last executing test programs: 2m28.418207726s ago: executing program 0 (id=3588): ioperm(0x1, 0x1, 0x1) futex(0x0, 0xa, 0x40000002, 0x0, 0x0, 0xffffffff) 2m28.207043637s ago: executing program 0 (id=3590): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, 0x0, &(0x7f0000000080)) 2m28.091622724s ago: executing program 0 (id=3594): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) setregid(0xffffffffffffffff, 0x0) 2m27.872000697s ago: executing program 0 (id=3597): capset(&(0x7f0000000040)={0x19980330}, &(0x7f0000000080)={0x0, 0x0, 0x5}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b70500000000000061103000000000000fa00000000000009500000000000000"], &(0x7f00000002c0)='GPL\x00', 0x7, 0xbc, &(0x7f0000000300)=""/188, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000003c0), 0x8, 0x10, &(0x7f0000000080)={0x0, 0x0, 0x1}, 0x10}, 0x28) 2m27.568845704s ago: executing program 0 (id=3601): syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f0000001180)=ANY=[], 0x1, 0x17c, &(0x7f0000000380)="$eJzskr9OAkEQxr+9O/5oFDWxooGC+KdQjkONnZbY29lI4ETiocKRKITijDEUFsbSJ+A1THwBLYwPQE1BrM2ZvZ3bLL6C+yvu2/l2ZnZ2c+d+208B+JkOajhEhIkMPhiDBSDHhDcxhD6TfpI+CcE75R2Rf0+a9Xv9JAC+nceKMC6qnud28gC+I09a/sGdgUnU6ms6qPHFKYAwDEPu1QGejgUlxwTQVnKyFrAaXSKUORYNsA6g2G1dF/1ef6vZqjbchnvpmOU9e8e2d53iWdNzbfFlyhF0FXDdBJBKQ8L3EwAeKJ7HLEwZjfbZHE5kbTJ+www9IExZayi1sTK8yrlSSsUx1sDHugmWFLcQdbEQXakCBpOCkqXMJ85KRxvbtSuvPgQDi8tGsGSP0hgJGThqUN4PsChaDallgbRCOiIdk+b+/DJWwL+PFG0EQBK31W63U+KPJFYsXjnSc5YD9cH4qS/G7OXeDGg0Go1Go9FoNBrNf+c3AAD//8PfdhM=") execveat(0xffffffffffffff9c, &(0x7f0000000280)='./file2\x00', 0x0, 0x0, 0x0) 2m26.571018713s ago: executing program 0 (id=3619): r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='source', &(0x7f0000000000)='\\\\\xe9\x838\x9d<\f\x91\a\xd4$\xae\x01\x91&6n \xf2<\xd6\xcf\x15\xd3\xd7\x1d\xa7=\xef\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa0\xbbL}\xcc\'(;\xdc\x8b\x18rBl{\x82\\\xbeA\x17\n\f\xcd=\'\x11\x1b\b>Z\x8e\xb1\xc3j$v\xef,\x06/\x00\x00\x00\x00\x00\xc7\x0f\xaa\x01\x00\x00\x00;\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81\x00\x00', 0x0) 2m11.573002146s ago: executing program 32 (id=3619): r0 = fsopen(&(0x7f0000000280)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000200)='source', &(0x7f0000000000)='\\\\\xe9\x838\x9d<\f\x91\a\xd4$\xae\x01\x91&6n \xf2<\xd6\xcf\x15\xd3\xd7\x1d\xa7=\xef\xca\n@\x06\xa3\xfe%\x11\xc9\xc5\xc4\x96\xb7b\xa0\xbbL}\xcc\'(;\xdc\x8b\x18rBl{\x82\\\xbeA\x17\n\f\xcd=\'\x11\x1b\b>Z\x8e\xb1\xc3j$v\xef,\x06/\x00\x00\x00\x00\x00\xc7\x0f\xaa\x01\x00\x00\x00;\xd5\xcd4g+\xbd\xd1\xe0R\x9d\x18\x19a:\xa2\xdf\xbe\x8b\x89\x81\x00\x00', 0x0) 1.754913708s ago: executing program 2 (id=5734): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@acquire={0x174, 0x17, 0x1, 0x0, 0x0, {{@in6=@private0}, @in6=@remote, {@in6=@private0, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, {{@in6=@mcast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, 0x0, 0xee00}}}, [@XFRMA_IF_ID={0x8}, @tmpl={0x44, 0x1c, [{{@in6=@private2}, 0x0, @in=@multicast2}]}]}, 0x174}}, 0x0) 1.71578118s ago: executing program 1 (id=5736): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@ipv6_newaddrlabel={0x38, 0x48, 0x1, 0x70bd28, 0x25dfdbfc, {0xa, 0x0, 0x78, 0x0, 0x0, 0x5}, [@IFAL_LABEL={0x8, 0x2, 0xb}, @IFAL_ADDRESS={0x14, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x240480d4}, 0x40000) 1.630640375s ago: executing program 2 (id=5728): r0 = syz_open_dev$video4linux(&(0x7f0000000000), 0x3, 0x340) ioctl$VIDIOC_TRY_DECODER_CMD(r0, 0xc0585605, &(0x7f0000000080)={0x0, 0x1, @raw_data=[0x0, 0x0, 0x1011, 0x0, 0x0, 0x0, 0x6]}) 1.515165492s ago: executing program 1 (id=5730): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) 1.482150004s ago: executing program 2 (id=5731): r0 = syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) listen(r0, 0x0) 1.450270625s ago: executing program 3 (id=5732): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x301, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x78, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}, {0x2c, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_IMMEDIATE_DATA={0xc, 0x2, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, 'L'}]}]}}}, {0x10, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x4}}}]}]}], {0x14}}, 0xec}}, 0x0) 1.345619121s ago: executing program 2 (id=5733): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) 1.335262362s ago: executing program 1 (id=5735): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-256\x00'}, 0x1e) 1.275819016s ago: executing program 3 (id=5737): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001180)=@delpolicy={0x5c, 0x14, 0x1, 0x70bd25, 0x25dfdbfe, {{@in6=@dev={0xfe, 0x80, '\x00', 0x40}, @in=@private=0xa010101, 0x4e21, 0x244, 0x4e21, 0x70, 0x2, 0x20, 0xa0, 0xc}}, [@policy_type={0xa, 0x10, {0x1}}]}, 0x5c}}, 0x0) 1.168190911s ago: executing program 3 (id=5739): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=@bridge_newvlan={0x24, 0x76, 0x709, 0x0, 0x0, {0x7, 0x2}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x1, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_MCAST_ROUTER={0x5, 0x6, 0x2}}]}, 0x24}, 0x1, 0x5502000000000000}, 0x23f58e5b666a3f02) 1.072611967s ago: executing program 4 (id=5740): r0 = openat$proc_mixer(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/card0/oss_mixer\x00', 0x2002, 0x0) write$proc_mixer(r0, 0x0, 0xb8) 971.232413ms ago: executing program 3 (id=5741): r0 = syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x2a08000, &(0x7f0000000840)={[{@noblock_validity}, {@resuid={'resuid', 0x3d, 0xee00}}]}, 0x0, 0x48d, &(0x7f0000000200)="$eJzs3MtrHdUfAPDv3Lz7zO+nVVurxhcWH02TPuzCjaLgQkHQRXUhxDQttamVJoItxUSRupSCe3Ep+Be40o2oK8Gt7qVQJJvWBzgyrzzvzfMmt/V+PnDLOTNncs6Zc87cM2fmNoC2NZD9k0TsiIhfsnAtj85Ky0RZupszl0f/mLk8mkSavvp7ku+7MXN5tEpbHbejjByoRdQ+TuLeOvlOXLx0dmR8fOxCGR+cPPfu4MTFS0+dOTdyeuz02DvDx48fOTz09LHho02p586srPs+OL9/74uvX3159MTVt374qrMq66J6NMtADCw4l/M92uzMWmznvHDS2cKCsCYdEZE1V1c+/ndHR8w13u544aOWFg7YVGmaprsa755Ogf+wJFpdAqA1qi/6GzN90btJ98G3suvPFjdAWb1vlp9iT2fUyjRdi+5vm6m3XDc5Mf3n55Gf/562Ov8AwNb7Jpv/PFnMf6pPsac/7pqXble+HpxtjfhfRPw/Iu6IiDsjYk9EnvbuiLhnjfkPLIovnX/Wrq2rYquUzf+eKZ9tLZz/lbO/f9L+jjK2M/qiP7qSU2fGxw6V5+RAdPVk8aFl8vj2+Z8/bbRvoJz7VZ8s/2ouWJbjWmfPwmNOjkyObKzWc65/mK8BTi2t/9yTqyy0NyL2rePvZ/PmM49/ub/R/pXrv4wmPGdKv4h4rGj/6Vim/oufT/aV+44NHx3sjfGxQ4NVr1jqx5+uvNIo/w3Vvwmy9t9Wt//P1r8/mf+8dmLteVz59ZOG9zSN659MFylm+/8b1TFZ/+9OXsvD3eW290cmJy8MRXQnLy3dPjyXXxWv0l/fsSfi4frjP7vGZX0sieIZdtaJ74uI+yPigbLsD0bEQ5H/iXqmbkbE98898vba6z97BdpUWfufXND+sUL7rz3Qcfa7r9dT/0LW/kfy0IFyS/3rX++C2GoLuNHzBwAAALeDWv4OfFI7WIb7olY7eDBie762u602fn5i8olT59/762Txrnx/dNWqla5iPbhYDx0q14ar+PCi+OFy3fizjr48vm3JHTuw1bbPH//5gmMx/jO/ddQ/ptFvWoDbkN9rQfsy/qF9Gf/QvlY3/ns2vRzA1lvt93+6yeUAtl698T/VKPGbW/FaMrBV3P9D+zL+oX0Z/9C+jH9oSxv5Xb/ACoGpNZ/e3lguTXfzi5qm6z08ankgnWrhef67/G9YVpd488pTvRO/cuKuctzdKl20caB11yQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBm+jcAAP//UbDeVQ==") ioctl$FS_IOC_SETVERSION(r0, 0x40087602, &(0x7f0000000000)=0x7) 850.18523ms ago: executing program 4 (id=5742): r0 = socket$netlink(0x10, 0x3, 0x4) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000080)=0xc, 0x4) 844.84041ms ago: executing program 1 (id=5744): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)={0x28, 0x2, 0x3, 0x801, 0x0, 0x0, {0x0, 0x0, 0x2}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1, 0x0, 0x27}}, @NFQA_CFG_PARAMS={0x9, 0x2, {0x38, 0x3}}]}, 0x28}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 635.438793ms ago: executing program 4 (id=5745): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) bind$netrom(r0, &(0x7f0000000240)={{0x6, @default}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48) 555.590167ms ago: executing program 1 (id=5746): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000280)='./file1\x00', 0x1a00404, &(0x7f00000000c0)={[{@data_err_ignore}]}, 0x1, 0xbd1, &(0x7f000001a240)="$eJzs3L1rHGcaAPBnRqtv2ZKP4+5sDk5w+O6449ayZRxwZacOSSApUlqRVkZo/RFJgUi4kJ0+SRFCCkPwnxBIHzepAimcInGatCbEBJM0tosNsx/yWquVFGl3x5Z/P3i177vvzDzPo5E078COAnhhTWZf0oijEXEhiRivv59GxEC1NxSxXtvu0YNrs1lLolJ545ckkoh4+ODabONYSf11tD4Yiog7Lyfxp/db4y6vri3OlMulpfr4xMqlqyeWV9f+v3Bp5mLpYuny6emXTk+fmZ7uYK33rr796d+/ffVfN259MPXaJ4e/TuJcjNXnmuvolMmY3PieNCtExEyng+Wkr15Pc51JIceEAADYVtq0hvtLjEdfPFm8jcdX3+WaHAAAANARlb6ICgAAAHDAJe7/AQAA4IBrfA7g4YNrs42W7ycSeuv++YiYqNXfeL65NlOI9errUPRHxMivSTQ/1prUdtu3ySzSF9+UshY7PYc83IGAm6xfj4i/bXX+k2r9E9WnuFvrTyNiqgPxJzeNe/3zt5/6z3Ugft71A/Biun2+diFrvf6ltfXPYG20+fpX2OLatRd5X/8a679HLeu/dGP919dm/ff604f6sV2MY4//e6fdXPP6760Pf5jL4mev+y5sl+5fjzhW2Kr+ZKP+pE39F3YZY3T23s12c1n9Wb2N1uv6K7cijldXc631NyTb/X+iE/ML5dJU7esWx189s3385vOftSx+416gF7LzPxJ7O/9Xdxlj4q8/H203t3P96U8DyZvV3kD9nfdmVlaWTkYMJK+0vn9q+1wa2zSOkdX/n39u//u/Vf3Z34T1+vch++m5Xn/Nxjc2xRw9furzvdffXVn9c3s8/x/tMsZnX958p91c3vUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8HxII2IskrS40U/TYjFiNCL+HCNp+cryyv/mr7x7eS6bi5iI/nR+oVyaiojx2jjJxier/SfjU5vG0xFxJCI+Hh+ujouzV8pzeRcPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAhtGIGIskLUZEGhG/jadpsZh3VgAAAEDHTeSdAAAAANB17v8BAADg4Gu5/y88NRrqZS4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcSEf+cftuEhHrZ4erLTNQn+vPNTOg29LdbTbS7TyA3uv7ozsk3ckD6L1CU79SqVRyTAXoMff4wE7L+qG2M4Ptdzq093wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeDb9++jtu0lErJ8drrbMQH2uP9fMgG5L804AyE3fdpPJjm8Az7FC3gkAuXGPD9RW9o8rNa3zQ233HNx3VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeH2PVlqTFiEir/TQtFiMORcRE9CfzC+XSVEQcjojvx/sHs/HJvJMGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg45ZX1xZnyuXSko7O1p2+ZyONrnSGomshhqNnVQzXf5nbbDPYfmqbTs5/mAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyMXy6triTLlcWlrecjrteUIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAbpZX1xZnyuXSUhc7edcIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEB+fg8AAP//ZGIJag==") quotactl$Q_SETINFO(0xffffffff80000600, &(0x7f0000000100)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f00000001c0)={0x0, 0x7fffffff, 0x0, 0x3}) 468.960332ms ago: executing program 4 (id=5747): syz_mount_image$hfs(&(0x7f0000000280), &(0x7f0000000000)='./file0\x00', 0x1214080, &(0x7f0000000040)={[{@uid}, {@codepage={'codepage', 0x3d, 'cp737'}}, {@gid}, {@dir_umask={'dir_umask', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@part={'part', 0x3d, 0x800}}, {@creator={'creator', 0x3d, "5863953a"}}]}, 0x1, 0x31c, &(0x7f0000000940)="$eJzs3U1P1EAcBvBn2u6yKwQrYEg8oiSeCOBB40ViiBe/gAdDRFgTQsVEMVES4+rZGG8mJh69eTb6FfRi/AJ64mA86YV4sGZmOn1Zpt2ywBayzy9h2bbz8p9OX2aWLAURDayri9/fXdiWP6IGwAVwGXAANAAPwGlMNh5ubK5tBq3VooJclUP+COicYlealY2WLavMp3JEfLnkYSS9jg5HGIbhj66pfvclFqqO0Of+Lg4wFJ2danuj75EdjrZu12BJ9bDYwQ4eYbTKcIiIqHrR/d+J7hIj0fjdcYDpaBx+3O//mfHNTnVxHAnx/d/Ry6GQ++ek2pTM99QUTva+Y2aJtrL0MTGSXRkmu7sOfWRlOkB0m1WqWJzmnbWgNdNWBTzHlUgq2YR6XYVpiJIXbV3/mrLMTQsUtb3YsGpDTbZhPif+8T3X+OknXturW/pSIibxWXwVS8LHG6zG4z8vFHLnqP3jd/SUjn82v0TVSl+nyrQymb+fUpWcMT3w8X3Symbefm3AlbHYyFJE5/jdN3G+qufnwhiyHyvo1s3lt07lGrfmmo+X/1pzTXTmanq1oDWzci8o/CjlwFhndOKluCGm8AsfsJga/zsy9TTyz8zMlV+olNGRUdgeT6XM6ccMdQLftZyZTonMA+2ataOLvcBtXMLog8db68tB0Lpf/RtzqhyRePSBGB2Oco38nUqDhnxTA3Bglf4Lw9C6yUM/mlxTTb34Nmny1vqyaOvF/VWBdlyg2bSQnxjAAoBojbki9FL70zjXUFJgqex/ZG+rNfYD0kTVhwPSVJXZ5GKo1JnS7KHS60/Wl4OerkR0zCSdjsmbVQdDVZDDK6Hnf6n5yqy66sgXv2A2EnYrPFXiXM4MaEy9nig3g4uLzZ3BDZs3XeZcZ88D5zpqdGBqfNZZrB/FiaP4V8m9/ylDLOIbbvHzfyIiIiIiIiIiIiIiIiIiIiIiIiKi42av30bo5esE2Rq3B/AfbxARERERERERERERERERERERERERERER7U/q+b+Aq54YU6/8+b9uief/mudSEFHP/gcAAP//NBBgTQ==") syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800053, 0x0, 0xfc, 0x0, &(0x7f00000000c0)) 269.352584ms ago: executing program 3 (id=5748): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) recvfrom$unix(r0, 0x0, 0x0, 0x160, 0x0, 0x0) 254.431525ms ago: executing program 4 (id=5749): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000700)=ANY=[@ANYBLOB="3c0200001900010025bd700001000000fe8800000000000000000000000001010000000000000000000000000000000000009bb9000000000200000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000020000000000000000010000000000840105"], 0x23c}, 0x1, 0x0, 0x0, 0x1}, 0x4000) 202.356268ms ago: executing program 2 (id=5750): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$TUNDETACHFILTER(r0, 0x5452, 0x1000000000000) 18.583929ms ago: executing program 3 (id=5751): r0 = socket(0x10, 0x3, 0x0) write(r0, &(0x7f0000000080)="2400000058001f000307f4f9002304000a04f55f08000100020100020800038005000000", 0x24) 17.132299ms ago: executing program 4 (id=5759): r0 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/failed_transaction_log\x00', 0x0, 0x0) read$FUSE(r0, &(0x7f00000020c0)={0x2020}, 0x2020) 751.54µs ago: executing program 2 (id=5752): r0 = syz_open_dev$loop(&(0x7f00000000c0), 0x3, 0x0) ioctl$BLKBSZSET(r0, 0x40081271, 0x0) 0s ago: executing program 1 (id=5753): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0xfd, 0x7fff0000}]}) capget(&(0x7f0000000100)={0x20080522}, 0x0) kernel console output (not intermixed with test programs): ange from 0 to 4096 [ 361.207829][T15407] loop4: detected capacity change from 0 to 256 [ 361.306256][ T5779] Bluetooth: hci2: unexpected event for opcode 0x2040 [ 361.503374][T15415] netlink: 132 bytes leftover after parsing attributes in process `syz.2.4384'. [ 361.850695][T15430] netlink: 'syz.1.4391': attribute type 3 has an invalid length. [ 361.885814][T15430] netlink: 'syz.1.4391': attribute type 3 has an invalid length. [ 361.941805][T15430] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4391'. [ 362.094589][T15435] loop4: detected capacity change from 0 to 4096 [ 362.108945][ T28] audit: type=1326 audit(2000000028.510:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15438 comm="syz.3.4397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 362.203682][ T28] audit: type=1326 audit(2000000028.510:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15438 comm="syz.3.4397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 362.282731][ T28] audit: type=1326 audit(2000000028.510:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15438 comm="syz.3.4397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 362.371837][ T28] audit: type=1326 audit(2000000028.510:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15438 comm="syz.3.4397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 362.469883][ T28] audit: type=1326 audit(2000000028.510:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15438 comm="syz.3.4397" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 362.622578][ T28] audit: type=1326 audit(2000000029.020:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.2.4405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 362.701919][ T28] audit: type=1326 audit(2000000029.020:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.2.4405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 362.808548][ T28] audit: type=1326 audit(2000000029.030:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.2.4405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 362.898778][ T28] audit: type=1326 audit(2000000029.060:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.2.4405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 362.978744][ T28] audit: type=1326 audit(2000000029.060:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15454 comm="syz.2.4405" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 363.001709][T15465] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4409'. [ 363.010936][T15465] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 363.308769][T15479] loop1: detected capacity change from 0 to 16 [ 363.321788][ T1188] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 363.531932][ T1188] usb 4-1: Using ep0 maxpacket: 32 [ 363.555416][ T1188] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 363.580238][ T1188] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 363.611087][ T1188] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 363.643765][ T1188] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 363.661505][ T1188] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 363.682946][ T1188] usb 4-1: Product: syz [ 363.687146][ T1188] usb 4-1: Manufacturer: syz [ 363.695493][ T1188] usb 4-1: SerialNumber: syz [ 363.723040][ T1188] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input17 [ 363.743729][T15491] mac80211_hwsim hwsim13 wlan0: entered promiscuous mode [ 363.772939][T15491] A link change request failed with some changes committed already. Interface wlan0 may have been left with an inconsistent configuration, please check. [ 364.017530][ T27] usb 4-1: USB disconnect, device number 19 [ 364.085845][ T27] appletouch 4-1:1.0: input: appletouch disconnected [ 364.156058][T15503] loop4: detected capacity change from 0 to 8 [ 364.171228][T15506] netlink: 256 bytes leftover after parsing attributes in process `syz.1.4431'. [ 364.186061][T15503] cramfs: Error -3 while decompressing! [ 364.195773][T15503] cramfs: ffffffff973f8368(26)->ffff8880563e7000(4096) [ 364.227887][T15503] cramfs: Error -3 while decompressing! [ 364.245881][T15503] cramfs: ffffffff973f8382(26)->ffff888075d12000(4096) [ 364.271943][ T5929] udevd[5929]: incorrect cramfs checksum on /dev/loop4 [ 364.272139][T15503] cramfs: Error -3 while decompressing! [ 364.308964][ T5783] udevd[5783]: incorrect cramfs checksum on /dev/loop4 [ 364.314165][T15503] cramfs: ffffffff973f839c(16)->ffff888057537000(4096) [ 364.339994][T15503] cramfs: Error -3 while decompressing! [ 364.350873][T15503] cramfs: ffffffff973f8368(26)->ffff8880563e7000(4096) [ 364.641888][ T5759] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 364.751469][T15524] loop3: detected capacity change from 0 to 64 [ 364.779440][T15526] loop4: detected capacity change from 0 to 512 [ 364.791251][T15526] EXT4-fs: Ignoring removed nomblk_io_submit option [ 364.832668][T15526] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 364.852048][ T5759] usb 3-1: Using ep0 maxpacket: 8 [ 364.860536][T15526] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 364.882434][ T5759] usb 3-1: unable to get BOS descriptor or descriptor too short [ 364.890910][T15526] EXT4-fs (loop4): Remounting filesystem read-only [ 364.900649][ T5759] usb 3-1: config 8 has an invalid interface number: 61 but max is 2 [ 364.924884][ T5759] usb 3-1: config 8 has 1 interface, different from the descriptor's value: 3 [ 364.941410][T15526] EXT4-fs (loop4): 1 truncate cleaned up [ 364.963125][T15526] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 364.981776][ T5759] usb 3-1: config 8 has no interface number 0 [ 364.987917][ T5759] usb 3-1: config 8 interface 61 altsetting 8 endpoint 0x9 has invalid wMaxPacketSize 0 [ 365.011316][ T5759] usb 3-1: config 8 interface 61 altsetting 8 endpoint 0x5 has invalid wMaxPacketSize 0 [ 365.047912][T15532] tc_dump_action: action bad kind [ 365.066222][ T5759] usb 3-1: config 8 interface 61 has no altsetting 0 [ 365.097750][ T5759] usb 3-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=e9.1f [ 365.126125][ T5759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.139627][ T5759] usb 3-1: Product: syz [ 365.146041][T14313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 365.155191][ T5759] usb 3-1: Manufacturer: syz [ 365.163179][ T5759] usb 3-1: SerialNumber: syz [ 365.428857][ T5759] bfusb: probe of 3-1:8.61 failed with error -5 [ 365.442578][ T6112] usb 4-1: new full-speed USB device number 20 using dummy_hcd [ 365.450434][ T5759] usb 3-1: USB disconnect, device number 30 [ 365.656606][ T6112] usb 4-1: config 0 has an invalid interface number: 46 but max is 0 [ 365.675997][ T6112] usb 4-1: config 0 has no interface number 0 [ 365.703775][ T6112] usb 4-1: config 0 interface 46 altsetting 0 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 365.725424][ T6112] usb 4-1: New USB device found, idVendor=045a, idProduct=5210, bcdDevice= 1.01 [ 365.739895][T15538] loop1: detected capacity change from 0 to 32768 [ 365.746598][ T6112] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.757466][ T6112] usb 4-1: Product: syz [ 365.761950][ T6112] usb 4-1: Manufacturer: syz [ 365.767531][T15538] (syz.1.4445,15538,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 365.788851][ T6112] usb 4-1: SerialNumber: syz [ 365.803306][ T6112] usb 4-1: config 0 descriptor?? [ 365.812013][T15538] (syz.1.4445,15538,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 365.831993][T15534] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 365.842802][ T6112] ums-karma 4-1:0.46: USB Mass Storage device detected [ 365.869843][T15538] JBD2: Ignoring recovery information on journal [ 365.912051][ T6112] ums-karma: probe of 4-1:0.46 failed with error -5 [ 365.992801][T15538] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 366.065594][ T6112] usb 4-1: USB disconnect, device number 20 [ 366.136794][T15556] loop2: detected capacity change from 0 to 16 [ 366.166817][T15556] erofs: (device loop2): mounted with root inode @ nid 36. [ 366.225056][T15556] erofs: (device loop2): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 366.270669][T15556] erofs: (device loop2): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851] [ 366.288433][ T5771] ocfs2: Unmounting device (7,1) on (node local) [ 366.289984][T15556] erofs: (device loop2): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 366.632445][T15570] loop2: detected capacity change from 0 to 256 [ 366.791030][T15570] FAT-fs (loop2): Directory bread(block 64) failed [ 366.801877][T15573] loop1: detected capacity change from 0 to 2048 [ 366.809953][T15570] FAT-fs (loop2): Directory bread(block 65) failed [ 366.832317][T15570] FAT-fs (loop2): Directory bread(block 66) failed [ 366.838969][T15570] FAT-fs (loop2): Directory bread(block 67) failed [ 366.855087][T15570] FAT-fs (loop2): Directory bread(block 68) failed [ 366.881771][T15577] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 366.907823][T15570] FAT-fs (loop2): Directory bread(block 69) failed [ 366.923667][T15570] FAT-fs (loop2): Directory bread(block 70) failed [ 366.934856][T15578] /dev/loop0: Can't open blockdev [ 366.941214][T15573] NILFS (loop1): vblocknr = 12 has abnormal lifetime: start cno (= 150994946) > current cno (= 3) [ 366.952043][T15570] FAT-fs (loop2): Directory bread(block 71) failed [ 366.958723][T15570] FAT-fs (loop2): Directory bread(block 72) failed [ 366.973712][T15573] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=16) [ 367.001727][T15570] FAT-fs (loop2): Directory bread(block 73) failed [ 367.028857][T15573] Remounting filesystem read-only [ 367.051831][T15573] NILFS (loop1): error -5 truncating bmap (ino=16) [ 367.143379][T15582] xt_ecn: cannot match TCP bits for non-tcp packets [ 367.182591][ T5771] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 367.193355][ T5771] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 367.200714][ T5771] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 367.236985][ T5771] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 367.259681][ T5771] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 367.279521][ T5771] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 367.333749][ T5771] NILFS (loop1): discard dirty page: offset=0, ino=3 [ 367.340497][ T5771] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 367.388560][ T5771] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 367.401037][ T5771] NILFS (loop1): discard dirty block: blocknr=44, size=1024 [ 367.418879][ T5771] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 367.738092][T15603] loop2: detected capacity change from 0 to 512 [ 367.765827][T15603] EXT4-fs (loop2): orphan cleanup on readonly fs [ 367.800023][T15603] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #11: block 1728053262: comm syz.2.4472: lblock 0 mapped to illegal pblock 1728053262 (length 1) [ 367.834605][T15603] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2853: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 367.932189][T15603] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #15: comm syz.2.4472: corrupted inode contents [ 367.948599][T15603] EXT4-fs error (device loop2): ext4_dirty_inode:6124: inode #15: comm syz.2.4472: mark_inode_dirty error [ 367.988389][T15603] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #15: comm syz.2.4472: corrupted inode contents [ 368.039930][T15603] EXT4-fs error (device loop2): ext4_xattr_delete_inode:2998: inode #15: comm syz.2.4472: mark_inode_dirty error [ 368.077312][T15603] EXT4-fs error (device loop2): ext4_xattr_delete_inode:3001: inode #15: comm syz.2.4472: mark inode dirty (error -117) [ 368.129357][T15603] EXT4-fs warning (device loop2): ext4_evict_inode:272: xattr delete (err -117) [ 368.162720][T15603] EXT4-fs (loop2): 1 orphan inode deleted [ 368.203962][T15603] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 368.373388][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 368.522927][T15631] loop2: detected capacity change from 0 to 512 [ 368.541439][T15631] EXT4-fs: Ignoring removed nomblk_io_submit option [ 368.569894][T15631] EXT4-fs: Ignoring removed bh option [ 368.626445][T15631] EXT4-fs error (device loop2): mb_free_blocks:1954: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 368.642076][T15633] loop1: detected capacity change from 0 to 512 [ 368.687359][T15633] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 368.712626][T15631] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #11: comm syz.2.4485: corrupted inode contents [ 368.748299][T15631] EXT4-fs error (device loop2): ext4_dirty_inode:6124: inode #11: comm syz.2.4485: mark_inode_dirty error [ 368.799316][T15631] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.4485: invalid indirect mapped block 1 (level 1) [ 368.805147][T15633] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 368.844236][T15631] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #11: comm syz.2.4485: corrupted inode contents [ 368.881685][T15633] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.4487: bg 0: block 248: padding at end of block bitmap is not set [ 368.906024][T15631] EXT4-fs error (device loop2) in ext4_orphan_del:303: Corrupt filesystem [ 368.916997][T15633] __quota_error: 10 callbacks suppressed [ 368.917011][T15633] Quota error (device loop1): write_blk: dquota write failed [ 368.929550][T15631] EXT4-fs error (device loop2): ext4_do_update_inode:5248: inode #11: comm syz.2.4485: corrupted inode contents [ 368.930604][T15633] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 368.960184][T15633] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.4487: Failed to acquire dquot type 1 [ 368.975401][T15633] EXT4-fs (loop1): 1 truncate cleaned up [ 368.981582][T15631] EXT4-fs error (device loop2): ext4_truncate:4294: inode #11: comm syz.2.4485: mark_inode_dirty error [ 369.001327][T15633] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 369.021837][T15631] EXT4-fs error (device loop2) in ext4_process_orphan:345: Corrupt filesystem [ 369.050921][T15631] EXT4-fs (loop2): 1 truncate cleaned up [ 369.075880][ T28] audit: type=1800 audit(2000000035.480:203): pid=15633 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4487" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 369.108136][T15631] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 369.153171][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 369.163216][T15631] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 13: comm syz.2.4485: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0 [ 369.186486][ T7122] Quota error (device loop1): do_check_range: Getting block 0 out of range 1-5 [ 369.199761][ T7122] EXT4-fs error (device loop1): ext4_release_dquot:6985: comm kworker/u4:12: Failed to release dquot type 1 [ 369.323237][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 369.567450][T15659] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4498'. [ 369.791742][ T5818] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 369.981739][ T5818] usb 5-1: Using ep0 maxpacket: 32 [ 370.003290][ T5818] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 370.011514][ T5818] usb 5-1: config 0 has no interface number 0 [ 370.042486][ T5818] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 370.067872][ T5818] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 370.081937][ T5818] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 370.101865][ T5818] usb 5-1: Product: syz [ 370.106065][ T5818] usb 5-1: Manufacturer: syz [ 370.130962][ T5818] usb 5-1: SerialNumber: syz [ 370.152334][ T5818] usb 5-1: config 0 descriptor?? [ 370.158361][T15656] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 370.226758][T15681] loop2: detected capacity change from 0 to 1024 [ 370.308357][T15681] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 370.389096][T15656] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 370.448865][T15675] loop1: detected capacity change from 0 to 32768 [ 370.458166][T15681] EXT4-fs error (device loop2): ext4_get_first_dir_block:3606: inode #11: comm syz.2.4509: directory missing '..' [ 370.492257][T15681] EXT4-fs (loop2): Remounting filesystem read-only [ 370.520992][T15675] JBD2: Ignoring recovery information on journal [ 370.553054][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 370.577744][T15675] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 370.631557][ T5818] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 370.653223][ T5818] asix: probe of 5-1:0.188 failed with error -71 [ 370.690760][ T28] audit: type=1800 audit(2000000037.090:204): pid=15675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.4504" name="file0" dev="loop1" ino=17058 res=0 errno=0 [ 370.703206][ T5818] usb 5-1: USB disconnect, device number 6 [ 370.711567][ C1] vkms_vblank_simulate: vblank timer overrun [ 370.863716][ T5771] ocfs2: Unmounting device (7,1) on (node local) [ 370.995729][T15696] loop1: detected capacity change from 0 to 512 [ 371.049726][T15701] netlink: 'syz.3.4516': attribute type 10 has an invalid length. [ 371.062851][T15696] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 371.075911][T15696] ext4 filesystem being mounted at /1143/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 371.118587][T15701] team0: Device hsr_slave_0 failed to register rx_handler [ 371.148218][T15696] EXT4-fs error (device loop1): ext4_xattr_block_get:597: inode #15: comm syz.1.4513: corrupted xattr block 33: overlapping e_value [ 371.330707][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 371.498263][T15709] netlink: 44 bytes leftover after parsing attributes in process `syz.4.4521'. [ 371.526441][T15711] loop1: detected capacity change from 0 to 128 [ 371.657879][T15703] loop2: detected capacity change from 0 to 32768 [ 371.677511][T15711] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 371.696802][T15711] ext4 filesystem being mounted at /1144/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 371.773834][T15711] EXT4-fs warning (device loop1): ext4_group_add:1742: No reserved GDT blocks, can't resize [ 371.910963][ T5771] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 372.085336][T15723] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.4527'. [ 372.161719][T15723] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 372.170341][T15723] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 372.243080][T15725] IPv6: Can't replace route, no match found [ 372.434980][T15729] loop1: detected capacity change from 0 to 128 [ 372.481750][T15729] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 372.538483][T15729] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000100) [ 372.564266][T15729] FAT-fs (loop1): Filesystem has been set read-only [ 372.600276][T15716] loop4: detected capacity change from 0 to 32768 [ 372.694535][T15716] JBD2: Ignoring recovery information on journal [ 372.863385][T15716] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 372.909904][ T6112] IPVS: starting estimator thread 0... [ 372.916522][T15745] openvswitch: netlink: Flow actions attr not present in new flow. [ 373.032775][T15746] IPVS: using max 22 ests per chain, 52800 per kthread [ 373.043725][ T28] audit: type=1800 audit(2000000039.450:205): pid=15716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4522" name="file0" dev="loop4" ino=17058 res=0 errno=0 [ 373.222394][T14313] ocfs2: Unmounting device (7,4) on (node local) [ 373.825044][T15778] ./file0: Can't open blockdev [ 373.971221][T15782] loop2: detected capacity change from 0 to 128 [ 374.013238][T15782] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 374.038820][T15782] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 374.412606][T15802] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4564'. [ 374.451217][T15802] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 374.532688][T15804] loop2: detected capacity change from 0 to 1024 [ 375.039859][T15820] loop3: detected capacity change from 0 to 2048 [ 375.069620][T15820] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found! [ 375.339060][T15806] loop1: detected capacity change from 0 to 32768 [ 375.391704][ T5759] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 375.406570][T15806] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 375.512138][T15806] (syz.1.4566,15806,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=32, inode=17057, rec_len=4095, name_len=0 [ 375.571735][ T5759] usb 4-1: Using ep0 maxpacket: 8 [ 375.578970][ T5759] usb 4-1: config 7 has an invalid interface number: 143 but max is 1 [ 375.587996][T15806] (syz.1.4566,15806,0):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 375.607423][T15806] (syz.1.4566,15806,0):ocfs2_mknod:298 ERROR: status = -2 [ 375.617528][ T5759] usb 4-1: config 7 has an invalid interface number: 217 but max is 1 [ 375.641050][T15806] (syz.1.4566,15806,0):ocfs2_mknod:502 ERROR: status = -2 [ 375.651772][ T5759] usb 4-1: config 7 has an invalid descriptor of length 229, skipping remainder of the config [ 375.667829][T15806] (syz.1.4566,15806,0):ocfs2_create:676 ERROR: status = -2 [ 375.692021][ T5759] usb 4-1: config 7 has no interface number 0 [ 375.698233][ T5759] usb 4-1: config 7 has no interface number 1 [ 375.744729][ T5759] usb 4-1: too many endpoints for config 7 interface 217 altsetting 0: 255, using maximum allowed: 30 [ 375.791665][ T5759] usb 4-1: config 7 interface 217 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 375.834471][ T5759] usb 4-1: config 7 interface 143 has no altsetting 0 [ 375.845394][ T5759] usb 4-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=ba.35 [ 375.856633][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.864875][ T5759] usb 4-1: Product: syz [ 375.879374][ T5759] usb 4-1: Manufacturer: syz [ 375.884284][ T5759] usb 4-1: SerialNumber: syz [ 375.901936][ T5771] ocfs2: Unmounting device (7,1) on (node local) [ 376.133991][ T5759] qmi_wwan: probe of 4-1:7.143 failed with error -22 [ 376.189851][ T5759] usb 4-1: USB disconnect, device number 21 [ 376.417593][T15862] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 376.579371][T15867] loop1: detected capacity change from 0 to 64 [ 377.430630][T15900] bridge3: entered promiscuous mode [ 377.913078][T15924] netlink: 32 bytes leftover after parsing attributes in process `syz.4.4624'. [ 378.234979][T15938] ./file0: Can't lookup blockdev [ 378.437771][T15948] loop2: detected capacity change from 0 to 256 [ 378.478534][T15948] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x6f4cd389, utbl_chksum : 0xe619d30d) [ 378.636042][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.643490][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.871507][T15967] loop4: detected capacity change from 0 to 512 [ 378.912522][T15966] netlink: 'syz.3.4645': attribute type 5 has an invalid length. [ 378.950696][T15967] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 379.014286][T15967] ext4 filesystem being mounted at /167/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 379.243624][T14313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 379.461818][ T27] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 379.590916][T15997] loop2: detected capacity change from 0 to 16 [ 379.639389][T15997] erofs: (device loop2): mounted with root inode @ nid 36. [ 379.667891][T15997] syz.2.4659: attempt to access beyond end of device [ 379.667891][T15997] loop2: rw=524288, sector=131758, nr_sectors = 2 limit=16 [ 379.697263][ T27] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.711132][T15997] syz.2.4659: attempt to access beyond end of device [ 379.711132][T15997] loop2: rw=524288, sector=74, nr_sectors = 2 limit=16 [ 379.715323][ T27] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 379.739250][ T27] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 379.749744][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.767856][T15997] syz.2.4659: attempt to access beyond end of device [ 379.767856][T15997] loop2: rw=524288, sector=262336, nr_sectors = 2 limit=16 [ 379.773178][ T27] usb 4-1: config 0 descriptor?? [ 379.801730][ T5838] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 380.014323][ T5838] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 380.033689][ T5838] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x61, skipping [ 380.058354][ T5838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 10 [ 380.077664][ T5838] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 255, setting to 64 [ 380.099108][ T5838] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 380.122041][ T5838] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 380.142072][ T5838] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 380.161713][ T5838] usb 5-1: Manufacturer: syz [ 380.178175][ T5838] usb 5-1: config 0 descriptor?? [ 380.213610][ T27] Bluetooth: Can't get version to change to load ram patch err [ 380.230172][ T27] Bluetooth: Loading patch file failed [ 380.239458][ T27] ath3k: probe of 4-1:0.0 failed with error -71 [ 380.263829][ T27] usb 4-1: USB disconnect, device number 22 [ 380.405292][T15999] loop1: detected capacity change from 0 to 32768 [ 380.435828][ T9] usb 5-1: USB disconnect, device number 7 [ 380.470291][T15999] ERROR: (device loop1): diAllocAG: numfree > numinos [ 380.470291][T15999] [ 380.488133][T15999] ialloc: diAlloc returned -5! [ 381.188403][ T28] audit: type=1400 audit(2000000047.590:206): apparmor="DENIED" operation="change_onexec" class="file" info="label not found" error=-22 profile="unconfined" name="&" pid=16035 comm="syz.4.4678" [ 381.735824][T16060] netlink: 'syz.2.4690': attribute type 1 has an invalid length. [ 381.970705][ T5818] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 382.151781][T16077] netlink: 'syz.1.4698': attribute type 21 has an invalid length. [ 382.182091][ T5818] usb 4-1: Using ep0 maxpacket: 16 [ 382.195616][ T5818] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 382.215033][ T5818] usb 4-1: config 0 descriptor has 1 excess byte, ignoring [ 382.232308][ T5818] usb 4-1: config 0 has no interface number 0 [ 382.287945][ T5818] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 382.300967][T16083] netlink: 'syz.4.4700': attribute type 1 has an invalid length. [ 382.324865][ T5818] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.333965][T16083] netlink: 224 bytes leftover after parsing attributes in process `syz.4.4700'. [ 382.351659][ T5818] usb 4-1: Product: syz [ 382.355946][ T5818] usb 4-1: Manufacturer: syz [ 382.360567][ T5818] usb 4-1: SerialNumber: syz [ 382.385029][ T5818] usb 4-1: config 0 descriptor?? [ 382.405563][ T5818] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 382.441733][ T5818] usb 4-1: No valid video chain found. [ 382.599724][ T5818] usb 4-1: USB disconnect, device number 23 [ 382.651094][T16095] netlink: 9412 bytes leftover after parsing attributes in process `syz.1.4708'. [ 383.095668][T16114] loop2: detected capacity change from 0 to 512 [ 383.209612][ T7427] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 383.382613][T16126] QAT: failed to copy from user cfg_data. [ 383.545139][T16132] loop1: detected capacity change from 0 to 512 [ 383.633212][T16132] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 383.659982][T16139] ubi: mtd0 is already attached to ubi31 [ 383.731985][T16132] ext4 filesystem being mounted at /1195/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 383.889470][T16132] EXT4-fs error (device loop1): ext4_validate_inode_bitmap:106: comm syz.1.4726: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20 [ 383.940469][T16132] EXT4-fs error (device loop1) in ext4_free_inode:363: Filesystem failed CRC [ 384.014598][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 384.106789][T16156] xt_connbytes: Forcing CT accounting to be enabled [ 384.250233][T16162] netlink: 2384 bytes leftover after parsing attributes in process `syz.4.4738'. [ 384.395197][T16168] loop2: detected capacity change from 0 to 256 [ 384.431785][ T5838] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 384.466472][T16168] FAT-fs (loop2): Directory bread(block 64) failed [ 384.481159][T16168] FAT-fs (loop2): Directory bread(block 65) failed [ 384.488280][T16168] FAT-fs (loop2): Directory bread(block 66) failed [ 384.494985][T16168] FAT-fs (loop2): Directory bread(block 67) failed [ 384.501744][T16168] FAT-fs (loop2): Directory bread(block 68) failed [ 384.508427][T16168] FAT-fs (loop2): Directory bread(block 69) failed [ 384.521773][ T5818] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 384.529140][T16168] FAT-fs (loop2): Directory bread(block 70) failed [ 384.549696][T16168] FAT-fs (loop2): Directory bread(block 71) failed [ 384.564428][T16168] FAT-fs (loop2): Directory bread(block 72) failed [ 384.570993][T16168] FAT-fs (loop2): Directory bread(block 73) failed [ 384.589437][T16172] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4744'. [ 384.633723][ T5838] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 384.643610][ T5838] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.673881][ T5838] usb 2-1: config 0 descriptor?? [ 384.697816][ T5838] cp210x 2-1:0.0: cp210x converter detected [ 384.722731][ T5818] usb 4-1: Using ep0 maxpacket: 16 [ 384.733814][ T5818] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 384.765718][ T5818] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 384.799688][ T5818] usb 4-1: config 0 descriptor?? [ 384.824098][ T5818] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 385.041699][ T5818] usb 4-1: Detected FT232B [ 385.076053][T16182] loop2: detected capacity change from 0 to 512 [ 385.085053][T16182] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 385.125378][ T5838] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 385.142567][ T5838] cp210x 2-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 385.162266][T16182] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 385.185016][ T5838] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 385.208661][ T5838] usb 2-1: cp210x converter now attached to ttyUSB1 [ 385.215999][T16182] ext4 filesystem being mounted at /1126/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 385.244583][T16182] Quota error (device loop2): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 385.257282][ T5818] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 385.268605][T16182] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 385.279715][T16182] EXT4-fs error (device loop2): ext4_acquire_dquot:6949: comm syz.2.4750: Failed to acquire dquot type 0 [ 385.279907][ T5818] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 385.302206][ T5838] usb 2-1: USB disconnect, device number 24 [ 385.312055][ T5818] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 385.342925][ T5818] usb 4-1: USB disconnect, device number 24 [ 385.351570][ T5838] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1 [ 385.383872][ T5818] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 385.394988][ T5838] cp210x 2-1:0.0: device disconnected [ 385.413457][ T5818] ftdi_sio 4-1:0.0: device disconnected [ 385.435388][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 385.659691][T16180] loop4: detected capacity change from 0 to 32768 [ 385.669399][T16180] BTRFS error: device /dev/loop4 already registered with a higher generation, found 8 expect 10 [ 385.754444][ T5783] I/O error, dev loop4, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 386.115755][ C1] sd 0:0:1:0: [sda] tag#9864 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 386.126260][ C1] sd 0:0:1:0: [sda] tag#9864 CDB: Read(6) 08 00 9f d1 fe de [ 386.651105][T16224] netlink: 100 bytes leftover after parsing attributes in process `syz.1.4768'. [ 386.723109][ T5759] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 386.753547][T16227] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4769'. [ 386.784896][T16227] netlink: 440 bytes leftover after parsing attributes in process `syz.4.4769'. [ 386.914220][ T5759] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 386.951556][ T5759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.993640][ T5759] usb 4-1: config 0 descriptor?? [ 387.020797][ T5759] cp210x 4-1:0.0: cp210x converter detected [ 387.069483][T16239] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4778'. [ 387.124265][T16241] loop2: detected capacity change from 0 to 164 [ 387.434280][ T5759] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -71 [ 387.456496][ T5759] cp210x 4-1:0.0: failed to get vendor val 0x3711 size 2: -71 [ 387.472917][ T5759] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 387.492296][ T5759] usb 4-1: cp210x converter now attached to ttyUSB0 [ 387.522089][ T5759] usb 4-1: USB disconnect, device number 25 [ 387.531030][ T5759] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 387.559336][ T5759] cp210x 4-1:0.0: device disconnected [ 387.911881][ T27] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 388.113870][T16275] loop3: detected capacity change from 0 to 64 [ 388.121840][ T27] usb 2-1: Using ep0 maxpacket: 32 [ 388.152273][ T27] usb 2-1: config 0 has an invalid interface number: 169 but max is 0 [ 388.164167][ T27] usb 2-1: config 0 has no interface number 0 [ 388.170303][ T27] usb 2-1: config 0 interface 169 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 388.184332][T16275] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 388.215796][ T27] usb 2-1: config 0 interface 169 has no altsetting 0 [ 388.227304][T16251] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 388.249724][T16275] MINIX-fs warning: remounting unchecked fs, running fsck is recommended [ 388.261191][ T27] usb 2-1: New USB device found, idVendor=0499, idProduct=500c, bcdDevice=33.49 [ 388.281894][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.290030][ T27] usb 2-1: Product: syz [ 388.301928][ T27] usb 2-1: Manufacturer: syz [ 388.326979][ T27] usb 2-1: SerialNumber: syz [ 388.354120][ T27] usb 2-1: config 0 descriptor?? [ 388.370158][ T27] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 388.447020][ T27] snd-usb-audio: probe of 2-1:0.169 failed with error -2 [ 388.503759][ T5783] udevd[5783]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.169/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 388.589318][ T5838] usb 2-1: USB disconnect, device number 25 [ 388.691045][T16290] netlink: 'syz.4.4801': attribute type 1 has an invalid length. [ 388.700566][T16290] netlink: 154788 bytes leftover after parsing attributes in process `syz.4.4801'. [ 388.731760][ T27] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 388.851839][ T5759] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 388.964311][ T27] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 388.973576][ T27] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.991696][ T27] usb 4-1: Product: syz [ 388.995898][ T27] usb 4-1: Manufacturer: syz [ 389.000511][ T27] usb 4-1: SerialNumber: syz [ 389.024040][ T27] usb 4-1: config 0 descriptor?? [ 389.033789][ T5759] usb 3-1: config 0 has an invalid interface number: 50 but max is 0 [ 389.051800][ T5759] usb 3-1: config 0 has no interface number 0 [ 389.060705][ T5759] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 389.084025][ T5759] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 389.094686][ T5759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.110103][ T5759] usb 3-1: Product: syz [ 389.116589][ T5759] usb 3-1: Manufacturer: syz [ 389.121364][ T5759] usb 3-1: SerialNumber: syz [ 389.132420][ T5759] usb 3-1: config 0 descriptor?? [ 389.150722][ T5759] yurex 3-1:0.50: USB YUREX device now attached to Yurex #0 [ 389.243201][ T27] hso 4-1:0.0: Failed to find BULK IN ep [ 389.274699][ T27] usb-storage 4-1:0.0: USB Mass Storage device detected [ 389.330441][T16298] netlink: 'syz.1.4803': attribute type 2 has an invalid length. [ 389.371782][T16298] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4803'. [ 389.381384][ C0] yurex 3-1:0.50: yurex_interrupt - overflow with length 8, actual length is 8 [ 389.432369][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 389.446803][T16288] usb 4-1: USB disconnect, device number 26 [ 389.528621][T16300] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4805'. [ 389.592725][ T5759] usb 3-1: USB disconnect, device number 31 [ 389.619523][ T5759] yurex 3-1:0.50: USB YUREX #0 now disconnected [ 389.754154][T16308] loop1: detected capacity change from 0 to 64 [ 389.780611][T16308] MINIX-fs: mounting unchecked file system, running fsck is recommended [ 389.842218][T16308] MINIX-fs warning: remounting unchecked fs, running fsck is recommended [ 390.529617][T16338] loop1: detected capacity change from 0 to 2048 [ 390.597348][T16338] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 390.933991][T16346] loop1: detected capacity change from 0 to 4096 [ 390.990851][T16356] binder: 16355:16356 ioctl c018620b 0 returned -14 [ 391.046619][T16346] ntfs: volume version 3.1. [ 391.148346][T16360] loop4: detected capacity change from 0 to 16 [ 391.165920][T16360] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 391.208512][ T5783] udevd[5783]: incorrect cramfs checksum on /dev/loop4 [ 391.310581][ T5783] udevd[5783]: incorrect cramfs checksum on /dev/loop4 [ 391.548771][T16371] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4840'. [ 392.203639][T16398] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4853'. [ 392.321896][T16288] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 392.534755][T16288] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 392.551673][T16288] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.569893][T16288] usb 4-1: Product: syz [ 392.577413][T16288] usb 4-1: Manufacturer: syz [ 392.591870][T16288] usb 4-1: SerialNumber: syz [ 392.602767][T16288] usb 4-1: config 0 descriptor?? [ 392.827094][T16288] hso 4-1:0.0: Failed to find BULK IN ep [ 392.827372][T16414] loop4: detected capacity change from 0 to 4096 [ 392.850419][T16288] usb-storage 4-1:0.0: USB Mass Storage device detected [ 392.867879][T16415] loop2: detected capacity change from 0 to 4096 [ 392.895106][T16415] ntfs3: loop2: ino=3, Correct links count -> 2. [ 392.967156][T16414] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 393.032359][T16288] usb 4-1: USB disconnect, device number 27 [ 393.090770][T16414] ntfs3: loop4: ino=9, ntfs_sync_fs failed, -22. [ 393.092052][T16421] netlink: 'syz.1.4863': attribute type 5 has an invalid length. [ 393.139483][T16421] netlink: 'syz.1.4863': attribute type 11 has an invalid length. [ 393.206633][T14313] ntfs3: loop4: ino=9, ntfs_sync_fs failed, -22. [ 393.357432][T16425] loop4: detected capacity change from 0 to 512 [ 393.375816][T16425] EXT4-fs: Ignoring removed nobh option [ 393.478611][T16431] netlink: 129384 bytes leftover after parsing attributes in process `syz.1.4867'. [ 393.494843][T16425] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 393.565711][T16425] ext4 filesystem being mounted at /240/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 393.605142][T16425] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #15: comm syz.4.4864: corrupted xattr block 33: bad e_name length [ 393.663804][T16425] EXT4-fs error (device loop4): ext4_get_inode_usage:888: inode #15: comm syz.4.4864: corrupted xattr block 33: bad e_name length [ 393.840774][T14313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 393.999886][T16449] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4877'. [ 394.011881][T16447] netlink: 1 bytes leftover after parsing attributes in process `syz.2.4876'. [ 394.020775][T16447] netlink: 1 bytes leftover after parsing attributes in process `syz.2.4876'. [ 394.259948][T16460] netlink: 'syz.1.4880': attribute type 1 has an invalid length. [ 394.530637][T16465] loop1: detected capacity change from 0 to 4096 [ 394.565452][T16465] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 394.654423][T16465] ntfs3: loop1: failed to convert "c46c" to cp869 [ 394.811876][ T5759] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 394.872294][T16476] loop2: detected capacity change from 0 to 4096 [ 394.890378][T16476] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 394.989279][T16476] ntfs3: loop2: ino=0, attr_set_size [ 395.033677][ T5759] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 395.051779][ T5759] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 395.076694][ T5759] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 395.107384][ T5759] usb 4-1: New USB device found, idVendor=8086, idProduct=0b5b, bcdDevice=e1.c5 [ 395.125519][ T5759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.141715][ T5759] usb 4-1: Product: syz [ 395.148600][ T5759] usb 4-1: Manufacturer: syz [ 395.178980][ T5759] usb 4-1: SerialNumber: syz [ 395.200039][ T5759] usb 4-1: config 0 descriptor?? [ 395.465799][ T5838] usb 4-1: USB disconnect, device number 28 [ 395.701693][T16288] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 395.903542][T16288] usb 2-1: config 0 has an invalid interface number: 50 but max is 0 [ 395.921184][T16288] usb 2-1: config 0 has no interface number 0 [ 395.935362][T16288] usb 2-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 395.958777][T16288] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 395.968029][T16288] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.976245][T16288] usb 2-1: Product: syz [ 395.992140][T16288] usb 2-1: Manufacturer: syz [ 395.996771][T16288] usb 2-1: SerialNumber: syz [ 396.020018][T16288] usb 2-1: config 0 descriptor?? [ 396.092459][T16288] yurex 2-1:0.50: USB YUREX device now attached to Yurex #0 [ 396.248823][T16532] netlink: 'syz.4.4924': attribute type 2 has an invalid length. [ 396.271813][T16532] netlink: 'syz.4.4924': attribute type 1 has an invalid length. [ 396.288827][ C1] yurex 2-1:0.50: yurex_interrupt - overflow with length 8, actual length is 8 [ 396.311427][T16532] netlink: 'syz.4.4924': attribute type 1 has an invalid length. [ 396.388612][T16537] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4917'. [ 396.494483][T16288] usb 2-1: USB disconnect, device number 26 [ 396.507741][T16288] yurex 2-1:0.50: USB YUREX #0 now disconnected [ 396.895912][T16558] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4929'. [ 397.119757][T16568] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4933'. [ 397.169480][T16570] loop1: detected capacity change from 0 to 256 [ 397.703060][T16594] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4945'. [ 398.451747][ T5825] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 398.641742][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 398.650696][ T5825] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 398.675782][ T5825] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.701734][ T5825] usb 4-1: Product: syz [ 398.716151][ T5825] usb 4-1: Manufacturer: syz [ 398.720793][ T5825] usb 4-1: SerialNumber: syz [ 398.752600][ T5825] r8152-cfgselector 4-1: config 0 descriptor?? [ 399.141500][ T28] audit: type=1326 audit(2000000065.540:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.184842][ T28] audit: type=1326 audit(2000000065.540:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.212225][ T5825] r8152-cfgselector 4-1: Unknown version 0x0000 [ 399.228086][ T28] audit: type=1326 audit(2000000065.580:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.261884][ T5825] r8152-cfgselector 4-1: USB disconnect, device number 29 [ 399.321746][ T28] audit: type=1326 audit(2000000065.580:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.360261][ T28] audit: type=1326 audit(2000000065.580:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=71 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.391799][ T28] audit: type=1326 audit(2000000065.580:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.425472][ T28] audit: type=1326 audit(2000000065.580:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.451846][ T5759] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 399.474174][ T28] audit: type=1326 audit(2000000065.580:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.516522][ T28] audit: type=1326 audit(2000000065.580:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16656 comm="syz.1.4987" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7faeacd9aeb9 code=0x7ffc0000 [ 399.565612][T16667] netlink: 132 bytes leftover after parsing attributes in process `syz.1.4981'. [ 399.654527][ T5759] usb 5-1: config 0 has an invalid interface number: 69 but max is 0 [ 399.668403][ T5759] usb 5-1: config 0 has no interface number 0 [ 399.679711][ T5759] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 399.699821][ T5759] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 399.716563][T16669] loop2: detected capacity change from 0 to 4096 [ 399.723889][ T5759] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 399.754131][ T5759] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.777346][ T5759] usb 5-1: Product: syz [ 399.792760][ T5759] usb 5-1: Manufacturer: syz [ 399.804369][ T5759] usb 5-1: SerialNumber: syz [ 399.829885][ T5759] usb 5-1: config 0 descriptor?? [ 399.882020][T16661] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 399.898949][ T5759] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 399.934781][ T5759] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 400.184531][ C0] cyberjack ttyUSB0: cyberjack_read_int_callback - failed resubmitting read urb, error -22 [ 400.274921][T16677] loop1: detected capacity change from 0 to 4096 [ 400.400942][ T27] usb 5-1: USB disconnect, device number 8 [ 400.448545][ T27] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 400.495736][ T27] cyberjack 5-1:0.69: device disconnected [ 400.502741][T16686] netlink: 'syz.2.4991': attribute type 3 has an invalid length. [ 400.511155][T16686] netlink: 'syz.2.4991': attribute type 3 has an invalid length. [ 400.518900][T16687] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4992'. [ 400.572087][T16686] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4991'. [ 400.853043][T16695] loop1: detected capacity change from 0 to 4096 [ 401.292271][T16712] netlink: 256 bytes leftover after parsing attributes in process `syz.4.5004'. [ 401.426788][T16717] loop2: detected capacity change from 0 to 64 [ 401.587053][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.587053][ T7118] loop2: rw=1, sector=73, nr_sectors = 1 limit=64 [ 401.611362][ T7118] Buffer I/O error on dev loop2, logical block 73, lost async page write [ 401.635289][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.635289][ T7118] loop2: rw=1, sector=74, nr_sectors = 1 limit=64 [ 401.668821][ T7118] Buffer I/O error on dev loop2, logical block 74, lost async page write [ 401.701881][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.701881][ T7118] loop2: rw=1, sector=75, nr_sectors = 1 limit=64 [ 401.736154][ T7118] Buffer I/O error on dev loop2, logical block 75, lost async page write [ 401.755620][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.755620][ T7118] loop2: rw=1, sector=76, nr_sectors = 1 limit=64 [ 401.770213][ T7118] Buffer I/O error on dev loop2, logical block 76, lost async page write [ 401.781815][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.781815][ T7118] loop2: rw=2049, sector=73, nr_sectors = 1 limit=64 [ 401.796097][T16727] tc_dump_action: action bad kind [ 401.820437][ T7118] Buffer I/O error on dev loop2, logical block 73, lost async page write [ 401.850106][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.850106][ T7118] loop2: rw=2049, sector=74, nr_sectors = 1 limit=64 [ 401.873632][ T7118] Buffer I/O error on dev loop2, logical block 74, lost async page write [ 401.912310][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.912310][ T7118] loop2: rw=2049, sector=75, nr_sectors = 1 limit=64 [ 401.952527][ T7118] Buffer I/O error on dev loop2, logical block 75, lost async page write [ 401.980424][ T7118] kworker/u4:11: attempt to access beyond end of device [ 401.980424][ T7118] loop2: rw=2049, sector=76, nr_sectors = 1 limit=64 [ 402.029108][ T7118] Buffer I/O error on dev loop2, logical block 76, lost async page write [ 402.070788][T16737] netlink: 256 bytes leftover after parsing attributes in process `syz.3.5019'. [ 402.131313][ T28] audit: type=1326 audit(2000000068.530:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16738 comm="syz.2.5012" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 402.285183][T16745] loop2: detected capacity change from 0 to 512 [ 402.302612][T16745] EXT4-fs: Ignoring removed nomblk_io_submit option [ 402.369144][T16745] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 402.409603][T16745] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 402.424981][T16745] EXT4-fs (loop2): Remounting filesystem read-only [ 402.431989][T16745] EXT4-fs (loop2): 1 truncate cleaned up [ 402.455650][T16745] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 402.633650][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 402.725767][T16761] loop4: detected capacity change from 0 to 256 [ 402.842682][T16767] loop3: detected capacity change from 0 to 256 [ 402.901144][T16761] FAT-fs (loop4): Directory bread(block 64) failed [ 402.915424][T16761] FAT-fs (loop4): Directory bread(block 65) failed [ 402.922202][T16767] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 402.952935][T16761] FAT-fs (loop4): Directory bread(block 66) failed [ 402.959504][T16761] FAT-fs (loop4): Directory bread(block 67) failed [ 402.997169][T16761] FAT-fs (loop4): Directory bread(block 68) failed [ 403.014341][T16761] FAT-fs (loop4): Directory bread(block 69) failed [ 403.041439][T16761] FAT-fs (loop4): Directory bread(block 70) failed [ 403.090274][T16761] FAT-fs (loop4): Directory bread(block 71) failed [ 403.140665][T16761] FAT-fs (loop4): Directory bread(block 72) failed [ 403.160317][T16761] FAT-fs (loop4): Directory bread(block 73) failed [ 403.398610][T16781] loop1: detected capacity change from 0 to 512 [ 403.423106][T16781] EXT4-fs: Ignoring removed nomblk_io_submit option [ 403.478472][T16781] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 403.508150][T16781] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 227 vs 220 free clusters [ 403.581710][T16790] xt_ecn: cannot match TCP bits for non-tcp packets [ 403.596095][T16781] EXT4-fs (loop1): Remounting filesystem read-only [ 403.603168][T16781] EXT4-fs (loop1): 1 truncate cleaned up [ 403.609943][T16781] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 403.699950][T16792] /dev/loop0: Can't open blockdev [ 403.775110][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 404.032811][T16803] /dev/loop0: Can't open blockdev [ 404.577368][T16817] loop1: detected capacity change from 0 to 16 [ 404.616353][T16817] erofs: (device loop1): mounted with root inode @ nid 36. [ 404.683257][T16817] erofs: (device loop1): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 404.718971][T16807] loop3: detected capacity change from 0 to 32768 [ 404.726028][T16817] erofs: (device loop1): z_erofs_lz4_decompress_mem: failed to decompress -23 in[64, 4032] out[1851] [ 404.741688][T16817] erofs: (device loop1): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 404.753844][T16807] (syz.3.5050,16807,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 404.793960][T16807] (syz.3.5050,16807,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 404.883215][T16807] JBD2: Ignoring recovery information on journal [ 404.928198][T16820] xt_ecn: cannot match TCP bits for non-tcp packets [ 404.951062][T16811] loop4: detected capacity change from 0 to 32768 [ 404.998428][T16807] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 405.102726][T16811] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode. [ 405.318156][T16839] netlink: 'syz.1.5067': attribute type 4 has an invalid length. [ 405.329535][T16839] netlink: 152 bytes leftover after parsing attributes in process `syz.1.5067'. [ 405.356665][T16839] .`: renamed from bond0 (while UP) [ 405.478629][T16839] bridge0: port 3(.`) entered disabled state [ 405.501522][T16811] syz.4.5062 (16811) used greatest stack depth: 18960 bytes left [ 405.553675][T14313] (syz-executor,14313,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 405.609490][ T5772] ocfs2: Unmounting device (7,3) on (node local) [ 405.633996][T14313] ocfs2: Unmounting device (7,4) on (node local) [ 405.958904][T16853] netlink: 'syz.4.5072': attribute type 13 has an invalid length. [ 405.982047][T16853] netlink: 'syz.4.5072': attribute type 27 has an invalid length. [ 406.142589][T16858] netlink: 76 bytes leftover after parsing attributes in process `syz.2.5083'. [ 406.324396][T16864] loop4: detected capacity change from 0 to 512 [ 406.339624][T16864] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 406.409112][T16864] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 406.469524][T16864] EXT4-fs error (device loop4): ext4_validate_block_bitmap:439: comm syz.4.5077: bg 0: block 248: padding at end of block bitmap is not set [ 406.489413][T16864] __quota_error: 9 callbacks suppressed [ 406.489426][T16864] Quota error (device loop4): write_blk: dquota write failed [ 406.503154][T16864] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 406.513581][T16864] EXT4-fs error (device loop4): ext4_acquire_dquot:6949: comm syz.4.5077: Failed to acquire dquot type 1 [ 406.552682][T16864] EXT4-fs (loop4): 1 truncate cleaned up [ 406.559723][T16864] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 406.630574][ T28] audit: type=1800 audit(2000000073.030:226): pid=16864 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.5077" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 406.651142][ C1] vkms_vblank_simulate: vblank timer overrun [ 406.686633][T14313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 406.696915][ T11] Quota error (device loop4): do_check_range: Getting block 0 out of range 1-5 [ 406.714148][ T11] EXT4-fs error (device loop4): ext4_release_dquot:6985: comm kworker/u4:0: Failed to release dquot type 1 [ 406.912686][T16879] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 407.140621][T16887] loop3: detected capacity change from 0 to 256 [ 407.214039][T16887] FAT-fs (loop3): Directory bread(block 64) failed [ 407.217975][T16873] loop2: detected capacity change from 0 to 32768 [ 407.241074][T16887] FAT-fs (loop3): Directory bread(block 65) failed [ 407.250021][T16887] FAT-fs (loop3): Directory bread(block 66) failed [ 407.261425][T16887] FAT-fs (loop3): Directory bread(block 67) failed [ 407.295259][T16887] FAT-fs (loop3): Directory bread(block 68) failed [ 407.310790][T16887] FAT-fs (loop3): Directory bread(block 69) failed [ 407.331250][T16887] FAT-fs (loop3): Directory bread(block 70) failed [ 407.361120][T16887] FAT-fs (loop3): Directory bread(block 71) failed [ 407.390232][T16887] FAT-fs (loop3): Directory bread(block 72) failed [ 407.398933][T16873] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 407.402328][T16887] FAT-fs (loop3): Directory bread(block 73) failed [ 407.678283][T16897] loop3: detected capacity change from 0 to 512 [ 407.686393][T16897] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 407.754321][ T5770] (syz-executor,5770,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 407.765871][T16897] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1154: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 407.841491][T16897] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm syz.3.5092: bg 0: block 248: padding at end of block bitmap is not set [ 407.892589][T16905] loop1: detected capacity change from 0 to 512 [ 407.899845][T16905] EXT4-fs: Ignoring removed nomblk_io_submit option [ 407.919427][T16905] EXT4-fs: Ignoring removed bh option [ 407.922480][T16897] Quota error (device loop3): write_blk: dquota write failed [ 407.936090][ T5770] ocfs2: Unmounting device (7,2) on (node local) [ 407.950513][T16905] EXT4-fs error (device loop1): mb_free_blocks:1954: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt. [ 407.962787][T16897] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 407.986530][T16897] EXT4-fs error (device loop3): ext4_acquire_dquot:6949: comm syz.3.5092: Failed to acquire dquot type 1 [ 407.998573][T16905] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #11: comm syz.1.5095: corrupted inode contents [ 408.034024][T16897] EXT4-fs (loop3): 1 truncate cleaned up [ 408.040848][T16897] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0008-000000000000 r/w without journal. Quota mode: writeback. [ 408.054503][T16905] EXT4-fs error (device loop1): ext4_dirty_inode:6124: inode #11: comm syz.1.5095: mark_inode_dirty error [ 408.103510][T16905] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.5095: invalid indirect mapped block 1 (level 1) [ 408.142107][ T28] audit: type=1800 audit(2000000074.550:227): pid=16897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.5092" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 408.173612][T16905] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #11: comm syz.1.5095: corrupted inode contents [ 408.188806][T16905] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 408.212122][T16905] EXT4-fs error (device loop1): ext4_do_update_inode:5248: inode #11: comm syz.1.5095: corrupted inode contents [ 408.241497][T16905] EXT4-fs error (device loop1): ext4_truncate:4294: inode #11: comm syz.1.5095: mark_inode_dirty error [ 408.253394][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0008-000000000000. [ 408.279113][ T1309] Quota error (device loop3): do_check_range: Getting block 0 out of range 1-5 [ 408.292049][T16905] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 408.301083][ T1309] EXT4-fs error (device loop3): ext4_release_dquot:6985: comm kworker/u4:8: Failed to release dquot type 1 [ 408.313063][T16905] EXT4-fs (loop1): 1 truncate cleaned up [ 408.319915][T16905] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 408.402538][T16905] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #2: block 13: comm syz.1.5095: bad entry in directory: directory entry too close to block end - offset=76, inode=16, rec_len=940, size=1024 fake=0 [ 408.568662][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 408.591874][T16915] netlink: 'syz.4.5098': attribute type 10 has an invalid length. [ 408.640783][T16915] team0: Device hsr_slave_0 failed to register rx_handler [ 408.806522][T16921] loop3: detected capacity change from 0 to 512 [ 408.845232][T16921] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 408.858067][T16921] ext4 filesystem being mounted at /1321/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 408.890740][T16921] EXT4-fs error (device loop3): ext4_xattr_block_get:597: inode #15: comm syz.3.5099: corrupted xattr block 33: overlapping e_value [ 408.939642][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 409.252014][ T5838] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 409.423670][T16927] loop4: detected capacity change from 0 to 32768 [ 409.448229][T16937] loop3: detected capacity change from 0 to 128 [ 409.461754][ T5838] usb 2-1: Using ep0 maxpacket: 32 [ 409.473084][ T5838] usb 2-1: config 0 has an invalid interface number: 188 but max is 0 [ 409.501655][ T5838] usb 2-1: config 0 has no interface number 0 [ 409.509335][T16937] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 409.522507][ T5838] usb 2-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 409.540438][T16937] ext4 filesystem being mounted at /1326/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 409.548162][ T5838] usb 2-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 409.562265][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.570368][ T5838] usb 2-1: Product: syz [ 409.574651][ T5838] usb 2-1: Manufacturer: syz [ 409.583081][ T5838] usb 2-1: SerialNumber: syz [ 409.589989][ T5838] usb 2-1: config 0 descriptor?? [ 409.596992][T16926] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 409.641749][T16937] EXT4-fs warning (device loop3): ext4_group_add:1742: No reserved GDT blocks, can't resize [ 409.693754][ T5772] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 409.853006][T16926] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 409.920954][T16948] xt_CT: You must specify a L4 protocol and not use inversions on it [ 410.064500][T16952] loop4: detected capacity change from 0 to 128 [ 410.082122][ T5838] asix 2-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 410.100629][T16952] FAT-fs (loop4): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 410.111911][ T5838] asix: probe of 2-1:0.188 failed with error -71 [ 410.135845][ T5838] usb 2-1: USB disconnect, device number 27 [ 410.171352][T16952] FAT-fs (loop4): error, invalid access to FAT (entry 0x00000100) [ 410.197661][T16952] FAT-fs (loop4): Filesystem has been set read-only [ 410.390110][T16958] netlink: 'syz.3.5120': attribute type 10 has an invalid length. [ 410.414186][T16958] netlink: 212412 bytes leftover after parsing attributes in process `syz.3.5120'. [ 410.430753][T16958] openvswitch: netlink: Flow key attr not present in new flow. [ 411.451946][T17000] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5140'. [ 411.491728][T17000] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 411.774895][T17016] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5147'. [ 411.859736][T17019] cgroup: Invalid name [ 412.088697][T17028] netlink: 'syz.2.5155': attribute type 1 has an invalid length. [ 412.455355][ T28] audit: type=1326 audit(2000000078.860:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17044 comm="syz.2.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 412.487002][ T28] audit: type=1326 audit(2000000078.860:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17044 comm="syz.2.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 412.571897][ T28] audit: type=1326 audit(2000000078.860:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17044 comm="syz.2.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=218 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 412.660485][ T28] audit: type=1326 audit(2000000078.860:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17044 comm="syz.2.5170" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 412.983643][T17068] loop3: detected capacity change from 0 to 8 [ 413.021270][T17068] SQUASHFS error: Failed to read block 0x63a: -5 [ 413.045089][T17068] SQUASHFS error: Unable to read metadata cache entry [638] [ 413.053059][T17071] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 413.071658][T17068] SQUASHFS error: Unable to read directory block [26067d:ffff] [ 413.231491][ T28] audit: type=1326 audit(2000000079.630:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17074 comm="syz.2.5177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 413.289455][ T28] audit: type=1326 audit(2000000079.630:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17074 comm="syz.2.5177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 413.331977][ T28] audit: type=1326 audit(2000000079.670:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17074 comm="syz.2.5177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 413.395794][ T28] audit: type=1326 audit(2000000079.670:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17074 comm="syz.2.5177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 413.425103][T17081] loop2: detected capacity change from 0 to 16 [ 413.440663][ T28] audit: type=1326 audit(2000000079.670:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17074 comm="syz.2.5177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 413.478159][ T28] audit: type=1326 audit(2000000079.670:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17074 comm="syz.2.5177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f23a539aeb9 code=0x7ffc0000 [ 413.637476][T17086] loop3: detected capacity change from 0 to 64 [ 414.186496][T17109] loop3: detected capacity change from 0 to 1024 [ 414.300313][T17109] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 414.385637][T17109] EXT4-fs error (device loop3): ext4_get_first_dir_block:3606: inode #11: comm syz.3.5192: directory missing '..' [ 414.486697][T17122] IPv6: Can't replace route, no match found [ 414.533540][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 414.999738][T17136] bridge2: entered promiscuous mode [ 415.306908][T17150] netlink: 209852 bytes leftover after parsing attributes in process `syz.2.5211'. [ 415.322261][T17150] openvswitch: netlink: ufid size 3064 bytes exceeds the range (1, 16) [ 415.349711][T17150] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 415.797802][T17174] ./file0: Can't lookup blockdev [ 415.946352][T17178] loop2: detected capacity change from 0 to 2048 [ 416.003260][T17178] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found! [ 416.123768][T17184] loop3: detected capacity change from 0 to 512 [ 416.208293][T17184] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 416.240537][T17184] ext4 filesystem being mounted at /1359/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 416.331786][ T5838] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 416.382532][T17192] loop1: detected capacity change from 0 to 256 [ 416.425018][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 416.425646][T17192] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x6f4cd389, utbl_chksum : 0xe619d30d) [ 416.553989][ T5838] usb 3-1: Using ep0 maxpacket: 8 [ 416.580234][ T5838] usb 3-1: config 7 has an invalid interface number: 143 but max is 1 [ 416.595878][ T5838] usb 3-1: config 7 has an invalid interface number: 217 but max is 1 [ 416.630676][ T5838] usb 3-1: config 7 has an invalid descriptor of length 229, skipping remainder of the config [ 416.666512][ T5838] usb 3-1: config 7 has no interface number 0 [ 416.714579][ T5838] usb 3-1: config 7 has no interface number 1 [ 416.720760][ T5838] usb 3-1: too many endpoints for config 7 interface 217 altsetting 0: 255, using maximum allowed: 30 [ 416.750393][ T5838] usb 3-1: config 7 interface 217 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 416.793383][T17203] IPv6: Can't replace route, no match found [ 416.807817][ T5838] usb 3-1: config 7 interface 143 has no altsetting 0 [ 416.830033][ T5838] usb 3-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=ba.35 [ 416.841610][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.854895][ T5838] usb 3-1: Product: syz [ 416.861655][ T5838] usb 3-1: Manufacturer: syz [ 416.866286][ T5838] usb 3-1: SerialNumber: syz [ 416.972586][T17206] loop3: detected capacity change from 0 to 8 [ 417.018158][ T7427] udevd[7427]: incorrect cramfs checksum on /dev/loop3 [ 417.042900][T17206] cramfs: Error -3 while decompressing! [ 417.056770][T17206] cramfs: ffffffff973f4368(26)->ffff888056a20000(4096) [ 417.072024][T17206] cramfs: Error -3 while decompressing! [ 417.086622][T17206] cramfs: ffffffff973f4382(26)->ffff88805483d000(4096) [ 417.102206][T17206] cramfs: Error -3 while decompressing! [ 417.124151][T17206] cramfs: ffffffff973f439c(16)->ffff888075a50000(4096) [ 417.134214][ T5838] qmi_wwan: probe of 3-1:7.143 failed with error -22 [ 417.145044][T17206] cramfs: Error -3 while decompressing! [ 417.150657][T17206] cramfs: ffffffff973f4368(26)->ffff888056a20000(4096) [ 417.170104][ T5838] usb 3-1: USB disconnect, device number 32 [ 418.194858][T17225] loop4: detected capacity change from 0 to 32768 [ 418.230273][T17225] (syz.4.5248,17225,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 418.264200][T17225] (syz.4.5248,17225,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 418.300438][T17225] JBD2: Ignoring recovery information on journal [ 418.352797][T17225] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 418.381898][ T5838] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 418.411667][ T9] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 418.579036][T14313] ocfs2: Unmounting device (7,4) on (node local) [ 418.589740][ T5838] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 418.611767][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 418.613369][ T5838] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 418.628481][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 418.651944][ T5838] usb 3-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 418.660482][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 418.661153][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 418.694736][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 418.713718][ T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 418.723097][ T9] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 418.732206][ T9] usb 2-1: Product: syz [ 418.737355][ T9] usb 2-1: Manufacturer: syz [ 418.742918][ T9] usb 2-1: SerialNumber: syz [ 418.760040][ T5838] usb 3-1: config 0 descriptor?? [ 418.773848][ T9] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input21 [ 418.993065][ T9] usb 2-1: USB disconnect, device number 28 [ 419.006789][ T9] appletouch 2-1:1.0: input: appletouch disconnected [ 419.200290][ T5838] Bluetooth: Can't get version to change to load ram patch err [ 419.213477][ T5838] Bluetooth: Loading patch file failed [ 419.218986][ T5838] ath3k: probe of 3-1:0.0 failed with error -71 [ 419.228821][ T5838] usb 3-1: USB disconnect, device number 33 [ 419.605711][T17261] loop1: detected capacity change from 0 to 512 [ 419.680692][T17261] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 419.731465][T17261] ext4 filesystem being mounted at /1332/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 419.877948][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 420.389154][T17263] loop3: detected capacity change from 0 to 32768 [ 420.636611][T17291] loop1: detected capacity change from 0 to 512 [ 420.707012][T17291] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 420.786377][T17291] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback. [ 420.861799][T17291] ext4 filesystem being mounted at /1336/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 420.929472][T17286] loop4: detected capacity change from 0 to 32768 [ 420.942995][T17291] __quota_error: 7 callbacks suppressed [ 420.943009][T17291] Quota error (device loop1): do_check_range: Getting dqdh_next_free 4294967294 out of range 0-8 [ 420.992300][T17291] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 421.002644][T17291] EXT4-fs error (device loop1): ext4_acquire_dquot:6949: comm syz.1.5279: Failed to acquire dquot type 0 [ 421.038445][T17286] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 421.096808][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000. [ 421.142333][T17286] (syz.4.5274,17286,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=32, inode=17057, rec_len=4095, name_len=0 [ 421.164132][T17286] (syz.4.5274,17286,1):ocfs2_prepare_dir_for_insert:4312 ERROR: status = -2 [ 421.231629][T17286] (syz.4.5274,17286,1):ocfs2_mknod:298 ERROR: status = -2 [ 421.238881][T17286] (syz.4.5274,17286,1):ocfs2_mknod:502 ERROR: status = -2 [ 421.280143][T17286] (syz.4.5274,17286,1):ocfs2_create:676 ERROR: status = -2 [ 421.288640][T17308] netlink: 'syz.1.5284': attribute type 21 has an invalid length. [ 421.310521][T17308] netlink: 'syz.1.5284': attribute type 20 has an invalid length. [ 421.328321][T17308] IPv6: NLM_F_CREATE should be specified when creating new route [ 421.450131][T17309] loop2: detected capacity change from 0 to 4096 [ 421.469982][T14313] ocfs2: Unmounting device (7,4) on (node local) [ 421.484020][T17309] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 421.542719][T17309] ntfs3: loop2: It is recommened to use chkdsk. [ 421.626130][T17309] ntfs3: loop2: Failed to initialize $Secure::$SII (-22). [ 421.642295][T17309] ntfs3: loop2: Failed to initialize $Secure (-22). [ 421.954431][T17324] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5292'. [ 421.986626][T17324] netlink: 440 bytes leftover after parsing attributes in process `syz.3.5292'. [ 422.200512][T17338] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5299'. [ 422.229241][T17338] bridge_slave_1: left allmulticast mode [ 422.243772][T17338] bridge_slave_1: left promiscuous mode [ 422.249906][T17338] bridge0: port 2(bridge_slave_1) entered disabled state [ 422.301998][T17338] bridge_slave_0: left allmulticast mode [ 422.308451][T17338] bridge_slave_0: left promiscuous mode [ 422.325213][T17338] bridge0: port 1(bridge_slave_0) entered disabled state [ 422.341768][ T5838] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 422.541676][ T5838] usb 5-1: Using ep0 maxpacket: 16 [ 422.548701][ T5838] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 422.569500][ T5838] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 422.622388][ T5838] usb 5-1: config 0 descriptor?? [ 422.639368][ T5838] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 422.859240][ T5838] usb 5-1: Detected FT232B [ 423.047086][ T5838] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 423.071761][ T5838] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 423.081065][ T5838] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 423.115944][ T5838] usb 5-1: USB disconnect, device number 9 [ 423.152176][ T5838] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 423.172212][ T5838] ftdi_sio 5-1:0.0: device disconnected [ 423.281839][ T9] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 423.348189][T17358] loop1: detected capacity change from 0 to 32768 [ 423.361081][T17358] (syz.1.5307,17358,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 423.382105][T17358] (syz.1.5307,17358,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 423.407962][T17358] JBD2: Ignoring recovery information on journal [ 423.460035][T17358] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 423.472424][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 423.484552][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 423.496011][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 423.505862][ T9] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 423.522379][ T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 423.533447][ T9] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 423.543115][ T9] usb 3-1: Product: syz [ 423.547319][ T9] usb 3-1: Manufacturer: syz [ 423.552774][ T9] usb 3-1: SerialNumber: syz [ 423.575529][ T9] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input22 [ 423.848872][ T5771] ocfs2: Unmounting device (7,1) on (node local) [ 423.865684][ T9] usb 3-1: USB disconnect, device number 34 [ 423.886958][ T9] appletouch 3-1:1.0: input: appletouch disconnected [ 423.971844][T17376] netlink: 240 bytes leftover after parsing attributes in process `syz.4.5318'. [ 424.835752][T17378] Bluetooth: hci0: Opcode 0x080f failed: -4 [ 425.042101][ T9] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 425.054987][T17414] loop2: detected capacity change from 0 to 256 [ 425.078061][T17414] exfat: Deprecated parameter 'namecase' [ 425.085685][T17414] exfat: Deprecated parameter 'namecase' [ 425.126003][T17414] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 425.145597][ T5759] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 425.186315][T17414] fuse: Bad value for 'fd' [ 425.245813][ T9] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 425.278481][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 425.301665][ T9] usb 5-1: Product: syz [ 425.305877][ T9] usb 5-1: Manufacturer: syz [ 425.310495][ T9] usb 5-1: SerialNumber: syz [ 425.335738][ T9] usb 5-1: config 0 descriptor?? [ 425.361874][ T5759] usb 2-1: Using ep0 maxpacket: 32 [ 425.368690][ T5759] usb 2-1: too many configurations: 17, using maximum allowed: 8 [ 425.388942][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 425.401677][ T5759] usb 2-1: config 0 has no interface number 0 [ 425.407947][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 425.431302][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 425.463413][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 425.471474][ T5759] usb 2-1: config 0 has no interface number 0 [ 425.491779][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 425.511975][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 425.539245][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 425.547845][ T5759] usb 2-1: config 0 has no interface number 0 [ 425.574774][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 425.593512][ T9] hso 5-1:0.0: Failed to find BULK IN ep [ 425.601667][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 425.624009][ T9] usb-storage 5-1:0.0: USB Mass Storage device detected [ 425.632130][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 425.640158][ T5759] usb 2-1: config 0 has no interface number 0 [ 425.659533][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 425.669891][T17430] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5342'. [ 425.694474][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 425.718341][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 425.741746][ T5759] usb 2-1: config 0 has no interface number 0 [ 425.771046][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 425.785457][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 425.844757][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 425.857623][ T1188] usb 5-1: USB disconnect, device number 10 [ 425.863627][ T5759] usb 2-1: config 0 has no interface number 0 [ 425.863679][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 425.863702][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 425.874366][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 425.920242][T17434] netlink: 'syz.3.5346': attribute type 21 has an invalid length. [ 425.933186][T17434] netlink: 'syz.3.5346': attribute type 20 has an invalid length. [ 425.941062][ T5759] usb 2-1: config 0 has no interface number 0 [ 425.947975][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 425.958897][T17434] IPv6: NLM_F_CREATE should be specified when creating new route [ 425.967005][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 426.003281][ T5759] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 426.012964][ T5759] usb 2-1: config 0 has no interface number 0 [ 426.019124][ T5759] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 426.051627][ T5759] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 426.071730][ T5779] Bluetooth: hci0: command 0x0406 tx timeout [ 426.103840][ T5759] usb 2-1: New USB device found, idVendor=108c, idProduct=0168, bcdDevice=84.b2 [ 426.124449][ T5759] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 426.147303][ T5759] usb 2-1: Product: syz [ 426.171152][ T5759] usb 2-1: Manufacturer: syz [ 426.181712][ T5759] usb 2-1: SerialNumber: syz [ 426.200065][ T5759] usb 2-1: config 0 descriptor?? [ 426.220316][ T5759] etas_es58x 2-1:0.2: Starting syz syz (Serial Number syz) [ 426.241289][T17440] loop2: detected capacity change from 0 to 4096 [ 426.301159][T17440] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 426.407162][T17440] ntfs3: loop2: failed to convert "c46c" to cp869 [ 426.415899][T17444] loop3: detected capacity change from 0 to 4096 [ 426.434060][T17444] ntfs: (device loop3): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 426.445854][T17444] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 426.456219][T17444] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 426.481895][ T5759] etas_es58x 2-1:0.2: could not parse product info: 'ࠅ' [ 426.506497][T17444] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 426.668205][T17444] ntfs: volume version 3.1. [ 426.788763][T17444] ntfs: (device loop3): ntfs_attr_find(): Inode is corrupt. Run chkdsk. [ 426.808083][ T5838] usb 2-1: USB disconnect, device number 29 [ 426.808509][T17444] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0x40 as bad. Run chkdsk. [ 426.832038][ T5838] etas_es58x 2-1:0.2: Disconnecting syz syz [ 427.013599][ T5759] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 427.222289][ T5759] usb 3-1: Using ep0 maxpacket: 32 [ 427.242319][ T5759] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 427.268888][ T5759] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 427.291262][ T5759] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9 [ 427.300953][ T5759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 427.310770][ T5759] usb 3-1: Product: syz [ 427.320883][ T5759] usb 3-1: Manufacturer: syz [ 427.327040][ T5759] usb 3-1: SerialNumber: syz [ 427.342567][ T5759] usb 3-1: config 0 descriptor?? [ 427.356143][ T5759] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input23 [ 427.561521][T17470] loop3: detected capacity change from 0 to 2048 [ 427.606003][T17470] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=66359, location=66359 [ 427.648177][T17476] loop4: detected capacity change from 0 to 512 [ 427.685877][T17470] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 427.743212][T17476] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 427.767748][ T5759] usb 3-1: USB disconnect, device number 35 [ 427.809361][T17476] ext4 filesystem being mounted at /351/file2 supports timestamps until 2038-01-19 (0x7fffffff) [ 427.922662][T17476] EXT4-fs error (device loop4): ext4_xattr_block_get:597: inode #15: comm syz.4.5355: corrupted xattr block 33: overlapping e_value [ 428.074016][T14313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 428.128748][T17487] ipt_REJECT: TCP_RESET invalid for non-tcp [ 428.330563][T17472] loop1: detected capacity change from 0 to 32768 [ 428.446984][T17472] ocfs2: Mounting device (7,1) on (node local, slot 0) with writeback data mode. [ 428.531187][T17498] loop4: detected capacity change from 0 to 4096 [ 428.581705][T17498] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 428.617988][T17500] netlink: 'syz.3.5362': attribute type 3 has an invalid length. [ 428.709514][T17498] ntfs3: loop4: failed to convert "c46c" to cp869 [ 428.767719][ T5771] (syz-executor,5771,1):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 428.805609][ T5771] ocfs2: Unmounting device (7,1) on (node local) [ 429.032699][ T28] audit: type=1326 audit(2000000095.430:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.4.5368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 429.092152][ T28] audit: type=1326 audit(2000000095.430:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.4.5368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 429.207593][ T28] audit: type=1326 audit(2000000095.470:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.4.5368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=148 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 429.259192][T17516] loop2: detected capacity change from 0 to 256 [ 429.298718][ T28] audit: type=1326 audit(2000000095.470:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17509 comm="syz.4.5368" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 429.558271][T17524] loop3: detected capacity change from 0 to 1024 [ 429.598316][T17529] 9pnet_fd: p9_fd_create_tcp (17529): problem connecting socket to 127.0.0.1 [ 429.613021][ T7122] hfsplus: b-tree write err: -5, ino 4 [ 429.828390][T17527] loop1: detected capacity change from 0 to 8192 [ 429.870455][T17527] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 429.893800][T17527] REISERFS (device loop1): found reiserfs format "3.5" with non-standard journal [ 429.906352][T17527] REISERFS (device loop1): using ordered data mode [ 429.913498][T17527] reiserfs: using flush barriers [ 429.919963][T17527] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 429.937148][T17527] REISERFS (device loop1): checking transaction log (loop1) [ 429.976500][T17527] REISERFS (device loop1): Using rupasov hash to sort names [ 429.987068][T17527] REISERFS (device loop1): using 3.5.x disk format [ 430.012086][T17527] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 430.047848][T17527] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 430.071874][T17527] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 430.092060][T17527] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 430.107944][T17527] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 430.139517][T17527] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 430.194384][T17527] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 430.257133][T17530] loop2: detected capacity change from 0 to 32768 [ 430.332269][T17530] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 430.776612][ T5770] (syz-executor,5770,0):ocfs2_inode_is_valid_to_delete:872 ERROR: Skipping delete of system file 76 [ 430.889295][ T5770] ocfs2: Unmounting device (7,2) on (node local) [ 430.981950][ T5759] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 431.020297][T17558] openvswitch: netlink: Flow actions attr not present in new flow. [ 431.120744][T17556] loop4: detected capacity change from 0 to 8192 [ 431.151726][T17556] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 431.175492][ T5759] usb 2-1: Using ep0 maxpacket: 16 [ 431.197667][ T5759] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 431.211433][T17556] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 431.231622][ T5759] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 431.239278][T17556] REISERFS (device loop4): using ordered data mode [ 431.258270][T17556] reiserfs: using flush barriers [ 431.275958][ T5759] usb 2-1: config 0 descriptor?? [ 431.296758][T17556] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 431.336314][ T5759] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 431.369588][T17556] REISERFS (device loop4): checking transaction log (loop4) [ 431.388524][T17556] REISERFS (device loop4): Using rupasov hash to sort names [ 431.421961][T17556] REISERFS (device loop4): using 3.5.x disk format [ 431.428926][T17556] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 431.476153][T17556] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 431.487912][T17556] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 431.499199][T17556] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 UNKNOWN] (nlink == 1) not found (pos 2) [ 431.513728][T17556] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 431.540594][ T5759] usb 2-1: Detected FT232B [ 431.581977][T17556] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 431.632012][T17556] REISERFS warning: green-16003 errcatch_is_left_mergeable: Invalid item type observed, run fsck ASAP [ 431.670005][T17569] loop2: detected capacity change from 0 to 2048 [ 431.697498][T17569] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=66359, location=66359 [ 431.717138][T17571] loop3: detected capacity change from 0 to 512 [ 431.748201][T17569] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 431.761205][ T5759] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 431.783748][ T5759] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 431.792358][ T5759] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 431.802957][ T5759] usb 2-1: USB disconnect, device number 30 [ 431.808961][T17571] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 431.816580][ T5759] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 431.830681][ T5759] ftdi_sio 2-1:0.0: device disconnected [ 431.896457][T17571] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.5401: invalid indirect mapped block 83886080 (level 1) [ 431.984405][T17571] EXT4-fs (loop3): Remounting filesystem read-only [ 431.991389][T17571] EXT4-fs (loop3): 1 orphan inode deleted [ 432.001189][T17571] EXT4-fs (loop3): 1 truncate cleaned up [ 432.017532][T17571] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 432.173658][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 432.261227][T17580] SET target dimension over the limit! [ 432.444854][T17589] netlink: zone id is out of range [ 432.450023][T17589] netlink: del zone limit has 8 unknown bytes [ 432.648857][T17594] loop2: detected capacity change from 0 to 1024 [ 432.750905][T17600] ipt_REJECT: TCP_RESET invalid for non-tcp [ 432.774430][ T11] hfsplus: b-tree write err: -5, ino 4 [ 433.054137][T17611] netlink: 'syz.4.5412': attribute type 5 has an invalid length. [ 433.063247][T17611] netlink: 'syz.4.5412': attribute type 11 has an invalid length. [ 433.242611][T17618] SET target dimension over the limit! [ 433.435075][T17628] netlink: 'syz.4.5419': attribute type 8 has an invalid length. [ 433.444373][T17626] comedi comedi0: Cannot bond this driver to itself! [ 433.467843][T17628] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.5419'. [ 433.812078][T17644] SET target dimension over the limit! [ 433.912632][ T1188] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 433.963704][T17650] netlink: zone id is out of range [ 433.968969][T17650] netlink: del zone limit has 8 unknown bytes [ 434.091672][ T1188] usb 2-1: Using ep0 maxpacket: 8 [ 434.109023][ T1188] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 434.122645][ T5838] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 434.132429][ T1188] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 434.152746][ T1188] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105 [ 434.161372][ T1188] usb 2-1: SerialNumber: syz [ 434.179500][ T1188] usb 2-1: config 0 descriptor?? [ 434.194248][ T1188] usb 2-1: Found UVC 0.00 device (05ac:8501) [ 434.220408][ T1188] usb 2-1: Failed to create links for entity 255 [ 434.232055][ T1188] usb 2-1: Failed to register entities (-22). [ 434.331778][ T5838] usb 4-1: Using ep0 maxpacket: 32 [ 434.339394][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7 [ 434.355065][T17662] loop4: detected capacity change from 0 to 512 [ 434.366071][ T5838] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 434.383649][ T5838] usb 4-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=33.f9 [ 434.393461][ T5838] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.400200][ T1188] usb 2-1: USB disconnect, device number 31 [ 434.415193][T17662] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 434.426430][ T5838] usb 4-1: Product: syz [ 434.446720][ T5838] usb 4-1: Manufacturer: syz [ 434.451371][ T5838] usb 4-1: SerialNumber: syz [ 434.470451][T17662] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #16: comm syz.4.5438: invalid indirect mapped block 83886080 (level 1) [ 434.499857][T17662] EXT4-fs (loop4): Remounting filesystem read-only [ 434.510638][T17662] EXT4-fs (loop4): 1 orphan inode deleted [ 434.519241][T17662] EXT4-fs (loop4): 1 truncate cleaned up [ 434.521945][ T5838] usb 4-1: config 0 descriptor?? [ 434.530215][T17662] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 434.556875][ T5838] input: KB Gear Tablet as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input24 [ 434.666698][T14313] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 434.774220][ T5838] usb 4-1: USB disconnect, device number 30 [ 435.165799][T17664] 9pnet_fd: p9_fd_create_tcp (17664): problem connecting socket to 127.0.0.1 [ 435.245292][T17684] netlink: 'syz.1.5448': attribute type 8 has an invalid length. [ 435.266143][T17684] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.5448'. [ 435.735086][T17705] loop2: detected capacity change from 0 to 1024 [ 435.811713][T17705] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 435.916387][T17705] EXT4-fs error (device loop2): ext4_get_first_dir_block:3606: inode #11: comm syz.2.5457: directory missing '..' [ 435.974010][T17715] netlink: 'syz.3.5460': attribute type 8 has an invalid length. [ 436.008998][T17715] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.5460'. [ 436.118991][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 436.119003][ T28] audit: type=1326 audit(2000000102.520:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17718 comm="syz.3.5463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 436.206526][ T28] audit: type=1326 audit(2000000102.570:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17718 comm="syz.3.5463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 436.256271][ T28] audit: type=1326 audit(2000000102.570:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17718 comm="syz.3.5463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 436.294874][ T28] audit: type=1326 audit(2000000102.570:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17718 comm="syz.3.5463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 436.329693][ T28] audit: type=1326 audit(2000000102.570:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17718 comm="syz.3.5463" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa020b9aeb9 code=0x7ffc0000 [ 436.364929][T17721] netlink: 200 bytes leftover after parsing attributes in process `syz.3.5465'. [ 436.402390][ T5759] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 436.613351][ T5759] usb 5-1: config index 0 descriptor too short (expected 39, got 27) [ 436.630522][ T5759] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 436.656983][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 436.689249][ T5759] usb 5-1: config 0 interface 0 has no altsetting 0 [ 436.699942][ T5759] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 436.709741][ T5759] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 436.721827][ T5759] usb 5-1: Product: syz [ 436.740362][ T5759] usb 5-1: Manufacturer: syz [ 436.752555][T17727] loop3: detected capacity change from 0 to 16 [ 436.761378][ T5759] usb 5-1: SerialNumber: syz [ 436.790331][ T5759] usb 5-1: config 0 descriptor?? [ 436.798837][ T5759] hub 5-1:0.0: bad descriptor, ignoring hub [ 436.817147][ T5759] hub: probe of 5-1:0.0 failed with error -5 [ 436.835401][T17727] erofs: (device loop3): mounted with root inode @ nid 36. [ 436.849648][ T5759] usb 5-1: selecting invalid altsetting 0 [ 436.897552][T17727] syz.3.5468: attempt to access beyond end of device [ 436.897552][T17727] loop3: rw=524288, sector=131758, nr_sectors = 2 limit=16 [ 436.914102][T17727] syz.3.5468: attempt to access beyond end of device [ 436.914102][T17727] loop3: rw=524288, sector=74, nr_sectors = 2 limit=16 [ 436.928051][T17727] syz.3.5468: attempt to access beyond end of device [ 436.928051][T17727] loop3: rw=524288, sector=262336, nr_sectors = 2 limit=16 [ 437.069527][ T5759] usb 5-1: USB disconnect, device number 11 [ 437.120448][T17735] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5480'. [ 437.154637][T17735] macsec0: left allmulticast mode [ 437.192943][T17735] veth1_macvtap: left allmulticast mode [ 437.200052][ T7188] udevd[7188]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 437.226726][T17735] macsec0: left promiscuous mode [ 437.247276][T17735] bridge0: port 4(macsec0) entered disabled state [ 437.292270][T17735] .`: left allmulticast mode [ 437.311434][T17735] bond_slave_0: left allmulticast mode [ 437.323934][T17735] bond_slave_1: left allmulticast mode [ 437.333148][T17735] bridge0: port 3(.`) entered disabled state [ 437.359522][T17735] bridge_slave_1: left allmulticast mode [ 437.365840][T17735] bridge_slave_1: left promiscuous mode [ 437.371721][T17735] bridge0: port 2(bridge_slave_1) entered disabled state [ 437.389931][T17735] bridge_slave_0: left allmulticast mode [ 437.406898][T17735] bridge_slave_0: left promiscuous mode [ 437.417171][T17735] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.580738][T17745] netlink: 1 bytes leftover after parsing attributes in process `syz.3.5476'. [ 437.601832][T17745] netlink: 1 bytes leftover after parsing attributes in process `syz.3.5476'. [ 437.627155][T17749] loop4: detected capacity change from 0 to 128 [ 437.685275][T17749] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 437.706584][T17749] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 437.846837][T17753] 9pnet_fd: p9_fd_create_tcp (17753): problem connecting socket to 127.0.0.1 [ 438.291760][ T1188] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 438.481664][ T1188] usb 3-1: Using ep0 maxpacket: 32 [ 438.503096][ T1188] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 438.511304][ T1188] usb 3-1: config 0 has no interface number 0 [ 438.539068][ T1188] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 438.559729][T17781] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5493'. [ 438.569516][ T1188] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 438.578818][ T1188] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.581169][T17781] bridge_slave_1: left allmulticast mode [ 438.586997][ T1188] usb 3-1: Product: syz [ 438.587014][ T1188] usb 3-1: Manufacturer: syz [ 438.587035][ T1188] usb 3-1: SerialNumber: syz [ 438.605446][ T1188] usb 3-1: config 0 descriptor?? [ 438.623271][T17759] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 438.628701][T17781] bridge_slave_1: left promiscuous mode [ 438.645671][T17781] bridge0: port 2(bridge_slave_1) entered disabled state [ 438.669502][T17781] bridge_slave_0: left allmulticast mode [ 438.699206][T17781] bridge_slave_0: left promiscuous mode [ 438.713566][T17781] bridge0: port 1(bridge_slave_0) entered disabled state [ 438.854143][T17759] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 439.075450][T17792] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5501'. [ 439.085677][ T1188] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 439.110917][ T1188] asix: probe of 3-1:0.188 failed with error -71 [ 439.142678][ T1188] usb 3-1: USB disconnect, device number 36 [ 439.475548][T17808] binder: 17807:17808 ioctl 40046210 0 returned -14 [ 439.524622][T17806] loop3: detected capacity change from 0 to 4096 [ 439.570238][T17810] program syz.1.5509 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 439.797049][T17814] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5511'. [ 439.836518][T17814] bridge_slave_1: left allmulticast mode [ 439.845529][T17814] bridge_slave_1: left promiscuous mode [ 439.852627][T17814] bridge0: port 2(bridge_slave_1) entered disabled state [ 439.876998][T17814] : left allmulticast mode [ 439.908252][T17814] : left promiscuous mode [ 439.917716][T17814] bridge0: port 1() entered disabled state [ 440.074081][ T1281] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.080703][ T1281] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.540733][T17839] netlink: 'syz.3.5524': attribute type 13 has an invalid length. [ 440.605191][T17839] gretap0: refused to change device tx_queue_len [ 440.621935][T17839] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 440.856112][T17843] loop2: detected capacity change from 0 to 4096 [ 440.920416][T17843] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 440.967315][T17843] ntfs3: loop2: Failed to load $Extend (-22). [ 440.988420][T17843] ntfs3: loop2: Failed to initialize $Extend. [ 441.032601][T17833] loop1: detected capacity change from 0 to 32768 [ 441.049377][T17833] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by syz.1.5519 (17833) [ 441.122456][T17833] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 441.143947][T17833] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm [ 441.196352][T17833] BTRFS info (device loop1): turning off barriers [ 441.236259][T17833] BTRFS info (device loop1): enabling ssd optimizations [ 441.258084][T17833] BTRFS info (device loop1): using spread ssd allocation scheme [ 441.301787][T17833] BTRFS info (device loop1): enabling auto defrag [ 441.308366][T17833] BTRFS warning (device loop1): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 441.356870][T17833] BTRFS info (device loop1): trying to use backup root at mount time [ 441.372016][T17833] BTRFS info (device loop1): ignoring data csums [ 441.385214][T17833] BTRFS info (device loop1): force zlib compression, level 3 [ 441.394572][T17833] BTRFS info (device loop1): using free space tree [ 441.496705][T17868] loop3: detected capacity change from 0 to 256 [ 441.620149][T17868] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x6f4cd389, utbl_chksum : 0xe619d30d) [ 441.740105][T17885] binder: 17882:17885 ioctl 40046210 0 returned -14 [ 441.821935][T17833] BTRFS error (device loop1: state MC): ignoredatacsums must be used with ro mount option [ 441.970495][T17889] netlink: 200 bytes leftover after parsing attributes in process `syz.4.5540'. [ 442.007619][ T5771] BTRFS info (device loop1: state C): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6 [ 442.063787][T17893] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 442.195143][ T5783] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 scanned by udevd (5783) [ 442.515214][T17906] loop4: detected capacity change from 0 to 164 [ 443.170337][ T28] audit: type=1326 audit(2000000109.570:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17930 comm="syz.4.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 443.217087][ T28] audit: type=1326 audit(2000000109.570:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17930 comm="syz.4.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 443.255702][ T28] audit: type=1326 audit(2000000109.570:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17930 comm="syz.4.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=235 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 443.303591][ T28] audit: type=1326 audit(2000000109.570:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17930 comm="syz.4.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 443.333609][ T28] audit: type=1326 audit(2000000109.570:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17930 comm="syz.4.5561" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f434319aeb9 code=0x7ffc0000 [ 443.619807][T17945] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5566'. [ 443.681809][T16288] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 443.883242][T16288] usb 5-1: Using ep0 maxpacket: 32 [ 443.929859][T16288] usb 5-1: New USB device found, idVendor=1d50, idProduct=60a1, bcdDevice=a1.4f [ 443.942320][T16288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.950818][T16288] usb 5-1: Product: syz [ 443.956002][T16288] usb 5-1: Manufacturer: syz [ 443.960698][T16288] usb 5-1: SerialNumber: syz [ 443.967867][T16288] usb 5-1: config 0 descriptor?? [ 444.211462][T16288] airspy 5-1:0.0: usb_control_msg() failed -71 request 09 [ 444.224854][T16288] airspy 5-1:0.0: Could not detect board [ 444.230731][T16288] airspy: probe of 5-1:0.0 failed with error -71 [ 444.241935][T16288] usb 5-1: USB disconnect, device number 12 [ 444.450319][T17975] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5582'. [ 444.739733][T17986] netlink: 'syz.1.5587': attribute type 13 has an invalid length. [ 444.765492][T17986] gretap0: refused to change device tx_queue_len [ 444.787914][T17986] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 445.248493][T18006] loop4: detected capacity change from 0 to 4096 [ 445.256287][T18006] ntfs3: loop4: Different NTFS sector size (4096) and media sector size (512). [ 445.336371][T18006] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 445.370943][T18006] ntfs3: loop4: Failed to initialize $Extend/$Reparse. [ 445.504384][T18008] loop3: detected capacity change from 0 to 4096 [ 445.582801][T18008] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 445.602075][ T146] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22. [ 445.609020][T14313] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 445.648658][T14313] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 445.669268][T14313] ntfs3: loop4: ino=3, ntfs_set_state failed, -22. [ 445.688269][T18008] ntfs3: loop3: Failed to load $Extend (-22). [ 445.700205][ T1309] ntfs3: loop4: ino=3, ntfs3_write_inode failed, -22. [ 445.707300][T18008] ntfs3: loop3: Failed to initialize $Extend. [ 446.481036][T18046] xt_CHECKSUM: unsupported CHECKSUM operation 68 [ 446.689406][T18054] loop3: detected capacity change from 0 to 512 [ 446.736016][T18054] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 446.779464][T18054] ext4 filesystem being mounted at /1474/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 446.827428][T18054] EXT4-fs error (device loop3): ext4_validate_inode_bitmap:106: comm syz.3.5620: Corrupt inode bitmap - block_group = 0, inode_bitmap = 20 [ 446.827895][T18059] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5622'. [ 446.857203][T18054] EXT4-fs error (device loop3) in ext4_free_inode:363: Filesystem failed CRC [ 447.006192][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.277127][ T5779] Bluetooth: hci4: command 0x0406 tx timeout [ 447.293725][T18074] loop2: detected capacity change from 0 to 1024 [ 447.300930][T18074] EXT4-fs: Ignoring removed nomblk_io_submit option [ 447.322582][T18074] EXT4-fs: Ignoring removed nomblk_io_submit option [ 447.379601][T18074] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 447.422056][T18074] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 447.473972][T18074] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 447.587974][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 447.621729][ T9] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 447.834818][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 447.856471][ T9] usb 4-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 447.882851][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.932281][ T9] usb 4-1: config 0 descriptor?? [ 447.949179][T18094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5639'. [ 447.962292][ T9] gspca_main: sunplus-2.14.0 probing 041e:400b [ 448.163671][T18101] netlink: 'syz.1.5642': attribute type 5 has an invalid length. [ 448.387217][ T9] gspca_sunplus: reg_w_riv err -71 [ 448.404695][ T9] sunplus: probe of 4-1:0.0 failed with error -71 [ 448.422772][ T9] usb 4-1: USB disconnect, device number 31 [ 448.626024][T18122] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 448.797705][T18128] bond0: entered allmulticast mode [ 448.946517][T18136] trusted_key: encrypted_key: master key parameter is missing [ 449.167426][T18146] syz.1.5663: attempt to access beyond end of device [ 449.167426][T18146] nbd1: rw=0, sector=64, nr_sectors = 8 limit=0 [ 449.186380][T18148] ax25_connect(): syz.2.5664 uses autobind, please contact jreuter@yaina.de [ 449.217485][T18146] syz.1.5663: attempt to access beyond end of device [ 449.217485][T18146] nbd1: rw=0, sector=120, nr_sectors = 8 limit=0 [ 449.254921][T18146] Mount JFS Failure: -5 [ 449.269966][T18146] jfs_mount failed w/return code = -5 [ 449.381739][T18155] netlink: 'syz.3.5667': attribute type 1 has an invalid length. [ 449.457882][T18156] loop2: detected capacity change from 0 to 4096 [ 449.501783][T18156] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 449.580353][T18156] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 449.607876][T18156] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 449.903328][ T7122] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 449.911730][ T5770] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 449.918284][ T5770] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 449.951993][ T5770] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 449.956205][T18174] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 449.979259][ T7122] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 450.001993][T18177] ip6gre1: entered promiscuous mode [ 450.199299][T18180] loop3: detected capacity change from 0 to 1024 [ 450.229882][T18180] EXT4-fs: Ignoring removed nomblk_io_submit option [ 450.254053][T18180] EXT4-fs: Ignoring removed nomblk_io_submit option [ 450.278652][T18180] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 450.301218][T18185] loop2: detected capacity change from 0 to 4096 [ 450.307769][T18180] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 450.363194][T18185] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 450.382930][T18180] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 450.609784][ T5770] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.644659][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 450.791143][T18196] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5688'. [ 451.278543][T18212] xt_NFQUEUE: number of total queues is 0 [ 451.294740][T18207] ALSA: mixer_oss: invalid OSS volume '' [ 451.611291][T18220] ax25_connect(): syz.4.5698 uses autobind, please contact jreuter@yaina.de [ 451.860654][T18232] loop2: detected capacity change from 0 to 256 [ 451.964764][T18232] FAT-fs (loop2): Directory bread(block 64) failed [ 451.974405][T18232] FAT-fs (loop2): Directory bread(block 65) failed [ 451.981040][T18232] FAT-fs (loop2): Directory bread(block 66) failed [ 451.999827][T18232] FAT-fs (loop2): Directory bread(block 67) failed [ 452.006783][T18232] FAT-fs (loop2): Directory bread(block 68) failed [ 452.013419][T18232] FAT-fs (loop2): Directory bread(block 69) failed [ 452.074668][T18232] FAT-fs (loop2): Directory bread(block 70) failed [ 452.081320][T18232] FAT-fs (loop2): Directory bread(block 71) failed [ 452.107589][T18232] FAT-fs (loop2): Directory bread(block 72) failed [ 452.128489][T18232] FAT-fs (loop2): Directory bread(block 73) failed [ 452.166296][T18240] netlink: 'syz.1.5708': attribute type 1 has an invalid length. [ 452.340382][T18246] tmpfs: Bad value for 'mpol' [ 452.463054][T18250] ax25_connect(): syz.3.5712 uses autobind, please contact jreuter@yaina.de [ 452.712013][T18262] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5717'. [ 453.609787][T18306] netlink: 'syz.3.5739': attribute type 1 has an invalid length. [ 453.768758][T18308] ALSA: mixer_oss: invalid OSS volume '' [ 453.776600][T18311] loop3: detected capacity change from 0 to 512 [ 453.819812][T18311] EXT4-fs error (device loop3): ext4_read_block_bitmap_nowait:478: comm syz.3.5741: Invalid block bitmap block 0 in block_group 0 [ 453.902336][T18311] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6653: Corrupt filesystem [ 453.940902][T18311] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.5741: attempt to clear invalid blocks 983261 len 1 [ 453.962273][T18311] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.5741: invalid indirect mapped block 2683928664 (level 0) [ 453.984695][T18311] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.5741: Invalid inode table block 0 in block_group 0 [ 454.010568][T18311] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 454.029405][T18311] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 454.039343][T18311] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.5741: Invalid inode table block 0 in block_group 0 [ 454.059601][T18311] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 454.095617][T18311] EXT4-fs error (device loop3): ext4_truncate:4294: inode #13: comm syz.3.5741: mark_inode_dirty error [ 454.117079][T18311] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 454.128619][T18311] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.5741: Invalid inode table block 0 in block_group 0 [ 454.167245][T18311] EXT4-fs (loop3): 1 truncate cleaned up [ 454.185928][T18311] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 454.242243][T18311] EXT4-fs error (device loop3): __ext4_get_inode_loc:4489: comm syz.3.5741: Invalid inode table block 0 in block_group 0 [ 454.287370][T18311] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5920: Corrupt filesystem [ 454.324695][T18324] loop4: detected capacity change from 0 to 64 [ 454.391225][ T5772] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.429157][T18322] loop1: detected capacity change from 0 to 4096 [ 454.485192][T18322] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 454.751418][ T5771] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 454.792072][ T29] INFO: task syz-executor:5769 blocked for more than 143 seconds. [ 454.820227][ T29] Not tainted syzkaller #0 [ 454.841381][ T29] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 454.874255][ T29] task:syz-executor state:D stack:21704 pid:5769 ppid:1 flags:0x00004004 [ 454.911780][ T29] Call Trace: [ 454.915112][ T29] [ 454.918075][ T29] __schedule+0x1553/0x45a0 [ 454.942902][ T29] ? asan.module_dtor+0x20/0x20 [ 454.947820][ T29] ? mark_lock+0x94/0x320 [ 454.958236][ T29] ? lock_chain_count+0x20/0x20 [ 454.964433][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 454.969509][ T29] ? _raw_spin_lock_irqsave+0x100/0x100 [ 454.981424][ T29] schedule+0xbd/0x170 [ 454.988008][ T29] io_schedule+0x80/0xd0 [ 454.997975][ T29] folio_wait_bit_common+0x714/0xfa0 [ 455.003625][ T29] ? folio_wait_bit+0x30/0x30 [ 455.008343][ T29] ? filemap_get_entry+0x379/0x3f0 [ 455.022002][ T29] ? _compound_head+0x120/0x120 [ 455.026907][ T29] ? find_lock_entries+0xc3e/0xfe0 [ 455.032881][ T29] __filemap_get_folio+0xbc/0xbb0 [ 455.038020][ T29] truncate_inode_pages_range+0x46b/0xfb0 [ 455.044005][ T29] ? mapping_evict_folio+0x510/0x510 [ 455.049420][ T29] ? _raw_spin_lock_irq+0xbb/0xf0 [ 455.054707][ T29] ? _raw_spin_unlock_irq+0x23/0x50 [ 455.060021][ T29] ? lockdep_hardirqs_on+0x98/0x150 [ 455.065369][ T29] evict+0x4dd/0x8d0 [ 455.069372][ T29] ? proc_nr_inodes+0x230/0x230 [ 455.074460][ T29] ? do_raw_spin_unlock+0x121/0x230 [ 455.079768][ T29] ? do_raw_spin_unlock+0x121/0x230 [ 455.085137][ T29] evict_inodes+0x606/0x6a0 [ 455.090110][ T29] ? clear_inode+0x150/0x150 [ 455.094902][ T29] generic_shutdown_super+0x97/0x2b0 [ 455.100265][ T29] kill_block_super+0x44/0x90 [ 455.105069][ T29] deactivate_locked_super+0x97/0x100 [ 455.110479][ T29] cleanup_mnt+0x43b/0x4d0 [ 455.115058][ T29] task_work_run+0x1d4/0x260 [ 455.119692][ T29] ? task_work_cancel+0x220/0x220 [ 455.124835][ T29] ? exit_to_user_mode_loop+0x3b/0x110 [ 455.130349][ T29] exit_to_user_mode_loop+0xe6/0x110 [ 455.135866][ T29] exit_to_user_mode_prepare+0xee/0x180 [ 455.141452][ T29] syscall_exit_to_user_mode+0x1a/0x50 [ 455.147003][ T29] do_syscall_64+0x61/0xa0 [ 455.151454][ T29] ? clear_bhb_loop+0x40/0x90 [ 455.156329][ T29] ? clear_bhb_loop+0x40/0x90 [ 455.161041][ T29] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 455.167071][ T29] RIP: 0033:0x7ff2a9f9c117 [ 455.171527][ T29] RSP: 002b:00007fff2b6928b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 455.180085][ T29] RAX: 0000000000000000 RBX: 00007ff2aa00471f RCX: 00007ff2a9f9c117 [ 455.188137][ T29] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff2b692970 [ 455.196928][ T29] RBP: 00007fff2b692970 R08: 00007fff2b693970 R09: 00000000ffffffff [ 455.205044][ T29] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff2b693a00 [ 455.213113][ T29] R13: 00007ff2aa00471f R14: 000000000004b327 R15: 00007fff2b693a40 [ 455.221134][ T29] [ 455.224399][ T29] [ 455.224399][ T29] Showing all locks held in the system: [ 455.232401][ T29] 1 lock held by ksoftirqd/0/16: [ 455.237365][ T29] #0: ffff8880b8e3c018 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140 [ 455.254844][ T29] 1 lock held by khungtaskd/29: [ 455.259719][ T29] #0: ffffffff8d131fe0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x290 [ 455.269814][ T29] no locks held by syslogd/5120. [ 455.274888][ T29] 2 locks held by getty/5531: [ 455.281247][ T29] #0: ffff88802d5920a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 455.291156][ T29] #1: ffffc9000326e2f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x433/0x1390 [ 455.302020][ T29] 1 lock held by syz-executor/5769: [ 455.307256][ T29] #0: ffff8880267e80e0 (&type->s_umount_key#61){+.+.}-{3:3}, at: deactivate_super+0xa4/0xe0 [ 455.317750][ T29] [ 455.320113][ T29] ============================================= [ 455.320113][ T29] [ 455.328813][ T29] NMI backtrace for cpu 1 [ 455.333178][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 455.340394][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 455.350464][ T29] Call Trace: [ 455.353753][ T29] [ 455.356704][ T29] dump_stack_lvl+0x18c/0x250 [ 455.361384][ T29] ? preempt_count_add+0x91/0x1a0 [ 455.366411][ T29] ? show_regs_print_info+0x20/0x20 [ 455.371631][ T29] ? load_image+0x400/0x400 [ 455.376155][ T29] nmi_cpu_backtrace+0x3a6/0x3e0 [ 455.381101][ T29] ? nmi_trigger_cpumask_backtrace+0x2f0/0x2f0 [ 455.387265][ T29] ? _printk+0xde/0x130 [ 455.391448][ T29] ? load_image+0x400/0x400 [ 455.395981][ T29] ? load_image+0x400/0x400 [ 455.400520][ T29] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 455.406630][ T29] nmi_trigger_cpumask_backtrace+0x17a/0x2f0 [ 455.412652][ T29] watchdog+0xf3d/0xf80 [ 455.416823][ T29] ? watchdog+0x1e1/0xf80 [ 455.421193][ T29] kthread+0x2fa/0x390 [ 455.425277][ T29] ? hungtask_pm_notify+0x90/0x90 [ 455.430299][ T29] ? kthread_blkcg+0xd0/0xd0 [ 455.434918][ T29] ret_from_fork+0x48/0x80 [ 455.439362][ T29] ? kthread_blkcg+0xd0/0xd0 [ 455.443987][ T29] ret_from_fork_asm+0x11/0x20 [ 455.448786][ T29] [ 455.452853][ T29] Sending NMI from CPU 1 to CPUs 0: [ 455.458150][ C0] NMI backtrace for cpu 0 [ 455.458158][ C0] CPU: 0 PID: 1141 Comm: kworker/u4:7 Not tainted syzkaller #0 [ 455.458172][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 455.458180][ C0] Workqueue: events_unbound toggle_allocation_gate [ 455.458205][ C0] RIP: 0010:switch_mm_irqs_off+0x9f/0xb40 [ 455.458226][ C0] Code: 8b 2d 75 11 c7 7e 65 66 8b 05 7d 11 c7 7e 48 89 44 24 30 65 8a 1d e1 11 c7 7e e8 5c ab 47 09 48 89 44 24 38 43 c6 44 26 04 00 <48> c7 84 24 80 00 00 00 00 00 00 00 9c 8f 84 24 80 00 00 00 f7 84 [ 455.458238][ C0] RSP: 0018:ffffc900048ef6e0 EFLAGS: 00000086 [ 455.458249][ C0] RAX: 0000000000000000 RBX: ffff888017c68000 RCX: 7b94ee41b4793400 [ 455.458259][ C0] RDX: ffff888024085a00 RSI: ffffffff8b1c81c0 RDI: ffffffff8b1c8180 [ 455.458269][ C0] RBP: ffffc900048ef7d0 R08: ffffffff8e8adfaf R09: 1ffffffff1d15bf5 [ 455.458279][ C0] R10: dffffc0000000000 R11: fffffbfff1d15bf6 R12: dffffc0000000000 [ 455.458290][ C0] R13: ffffffff8d219240 R14: 1ffff9200091dee8 R15: ffff888024085a00 [ 455.458300][ C0] FS: 0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 455.458312][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 455.458321][ C0] CR2: 00007f23a55de2f8 CR3: 000000000cf32000 CR4: 00000000003506f0 [ 455.458333][ C0] Call Trace: [ 455.458338][ C0] [ 455.458348][ C0] ? switch_mm+0x140/0x140 [ 455.458365][ C0] ? __pte_offset_map_lock+0x17b/0x1d0 [ 455.458379][ C0] ? __page_table_check_ptes_set+0x21d/0x300 [ 455.458400][ C0] __text_poke+0x65a/0xb40 [ 455.458416][ C0] ? kmem_cache_alloc_node+0x6c/0x320 [ 455.458438][ C0] ? __text_poke+0xb40/0xb40 [ 455.458453][ C0] ? text_poke+0xc0/0xc0 [ 455.458466][ C0] ? __mutex_trylock_common+0x159/0x260 [ 455.458480][ C0] ? trace_raw_output_contention_end+0xd0/0xd0 [ 455.458498][ C0] ? kmem_cache_alloc_node+0x6c/0x320 [ 455.458518][ C0] text_poke_bp_batch+0x249/0x990 [ 455.458538][ C0] ? text_poke_loc_init+0x880/0x880 [ 455.458553][ C0] ? mutex_lock_nested+0x20/0x20 [ 455.458573][ C0] ? text_poke_queue+0x140/0x190 [ 455.458591][ C0] ? arch_jump_label_transform_queue+0x93/0x100 [ 455.458619][ C0] text_poke_finish+0x30/0x50 [ 455.458633][ C0] arch_jump_label_transform_apply+0x1c/0x30 [ 455.458655][ C0] static_key_disable_cpuslocked+0xc5/0x1a0 [ 455.458674][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 455.458693][ C0] static_key_disable+0x1a/0x20 [ 455.458710][ C0] toggle_allocation_gate+0x1cc/0x260 [ 455.458732][ C0] ? show_object+0x70/0x70 [ 455.458751][ C0] ? read_lock_is_recursive+0x20/0x20 [ 455.458771][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 455.458789][ C0] ? process_scheduled_works+0x96f/0x15d0 [ 455.458807][ C0] process_scheduled_works+0xa5d/0x15d0 [ 455.458836][ C0] ? assign_work+0x430/0x430 [ 455.458861][ C0] ? assign_work+0x3d0/0x430 [ 455.458880][ C0] worker_thread+0xa55/0xfc0 [ 455.458897][ C0] ? _raw_spin_unlock_irqrestore+0xc5/0x120 [ 455.458922][ C0] kthread+0x2fa/0x390 [ 455.458934][ C0] ? pr_cont_work+0x560/0x560 [ 455.458952][ C0] ? kthread_blkcg+0xd0/0xd0 [ 455.458965][ C0] ret_from_fork+0x48/0x80 [ 455.458981][ C0] ? kthread_blkcg+0xd0/0xd0 [ 455.458994][ C0] ret_from_fork_asm+0x11/0x20 [ 455.459019][ C0] [ 455.539107][ T29] Kernel panic - not syncing: hung_task: blocked tasks [ 455.539135][ T29] CPU: 1 PID: 29 Comm: khungtaskd Not tainted syzkaller #0 [ 455.539178][ T29] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 455.539199][ T29] Call Trace: [ 455.539217][ T29] [ 455.539235][ T29] dump_stack_lvl+0x18c/0x250 [ 455.539314][ T29] ? show_regs_print_info+0x20/0x20 [ 455.539376][ T29] ? load_image+0x400/0x400 [ 455.539450][ T29] panic+0x2dc/0x730 [ 455.539496][ T29] ? schedule_preempt_disabled+0x20/0x20 [ 455.539567][ T29] ? bpf_jit_dump+0xd0/0xd0 [ 455.539636][ T29] ? __irq_work_queue_local+0x13a/0x3b0 [ 455.539675][ T29] ? nmi_trigger_cpumask_backtrace+0x2a4/0x2f0 [ 455.539750][ T29] watchdog+0xf7c/0xf80 [ 455.539811][ T29] ? watchdog+0x1e1/0xf80 [ 455.539871][ T29] kthread+0x2fa/0x390 [ 455.539914][ T29] ? hungtask_pm_notify+0x90/0x90 [ 455.539968][ T29] ? kthread_blkcg+0xd0/0xd0 [ 455.540014][ T29] ret_from_fork+0x48/0x80 [ 455.540062][ T29] ? kthread_blkcg+0xd0/0xd0 [ 455.540100][ T29] ret_from_fork_asm+0x11/0x20 [ 455.540183][ T29] [ 455.545988][ T29] Kernel Offset: disabled [ 455.890845][ T29] Rebooting in 86400 seconds..