have any ports! (err -19) [ 271.199873][ T5950] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 271.218983][ T9] usbhid 1-1:0.0: can't add hid device: -71 [ 271.228763][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 271.304281][ T9] usb 1-1: USB disconnect, device number 17 [ 271.511530][T11017] loop2: detected capacity change from 0 to 1024 [ 271.611841][ T60] hfsplus: b-tree write err: -5, ino 4 [ 271.713940][T11008] loop3: detected capacity change from 0 to 32768 [ 271.733289][T11008] JBD2: Ignoring recovery information on journal [ 271.804955][ T5950] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 271.828612][T11008] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 271.840721][ T5950] usb 5-1: USB disconnect, device number 16 [ 271.926992][ T5878] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 271.943580][ T5879] ocfs2: Unmounting device (7,3) on (node local) [ 272.084336][ T5878] usb 3-1: Using ep0 maxpacket: 16 [ 272.086893][T11028] program syz.0.1995 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 272.099790][ T5878] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 272.110543][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 272.122036][ T5878] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 272.132347][ T5878] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 272.142122][ T5878] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 272.158176][ T5878] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 272.170438][ T5878] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 272.178754][ T5878] usb 3-1: Manufacturer: syz [ 272.191612][ T5878] usb 3-1: config 0 descriptor?? [ 272.478079][T11046] loop4: detected capacity change from 0 to 128 [ 272.504248][ T5878] rc_core: IR keymap rc-hauppauge not found [ 272.512681][ T5878] Registered IR keymap rc-empty [ 272.524414][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.554355][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.554944][ T5931] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 272.586110][ T5878] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 272.608867][ T5878] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input23 [ 272.642405][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.674773][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.704344][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.734389][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.739447][ T5931] usb 4-1: Using ep0 maxpacket: 16 [ 272.754346][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.771786][ T5931] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 272.774416][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.794572][ T5931] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.815222][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.833182][ T5931] usb 4-1: Product: syz [ 272.835774][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.843372][ T5931] usb 4-1: Manufacturer: syz [ 272.870047][ T5931] usb 4-1: SerialNumber: syz [ 272.884428][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.897377][ T5931] r8152-cfgselector 4-1: Unknown version 0x0000 [ 272.900453][T11057] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0) [ 272.905991][ T5931] r8152-cfgselector 4-1: config 0 descriptor?? [ 272.916487][ T5878] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 272.938290][ T5878] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 272.954837][ T5878] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 273.016474][ T5878] usb 3-1: USB disconnect, device number 13 [ 273.191542][ T5931] r8152-cfgselector 4-1: Needed 2 retries to read version [ 273.202628][ T5931] r8152-cfgselector 4-1: Unknown version 0x0000 [ 273.225311][ T5931] r8152-cfgselector 4-1: bad CDC descriptors [ 273.433087][ T5982] r8152-cfgselector 4-1: USB disconnect, device number 23 [ 273.667552][ T30] audit: type=1326 audit(1758906428.398:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11086 comm="syz.2.2021" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbdee78eec9 code=0x0 [ 274.331704][T11126] loop4: detected capacity change from 0 to 512 [ 274.340708][T11128] bond0: entered promiscuous mode [ 274.346031][T11128] bond_slave_0: entered promiscuous mode [ 274.351986][T11128] bond_slave_1: entered promiscuous mode [ 274.358697][T11128] team0: entered promiscuous mode [ 274.363924][T11128] team_slave_0: entered promiscuous mode [ 274.369969][T11128] team_slave_1: entered promiscuous mode [ 274.379670][T11128] bond0: left promiscuous mode [ 274.385283][T11128] bond_slave_0: left promiscuous mode [ 274.391073][T11128] bond_slave_1: left promiscuous mode [ 274.397098][T11128] team0: left promiscuous mode [ 274.402010][T11128] team_slave_0: left promiscuous mode [ 274.407934][T11128] team_slave_1: left promiscuous mode [ 274.474564][ T9] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 274.668562][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 274.687791][ T9] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 274.734296][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 274.764015][ T9] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 274.784262][ T9] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 274.804495][ T9] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 274.813676][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.034314][ T5982] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 275.044627][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 275.054625][ T9] usb 4-1: GET_CAPABILITIES returned 0 [ 275.060259][ T9] usbtmc 4-1:16.0: can't read capabilities [ 275.214274][ T5982] usb 3-1: Using ep0 maxpacket: 32 [ 275.221839][ T24] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 275.234344][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.260084][ T5982] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 275.260339][ T9] usb 4-1: USB disconnect, device number 24 [ 275.271431][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 275.287637][ T5982] usb 3-1: config 0 has no interface number 0 [ 275.303161][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.316215][ T5982] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 275.334274][ T24] usb 2-1: Product: syz [ 275.338708][ T24] usb 2-1: Manufacturer: syz [ 275.343379][ T24] usb 2-1: SerialNumber: syz [ 275.348373][ T5982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.359002][ T5982] usb 3-1: Product: syz [ 275.363227][ T5982] usb 3-1: Manufacturer: syz [ 275.369455][ T5982] usb 3-1: SerialNumber: syz [ 275.377223][ T24] cdc_mbim 2-1:1.0: skipping garbage [ 275.386608][ T5982] usb 3-1: config 0 descriptor?? [ 275.407019][ T5982] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 275.421036][T11155] loop4: detected capacity change from 0 to 32768 [ 275.449281][T11155] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 275.542440][ T5867] ocfs2: Unmounting device (7,4) on (node local) [ 275.603869][T11160] overlayfs: statfs failed on './file0' [ 275.612253][ T5982] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 275.629392][ T5982] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 275.753599][T11165] loop4: detected capacity change from 0 to 512 [ 275.781653][T11165] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 275.796798][T11165] ext4 filesystem being mounted at /410/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 275.864431][ T30] audit: type=1800 audit(1758906430.588:109): pid=11165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2054" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 275.901502][ T30] audit: type=1800 audit(1758906430.588:110): pid=11165 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2054" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 275.929136][ T5867] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 276.025901][T11178] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2059'. [ 276.035424][T11178] netlink: 27 bytes leftover after parsing attributes in process `syz.4.2059'. [ 276.064695][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 276.067194][T11180] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2061'. [ 276.074536][ T5982] usb 3-1: USB disconnect, device number 14 [ 276.105208][ T5982] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 276.137653][ T5982] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 276.161540][ T5982] quatech2 3-1:0.51: device disconnected [ 276.207850][ T24] cdc_mbim 2-1:1.0: bind() failure [ 276.242491][ T24] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 276.276786][ T24] cdc_ncm 2-1:1.1: bind() failure [ 276.301103][ T24] usb 2-1: USB disconnect, device number 8 [ 276.912862][T11204] loop1: detected capacity change from 0 to 4096 [ 276.958559][T11206] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 277.079984][T11197] loop2: detected capacity change from 0 to 32768 [ 277.094427][T11197] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.2069 (11197) [ 277.130475][T11197] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 277.151072][T11197] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm [ 277.299129][T11197] BTRFS info (device loop2): rebuilding free space tree [ 277.332463][T11197] BTRFS info (device loop2): setting nodatasum [ 277.344417][T11197] BTRFS info (device loop2): setting nodatacow [ 277.350755][T11197] BTRFS info (device loop2): enabling ssd optimizations [ 277.357863][T11197] BTRFS info (device loop2): turning on sync discard [ 277.364784][T11197] BTRFS info (device loop2): enabling free space tree [ 277.371591][T11197] BTRFS info (device loop2): force clearing of disk cache [ 277.379654][T11197] BTRFS info (device loop2): max_inline set to 0 [ 277.460736][T11227] bond0: option packets_per_slave: invalid value (16779898) [ 277.474495][T11227] bond0: option packets_per_slave: allowed values 0 - 65535 [ 277.590447][T11233] loop3: detected capacity change from 0 to 128 [ 277.639988][ T30] audit: type=1800 audit(1758906432.368:111): pid=11233 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2079" name="file2" dev="loop3" ino=1048663 res=0 errno=0 [ 277.649051][ T5880] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 277.672073][ T2994] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared) [ 277.693084][T11233] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000819) [ 277.707885][T11233] FAT-fs (loop3): Filesystem has been set read-only [ 277.725965][T11233] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000819) [ 277.839358][ T9] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 278.024297][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 278.031517][ T9] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 278.054297][ T9] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 278.076204][ T9] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 278.114668][ T9] usb 5-1: Product: syz [ 278.123260][ T9] usb 5-1: Manufacturer: syz [ 278.156626][ T9] usb 5-1: SerialNumber: syz [ 278.174847][ T9] usb 5-1: config 0 descriptor?? [ 278.184573][T11231] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 278.196851][ T9] hub 5-1:0.0: bad descriptor, ignoring hub [ 278.215733][ T9] hub 5-1:0.0: probe with driver hub failed with error -5 [ 278.317153][T11237] loop1: detected capacity change from 0 to 40427 [ 278.329058][T11237] F2FS-fs (loop1): invalid crc value [ 278.401053][T11237] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 278.422461][T11237] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 278.470572][ T7674] syz-executor: attempt to access beyond end of device [ 278.470572][ T7674] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 278.487177][ T7674] CPU: 0 UID: 0 PID: 7674 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 278.487204][ T7674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 278.487217][ T7674] Call Trace: [ 278.487226][ T7674] [ 278.487234][ T7674] dump_stack_lvl+0x189/0x250 [ 278.487267][ T7674] ? __pfx_dump_stack_lvl+0x10/0x10 [ 278.487292][ T7674] ? __pfx_queue_work_on+0x10/0x10 [ 278.487309][ T7674] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 278.487333][ T7674] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 278.487369][ T7674] f2fs_handle_critical_error+0x37c/0x540 [ 278.487401][ T7674] f2fs_write_end_io+0x886/0xb60 [ 278.487449][ T7674] __submit_merged_bio+0x27a/0x6a0 [ 278.487479][ T7674] __submit_merged_write_cond+0x255/0x530 [ 278.487521][ T7674] f2fs_write_data_pages+0x261d/0x3000 [ 278.487589][ T7674] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 278.487611][ T7674] ? __switch_to+0xdc8/0x1690 [ 278.487689][ T7674] ? rcu_is_watching+0x15/0xb0 [ 278.487710][ T7674] ? trace_sched_exit_tp+0x36/0x110 [ 278.487735][ T7674] ? __schedule+0x17ae/0x4cc0 [ 278.487759][ T7674] ? unwind_next_frame+0xa5/0x2390 [ 278.487777][ T7674] ? rcu_is_watching+0x15/0xb0 [ 278.487792][ T7674] ? __kasan_check_byte+0x12/0x40 [ 278.487834][ T7674] ? __lock_acquire+0xab9/0xd20 [ 278.487875][ T7674] ? do_raw_spin_lock+0x121/0x290 [ 278.487914][ T7674] ? do_raw_spin_unlock+0x122/0x240 [ 278.487938][ T7674] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 278.487963][ T7674] do_writepages+0x32e/0x550 [ 278.487999][ T7674] ? do_raw_spin_unlock+0x122/0x240 [ 278.488028][ T7674] filemap_fdatawrite+0x199/0x240 [ 278.488058][ T7674] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 278.488140][ T7674] ? do_raw_spin_unlock+0x122/0x240 [ 278.488170][ T7674] f2fs_sync_dirty_inodes+0x31f/0x830 [ 278.488216][ T7674] f2fs_write_checkpoint+0x93e/0x2440 [ 278.488241][ T7674] ? __lock_acquire+0xab9/0xd20 [ 278.488305][ T7674] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 278.488403][ T7674] kill_f2fs_super+0x2cc/0x6d0 [ 278.488437][ T7674] ? __pfx_kill_f2fs_super+0x10/0x10 [ 278.488486][ T7674] ? shrinker_free+0x2ce/0x3e0 [ 278.488519][ T7674] deactivate_locked_super+0xbc/0x130 [ 278.488553][ T7674] cleanup_mnt+0x425/0x4c0 [ 278.488582][ T7674] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.488610][ T7674] task_work_run+0x1d4/0x260 [ 278.488639][ T7674] ? __pfx_task_work_run+0x10/0x10 [ 278.488661][ T7674] ? __x64_sys_umount+0x122/0x160 [ 278.488688][ T7674] ? exit_to_user_mode_loop+0x40/0x130 [ 278.488720][ T7674] exit_to_user_mode_loop+0xe9/0x130 [ 278.488749][ T7674] do_syscall_64+0x2bd/0xfa0 [ 278.488772][ T7674] ? lockdep_hardirqs_on+0x9c/0x150 [ 278.488795][ T7674] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.488812][ T7674] ? clear_bhb_loop+0x60/0xb0 [ 278.488835][ T7674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 278.488854][ T7674] RIP: 0033:0x7f994c9901f7 [ 278.488873][ T7674] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 278.488890][ T7674] RSP: 002b:00007ffe5e1d5938 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 278.488911][ T7674] RAX: 0000000000000000 RBX: 00007f994ca11d7d RCX: 00007f994c9901f7 [ 278.488925][ T7674] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe5e1d59f0 [ 278.488938][ T7674] RBP: 00007ffe5e1d59f0 R08: 0000000000000000 R09: 0000000000000000 [ 278.488950][ T7674] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe5e1d6a80 [ 278.488963][ T7674] R13: 00007f994ca11d7d R14: 0000000000043f80 R15: 00007ffe5e1d6ac0 [ 278.489003][ T7674] [ 278.489011][ T7674] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 278.525388][ T24] usb 5-1: USB disconnect, device number 17 [ 278.871933][T11266] loop3: detected capacity change from 0 to 512 [ 278.889019][T11266] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 278.982445][T11266] FAT-fs (loop3): error, invalid access to FAT (entry 0x0fffff00) [ 279.181060][T11278] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 279.951323][T11302] loop2: detected capacity change from 0 to 4096 [ 279.975305][T11302] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512). [ 280.402991][T11325] loop4: detected capacity change from 0 to 1024 [ 280.423042][T11325] EXT4-fs: Ignoring removed nobh option [ 280.441249][T11325] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 280.461324][T11325] EXT4-fs error (device loop4): ext4_ext_check_inode:523: inode #11: comm syz.4.2121: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 280.484065][T11325] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.2121: couldn't read orphan inode 11 (err -117) [ 280.501456][T11325] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 280.560975][T11325] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:483: comm syz.4.2121: Invalid block bitmap block 0 in block_group 0 [ 280.582304][T11325] Quota error (device loop4): write_blk: dquota write failed [ 280.593824][T11325] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 280.606914][T11325] EXT4-fs error (device loop4): ext4_acquire_dquot:6945: comm syz.4.2121: Failed to acquire dquot type 0 [ 280.741099][ T5867] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 280.805056][ T13] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-8 [ 280.828322][ T13] EXT4-fs error (device loop4): ext4_release_dquot:6981: comm kworker/u8:1: Failed to release dquot type 0 [ 280.902304][T11347] loop3: detected capacity change from 0 to 256 [ 281.091338][T11353] netlink: 'syz.0.2133': attribute type 2 has an invalid length. [ 281.189904][T11361] loop1: detected capacity change from 0 to 8 [ 281.783877][T11357] loop3: detected capacity change from 0 to 32768 [ 281.834625][T11357] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.2135 (11357) [ 281.882373][T11357] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 281.897194][T11357] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 282.004110][T11357] BTRFS info (device loop3): enabling ssd optimizations [ 282.018304][T11357] BTRFS info (device loop3): enabling free space tree [ 282.040958][T11357] BTRFS info (device loop3): use zstd compression, level 3 [ 282.265305][ T5879] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 282.554344][ T5931] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 282.731285][ T5931] usb 1-1: Using ep0 maxpacket: 8 [ 282.740406][ T5931] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 282.755124][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 282.784504][ T5931] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 282.807495][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 282.815112][T11411] loop4: detected capacity change from 0 to 32768 [ 282.846098][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 282.871426][ T5931] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 282.885532][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 282.914857][ T5931] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 282.936987][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 282.968020][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 283.000565][ T5931] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 283.019599][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 283.062618][ T5931] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 283.084556][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 283.110204][ T5931] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 283.140380][ T5931] usb 1-1: string descriptor 0 read error: -22 [ 283.154672][ T5931] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 283.163828][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.204268][ T5931] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 283.395018][ T5873] Bluetooth: hci1: command 0x0406 tx timeout [ 283.428809][ T5931] usb 1-1: USB disconnect, device number 18 [ 283.633486][T11451] Bluetooth: received HCILL_WAKE_UP_IND in state 2 [ 283.648629][ T12] Bluetooth: hci5: Frame reassembly failed (-84) [ 283.708999][T11455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2169'. [ 283.833263][T11460] loop1: detected capacity change from 0 to 1024 [ 283.840494][T11460] EXT4-fs: Ignoring removed bh option [ 283.849874][T11460] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled [ 283.868572][T11460] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 283.908159][ T7674] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 284.109094][T11468] loop1: detected capacity change from 0 to 2048 [ 284.124092][T11468] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 284.313552][T11475] loop1: detected capacity change from 0 to 512 [ 284.347303][T11475] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x61000000 (sector = 1) [ 284.859616][T11480] loop3: detected capacity change from 0 to 40427 [ 284.872826][T11480] F2FS-fs (loop3): invalid crc value [ 285.201584][T11480] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 285.232970][T11480] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 285.331717][ T5879] syz-executor: attempt to access beyond end of device [ 285.331717][ T5879] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 285.363916][ T5879] CPU: 0 UID: 0 PID: 5879 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 285.363947][ T5879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 285.363960][ T5879] Call Trace: [ 285.363968][ T5879] [ 285.363977][ T5879] dump_stack_lvl+0x189/0x250 [ 285.364011][ T5879] ? __pfx_dump_stack_lvl+0x10/0x10 [ 285.364035][ T5879] ? __pfx_queue_work_on+0x10/0x10 [ 285.364054][ T5879] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 285.364079][ T5879] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 285.364119][ T5879] f2fs_handle_critical_error+0x37c/0x540 [ 285.364155][ T5879] f2fs_write_end_io+0x886/0xb60 [ 285.364204][ T5879] __submit_merged_bio+0x27a/0x6a0 [ 285.364233][ T5879] __submit_merged_write_cond+0x255/0x530 [ 285.364275][ T5879] f2fs_write_data_pages+0x261d/0x3000 [ 285.364347][ T5879] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.364447][ T5879] ? stack_trace_save+0x9c/0xe0 [ 285.364471][ T5879] ? __pfx_stack_trace_save+0x10/0x10 [ 285.364517][ T5879] ? __lock_acquire+0xab9/0xd20 [ 285.364558][ T5879] ? do_raw_spin_lock+0x121/0x290 [ 285.364598][ T5879] ? do_raw_spin_unlock+0x122/0x240 [ 285.364622][ T5879] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 285.364649][ T5879] do_writepages+0x32e/0x550 [ 285.364687][ T5879] ? do_raw_spin_unlock+0x122/0x240 [ 285.364717][ T5879] filemap_fdatawrite+0x199/0x240 [ 285.364739][ T5879] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 285.364829][ T5879] ? do_raw_spin_unlock+0x122/0x240 [ 285.364860][ T5879] f2fs_sync_dirty_inodes+0x31f/0x830 [ 285.364908][ T5879] f2fs_write_checkpoint+0x93e/0x2440 [ 285.364934][ T5879] ? __lock_acquire+0xab9/0xd20 [ 285.365001][ T5879] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 285.365103][ T5879] kill_f2fs_super+0x2cc/0x6d0 [ 285.365138][ T5879] ? __pfx_kill_f2fs_super+0x10/0x10 [ 285.365189][ T5879] ? shrinker_free+0x2ce/0x3e0 [ 285.365224][ T5879] deactivate_locked_super+0xbc/0x130 [ 285.365260][ T5879] cleanup_mnt+0x425/0x4c0 [ 285.365292][ T5879] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.365321][ T5879] task_work_run+0x1d4/0x260 [ 285.365352][ T5879] ? __pfx_task_work_run+0x10/0x10 [ 285.365382][ T5879] ? __x64_sys_umount+0x122/0x160 [ 285.365411][ T5879] ? exit_to_user_mode_loop+0x40/0x130 [ 285.365445][ T5879] exit_to_user_mode_loop+0xe9/0x130 [ 285.365474][ T5879] do_syscall_64+0x2bd/0xfa0 [ 285.365498][ T5879] ? lockdep_hardirqs_on+0x9c/0x150 [ 285.365522][ T5879] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.365543][ T5879] ? clear_bhb_loop+0x60/0xb0 [ 285.365570][ T5879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 285.365595][ T5879] RIP: 0033:0x7f1db3d901f7 [ 285.365615][ T5879] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 285.365633][ T5879] RSP: 002b:00007fff3d900138 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 285.365655][ T5879] RAX: 0000000000000000 RBX: 00007f1db3e11d7d RCX: 00007f1db3d901f7 [ 285.365672][ T5879] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff3d9001f0 [ 285.365686][ T5879] RBP: 00007fff3d9001f0 R08: 0000000000000000 R09: 0000000000000000 [ 285.365699][ T5879] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff3d901280 [ 285.365713][ T5879] R13: 00007f1db3e11d7d R14: 0000000000045a52 R15: 00007fff3d9012c0 [ 285.365754][ T5879] [ 285.713784][ T5879] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 285.721457][ T5873] Bluetooth: hci5: command 0x1003 tx timeout [ 285.722735][ T5186] Bluetooth: hci5: Opcode 0x1003 failed: -110 [ 285.755538][T11521] loop1: detected capacity change from 0 to 512 [ 285.829679][T11525] program syz.0.2196 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 285.871274][T11521] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 285.895051][T11521] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002] [ 285.918528][T11521] System zones: 0-1, 15-15, 18-18, 34-34 [ 285.966517][T11521] EXT4-fs (loop1): orphan cleanup on readonly fs [ 285.972995][T11521] Quota error (device loop1): v2_read_header: Failed header read: expected=8 got=0 [ 286.039907][T11521] EXT4-fs warning (device loop1): ext4_enable_quotas:7180: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 286.084424][T11521] EXT4-fs (loop1): Cannot turn on quotas: error -22 [ 286.102292][T11521] EXT4-fs (loop1): 1 truncate cleaned up [ 286.123516][T11521] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 286.196672][ T7674] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 286.204510][ T5982] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 286.317479][T11539] netlink: 'syz.0.2202': attribute type 3 has an invalid length. [ 286.336023][T11539] netlink: 'syz.0.2202': attribute type 3 has an invalid length. [ 286.386216][ T5982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.406451][ T5982] usb 3-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00 [ 286.437038][ T5982] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.454750][ T5982] usb 3-1: config 0 descriptor?? [ 286.669512][T11551] input: syz1 as /devices/virtual/input/input24 [ 286.704093][T11554] syzkaller0: tun_chr_ioctl cmd 1074025672 [ 286.710557][T11554] syzkaller0: ignored: set checksum enabled [ 286.902885][ T5982] logitech-djreceiver 0003:046D:C71F.0010: hidraw0: USB HID v0.00 Device [HID 046d:c71f] on usb-dummy_hcd.2-1/input0 [ 286.963219][T11571] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 286.970562][T11571] IPv6: NLM_F_CREATE should be set when creating new route [ 286.977892][T11571] IPv6: NLM_F_CREATE should be set when creating new route [ 286.985172][T11571] IPv6: NLM_F_CREATE should be set when creating new route [ 287.099087][ T24] usb 3-1: USB disconnect, device number 15 [ 287.208583][T11579] loop4: detected capacity change from 0 to 128 [ 287.234379][ T5982] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 287.304036][T11569] loop1: detected capacity change from 0 to 32768 [ 287.320383][T11569] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 287.347810][T11569] XFS (loop1): Ending clean mount [ 287.384275][ T5982] usb 1-1: Using ep0 maxpacket: 8 [ 287.393014][ T5982] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 287.412713][ T5982] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 287.423598][ T7674] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 287.423838][ T5982] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 287.444790][ T5982] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 287.457866][ T5982] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 287.467080][ T5982] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.686046][ T5982] usb 1-1: GET_CAPABILITIES returned 0 [ 287.701950][ T5982] usbtmc 1-1:16.0: can't read capabilities [ 287.908700][ T9] usb 1-1: USB disconnect, device number 19 [ 288.151895][T11619] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2234'. [ 288.288519][T11625] loop1: detected capacity change from 0 to 2048 [ 288.295153][ T24] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 288.311314][T11625] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 288.461724][ T24] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 288.487573][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.508712][ T24] usb 4-1: config 0 descriptor?? [ 288.516928][ T24] cp210x 4-1:0.0: cp210x converter detected [ 288.627024][T11638] netlink: 'syz.0.2244': attribute type 16 has an invalid length. [ 288.635254][T11638] netlink: 'syz.0.2244': attribute type 17 has an invalid length. [ 288.926673][ T24] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 288.959091][ T24] usb 4-1: cp210x converter now attached to ttyUSB0 [ 289.107503][T11652] loop6: detected capacity change from 0 to 524288000 [ 289.156262][ T24] usb 4-1: USB disconnect, device number 25 [ 289.203830][ T24] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 289.205458][T11652] loop6: detected capacity change from 524288000 to 0 [ 289.232952][ T24] cp210x 4-1:0.0: device disconnected [ 289.479948][T11666] IPv6: NLM_F_CREATE should be specified when creating new route [ 290.103549][T11695] ipvlan3: entered promiscuous mode [ 290.112164][T11695] 8021q: adding VLAN 0 to HW filter on device ipvlan3 [ 290.244284][ T5982] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 290.415966][ T5982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.444260][ T5982] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 290.464328][ T5982] usb 2-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 290.491394][ T5982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.505969][T11715] loop2: detected capacity change from 0 to 1024 [ 290.518900][ T5982] usb 2-1: config 0 descriptor?? [ 290.564029][T11715] hfsplus: xattr search failed [ 290.804335][T11731] team0: Device gtp0 is of different type [ 290.941473][ T5982] hid-thrustmaster 0003:044F:B65D.0011: unknown main item tag 0x0 [ 290.984676][ T5982] hid-thrustmaster 0003:044F:B65D.0011: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.1-1/input0 [ 291.015506][ T5982] hid-thrustmaster 0003:044F:B65D.0011: Wrong number of endpoints? [ 291.164722][ C1] hid-thrustmaster 0003:044F:B65D.0011: Unknown packet type 0x0, unable to proceed further with wheel init [ 291.198737][T11748] loop3: detected capacity change from 0 to 512 [ 291.204320][ T24] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 291.286582][T11748] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 291.324294][T11748] ext4 filesystem being mounted at /426/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 291.362992][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 291.379002][ T5982] usb 2-1: USB disconnect, device number 9 [ 291.391448][T11753] loop2: detected capacity change from 0 to 4096 [ 291.409039][ T24] usb 1-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 291.420568][T11753] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512). [ 291.422391][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.432807][ T5879] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 291.449082][ T24] usb 1-1: Product: syz [ 291.453415][ T24] usb 1-1: Manufacturer: syz [ 291.462666][ T24] usb 1-1: SerialNumber: syz [ 291.478271][ T24] r8152-cfgselector 1-1: Unknown version 0x0000 [ 291.489777][ T24] r8152-cfgselector 1-1: config 0 descriptor?? [ 291.518291][T11753] ntfs3(loop2): Failed to load $Secure (-22). [ 291.528683][T11753] ntfs3(loop2): Failed to initialize $Secure (-22). [ 291.715852][ T24] r8152-cfgselector 1-1: Needed 1 retries to read version [ 291.723205][ T24] r8152-cfgselector 1-1: Unknown version 0x1890 [ 291.743873][ T24] r8152-cfgselector 1-1: bad CDC descriptors [ 291.932428][ T24] r8152-cfgselector 1-1: USB disconnect, device number 20 [ 292.062516][T11744] loop4: detected capacity change from 0 to 65536 [ 292.102327][T11744] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 292.169570][T11744] XFS (loop4): Ending clean mount [ 292.223017][T11787] loop3: detected capacity change from 0 to 256 [ 292.265741][T11787] exfat: Deprecated parameter 'utf8' [ 292.298314][T11787] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x40a90196, utbl_chksum : 0xe619d30d) [ 292.372209][ T5867] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 292.997787][T11797] netlink: 'syz.4.2308': attribute type 1 has an invalid length. [ 293.014429][T11797] netlink: 144 bytes leftover after parsing attributes in process `syz.4.2308'. [ 293.023871][T11797] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2308'. [ 293.308865][T11815] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2320'. [ 293.322667][T11815] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2320'. [ 293.331798][T11815] netlink: 'syz.1.2320': attribute type 11 has an invalid length. [ 293.360950][T11813] loop2: detected capacity change from 0 to 2048 [ 293.383298][T11818] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 293.434272][ T5878] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 293.521784][T11818] NILFS (loop2): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3) [ 293.541107][T11818] NILFS error (device loop2): nilfs_bmap_propagate: broken bmap (inode number=4) [ 293.556105][T11818] Remounting filesystem read-only [ 293.563348][ T5880] NILFS (loop2): disposed unprocessed dirty file(s) when stopping log writer [ 293.594260][ T5878] usb 5-1: Using ep0 maxpacket: 16 [ 293.611517][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.646713][ T5878] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 293.671918][ T5878] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 293.700639][ T5878] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 293.714307][ T5878] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.727922][ T5878] usb 5-1: config 0 descriptor?? [ 293.904600][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 294.082915][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 294.096298][ T9] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 294.100982][T11852] macvlan0: entered promiscuous mode [ 294.111909][T11852] netlink: 'syz.1.2338': attribute type 1 has an invalid length. [ 294.116484][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 294.120910][T11852] netlink: 'syz.1.2338': attribute type 2 has an invalid length. [ 294.148505][ T9] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 294.162178][ T5878] microsoft 0003:045E:07DA.0012: ignoring exceeding usage max [ 294.163696][ T9] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 294.185870][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.202443][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 294.205800][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.215570][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.243069][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.258011][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.270818][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.282007][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.289484][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.318245][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.335839][ T5878] microsoft 0003:045E:07DA.0012: unknown main item tag 0x0 [ 294.343200][ T5878] microsoft 0003:045E:07DA.0012: unsupported Resolution Multiplier 0 [ 294.360041][ T5878] microsoft 0003:045E:07DA.0012: unsupported Resolution Multiplier 0 [ 294.370758][ T5878] microsoft 0003:045E:07DA.0012: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 294.382428][ T5878] microsoft 0003:045E:07DA.0012: no inputs found [ 294.389137][ T5878] microsoft 0003:045E:07DA.0012: could not initialize ff, continuing anyway [ 294.447670][ T9] usb 3-1: GET_CAPABILITIES returned 0 [ 294.460416][ T9] usbtmc 3-1:16.0: can't read capabilities [ 294.568183][ T9] usb 5-1: USB disconnect, device number 18 [ 294.678527][ T5950] usb 3-1: USB disconnect, device number 16 [ 294.862212][T11882] netlink: 'syz.1.2351': attribute type 9 has an invalid length. [ 294.941654][T11886] loop1: detected capacity change from 0 to 2048 [ 294.950389][T11886] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=18576, location=18576 [ 294.970825][T11886] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 295.015212][T11886] UDF-fs: warning (device loop1): udf_truncate_tail_extent: Too long extent after EOF in inode 1346: i_size: 10 lbcount: 1536 extent 6+1536 [ 295.347089][T11904] loop1: detected capacity change from 0 to 2048 [ 295.368329][T11904] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 295.393322][ T30] audit: type=1800 audit(1758906450.118:112): pid=11904 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2363" name="file1" dev="loop1" ino=1335 res=0 errno=0 [ 295.913723][T11905] loop3: detected capacity change from 0 to 32768 [ 295.928908][ T9] IPVS: starting estimator thread 0... [ 295.959691][T11905] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 296.035812][T11936] IPVS: using max 26 ests per chain, 62400 per kthread [ 296.054005][T11905] XFS (loop3): Ending clean mount [ 296.133290][ T30] audit: type=1800 audit(1758906450.858:113): pid=11905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2361" name="bus" dev="loop3" ino=6153 res=0 errno=0 [ 296.242677][ T5879] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 296.772459][T11971] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 296.793846][T11972] loop1: detected capacity change from 0 to 512 [ 296.836194][T11972] EXT4-fs: Ignoring removed orlov option [ 296.845962][T11972] EXT4-fs: Ignoring removed nobh option [ 296.875561][T11972] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 296.918277][T11972] EXT4-fs (loop1): orphan cleanup on readonly fs [ 296.965797][T11972] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.2384: bg 0: block 248: padding at end of block bitmap is not set [ 296.989588][T11972] Quota error (device loop1): write_blk: dquota write failed [ 296.998666][T11972] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 297.009253][T11972] EXT4-fs error (device loop1): ext4_acquire_dquot:6945: comm syz.1.2384: Failed to acquire dquot type 1 [ 297.032343][T11972] EXT4-fs (loop1): 1 truncate cleaned up [ 297.043137][ T30] audit: type=1326 audit(1758906451.768:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.2.2391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdee78eec9 code=0x7ffc0000 [ 297.067053][ T30] audit: type=1326 audit(1758906451.768:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.2.2391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdee78eec9 code=0x7ffc0000 [ 297.089873][ T30] audit: type=1326 audit(1758906451.768:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.2.2391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7fbdee78eec9 code=0x7ffc0000 [ 297.119644][T11972] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 297.152515][ T30] audit: type=1326 audit(1758906451.768:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.2.2391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdee78eec9 code=0x7ffc0000 [ 297.202302][T11972] EXT4-fs: Ignoring removed orlov option [ 297.215509][ T30] audit: type=1326 audit(1758906451.768:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11982 comm="syz.2.2391" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbdee78eec9 code=0x7ffc0000 [ 297.238474][T11972] EXT4-fs: Ignoring removed nobh option [ 297.260201][T11972] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 297.280903][T11972] EXT4-fs (loop1): warning: mounting fs with errors, running e2fsck is recommended [ 297.326627][T11972] EXT4-fs error (device loop1): __ext4_remount:6748: comm syz.1.2384: Abort forced by user [ 297.338229][T11972] EXT4-fs (loop1): Remounting filesystem read-only [ 297.348954][T11972] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 r/w. [ 297.357891][T11972] ext4 filesystem being remounted at /365/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 297.395015][T11972] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000. [ 297.446590][ T7674] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 297.544288][ T9] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 297.737816][ T9] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 297.761762][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.784652][ T9] usb 1-1: Product: syz [ 297.788882][ T9] usb 1-1: Manufacturer: syz [ 297.814004][ T9] usb 1-1: SerialNumber: syz [ 297.845278][ T9] usb 1-1: config 0 descriptor?? [ 297.853656][ T9] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 021 [ 298.257194][ T9] (null): failure reading functionality [ 298.274966][ T9] i2c i2c-2: failure reading functionality [ 298.295446][ T9] i2c i2c-2: connected i2c-tiny-usb device [ 298.321096][ T9] usb 1-1: USB disconnect, device number 21 [ 298.396165][T12023] veth1_macvtap: left promiscuous mode [ 298.442060][T12012] loop1: detected capacity change from 0 to 40427 [ 298.473391][T12012] F2FS-fs (loop1): invalid crc value [ 298.539161][T12031] loop3: detected capacity change from 0 to 128 [ 298.562745][T12031] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 298.586888][T12031] ext4 filesystem being mounted at /456/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 298.610521][T12012] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 298.622171][T12012] F2FS-fs (loop1): Start checkpoint disabled! [ 298.630240][T12012] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 298.650053][T12012] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 298.680842][ T5879] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 298.700118][T12036] vlan3: entered allmulticast mode [ 298.784487][ T30] audit: type=1804 audit(1758906453.488:119): pid=12012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2405" name="/newroot/367/file1/bus" dev="loop1" ino=10 res=1 errno=0 [ 298.844682][ T13] kworker/u8:1: attempt to access beyond end of device [ 298.844682][ T13] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 298.880647][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 298.880693][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 298.880716][ T13] Workqueue: writeback wb_workfn (flush-7:1) [ 298.880758][ T13] Call Trace: [ 298.880779][ T13] [ 298.880787][ T13] dump_stack_lvl+0x189/0x250 [ 298.880817][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 298.880843][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 298.880861][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 298.880886][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 298.880924][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 298.880957][ T13] f2fs_write_end_io+0x886/0xb60 [ 298.881007][ T13] __submit_merged_bio+0x27a/0x6a0 [ 298.881036][ T13] __submit_merged_write_cond+0x255/0x530 [ 298.881080][ T13] f2fs_write_data_pages+0x261d/0x3000 [ 298.881149][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 298.881194][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 298.881270][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 298.881292][ T13] ? look_up_lock_class+0x74/0x170 [ 298.881328][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 298.881352][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 298.881393][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 298.881433][ T13] ? __lock_acquire+0xab9/0xd20 [ 298.881472][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 298.881498][ T13] do_writepages+0x32e/0x550 [ 298.881527][ T13] ? reacquire_held_locks+0x127/0x1d0 [ 298.881546][ T13] ? writeback_sb_inodes+0x384/0x1010 [ 298.881582][ T13] __writeback_single_inode+0x145/0xff0 [ 298.881606][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 298.881638][ T13] writeback_sb_inodes+0x6c7/0x1010 [ 298.881699][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 298.881809][ T13] ? rcu_is_watching+0x15/0xb0 [ 298.881843][ T13] wb_writeback+0x43b/0xaf0 [ 298.881878][ T13] ? queue_io+0x351/0x590 [ 298.881906][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 298.881942][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 298.881973][ T13] wb_workfn+0x409/0xef0 [ 298.882025][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 298.882064][ T13] ? __lock_acquire+0xab9/0xd20 [ 298.882108][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 298.882148][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 298.882169][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 298.882199][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 298.882231][ T13] process_scheduled_works+0xae1/0x17b0 [ 298.882302][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 298.882357][ T13] worker_thread+0x8a0/0xda0 [ 298.882426][ T13] kthread+0x711/0x8a0 [ 298.882456][ T13] ? __pfx_worker_thread+0x10/0x10 [ 298.882486][ T13] ? __pfx_kthread+0x10/0x10 [ 298.882512][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 298.882535][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 298.882558][ T13] ? __pfx_kthread+0x10/0x10 [ 298.882583][ T13] ret_from_fork+0x4bc/0x870 [ 298.882618][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 298.882659][ T13] ? __switch_to_asm+0x39/0x70 [ 298.882683][ T13] ? __switch_to_asm+0x33/0x70 [ 298.882706][ T13] ? __pfx_kthread+0x10/0x10 [ 298.882730][ T13] ret_from_fork_asm+0x1a/0x30 [ 298.882785][ T13] [ 298.882793][ T13] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 299.424098][T12055] loop2: detected capacity change from 0 to 1024 [ 299.431692][T12055] EXT4-fs: Ignoring removed nomblk_io_submit option [ 299.476290][T12055] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 299.540120][T12059] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 299.769826][ T5880] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 300.509027][T12086] loop2: detected capacity change from 0 to 512 [ 300.667204][T12092] loop4: detected capacity change from 0 to 128 [ 300.754883][T12094] syz.3.2438 (12094): drop_caches: 4 [ 300.853048][T12096] loop4: detected capacity change from 0 to 2048 [ 300.879849][T12096] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 300.975461][T12078] loop1: detected capacity change from 0 to 32768 [ 301.053970][T12078] JBD2: Ignoring recovery information on journal [ 301.193542][T12078] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 301.408898][ T7674] ocfs2: Unmounting device (7,1) on (node local) [ 301.632533][T12100] loop3: detected capacity change from 0 to 40427 [ 301.645331][T12100] F2FS-fs (loop3): Invalid log_blocksize (64), supports only 12 [ 301.653038][T12100] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 301.687709][T12100] F2FS-fs (loop3): invalid crc value [ 301.809685][T12100] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 301.826499][T12134] loop4: detected capacity change from 0 to 1024 [ 301.835505][T12100] F2FS-fs (loop3): Start checkpoint disabled! [ 301.870655][T12100] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0 [ 301.894076][T12100] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 301.913401][T12100] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6 [ 301.974514][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 301.974534][ T30] audit: type=1800 audit(1758906456.698:121): pid=12100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2441" name="file1" dev="loop3" ino=10 res=0 errno=0 [ 302.001531][ C0] vkms_vblank_simulate: vblank timer overrun [ 302.020012][ T13] kworker/u8:1: attempt to access beyond end of device [ 302.020012][ T13] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 302.041362][ T13] CPU: 1 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 302.041391][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 302.041406][ T13] Workqueue: writeback wb_workfn (flush-7:3) [ 302.041476][ T13] Call Trace: [ 302.041485][ T13] [ 302.041494][ T13] dump_stack_lvl+0x189/0x250 [ 302.041527][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 302.041551][ T13] ? __pfx_queue_work_on+0x10/0x10 [ 302.041570][ T13] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 302.041595][ T13] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 302.041635][ T13] f2fs_handle_critical_error+0x37c/0x540 [ 302.041669][ T13] f2fs_write_end_io+0x886/0xb60 [ 302.041719][ T13] __submit_merged_bio+0x27a/0x6a0 [ 302.041752][ T13] __submit_merged_write_cond+0x255/0x530 [ 302.041797][ T13] f2fs_write_data_pages+0x261d/0x3000 [ 302.041869][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 302.041914][ T13] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 302.041988][ T13] ? __pfx_f2fs_balance_fs_bg+0x10/0x10 [ 302.042012][ T13] ? look_up_lock_class+0x74/0x170 [ 302.042051][ T13] ? trace_f2fs_writepages+0x7f/0x200 [ 302.042075][ T13] ? f2fs_write_node_pages+0x478/0x6e0 [ 302.042115][ T13] ? __pfx_f2fs_write_node_pages+0x10/0x10 [ 302.042156][ T13] ? __lock_acquire+0xab9/0xd20 [ 302.042200][ T13] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 302.042227][ T13] do_writepages+0x32e/0x550 [ 302.042255][ T13] ? reacquire_held_locks+0x127/0x1d0 [ 302.042275][ T13] ? writeback_sb_inodes+0x384/0x1010 [ 302.042310][ T13] __writeback_single_inode+0x145/0xff0 [ 302.042334][ T13] ? do_raw_spin_unlock+0x122/0x240 [ 302.042365][ T13] writeback_sb_inodes+0x6c7/0x1010 [ 302.042425][ T13] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 302.042516][ T13] ? rcu_is_watching+0x15/0xb0 [ 302.042551][ T13] wb_writeback+0x43b/0xaf0 [ 302.042585][ T13] ? queue_io+0x351/0x590 [ 302.042613][ T13] ? __pfx_wb_writeback+0x10/0x10 [ 302.042648][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 302.042679][ T13] wb_workfn+0x409/0xef0 [ 302.042731][ T13] ? __pfx_wb_workfn+0x10/0x10 [ 302.042770][ T13] ? __lock_acquire+0xab9/0xd20 [ 302.042814][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 302.042854][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 302.042876][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 302.042905][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 302.042939][ T13] process_scheduled_works+0xae1/0x17b0 [ 302.043012][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 302.043069][ T13] worker_thread+0x8a0/0xda0 [ 302.043139][ T13] kthread+0x711/0x8a0 [ 302.043168][ T13] ? __pfx_worker_thread+0x10/0x10 [ 302.043199][ T13] ? __pfx_kthread+0x10/0x10 [ 302.043226][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 302.043249][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 302.043271][ T13] ? __pfx_kthread+0x10/0x10 [ 302.043296][ T13] ret_from_fork+0x4bc/0x870 [ 302.043330][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 302.043371][ T13] ? __switch_to_asm+0x39/0x70 [ 302.043396][ T13] ? __switch_to_asm+0x33/0x70 [ 302.043419][ T13] ? __pfx_kthread+0x10/0x10 [ 302.043445][ T13] ret_from_fork_asm+0x1a/0x30 [ 302.043504][ T13] [ 302.043797][ T13] F2FS-fs (loop3): Stopped filesystem due to reason: 3 [ 302.514998][ T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 302.684451][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 302.691818][ T9] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 302.714020][ T9] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 302.733591][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.742145][ T9] usb 3-1: Product: syz [ 302.746395][ T9] usb 3-1: Manufacturer: syz [ 302.751190][ T9] usb 3-1: SerialNumber: syz [ 302.763700][ T9] usb 3-1: config 0 descriptor?? [ 302.774309][ T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 302.782463][ T9] usb 3-1: setting power ON [ 302.795969][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 302.815037][ T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 302.825426][ T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 302.833967][ T9] usb 3-1: media controller created [ 302.923507][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 302.986617][ T9] usb 3-1: selecting invalid altsetting 6 [ 303.002424][ T9] usb 3-1: digital interface selection failed (-22) [ 303.012514][ T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 303.047636][ T9] usb 3-1: setting power OFF [ 303.053194][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 303.066824][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 303.086446][ T9] (NULL device *): no alternate interface [ 303.177345][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 303.233564][ T9] usb 3-1: USB disconnect, device number 17 [ 303.264055][T12172] loop3: detected capacity change from 0 to 64 [ 303.329760][T12176] netlink: 'syz.4.2473': attribute type 3 has an invalid length. [ 303.744667][T12197] syz_tun: entered allmulticast mode [ 303.762092][T12196] syz_tun: left allmulticast mode [ 304.235997][T12219] loop1: detected capacity change from 0 to 256 [ 304.243178][T12219] exfat: Deprecated parameter 'namecase' [ 304.259380][T12219] exfat: Deprecated parameter 'utf8' [ 304.280682][T12219] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 304.328277][ T30] audit: type=1800 audit(1758906459.058:122): pid=12219 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2493" name="file1" dev="loop1" ino=1048673 res=0 errno=0 [ 304.554472][ T5878] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 304.714267][ T5878] usb 3-1: Using ep0 maxpacket: 16 [ 304.726176][ T5878] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 304.741481][ T5878] usb 3-1: config 0 has no interface number 0 [ 304.758548][ T5878] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 304.780371][ T5878] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 304.800931][ T5878] usb 3-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 304.824192][ T5878] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.845984][ T5878] usb 3-1: config 0 descriptor?? [ 305.243778][T12241] netlink: 32 bytes leftover after parsing attributes in process `syz.0.2504'. [ 305.464462][ T5878] uclogic 0003:28BD:0071.0013: pen parameters not found [ 305.485520][ T5878] uclogic 0003:28BD:0071.0013: interface is invalid, ignoring [ 305.543947][T12234] loop1: detected capacity change from 0 to 131072 [ 305.561702][T12234] F2FS-fs (loop1): invalid crc value [ 305.565456][ T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 305.653461][T12234] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 305.680280][ T5878] usb 3-1: USB disconnect, device number 18 [ 305.699030][T12234] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 305.726039][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 305.741150][ T24] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 305.754923][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.763941][ T24] usb 1-1: Product: syz [ 305.771298][ T24] usb 1-1: Manufacturer: syz [ 305.777177][ T24] usb 1-1: SerialNumber: syz [ 305.784703][ T24] usb 1-1: config 0 descriptor?? [ 305.989475][T12252] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 306.243317][ T24] usb 1-1: USB disconnect, device number 22 [ 306.415424][T12261] 9p: Unknown access argument 18446744073709551615: -34 [ 306.639572][T12267] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2513'. [ 411.854121][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 411.861135][ C0] rcu: 1-...!: (1 GPs behind) idle=cb04/1/0x4000000000000000 softirq=50510/50511 fqs=3 [ 411.872230][ C0] rcu: (detected by 0, t=10502 jiffies, g=46625, q=259 ncpus=2) [ 411.879983][ C0] Sending NMI from CPU 0 to CPUs 1: [ 411.880020][ C1] NMI backtrace for cpu 1 [ 411.880047][ C1] CPU: 1 UID: 0 PID: 12276 Comm: syz.0.2517 Not tainted syzkaller #0 PREEMPT(full) [ 411.880068][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 411.880083][ C1] RIP: 0010:__sanitizer_cov_trace_const_cmp8+0x11/0x90 [ 411.880114][ C1] Code: cc cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 40 c2 92 <65> 8b 15 18 e0 01 11 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 [ 411.880129][ C1] RSP: 0018:ffffc90000a08c68 EFLAGS: 00000806 [ 411.880145][ C1] RAX: ffffffff89a5ccaa RBX: ffff888058d8cd28 RCX: ffff8880649b9e40 [ 411.880158][ C1] RDX: ffff8880649b9e40 RSI: 0000000000000000 RDI: 0000000000000010 [ 411.880170][ C1] RBP: 0000000000000001 R08: 0000000000000003 R09: 0000000000000004 [ 411.880180][ C1] R10: dffffc0000000000 R11: fffff5200014117c R12: dffffc0000000000 [ 411.880194][ C1] R13: ffff888058d8c8c0 R14: ffff888058d8c940 R15: 0000000000000000 [ 411.880206][ C1] FS: 00007ff168a586c0(0000) GS:ffff888125afc000(0000) knlGS:0000000000000000 [ 411.880220][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 411.880232][ C1] CR2: 00007ff15d8ffc00 CR3: 0000000075518000 CR4: 00000000003526f0 [ 411.880251][ C1] Call Trace: [ 411.880260][ C1] [ 411.880267][ C1] advance_sched+0x51a/0xc90 [ 411.880302][ C1] ? __pfx_advance_sched+0x10/0x10 [ 411.880322][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 411.880359][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 411.880384][ C1] ? read_tsc+0x9/0x20 [ 411.880410][ C1] hrtimer_interrupt+0x45b/0xaa0 [ 411.880451][ C1] __sysvec_apic_timer_interrupt+0x10b/0x410 [ 411.880479][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 411.880500][ C1] [ 411.880506][ C1] [ 411.880512][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 411.880531][ C1] RIP: 0010:_raw_spin_unlock_irqrestore+0xa8/0x110 [ 411.880550][ C1] Code: 74 05 e8 0b db 45 f6 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f6 44 24 21 02 75 4f f7 c3 00 02 00 00 74 01 fb bf 01 00 00 00 43 65 0e f6 65 8b 05 dc 08 40 07 85 c0 74 40 48 c7 04 24 0e 36 [ 411.880564][ C1] RSP: 0018:ffffc900168a7600 EFLAGS: 00000206 [ 411.880578][ C1] RAX: f2244ab8d629f100 RBX: 0000000000000a06 RCX: f2244ab8d629f100 [ 411.880590][ C1] RDX: 0000000000000006 RSI: ffffffff8db9fb03 RDI: 0000000000000001 [ 411.880602][ C1] RBP: ffffc900168a7690 R08: ffffffff8fc35777 R09: 1ffffffff1f86aee [ 411.880614][ C1] R10: dffffc0000000000 R11: fffffbfff1f86aef R12: dffffc0000000000 [ 411.880626][ C1] R13: dffffc0000000000 R14: ffff88801c6a08d8 R15: 1ffff92002d14ec0 [ 411.880651][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 411.880669][ C1] ? rcu_is_watching+0x15/0xb0 [ 411.880685][ C1] ? lru_add+0xa2f/0xd80 [ 411.880709][ C1] ? lru_add+0x198/0xd80 [ 411.880733][ C1] folio_batch_move_lru+0x37e/0x420 [ 411.880757][ C1] ? __folio_batch_add_and_move+0x192/0xc60 [ 411.880781][ C1] ? __pfx_lru_add+0x10/0x10 [ 411.880803][ C1] ? __pfx_folio_batch_move_lru+0x10/0x10 [ 411.880833][ C1] __folio_batch_add_and_move+0x51c/0xc60 [ 411.880859][ C1] ? __pfx_lru_add+0x10/0x10 [ 411.880881][ C1] ? __pfx___folio_batch_add_and_move+0x10/0x10 [ 411.880909][ C1] ? folio_add_lru+0x1b2/0x3d0 [ 411.880933][ C1] shmem_alloc_and_add_folio+0xcb3/0xf60 [ 411.880955][ C1] ? filemap_get_entry+0xad/0x2f0 [ 411.880975][ C1] ? filemap_get_entry+0xad/0x2f0 [ 411.881003][ C1] ? filemap_get_entry+0x28f/0x2f0 [ 411.881025][ C1] ? __pfx_shmem_alloc_and_add_folio+0x10/0x10 [ 411.881045][ C1] ? shmem_allowable_huge_orders+0x1d7/0x4f0 [ 411.881066][ C1] shmem_get_folio_gfp+0x59d/0x1660 [ 411.881093][ C1] shmem_write_begin+0xf7/0x2b0 [ 411.881115][ C1] generic_perform_write+0x2c5/0x900 [ 411.881147][ C1] ? __pfx_generic_perform_write+0x10/0x10 [ 411.881171][ C1] ? preempt_count_add+0x91/0x1a0 [ 411.881195][ C1] ? mnt_put_write_access_file+0xb9/0x100 [ 411.881223][ C1] ? file_update_time+0x416/0x490 [ 411.881250][ C1] shmem_file_write_iter+0xf8/0x120 [ 411.881270][ C1] vfs_write+0x5c9/0xb30 [ 411.881291][ C1] ? __pfx_shmem_file_write_iter+0x10/0x10 [ 411.881311][ C1] ? __pfx_vfs_write+0x10/0x10 [ 411.881334][ C1] ? __fget_files+0x2a/0x420 [ 411.881360][ C1] ksys_write+0x145/0x250 [ 411.881379][ C1] ? __pfx_ksys_write+0x10/0x10 [ 411.881399][ C1] ? do_syscall_64+0xbe/0xfa0 [ 411.881421][ C1] do_syscall_64+0xfa/0xfa0 [ 411.881440][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 411.881460][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.881476][ C1] ? clear_bhb_loop+0x60/0xb0 [ 411.881495][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 411.881512][ C1] RIP: 0033:0x7ff167b8d97f [ 411.881527][ C1] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 411.881541][ C1] RSP: 002b:00007ff168a57df0 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 411.881557][ C1] RAX: ffffffffffffffda RBX: 0000000000100000 RCX: 00007ff167b8d97f [ 411.881569][ C1] RDX: 0000000000100000 RSI: 00007ff15d800000 RDI: 0000000000000003 [ 411.881580][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000c47 [ 411.881590][ C1] R10: 0000200000001b42 R11: 0000000000000293 R12: 0000000000000003 [ 411.881601][ C1] R13: 00007ff168a57ef0 R14: 00007ff168a57eb0 R15: 00007ff15d800000 [ 411.881624][ C1] [ 411.882012][ C0] rcu: rcu_preempt kthread starved for 10496 jiffies! g46625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 412.428587][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 412.438588][ C0] rcu: RCU grace-period kthread stack dump: [ 412.444575][ C0] task:rcu_preempt state:R running task stack:27224 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00080000 [ 412.458106][ C0] Call Trace: [ 412.461398][ C0] [ 412.464351][ C0] __schedule+0x1798/0x4cc0 [ 412.468907][ C0] ? __lock_acquire+0xab9/0xd20 [ 412.473789][ C0] ? __pfx___schedule+0x10/0x10 [ 412.478723][ C0] ? schedule+0x91/0x360 [ 412.483024][ C0] schedule+0x165/0x360 [ 412.487218][ C0] schedule_timeout+0x12b/0x270 [ 412.492089][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 412.497571][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 412.503487][ C0] ? __pfx_process_timeout+0x10/0x10 [ 412.508813][ C0] ? prepare_to_swait_event+0x341/0x380 [ 412.514392][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 412.519299][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 412.525483][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 412.530792][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 412.536015][ C0] ? finish_swait+0xcd/0x1f0 [ 412.540628][ C0] rcu_gp_kthread+0x99/0x390 [ 412.545258][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 412.550486][ C0] ? __kthread_parkme+0x7b/0x200 [ 412.555445][ C0] ? __kthread_parkme+0x1a1/0x200 [ 412.560499][ C0] kthread+0x711/0x8a0 [ 412.564595][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 412.569829][ C0] ? __pfx_kthread+0x10/0x10 [ 412.574444][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 412.579671][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.584891][ C0] ? __pfx_kthread+0x10/0x10 [ 412.589503][ C0] ret_from_fork+0x4bc/0x870 [ 412.594131][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 412.599283][ C0] ? __switch_to_asm+0x39/0x70 [ 412.604169][ C0] ? __switch_to_asm+0x33/0x70 [ 412.608958][ C0] ? __pfx_kthread+0x10/0x10 [ 412.613661][ C0] ret_from_fork_asm+0x1a/0x30 [ 412.618475][ C0] [ 412.621507][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 412.628540][ C0] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted syzkaller #0 PREEMPT(full) [ 412.637839][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025 [ 412.648348][ C0] Workqueue: writeback wb_workfn (flush-8:0) [ 412.654374][ C0] RIP: 0010:smp_call_function_many_cond+0xd33/0x12d0 [ 412.661080][ C0] Code: 45 8b 2c 24 44 89 ee 83 e6 01 31 ff e8 96 73 0b 00 41 83 e5 01 49 bd 00 00 00 00 00 fc ff df 75 07 e8 41 6f 0b 00 eb 38 f3 90 <42> 0f b6 04 2b 84 c0 75 11 41 f7 04 24 01 00 00 00 74 1e e8 25 6f [ 412.680808][ C0] RSP: 0018:ffffc90000126040 EFLAGS: 00000293 [ 412.687085][ C0] RAX: ffffffff81b4ebfb RBX: 1ffff110170e7ffd RCX: ffff88801d688000 [ 412.695081][ C0] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 412.703105][ C0] RBP: ffffc900001261c0 R08: ffff888031440a07 R09: 1ffff11006288140 [ 412.711099][ C0] R10: dffffc0000000000 R11: ffffffff817629e0 R12: ffff8880b873ffe8 [ 412.719087][ C0] R13: dffffc0000000000 R14: ffff8880b863b200 R15: 0000000000000001 [ 412.727086][ C0] FS: 0000000000000000(0000) GS:ffff8881259fc000(0000) knlGS:0000000000000000 [ 412.736142][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 412.742858][ C0] CR2: 00007f994d83ff98 CR3: 000000003322e000 CR4: 00000000003526f0 [ 412.750867][ C0] Call Trace: [ 412.754169][ C0] [ 412.757121][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 412.762528][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 412.767763][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 412.774115][ C0] ? __pte_offset_map_lock+0x1b1/0x210 [ 412.779604][ C0] ? rcu_is_watching+0x15/0xb0 [ 412.784393][ C0] ? __pfx_should_flush_tlb+0x10/0x10 [ 412.789794][ C0] ? __pfx_flush_tlb_func+0x10/0x10 [ 412.795021][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 412.800157][ C0] flush_tlb_mm_range+0x6b1/0x12d0 [ 412.805291][ C0] ? page_table_check_clear+0x187/0x700 [ 412.810874][ C0] ? __pfx_flush_tlb_mm_range+0x10/0x10 [ 412.816443][ C0] ? page_table_check_clear+0x187/0x700 [ 412.822008][ C0] ? page_table_check_clear+0x4f3/0x700 [ 412.827576][ C0] ? page_table_check_clear+0x187/0x700 [ 412.833147][ C0] ptep_clear_flush+0x120/0x170 [ 412.838032][ C0] page_vma_mkclean_one+0x406/0x740 [ 412.843267][ C0] ? __pfx_page_vma_mkclean_one+0x10/0x10 [ 412.849291][ C0] page_mkclean_one+0x1c0/0x280 [ 412.854167][ C0] ? __pfx_page_mkclean_one+0x10/0x10 [ 412.859923][ C0] ? __pfx_down_read_trylock+0x10/0x10 [ 412.865934][ C0] ? vma_interval_tree_iter_first+0x20f/0x230 [ 412.872034][ C0] ? __pfx_page_mkclean_one+0x10/0x10 [ 412.877429][ C0] __rmap_walk_file+0x467/0x620 [ 412.882320][ C0] folio_mkclean+0x297/0x390 [ 412.886938][ C0] ? __pfx_folio_mkclean+0x10/0x10 [ 412.892083][ C0] ? __pfx_page_mkclean_one+0x10/0x10 [ 412.897478][ C0] ? __pfx_invalid_mkclean_vma+0x10/0x10 [ 412.903138][ C0] ? folio_mapping+0x16f/0x1f0 [ 412.907934][ C0] folio_clear_dirty_for_io+0x1f5/0x880 [ 412.913504][ C0] ? __pfx_folio_clear_dirty_for_io+0x10/0x10 [ 412.919612][ C0] mpage_submit_folio+0x86/0x2b0 [ 412.924581][ C0] ? __pfx___might_resched+0x10/0x10 [ 412.929903][ C0] mpage_process_page_bufs+0x6d5/0x8e0 [ 412.935401][ C0] mpage_prepare_extent_to_map+0xe6c/0x16e0 [ 412.941441][ C0] ? __pfx_mpage_prepare_extent_to_map+0x10/0x10 [ 412.947827][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 412.953333][ C0] ? kmem_cache_alloc_noprof+0x3b8/0x6e0 [ 412.959006][ C0] ext4_do_writepages+0xba0/0x4610 [ 412.964165][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.969425][ C0] ? __pfx_ext4_do_writepages+0x10/0x10 [ 412.974997][ C0] ? __local_bh_enable_ip+0x12d/0x1c0 [ 412.980401][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 412.986156][ C0] ? rcu_is_watching+0x15/0xb0 [ 412.990948][ C0] ? __lock_acquire+0xab9/0xd20 [ 412.995933][ C0] ? rcu_read_lock_any_held+0xb3/0x120 [ 413.001432][ C0] ext4_writepages+0x205/0x350 [ 413.006508][ C0] ? __pfx_ext4_writepages+0x10/0x10 [ 413.011871][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 413.017097][ C0] ? __pfx_ext4_writepages+0x10/0x10 [ 413.022416][ C0] do_writepages+0x32e/0x550 [ 413.027036][ C0] ? reacquire_held_locks+0x127/0x1d0 [ 413.032428][ C0] ? writeback_sb_inodes+0x384/0x1010 [ 413.038093][ C0] __writeback_single_inode+0x145/0xff0 [ 413.043672][ C0] ? do_raw_spin_unlock+0x122/0x240 [ 413.048914][ C0] writeback_sb_inodes+0x6c7/0x1010 [ 413.054185][ C0] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 413.059908][ C0] ? __pfx_down_read_trylock+0x10/0x10 [ 413.065927][ C0] ? __pfx_move_expired_inodes+0x10/0x10 [ 413.071681][ C0] __writeback_inodes_wb+0x111/0x240 [ 413.077001][ C0] wb_writeback+0x44f/0xaf0 [ 413.081534][ C0] ? queue_io+0x351/0x590 [ 413.085893][ C0] ? __pfx_wb_writeback+0x10/0x10 [ 413.090964][ C0] wb_workfn+0xaef/0xef0 [ 413.095252][ C0] ? __pfx_wb_workfn+0x10/0x10 [ 413.100047][ C0] ? __lock_acquire+0xab9/0xd20 [ 413.104937][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 413.111126][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 413.116345][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 413.122088][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 413.127836][ C0] process_scheduled_works+0xae1/0x17b0 [ 413.133442][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 413.139470][ C0] worker_thread+0x8a0/0xda0 [ 413.144209][ C0] kthread+0x711/0x8a0 [ 413.148306][ C0] ? __pfx_worker_thread+0x10/0x10 [ 413.154319][ C0] ? __pfx_kthread+0x10/0x10 [ 413.158935][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 413.164328][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 413.169556][ C0] ? __pfx_kthread+0x10/0x10 [ 413.174222][ C0] ret_from_fork+0x4bc/0x870 [ 413.178884][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 413.184043][ C0] ? __switch_to_asm+0x39/0x70 [ 413.189005][ C0] ? __switch_to_asm+0x33/0x70 [ 413.193794][ C0] ? __pfx_kthread+0x10/0x10 [ 413.198413][ C0] ret_from_fork_asm+0x1a/0x30 [ 413.203700][ C0]