last executing test programs: 1.203128901s ago: executing program 3 (id=4756): futex(&(0x7f0000000040)=0x1, 0xd, 0x2, 0x0, 0x0, 0x2) futex(&(0x7f0000000040), 0x5, 0x2, 0x0, &(0x7f0000000180)=0xfffffffe, 0x3000000) 463.113907ms ago: executing program 0 (id=4798): r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$describe(0x6, r0, &(0x7f0000000500)=""/35, 0x23) 462.211997ms ago: executing program 0 (id=4801): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f00000001c0)=0x1) 368.320702ms ago: executing program 0 (id=4805): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET_UNCONFIRMED(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x14, 0x7, 0x1, 0x3, 0x0, 0x0, {0x2, 0x0, 0x2}}, 0x14}, 0x1, 0x0, 0x0, 0x4040015}, 0x8000) 368.214332ms ago: executing program 0 (id=4806): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000440)=@base={0x1, 0x42, 0x6, 0x8, 0x0, 0x1}, 0x48) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x0, r0, 0x4}, 0x38) 367.592162ms ago: executing program 3 (id=4807): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x3, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="180200000000bf0000000000000000008500000020000000850000007d00000095"], &(0x7f0000000080)='GPL\x00', 0x4, 0xc0, &(0x7f0000002380)=""/192}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000680)="e0b9547ed387dbe9abc89b6f5bff", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 367.121452ms ago: executing program 1 (id=4808): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=@delneigh={0x44, 0x1a, 0x1, 0x0, 0xfffffffd, {0xa, 0x0, 0x0, 0x0, 0x0, 0x99}, [@NDA_CACHEINFO={0x14, 0x3, {0x7, 0x2000000, 0x0, 0x7fffd}}, @NDA_DST_IPV6={0x14, 0x1, @private0}]}, 0x44}}, 0xd0) 322.948024ms ago: executing program 0 (id=4811): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mount(&(0x7f0000000100)=@filename='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000001c0)='nilfs2\x00', 0x0, 0x0) 305.964335ms ago: executing program 3 (id=4812): r0 = socket(0x22, 0x2, 0x24) sendmsg$FOU_CMD_GET(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={0x0}, 0x1, 0x0, 0x0, 0x1}, 0xc804) 247.090508ms ago: executing program 4 (id=4814): r0 = syz_io_uring_setup(0x3d1a, &(0x7f0000000480)={0x0, 0x0, 0x10, 0x1}, &(0x7f0000000240), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000140)=[0xffffffff, 0x6], 0x2) 246.977488ms ago: executing program 1 (id=4815): r0 = socket$l2tp6(0xa, 0x2, 0x73) getpeername$l2tp6(r0, 0x0, 0x0) 246.907488ms ago: executing program 0 (id=4816): mlockall(0x1) mlockall(0x5) 246.847238ms ago: executing program 2 (id=4817): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f00000005c0)={0x1, @pix_mp={0x3, 0x1, 0x48524742, 0x3, 0x0, [{0x108, 0xf}, {0x8, 0x29f6ebcf}, {0xd}, {0x5, 0xc}, {0x75a, 0x5}, {0x5, 0x2}, {0x6, 0x40c}, {0x10001, 0x1800000}], 0x0, 0xd, 0x2, 0x1, 0x1}}) 231.219499ms ago: executing program 3 (id=4818): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000640)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x3}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0xbc}}, 0x0) 222.552579ms ago: executing program 2 (id=4819): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="d8000000180081064e81f782db4cb904021d0800fd027c05e8fe55a10a000b000140020203600e41b0000900ac00060311000000a4000b00000000000004015c3b61c1d67f6f94007134cf6efb8000a007a290457f01a7cee4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5ae24e25ccca9e00360db79826835d3a71d95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9000000008af26c8b7b55f4d2a6823a45f28fcb1d", 0xd8}], 0x1}, 0x0) 216.3737ms ago: executing program 4 (id=4820): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) write(r0, 0x0, 0xeffd) 215.39997ms ago: executing program 1 (id=4821): r0 = syz_open_dev$video4linux(&(0x7f0000001c40), 0x6, 0x80001) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r0, 0xc0305615, &(0x7f0000001c80)={0x0, {0x0, 0xff}}) 158.805912ms ago: executing program 4 (id=4822): r0 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) accept4$llc(r0, 0x0, 0x0, 0x80800) 157.782302ms ago: executing program 2 (id=4823): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) ioctl$vim2m_VIDIOC_ENUM_FRAMESIZES(r0, 0xc02c564a, &(0x7f0000000140)={0x0, 0x52424752, 0x0, @stepwise}) 107.085505ms ago: executing program 1 (id=4824): r0 = syz_open_dev$video4linux(&(0x7f0000000040), 0x100, 0x0) preadv(r0, &(0x7f00000004c0)=[{&(0x7f0000000080)=""/153, 0x99}], 0x1, 0x6, 0x6) 106.960005ms ago: executing program 4 (id=4825): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendmsg$inet6(r0, &(0x7f00000015c0)={&(0x7f0000000000)={0xa, 0x4e24, 0xe7, @rand_addr=' \x01\x00', 0x816}, 0x1c, 0x0, 0x0, &(0x7f0000002500)=ANY=[@ANYBLOB="24000000000000002900000032000000ff02"], 0x1090}, 0x4000000) 106.903705ms ago: executing program 2 (id=4826): r0 = getpgid(0x0) kcmp(r0, r0, 0x5, 0xffffffffffffffff, 0xffffffffffffffff) 98.182916ms ago: executing program 3 (id=4827): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000580)={0x1c, 0x13, 0xa, 0x201, 0x0, 0x0, {0x3, 0x0, 0xa}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x2}]}, 0x1c}, 0x1, 0x0, 0x0, 0x10}, 0x800) 86.537026ms ago: executing program 1 (id=4828): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCADDRT(r0, 0x890b, &(0x7f0000000140)={0x0, @l2tp={0x2, 0x0, @local, 0x3}, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x21}}, @generic={0x18, "15ada44fd01700"}, 0x4fe, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd, 0xffffffff}) 11.11783ms ago: executing program 4 (id=4829): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xe, 0x4, 0x4, 0xa}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000380)={r0, &(0x7f0000000300)="98", &(0x7f00000005c0)=""/104}, 0x20) 10.95401ms ago: executing program 1 (id=4830): syz_mount_image$hfs(&(0x7f00000007c0), &(0x7f0000000000)='./file1\x00', 0x30008c0, &(0x7f0000000980)=ANY=[@ANYBLOB="66696c655f756d61736b3d30303030303030303030303030303030303030373737372c6469725f756d61736b3d30303030303030303030303030303030303030303030302c696f636861727365743d69736f383835392d362c636f6465706167653d63703835352c63726561746f723d4ddd71752c00eeabc72a9832436950c6116498dda8be60a94746ea68766f63d1d63944fbda2a9337439b37b6f2a694ba98f40070d09c3890bd28a2018f1adfe1e0a630020a9cac1a43800a70a9328ddb2a2f2e207da7cd3caf243b39eaff4966b7aa97cb6cc7d2cfc59e7a976de0a00d23c7ffaaa056cc4f8bc7b4c0f9a21db642b3e832e30a90ba1b9e7933b77c60f6a1b9ca9128f0a2d0e23373c9d15c79865bae97ddd82b98001b6aa9c5390e4deaf5f0ee492c6842b1c08486e479a889491459a257e9d4083634dac6cd58520f72e6c2f11bbd5b03655bb1863b16f3", @ANYBLOB="11f4579be01e435c584a33c63f8173f96bc4546035804d47be19163bd9e589bfdd0a9e6804495a4e4d83804e78ac5a72446295afd79de3fd6a02932a26ab4045133c371e56b0d48544db3c7db23a432f837b93f89b6f223cd1f6731d407ffdb1dd9467f5cd2d6c4e8b9d4f50d338ac91501a4bb780c4723929e22f55254546facc4f0284e644e6", @ANYRES8, @ANYRESHEX=0x0], 0x11, 0x314, &(0x7f0000000b80)="$eJzs3U1rE08cB/Dv7KZN+m/pf7UVwYNINWAvovUiXiIlL8KTqE0KxSWitviAYBVPIvbu3aNXX4N4UQTP9eRJPHiqBxmZh2SfN6lmd1P9fsCy2dmZ/e3OzlPALIjon7Xa3n11/ov6JwAXLvDsIuAAaAA1AEdwtLHV29zY9LudvIJcHK+bXAImp0gcs9brpmVtwOawPPWphrnwPiqGlPLS56qDoMrp1i/d6M4Tuieo29apExsVxZfl8f6zfJsBsF1EMBMlv6bEHvZwD/OlhUNERBNJmPHdseP8nJ2/Ow7QtIOJSpu48f937VUdQOFkbmpo/NerLClUvf+vk4L1nl7CqXSnv0pMK+t17PNU7PM0zNMTmV2KYatKHYszs77hd8+s3fQ7Dp6gZYUOW9R/O/bxtCLR1hNFL6WsTXMMSpvJPESkzyhn9TVMqWtYMfHfBRCJfyH3jAUQ78QHcUV4eInOYP5Xk0JVk64pL1ZTJv6z2SXqq/TUUbDdRqvVciKHHNInOWbPYA25ygbcrDNO2zIjXxB4w+LUuQ7HcpmrOzck10JqrhW9vQwnI9diJJe6mvUN/232qUohXojLYglf8Qbt0PzfUfE1kWyZoYc+aDWiaYYCfcdV64zWbEitaXsiPXJsfdp9aPYnm8vgLiYbrPUjv0+jfXiO67iA+Tv3H9xwfb97W21c89XjqjcGe27N2Q2/O/UUCCdNyga2gz11SC1xcH9QKjOw5bEWqPqPlCTVsHrf+3tUKxtW4KM/jUf1A4XeutkRrmJ/G/2uazwFtt+P50HqTxsiST+llCU2oh17Z+JJ1XRLVK6g0kc7PmWqQwebqlJh1n/BeqVmJnvqj5c6Tx/xiwBbolRz7MEKLsgrzYwcwH85K7i0YjNXcMk1V2LNqNdcJ08Dp0Y/o2fj/EuINj7iKr//JyIiIiIiIiIiIiIiIiIiIiIiIiI6aMr4zzBVXyMRERERERERERERERERERERERERERER0UG32oD53Wv03/+L0d7/G38Vi2t+Enws7//d6YHv/yUq3q8AAAD///B/c8c=") mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x61c28c7771d1cf6b) 10.88323ms ago: executing program 3 (id=4831): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000004c0)=@newtaction={0x5c, 0x30, 0x301, 0x70bd2a, 0x0, {}, [{0x48, 0x1, [@m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0xa, 0x1, {0xffffffff, 0x0, 0x8}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x2}}}}]}]}, 0x5c}}, 0x0) 10.83792ms ago: executing program 2 (id=4832): r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001300e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) 2.38171ms ago: executing program 4 (id=4833): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x12, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}, 0x80) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000080)={@cgroup, r0, 0xe}, 0x14) 0s ago: executing program 2 (id=4834): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7fffffff, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000080)={0xf0f002}) kernel console output (not intermixed with test programs): EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 57.160714][ T7219] netlink: 160 bytes leftover after parsing attributes in process `syz.0.1211'. [ 57.161575][ T7212] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.1212: bad orphan inode 16 [ 57.168650][ T7212] ext4_test_bit(bit=15, block=18) = 1 [ 57.179915][ T7212] is_bad_inode(inode)=0 [ 57.180743][ T7212] NEXT_ORPHAN(inode)=0 [ 57.181315][ T7212] max_ino=32 [ 57.181816][ T7212] i_nlink=2 [ 57.182371][ T7212] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 57.193087][ T7215] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 57.230666][ T4327] EXT4-fs (loop1): unmounting filesystem. [ 57.270329][ T7212] fscrypt (loop2, inode 16): Error -61 getting encryption context [ 57.291184][ T7231] raw_sendmsg: syz.4.1205 forgot to set AF_INET. Fix it! [ 57.310010][ T7235] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1218'. [ 57.344170][ T4332] EXT4-fs (loop2): unmounting filesystem. [ 57.474453][ T7230] loop0: detected capacity change from 0 to 32768 [ 57.487368][ T7230] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.1217 (7230) [ 57.489727][ T7260] loop1: detected capacity change from 0 to 1764 [ 57.502095][ T7230] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 57.503679][ T7230] BTRFS info (device loop0): using crc32c (crc32c-generic) checksum algorithm [ 57.505124][ T7230] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 57.526463][ T7230] BTRFS info (device loop0): force zstd compression, level 3 [ 57.541329][ T7230] BTRFS info (device loop0): turning on sync discard [ 57.542531][ T7230] BTRFS info (device loop0): force clearing of disk cache [ 57.543775][ T7230] BTRFS info (device loop0): enabling disk space caching [ 57.544959][ T7230] BTRFS info (device loop0): turning off discard [ 57.551712][ T7230] BTRFS info (device loop0): disk space caching is enabled [ 57.596679][ T7285] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1235'. [ 57.605736][ T7285] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1235'. [ 57.712476][ T7230] BTRFS info (device loop0): enabling ssd optimizations [ 57.714121][ T7230] BTRFS info (device loop0): rebuilding free space tree [ 57.721498][ T7230] BTRFS info (device loop0): disabling free space tree [ 57.722684][ T7230] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 57.724221][ T7230] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 57.805028][ T7319] loop4: detected capacity change from 0 to 512 [ 57.808210][ T7319] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 57.809934][ T7319] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 57.890648][ T7288] loop2: detected capacity change from 0 to 32768 [ 57.898017][ T55] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x05417272 (sector = 1) [ 57.913195][ T7288] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop2 scanned by syz.2.1236 (7288) [ 57.920908][ T7334] syz.4.1245 (7334): /proc/7333/oom_adj is deprecated, please use /proc/7333/oom_score_adj instead. [ 57.926345][ T7288] BTRFS info (device loop2): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 57.928383][ T7288] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 57.929870][ T7288] BTRFS info (device loop2): force zlib compression, level 3 [ 57.931006][ T7288] BTRFS info (device loop2): turning on flush-on-commit [ 57.935939][ T7288] BTRFS info (device loop2): max_inline at 4096 [ 57.936969][ T7288] BTRFS info (device loop2): using free space tree [ 57.943387][ T4321] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 57.980978][ T7343] loop4: detected capacity change from 0 to 1024 [ 57.991715][ T7343] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a015c01c, mo2=0002] [ 57.993255][ T7343] System zones: 0-1, 3-36 [ 57.996490][ T7343] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 58.058177][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 58.081507][ T4696] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 12 /dev/loop0 scanned by udevd (4696) [ 58.127795][ T7365] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 58.176041][ T7288] BTRFS info (device loop2): enabling ssd optimizations [ 58.220280][ T7395] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1256'. [ 58.221779][ T7395] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1256'. [ 58.288495][ T4332] BTRFS info (device loop2): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2 [ 58.295657][ T7405] fuse: blksize only supported for fuseblk [ 58.428208][ T4311] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 10 /dev/loop2 scanned by udevd (4311) [ 58.502234][ T7397] loop4: detected capacity change from 0 to 32768 [ 58.506767][ T7397] (syz.4.1257,7397,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 58.524895][ T7397] (syz.4.1257,7397,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 58.536352][ T7397] JBD2: Ignoring recovery information on journal [ 58.559569][ T7437] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 58.581019][ T7455] validate_nla: 3 callbacks suppressed [ 58.581031][ T7455] netlink: 'syz.3.1274': attribute type 2 has an invalid length. [ 58.600478][ T7397] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 58.647905][ T4321] EXT4-fs (loop0): unmounting filesystem. [ 58.751890][ T4333] ocfs2: Unmounting device (7,4) on (node local) [ 58.847653][ T7501] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1290'. [ 58.851321][ T7504] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1291'. [ 58.895693][ T7512] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.1294'. [ 58.988871][ T7527] syz.3.1300: vmalloc error: size 9007199254740992, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz3,mems_allowed=0 [ 58.991338][ T7527] CPU: 0 PID: 7527 Comm: syz.3.1300 Not tainted syzkaller #0 [ 58.992405][ T7527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 58.994018][ T7527] Call trace: [ 58.994587][ T7527] dump_backtrace+0x1c0/0x1ec [ 58.995365][ T7527] show_stack+0x2c/0x3c [ 58.996091][ T7527] __dump_stack+0x30/0x40 [ 58.996798][ T7527] dump_stack_lvl+0xf4/0x15c [ 58.997552][ T7527] dump_stack+0x1c/0x5c [ 58.998266][ T7527] warn_alloc+0x214/0x328 [ 58.999025][ T7527] __vmalloc_node_range+0x118/0xe3c [ 58.999919][ T7527] vmalloc+0x9c/0xd4 [ 59.000645][ T7527] dvb_dmxdev_set_buffer_size+0xc8/0x1b0 [ 59.001612][ T7527] dvb_demux_do_ioctl+0x3fc/0x4d8 [ 59.002473][ T7527] dvb_usercopy+0x240/0x45c [ 59.003214][ T7527] dvb_demux_ioctl+0x3c/0x54 [ 59.003986][ T7527] __arm64_sys_ioctl+0x14c/0x1c8 [ 59.004802][ T7527] invoke_syscall+0x98/0x2b4 [ 59.005547][ T7527] el0_svc_common+0x138/0x258 [ 59.006345][ T7527] do_el0_svc+0x58/0x130 [ 59.007017][ T7527] el0_svc+0x58/0x128 [ 59.007703][ T7527] el0t_64_sync_handler+0x84/0xf0 [ 59.008573][ T7527] el0t_64_sync+0x18c/0x190 [ 59.013889][ T7533] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 59.015654][ T7533] UDF-fs: error (device loop0): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 59.023077][ T7533] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 160: 0x0b != 0xd4 [ 59.030292][ T7527] Mem-Info: [ 59.030839][ T7527] active_anon:7022 inactive_anon:0 isolated_anon:0 [ 59.030839][ T7527] active_file:15053 inactive_file:2203 isolated_file:0 [ 59.030839][ T7527] unevictable:768 dirty:684 writeback:0 [ 59.030839][ T7527] slab_reclaimable:19176 slab_unreclaimable:93635 [ 59.030839][ T7527] mapped:29154 shmem:2524 pagetables:651 [ 59.030839][ T7527] sec_pagetables:0 bounce:0 [ 59.030839][ T7527] kernel_misc_reclaimable:0 [ 59.030839][ T7527] free:1434845 free_pcp:3981 free_cma:7360 [ 59.045937][ T7533] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 59.073578][ T7527] Node 0 active_anon:23192kB inactive_anon:0kB active_file:60240kB inactive_file:8864kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:116708kB dirty:2712kB writeback:44kB shmem:4920kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:8784kB pagetables:2636kB sec_pagetables:0kB all_unreclaimable? no [ 59.082217][ T7545] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 59.087360][ T7545] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 59.104122][ T7527] Node 0 DMA free:3076864kB boost:0kB min:20656kB low:25820kB high:30984kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:29440kB [ 59.133005][ T7527] lowmem_reserve[]: 0 0 3552 3552 3552 [ 59.133946][ T7527] Node 0 Normal free:2676296kB boost:0kB min:24396kB low:30492kB high:36588kB reserved_highatomic:0KB active_anon:22900kB inactive_anon:0kB active_file:60252kB inactive_file:8776kB unevictable:3072kB writepending:2740kB present:5242880kB managed:3641612kB mlocked:0kB bounce:0kB free_pcp:7100kB local_pcp:5720kB free_cma:0kB [ 59.146448][ T7527] lowmem_reserve[]: 0 0 0 0 0 [ 59.147289][ T7527] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB [ 59.150114][ T7527] Node 0 Normal: 1258*4kB (UME) 996*8kB (UME) 1048*16kB (UME) 783*32kB (UME) 299*64kB (UME) 143*128kB (UM) 105*256kB (UME) 94*512kB (UM) 80*1024kB (UM) 41*2048kB (UM) 572*4096kB (UM) = 2676072kB [ 59.153423][ T7527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 59.162442][ T7557] device bridge2 entered promiscuous mode [ 59.174368][ T7527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 59.176020][ T7527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 59.180765][ T7527] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 59.182221][ T7527] 18400 total pagecache pages [ 59.182997][ T7527] 0 pages in swap cache [ 59.183678][ T7527] Free swap = 124484kB [ 59.184334][ T7527] Total swap = 124996kB [ 59.202611][ T7527] 2097152 pages RAM [ 59.203222][ T7527] 0 pages HighMem/MovableOnly [ 59.203943][ T7527] 416701 pages reserved [ 59.204588][ T7527] 8192 pages cma reserved [ 59.205226][ T7527] 0 pages hwpoisoned [ 59.257669][ T7579] bridge0: port 4(bond0) entered blocking state [ 59.263816][ T7579] bridge0: port 4(bond0) entered disabled state [ 59.265445][ T7579] device bond0 entered promiscuous mode [ 59.266308][ T7579] device bond_slave_0 entered promiscuous mode [ 59.267333][ T7579] device bond_slave_1 entered promiscuous mode [ 59.289565][ T7579] bridge0: port 4(bond0) entered blocking state [ 59.290722][ T7579] bridge0: port 4(bond0) entered forwarding state [ 59.786184][ T7681] IPv6: Can't replace route, no match found [ 59.805001][ T7683] netlink: 'syz.2.1347': attribute type 21 has an invalid length. [ 60.005160][ T7713] netlink: 'syz.1.1356': attribute type 1 has an invalid length. [ 60.421929][ T7780] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 60.439822][ T7780] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 60.640790][ T7631] F2FS-fs (loop3): Found nat_bits in checkpoint [ 60.656384][ T7631] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 60.707416][ T7832] ntfs3: nbd1: try to read out of volume at offset 0x0 [ 60.722073][ T7631] F2FS-fs (loop3): recover xattr in inode (7), error(0) [ 60.723266][ T7631] F2FS-fs (loop3): set inode (7) has corrupted xattr [ 60.758523][ T7834] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 60.787393][ T7804] (syz.0.1384,7804,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 60.790505][ T7804] (syz.0.1384,7804,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 60.823323][ T7804] JBD2: Ignoring recovery information on journal [ 60.879564][ T7804] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 60.882662][ T7804] (syz.0.1384,7804,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 60.899538][ T7804] (syz.0.1384,7804,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x1cec3d0f, computed 0xd2ffbdfe. Applying ECC. [ 60.963981][ T4321] ocfs2: Unmounting device (7,0) on (node local) [ 61.025263][ T7866] [U]  [ 61.026005][ T7866] [U] K{ [ 61.026538][ T7866] [U] t 1ŠFfˊ`GJgo/mC [ 61.038107][ T7866] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 61.040764][ T7866] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 61.042481][ T7866] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 61.074751][ T7866] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 61.084937][ T7866] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 61.086804][ T7866] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 61.096040][ T7866] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 61.164905][ T7866] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 61.166340][ T7866] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 61.170732][ T7866] [U] 22Ʃx?0;3u [ 61.171456][ T7866] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 61.187697][ T7866] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 61.191379][ T7866] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 61.192890][ T7866] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 61.193902][ T7866] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 61.207934][ T7866] [U] ec [ 61.208480][ T7866] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 61.215892][ T7859] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 61.302244][ T7914] netlink: 'syz.3.1421': attribute type 21 has an invalid length. [ 61.551313][ T7965] netlink: 'syz.4.1443': attribute type 15 has an invalid length. [ 61.670759][ T7985] exFAT-fs (loop0): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 61.734239][ T7985] exFAT-fs (loop0): error, invalid size(size(0) > aligned(9223372036854777344) [ 61.734239][ T7985] [ 61.736155][ T7985] exFAT-fs (loop0): Filesystem has been set read-only [ 61.894621][ T8022] set_capacity_and_notify: 10 callbacks suppressed [ 61.894633][ T8022] loop4: detected capacity change from 0 to 8192 [ 61.935598][ T8022] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 62.009503][ T8051] loop1: detected capacity change from 0 to 2048 [ 62.011190][ T8051] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=27481, location=27481 [ 62.048895][ T8051] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 62.201593][ T8090] __nla_validate_parse: 7 callbacks suppressed [ 62.201607][ T8090] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1485'. [ 62.209184][ T8094] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1484'. [ 62.210591][ T8094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1484'. [ 62.212278][ T8082] loop4: detected capacity change from 0 to 4096 [ 62.214033][ T8082] ntfs: (device loop4): parse_options(): Unrecognized mount option show_sysd)sable_sparse. [ 62.218997][ T8090] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1485'. [ 62.241740][ T4698] I/O error, dev loop4, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 62.272445][ T8108] openvswitch: netlink: Missing key (keys=40, expected=100) [ 62.294593][ T8111] netlink: 'syz.1.1488': attribute type 21 has an invalid length. [ 62.362252][ T8126] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1492'. [ 62.464105][ T8143] dlm: plock device version mismatch: kernel (1.2.0), user (1.4294967295.65535) [ 62.495178][ T8141] loop2: detected capacity change from 0 to 4096 [ 62.510644][ T8141] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 62.515655][ T8156] netlink: 260 bytes leftover after parsing attributes in process `syz.4.1504'. [ 62.603467][ T8168] loop0: detected capacity change from 0 to 512 [ 62.693228][ T8168] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 62.742242][ T8168] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1111: group 0, block bitmap and bg descriptor inconsistent: 96 vs 1632 free clusters [ 62.772683][ T8168] Quota error (device loop0): write_blk: dquota write failed [ 62.774199][ T8168] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota [ 62.790223][ T8168] EXT4-fs error (device loop0): ext4_acquire_dquot:6835: comm syz.0.1510: Failed to acquire dquot type 0 [ 62.791086][ T8191] ksmbd: Unknown IPC event: 4, ignore. [ 62.872733][ T4321] EXT4-fs (loop0): unmounting filesystem. [ 62.952973][ T8182] loop2: detected capacity change from 0 to 32768 [ 63.160900][ T8201] loop3: detected capacity change from 0 to 32768 [ 63.193027][ T8201] ERROR: (device loop3): dbAllocNext: Corrupt dmap page [ 63.193027][ T8201] [ 63.322582][ T8276] netlink: 'syz.2.1549': attribute type 41 has an invalid length. [ 63.526450][ T8318] device veth1_to_batadv entered promiscuous mode [ 63.623220][ T8330] loop2: detected capacity change from 0 to 16 [ 63.632810][ T8330] erofs: (device loop2): mounted with root inode @ nid 36. [ 63.722994][ T8334] loop0: detected capacity change from 0 to 4096 [ 63.741576][ T8334] ntfs: volume version 3.1. [ 63.812909][ T8334] ntfs: (device loop0): ntfs_truncate(): Truncate would cause the inode 0x43 to exceed the maximum size for its attribute type (0x80). Aborting truncate. [ 63.814218][ T8364] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1580'. [ 63.817050][ T8364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1580'. [ 63.954386][ T8391] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 63.955901][ T8391] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 63.987034][ T8400] loop4: detected capacity change from 0 to 1024 [ 64.000822][ T8402] usb usb1: usbfs: process 8402 (syz.3.1592) did not claim interface 5 before use [ 64.051332][ T8407] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 64.053066][ T8407] bridge0: port 1(bridge_slave_0) entered disabled state [ 64.084879][ T1589] hfsplus: b-tree write err: -5, ino 25 [ 64.085886][ T1589] hfsplus: b-tree write err: -5, ino 4 [ 64.086828][ T1589] hfsplus: b-tree write err: -5, ino 2 [ 64.209147][ T8443] xt_cluster: you have exceeded the maximum number of cluster nodes (2048 > 32) [ 64.233636][ T8448] (unnamed net_device) (uninitialized): Unable to set peer notification delay as MII monitoring is disabled [ 64.428814][ T8490] netlink: 'syz.2.1622': attribute type 1 has an invalid length. [ 64.432657][ T8490] netlink: 220 bytes leftover after parsing attributes in process `syz.2.1622'. [ 64.491564][ T2062] ieee802154 phy1 wpan1: encryption failed: -22 [ 64.499781][ T8498] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 64.642745][ T8504] netlink: 144 bytes leftover after parsing attributes in process `syz.0.1629'. [ 64.889796][ T8568] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 65.055532][ T8607] EXT4-fs (loop4): 1 truncate cleaned up [ 65.056598][ T8607] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 65.106468][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 65.159667][ T8642] trusted_key: encrypted_key: insufficient parameters specified [ 65.196950][ T8639] EXT2-fs (loop3): nobh option not supported [ 65.204906][ T8639] EXT2-fs (loop3): warning: mounting ext3 filesystem as ext2 [ 65.223944][ T8639] syz.3.1669: attempt to access beyond end of device [ 65.223944][ T8639] loop3: rw=0, sector=3606377190, nr_sectors = 2 limit=512 [ 65.294433][ T8666] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 65.296872][ T8666] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 65.299573][ T8666] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a84ee01c, mo2=0002] [ 65.300874][ T8666] System zones: 1-12 [ 65.301809][ T8666] EXT4-fs (loop0): orphan cleanup on readonly fs [ 65.312668][ T8666] EXT4-fs error (device loop0): ext4_get_branch:178: inode #11: block 33619980: comm syz.0.1676: invalid block [ 65.321402][ T8666] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #11: comm syz.0.1676: invalid indirect mapped block 2 (level 2) [ 65.338488][ T8666] EXT4-fs (loop0): 1 truncate cleaned up [ 65.339509][ T8666] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 65.417064][ T8666] EXT4-fs (loop0): ext4_remount: Checksum for group 0 failed (17031!=33349) [ 65.452888][ T8684] (unnamed net_device) (uninitialized): option mode: invalid value (81) [ 65.475509][ T8692] overlayfs: empty lowerdir [ 65.510612][ T4321] EXT4-fs (loop0): unmounting filesystem. [ 65.546249][ T8699] xt_TCPMSS: Only works on TCP SYN packets [ 65.647103][ T8723] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 65.664412][ T8723] CIFS mount error: No usable UNC path provided in device string! [ 65.664412][ T8723] [ 65.666217][ T8723] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 65.903241][ T8773] netlink: 'syz.3.1717': attribute type 32 has an invalid length. [ 66.131873][ T8813] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 66.149306][ T8813] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e02c, mo2=0002] [ 66.150936][ T8813] EXT4-fs (loop4): orphan cleanup on readonly fs [ 66.151953][ T8813] EXT4-fs error (device loop4): ext4_orphan_get:1425: comm syz.4.1733: bad orphan inode 267 [ 66.185498][ T8824] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 66.204676][ T8813] EXT4-fs (loop4): Remounting filesystem read-only [ 66.205696][ T8813] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 66.232769][ T8813] EXT4-fs warning (device loop4): dx_probe:893: inode #2: comm syz.4.1733: dx entry: limit 0 != root limit 125 [ 66.234635][ T8813] EXT4-fs warning (device loop4): dx_probe:966: inode #2: comm syz.4.1733: Corrupt directory, running e2fsck is recommended [ 66.250419][ T8831] netlink: 'syz.3.1737': attribute type 21 has an invalid length. [ 66.251788][ T8831] netlink: 'syz.3.1737': attribute type 4 has an invalid length. [ 66.253034][ T8831] netlink: 'syz.3.1737': attribute type 5 has an invalid length. [ 66.296428][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 66.421786][ T8852] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 66.815404][ T8880] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 66.816741][ T8880] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 66.825306][ T8880] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 67.136233][ T8938] set_capacity_and_notify: 8 callbacks suppressed [ 67.136245][ T8938] loop3: detected capacity change from 0 to 256 [ 67.373911][ T8982] IPv6: NLM_F_CREATE should be specified when creating new route [ 67.397258][ T8985] ieee802154 phy1 wpan1: encryption failed: -22 [ 67.414218][ T8989] __nla_validate_parse: 10 callbacks suppressed [ 67.414229][ T8989] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1792'. [ 67.473507][ T9003] device veth1_to_bond entered promiscuous mode [ 67.485055][ T9003] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 67.551296][ T9016] loop2: detected capacity change from 0 to 1024 [ 67.579986][ T9020] netlink: 'syz.3.1812': attribute type 5 has an invalid length. [ 67.595289][ T11] hfsplus: b-tree write err: -5, ino 25 [ 67.596297][ T11] hfsplus: b-tree write err: -5, ino 4 [ 67.597317][ T11] hfsplus: b-tree write err: -5, ino 2 [ 67.599200][ T11] hfsplus: b-tree write err: -5, ino 26 [ 67.654099][ T9033] netlink: 80 bytes leftover after parsing attributes in process `syz.4.1808'. [ 67.691696][ T9044] xt_CONNSECMARK: invalid mode: 0 [ 67.820090][ T9070] loop1: detected capacity change from 0 to 2048 [ 67.827027][ T9070] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 67.849267][ T9077] loop3: detected capacity change from 0 to 16 [ 67.856636][ T9077] erofs: (device loop3): mounted with root inode @ nid 36. [ 67.862041][ T9079] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 67.862763][ T9070] syz.1.1820: attempt to access beyond end of device [ 67.862763][ T9070] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048 [ 67.915810][ T9070] NILFS (loop1): error -2 truncating bmap (ino=16) [ 67.946239][ T9048] loop4: detected capacity change from 0 to 32768 [ 68.196716][ T9123] loop2: detected capacity change from 0 to 2048 [ 68.238993][ T9123] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 68.386614][ T9117] loop3: detected capacity change from 0 to 32768 [ 68.404793][ T9117] ERROR: (device loop3): dbAlloc: the hint is outside the map [ 68.404793][ T9117] [ 68.428722][ T9117] ERROR: (device loop3): remounting filesystem as read-only [ 68.435579][ T9117] ialloc: diAlloc returned -5! [ 68.461075][ T9113] loop4: detected capacity change from 0 to 32768 [ 68.489340][ T9113] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 68.495465][ T9113] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 68.544204][ T9113] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms [ 68.553501][ T4378] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 68.554711][ T4378] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 68.595076][ T4378] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 40ms [ 68.608710][ T4378] gfs2: fsid=syz:syz.0: jid=0: Done [ 68.619089][ T9113] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 68.707250][ T9179] loop0: detected capacity change from 0 to 256 [ 68.708859][ T9179] exfat: Deprecated parameter 'namecase' [ 68.709790][ T9179] exfat: Deprecated parameter 'namecase' [ 68.743933][ T9179] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 68.780342][ T9113] gfs2: fsid=syz:syz.0: found 1 quota changes [ 68.871244][ T4333] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 [ 68.873653][ T4333] CPU: 0 PID: 4333 Comm: syz-executor Not tainted syzkaller #0 [ 68.874831][ T4333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 68.876400][ T4333] Call trace: [ 68.876946][ T4333] dump_backtrace+0x1c0/0x1ec [ 68.877783][ T4333] show_stack+0x2c/0x3c [ 68.878582][ T4333] __dump_stack+0x30/0x40 [ 68.879288][ T4333] dump_stack_lvl+0xf4/0x15c [ 68.880078][ T4333] dump_stack+0x1c/0x5c [ 68.880781][ T4333] gfs2_assert_warn_i+0x16c/0x26c [ 68.881713][ T4333] gfs2_quota_cleanup+0x464/0x668 [ 68.882526][ T4333] gfs2_make_fs_ro+0x368/0x438 [ 68.883356][ T4333] gfs2_put_super+0x1e0/0x760 [ 68.884189][ T4333] generic_shutdown_super+0x130/0x324 [ 68.885091][ T4333] kill_block_super+0x70/0xdc [ 68.885956][ T4333] gfs2_kill_sb+0xc0/0xd4 [ 68.886688][ T4333] deactivate_locked_super+0xac/0x120 [ 68.887592][ T4333] deactivate_super+0xe4/0x104 [ 68.888362][ T4333] cleanup_mnt+0x390/0x418 [ 68.889049][ T4333] __cleanup_mnt+0x20/0x30 [ 68.889825][ T4333] task_work_run+0x1ec/0x278 [ 68.890614][ T4333] do_notify_resume+0x1fa0/0x2aa4 [ 68.891403][ T4333] el0_svc+0x98/0x128 [ 68.892078][ T4333] el0t_64_sync_handler+0x84/0xf0 [ 68.892883][ T4333] el0t_64_sync+0x18c/0x190 [ 68.898183][ T9211] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1861'. [ 68.975042][ T9191] loop3: detected capacity change from 0 to 32768 [ 69.013439][ T9191] ERROR: (device loop3): diWrite: ixpxd invalid [ 69.013439][ T9191] [ 69.020562][ T9191] ERROR: (device loop3): remounting filesystem as read-only [ 69.021731][ T9191] ERROR: (device loop3): txAbort: [ 69.021731][ T9191] [ 69.099540][ T9235] (syz.2.1867,9235,0):ocfs2_parse_options:1458 ERROR: Invalid heartbeat mount options [ 69.101211][ T9235] (syz.2.1867,9235,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 69.103798][ T9237] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 69.374639][ T11] hfsplus: b-tree write err: -5, ino 25 [ 69.375694][ T11] hfsplus: b-tree write err: -5, ino 4 [ 69.376614][ T11] hfsplus: b-tree write err: -5, ino 2 [ 69.415872][ T9300] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1889'. [ 69.444918][ T9306] netlink: 'syz.3.1893': attribute type 4 has an invalid length. [ 69.615074][ T112] cfg80211: failed to load regulatory.db [ 69.648732][ T9347] netlink: 9004 bytes leftover after parsing attributes in process `syz.2.1905'. [ 69.749692][ T9361] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1910'. [ 69.851092][ T9321] [ 69.851092][ T9321] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 69.851092][ T9321] [ 69.883780][ T9321] [ 69.883780][ T9321] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 69.883780][ T9321] [ 69.893578][ T9321] [ 69.893578][ T9321] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 69.893578][ T9321] [ 69.895288][ T9321] jfs: Unrecognized mount option "msdos" or missing value [ 69.942539][ T4325] [ 69.942539][ T4325] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 69.942539][ T4325] [ 69.948938][ T4325] [ 69.948938][ T4325] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 69.948938][ T4325] [ 70.043895][ T9404] FAT-fs (loop4): Directory bread(block 414) failed [ 70.044964][ T9404] FAT-fs (loop4): Directory bread(block 415) failed [ 70.046124][ T9404] FAT-fs (loop4): Directory bread(block 416) failed [ 70.047274][ T9404] FAT-fs (loop4): Directory bread(block 417) failed [ 70.068395][ T9404] FAT-fs (loop4): Directory bread(block 418) failed [ 70.076315][ T9404] FAT-fs (loop4): Directory bread(block 419) failed [ 70.077292][ T9404] FAT-fs (loop4): Directory bread(block 420) failed [ 70.091923][ T9404] FAT-fs (loop4): Directory bread(block 421) failed [ 70.095391][ T9418] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1928'. [ 70.153964][ T9404] FAT-fs (loop4): FAT read failed (blocknr 128) [ 70.627421][ T9498] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1955'. [ 70.631565][ T9498] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1955'. [ 70.705160][ T51] block nbd1: Attempted send on invalid socket [ 70.706249][ T51] I/O error, dev nbd1, sector 16 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 70.708428][ T9512] REISERFS warning (device nbd1): sh-2006 read_super_block: bread failed (dev nbd1, block 2, size 4096) [ 70.711786][ T51] block nbd1: Attempted send on invalid socket [ 70.712846][ T51] I/O error, dev nbd1, sector 128 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 70.715123][ T9512] REISERFS warning (device nbd1): sh-2006 read_super_block: bread failed (dev nbd1, block 16, size 4096) [ 70.715178][ T9512] REISERFS warning (device nbd1): sh-2021 reiserfs_fill_super: can not find reiserfs on nbd1 [ 70.894291][ T9545] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 71.059904][ T9580] netlink: 180 bytes leftover after parsing attributes in process `syz.4.1982'. [ 71.331947][ T9652] FAT-fs (loop1): Directory bread(block 64) failed [ 71.333322][ T9652] FAT-fs (loop1): Directory bread(block 65) failed [ 71.334350][ T9652] FAT-fs (loop1): Directory bread(block 66) failed [ 71.354027][ T9652] FAT-fs (loop1): Directory bread(block 67) failed [ 71.355236][ T9652] FAT-fs (loop1): Directory bread(block 68) failed [ 71.356217][ T9652] FAT-fs (loop1): Directory bread(block 69) failed [ 71.357347][ T9652] FAT-fs (loop1): Directory bread(block 70) failed [ 71.374683][ T9652] FAT-fs (loop1): Directory bread(block 71) failed [ 71.375948][ T9652] FAT-fs (loop1): Directory bread(block 72) failed [ 71.376963][ T9652] FAT-fs (loop1): Directory bread(block 73) failed [ 71.378803][ T9658] ipt_CLUSTERIP: bad num_local_nodes 2052 [ 71.468972][ T9671] x_tables: unsorted underflow at hook 4 [ 71.670682][ T9645] XFS (loop0): Mounting V5 Filesystem [ 71.761652][ T9645] XFS (loop0): Ending clean mount [ 71.872684][ T4321] XFS (loop0): Unmounting Filesystem [ 72.109233][ T9753] ntfs3: loop2: Different NTFS' sector size (2048) and media sector size (512) [ 72.234937][ T9740] set_capacity_and_notify: 10 callbacks suppressed [ 72.234948][ T9740] loop3: detected capacity change from 0 to 32768 [ 72.246657][ T9772] dmxdev: DVB (dvb_dmxdev_filter_start): could not set feed [ 72.250569][ T9740] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 72.255445][ T9772] dvb_demux: dvb_demux_feed_del: feed not in list (type=1 state=0 pid=ffff) [ 72.783239][ T9847] netlink: 'syz.0.2057': attribute type 10 has an invalid length. [ 72.784585][ T9847] team0: Device dummy0 is up. Set it down before adding it as a team port [ 72.804106][ T9737] loop4: detected capacity change from 0 to 131072 [ 72.825948][ T9737] F2FS-fs (loop4): invalid crc value [ 72.839462][ T9860] __nla_validate_parse: 8 callbacks suppressed [ 72.839476][ T9860] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2061'. [ 72.842623][ T9860] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2061'. [ 72.857101][ T9862] nft_compat: unsupported protocol 1 [ 72.877057][ T9737] F2FS-fs (loop4): Found nat_bits in checkpoint [ 72.915409][ T9737] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 73.068271][ T9897] loop4: detected capacity change from 0 to 512 [ 73.254680][ T9933] loop3: detected capacity change from 0 to 4096 [ 73.273089][ T9933] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 73.342049][ T9] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22. [ 73.348236][ T4325] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 73.349351][ T4325] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 73.358235][ T4325] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 73.360285][ T9] ntfs3: loop3: ntfs3_write_inode r=3 failed, -22. [ 73.363895][ T4325] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22. [ 73.388140][ T9958] xt_TCPMSS: path-MTU clamping only supported in FORWARD, OUTPUT and POSTROUTING hooks [ 73.419354][ T9965] device bridge4 entered promiscuous mode [ 73.518996][ T9980] netlink: 'syz.0.2100': attribute type 5 has an invalid length. [ 73.832515][T10031] loop3: detected capacity change from 0 to 1024 [ 73.878408][T10036] loop0: detected capacity change from 0 to 128 [ 73.892395][T10036] affs: No valid root block on device loop0 [ 74.003616][T10062] ieee802154 phy1 wpan1: encryption failed: -22 [ 74.004728][T10062] ieee802154 phy1 wpan1: encryption failed: -22 [ 74.162005][T10071] bridge4: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 74.358212][ T9920] loop4: detected capacity change from 0 to 131072 [ 74.405223][T10127] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2142'. [ 74.413208][ T9920] F2FS-fs (loop4): Found nat_bits in checkpoint [ 74.438429][ T9920] F2FS-fs (loop4): Mounted with checkpoint version = 753bd00b [ 74.577052][T10155] netlink: 'syz.2.2155': attribute type 1 has an invalid length. [ 74.753877][T10185] ip6t_rpfilter: unknown options [ 74.760696][T10191] loop3: detected capacity change from 0 to 64 [ 74.771434][T10190] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2167'. [ 74.772908][T10190] netlink: 356 bytes leftover after parsing attributes in process `syz.1.2167'. [ 74.890795][T10218] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2172'. [ 75.071665][T10260] loop0: detected capacity change from 0 to 64 [ 75.103056][T10266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2189'. [ 75.152916][T10276] loop4: detected capacity change from 0 to 256 [ 75.326458][T10320] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2204'. [ 75.380453][T10332] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode 802.3ad(4) [ 75.492409][T10361] ipt_ECN: cannot use operation on non-tcp rule [ 75.579825][T10384] netlink: 'syz.4.2226': attribute type 17 has an invalid length. [ 75.581059][T10384] netlink: 'syz.4.2226': attribute type 16 has an invalid length. [ 75.582359][T10384] netlink: 152 bytes leftover after parsing attributes in process `syz.4.2226'. [ 75.605937][T10375] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 75.639512][T10375] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 75.802608][T10422] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2240'. [ 75.982995][T10456] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 75.985064][T10456] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 76.001175][T10461] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 76.002769][T10461] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 76.009289][T10461] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 76.010987][T10461] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 76.012634][T10461] device geneve2 entered promiscuous mode [ 76.022431][T10456] EXT4-fs (loop0): 1 orphan inode deleted [ 76.023405][T10456] EXT4-fs (loop0): 1 truncate cleaned up [ 76.024397][T10456] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 76.034985][T10456] EXT4-fs error (device loop0): ext4_search_dir:1549: inode #12: block 7: comm syz.0.2253: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0 [ 76.040142][T10461] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 76.041552][T10461] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 76.043066][T10461] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 76.044611][T10461] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 76.122289][ T4321] EXT4-fs (loop0): unmounting filesystem. [ 76.174492][T10490] xt_CT: You must specify a L4 protocol and not use inversions on it [ 76.751592][T10523] JBD2: Ignoring recovery information on journal [ 76.867085][T10523] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 76.874135][T10523] (syz.4.2276,10523,1):ocfs2_read_blocks_sync:112 ERROR: status = -12 [ 76.876383][T10523] (syz.4.2276,10523,1):ocfs2_get_suballoc_slot_bit:2719 ERROR: read block 124554051584 failed -12 [ 76.907534][T10523] (syz.4.2276,10523,1):ocfs2_get_suballoc_slot_bit:2751 ERROR: status = -12 [ 76.908892][T10523] (syz.4.2276,10523,1):ocfs2_test_inode_bit:2833 ERROR: get alloc slot and bit failed -12 [ 76.910576][T10523] (syz.4.2276,10523,1):ocfs2_test_inode_bit:2874 ERROR: status = -12 [ 76.911963][T10523] (syz.4.2276,10523,1):ocfs2_get_dentry:78 ERROR: test inode bit failed -12 [ 76.975569][ T4333] ocfs2: Unmounting device (7,4) on (node local) [ 77.041373][T10618] netdevsim netdevsim1 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.042838][T10618] netdevsim netdevsim1 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.054564][T10618] netdevsim netdevsim1 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.057716][T10618] netdevsim netdevsim1 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 77.071147][T10618] device geneve2 entered promiscuous mode [ 77.119903][T10618] netdevsim netdevsim1 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 77.121474][T10618] netdevsim netdevsim1 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 77.122911][T10618] netdevsim netdevsim1 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 77.124343][T10618] netdevsim netdevsim1 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 77.215097][T10624] netlink: 'syz.3.2311': attribute type 21 has an invalid length. [ 77.325718][T10665] xt_SECMARK: mode already set to 1 cannot mix with rules for mode 2 [ 77.475244][T10651] set_capacity_and_notify: 6 callbacks suppressed [ 77.475255][T10651] loop2: detected capacity change from 0 to 32768 [ 77.524891][T10651] JBD2: Ignoring recovery information on journal [ 77.553714][T10651] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode. [ 77.584339][T10710] netlink: 'syz.3.2338': attribute type 10 has an invalid length. [ 77.592010][T10651] OCFS2: ERROR (device loop2): int ocfs2_reserve_suballoc_bits(struct ocfs2_super *, struct ocfs2_alloc_context *, int, u32, u64 *, int): Invalid chain allocator 4106 [ 77.595927][T10651] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 77.597761][T10651] OCFS2: File system is now read-only. [ 77.598636][T10651] (syz.2.2319,10651,0):ocfs2_reserve_suballoc_bits:850 ERROR: status = -30 [ 77.599907][T10651] (syz.2.2319,10651,0):ocfs2_reserve_new_inode:1091 ERROR: status = -30 [ 77.601361][T10651] (syz.2.2319,10651,0):ocfs2_reserve_new_inode:1114 ERROR: status = -30 [ 77.603078][T10651] (syz.2.2319,10651,0):ocfs2_mknod:306 ERROR: status = -30 [ 77.605062][T10651] (syz.2.2319,10651,0):ocfs2_mknod:502 ERROR: status = -30 [ 77.606447][T10651] (syz.2.2319,10651,0):ocfs2_create:676 ERROR: status = -30 [ 77.636740][ T4332] ocfs2: Unmounting device (7,2) on (node local) [ 77.782804][T10729] usb usb7: usbfs: process 10729 (syz.4.2345) did not claim interface 0 before use [ 77.881706][T10760] loop2: detected capacity change from 0 to 16 [ 77.883767][T10760] erofs: (device loop2): mounted with root inode @ nid 36. [ 77.904338][T10763] loop3: detected capacity change from 0 to 1024 [ 78.268711][T10801] loop0: detected capacity change from 0 to 40427 [ 78.270816][T10801] F2FS-fs (loop0): build fault injection attr: rate: 0, type: 0x35f7 [ 78.272166][T10801] F2FS-fs (loop0): build fault injection attr: rate: 690, type: 0x3ffff [ 78.273823][T10801] F2FS-fs (loop0): invalid crc value [ 78.276651][T10801] F2FS-fs (loop0): Found nat_bits in checkpoint [ 78.284790][T10801] F2FS-fs (loop0): Start checkpoint disabled! [ 78.293055][T10829] netlink: 'syz.2.2376': attribute type 1 has an invalid length. [ 78.314831][T10801] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 78.350977][T10801] syz.0.2368: attempt to access beyond end of device [ 78.350977][T10801] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 78.388094][T10845] loop3: detected capacity change from 0 to 512 [ 78.389708][T10845] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 78.400324][ T11] kworker/u4:1: attempt to access beyond end of device [ 78.400324][ T11] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 78.456918][T10845] FAT-fs (loop3): error, fat_free_clusters: deleting FAT entry beyond EOF [ 78.476008][T10860] loop2: detected capacity change from 0 to 512 [ 78.673611][T10893] loop0: detected capacity change from 0 to 1024 [ 78.712736][ T4384] hfsplus: b-tree write err: -5, ino 25 [ 78.713786][ T4384] hfsplus: b-tree write err: -5, ino 4 [ 78.714772][ T4384] hfsplus: b-tree write err: -5, ino 2 [ 79.473418][T11024] __nla_validate_parse: 3 callbacks suppressed [ 79.473430][T11024] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2440'. [ 79.485290][T11019] loop2: detected capacity change from 0 to 4096 [ 79.499551][T11019] NILFS: invalid option "cp=0x00aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa": too large checkpoint number [ 79.528201][T11028] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2441'. [ 79.529708][T11028] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2441'. [ 79.543567][T11022] loop1: detected capacity change from 0 to 4096 [ 79.545015][T11022] EXT4-fs: inline encryption not supported [ 79.547176][T11028] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2441'. [ 79.570641][T11022] EXT4-fs (loop1): Test dummy encryption mode enabled [ 79.582294][T11022] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 79.582359][T11022] System zones: 0-5 [ 79.611617][T11022] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 79.684464][ T4327] EXT4-fs (loop1): unmounting filesystem. [ 79.696017][T11051] netlink: 399 bytes leftover after parsing attributes in process `syz.2.2447'. [ 79.711383][T11051] openvswitch: netlink: ufid size 36 bytes exceeds the range (1, 16) [ 79.712770][T11051] openvswitch: netlink: Flow get message rejected, Key attribute missing. [ 79.795867][T11067] loop3: detected capacity change from 0 to 1024 [ 79.831733][T11067] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 79.853588][T11067] EXT4-fs error (device loop3): ext4_empty_dir:3166: inode #11: block 623: comm syz.3.2453: Attempting to read directory block (623) that is past i_size (638464) [ 79.916420][T10786] F2FS-fs (loop4): invalid crc value [ 79.920027][ T4325] EXT4-fs (loop3): unmounting filesystem. [ 79.981791][T10786] F2FS-fs (loop4): Found nat_bits in checkpoint [ 80.002270][T10786] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 80.235154][T11142] syz.1.2474: vmalloc error: size 18446744073709551615, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz1,mems_allowed=0 [ 80.248021][T11142] CPU: 0 PID: 11142 Comm: syz.1.2474 Not tainted syzkaller #0 [ 80.249326][T11142] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 80.250965][T11142] Call trace: [ 80.251518][T11142] dump_backtrace+0x1c0/0x1ec [ 80.252358][T11142] show_stack+0x2c/0x3c [ 80.253028][T11142] __dump_stack+0x30/0x40 [ 80.253675][T11142] dump_stack_lvl+0xf4/0x15c [ 80.254450][T11142] dump_stack+0x1c/0x5c [ 80.255149][T11142] warn_alloc+0x214/0x328 [ 80.255862][T11142] __vmalloc_node_range+0x118/0xe3c [ 80.256745][T11142] vmalloc+0x9c/0xd4 [ 80.257381][T11142] dvb_dvr_do_ioctl+0x120/0x1f8 [ 80.258226][T11142] dvb_usercopy+0x240/0x45c [ 80.258985][T11142] dvb_dvr_ioctl+0x3c/0x54 [ 80.259697][T11142] __arm64_sys_ioctl+0x14c/0x1c8 [ 80.260611][T11142] invoke_syscall+0x98/0x2b4 [ 80.261366][T11142] el0_svc_common+0x138/0x258 [ 80.262082][T11142] do_el0_svc+0x58/0x130 [ 80.262740][T11142] el0_svc+0x58/0x128 [ 80.263339][T11142] el0t_64_sync_handler+0x84/0xf0 [ 80.264081][T11142] el0t_64_sync+0x18c/0x190 [ 80.319093][T11142] Mem-Info: [ 80.319669][T11142] active_anon:42042 inactive_anon:0 isolated_anon:0 [ 80.319669][T11142] active_file:15205 inactive_file:2221 isolated_file:0 [ 80.319669][T11142] unevictable:768 dirty:468 writeback:0 [ 80.319669][T11142] slab_reclaimable:19439 slab_unreclaimable:95163 [ 80.319669][T11142] mapped:29231 shmem:37022 pagetables:616 [ 80.319669][T11142] sec_pagetables:0 bounce:0 [ 80.319669][T11142] kernel_misc_reclaimable:0 [ 80.319669][T11142] free:1398952 free_pcp:2488 free_cma:7360 [ 80.327170][T11142] Node 0 active_anon:169268kB inactive_anon:0kB active_file:60820kB inactive_file:8884kB unevictable:3072kB isolated(anon):0kB isolated(file):0kB mapped:116924kB dirty:1872kB writeback:0kB shmem:149088kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:8668kB pagetables:2564kB sec_pagetables:0kB all_unreclaimable? no [ 80.384242][T11142] Node 0 DMA free:3076864kB boost:0kB min:20656kB low:25820kB high:30984kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:3145728kB managed:3080192kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:29440kB [ 80.414696][T11142] lowmem_reserve[]: 0 0 3552 3552 3552 [ 80.415603][T11142] Node 0 Normal free:2531236kB boost:0kB min:24396kB low:30492kB high:36588kB reserved_highatomic:0KB active_anon:146368kB inactive_anon:0kB active_file:60820kB inactive_file:8884kB unevictable:3072kB writepending:1872kB present:5242880kB managed:3641612kB mlocked:0kB bounce:0kB free_pcp:18752kB local_pcp:4328kB free_cma:0kB [ 80.426411][T11118] XFS (loop0): Mounting V5 Filesystem [ 80.427715][T11142] lowmem_reserve[]: 0 0 0 0 0 [ 80.428501][T11142] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 1*256kB (C) 1*512kB (C) 0*1024kB 0*2048kB 751*4096kB (MC) = 3076864kB [ 80.433981][T11142] Node 0 Normal: 1110*4kB (UM) 1469*8kB (UM) 950*16kB (UME) 272*32kB (UME) 155*64kB (UM) 124*128kB (UME) 101*256kB (UME) 92*512kB (UM) 78*1024kB (UE) 41*2048kB (UME) 546*4096kB (UM) = 2539104kB [ 80.440634][T11142] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 80.456378][T11142] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=32768kB [ 80.474503][T11142] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 80.476079][T11142] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=64kB [ 80.495519][T11118] XFS (loop0): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 80.510010][T11142] 37889 total pagecache pages [ 80.510792][T11142] 0 pages in swap cache [ 80.511589][T11142] Free swap = 124484kB [ 80.512247][T11142] Total swap = 124996kB [ 80.526359][T11142] 2097152 pages RAM [ 80.526985][T11142] 0 pages HighMem/MovableOnly [ 80.529530][T11142] 416701 pages reserved [ 80.530233][T11142] 8192 pages cma reserved [ 80.536225][T11118] XFS (loop0): Starting recovery (logdev: internal) [ 80.539737][T11142] 0 pages hwpoisoned [ 80.554846][T11118] XFS (loop0): Ending recovery (logdev: internal) [ 80.562568][T11189] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2488'. [ 80.601139][ T7417] XFS (loop0): Metadata corruption detected at xfs_inobt_verify+0xb0/0x204, xfs_finobt block 0x8 [ 80.603116][ T7417] XFS (loop0): Unmount and run xfs_repair [ 80.604095][ T7417] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 80.605330][ T7417] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff AB3B............ [ 80.606930][ T7417] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10 ................ [ 80.606968][ T7417] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 80.606975][ T7417] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02 ......1....N.... [ 80.606981][ T7417] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00 ...`............ [ 80.606987][ T7417] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 80.606993][ T7417] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 80.606998][ T7417] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 80.607993][T11118] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x184/0x290" at daddr 0x8 len 8 error 117 [ 80.654990][ T4321] XFS (loop0): Unmounting Filesystem [ 80.675510][T11187] ntfs: (device loop2): parse_options(): NLS character set is not found. Using previous one default. [ 80.677388][T11187] ntfs: (device loop2): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 80.692454][T11187] ntfs: volume version 3.1. [ 80.745864][T11218] netlink: 3 bytes leftover after parsing attributes in process `syz.3.2499'. [ 80.747410][T11218] 0X: renamed from caif0 [ 80.818337][T11218] A link change request failed with some changes committed already. Interface 60X may have been left with an inconsistent configuration, please check. [ 80.869987][T11235] vhci_hcd: invalid port number 254 [ 80.870877][T11235] vhci_hcd: GetPortErrorCount req not supported for USB 2.0 roothub [ 80.896496][T11239] netlink: 36 bytes leftover after parsing attributes in process `syz.1.2506'. [ 81.044128][T11276] netlink: 'syz.3.2516': attribute type 1 has an invalid length. [ 81.143088][ T27] audit: type=1326 audit(81.120:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11300 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ff77128 code=0x7ffc0000 [ 81.146681][ T27] audit: type=1326 audit(81.120:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11300 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=167 compat=0 ip=0xffff8ff77128 code=0x7ffc0000 [ 81.156567][ T27] audit: type=1326 audit(81.120:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11300 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ff77128 code=0x7ffc0000 [ 81.175509][ T27] audit: type=1326 audit(81.120:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11300 comm="syz.2.2523" exe="/root/syz-executor" sig=0 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ff77128 code=0x7ffc0000 [ 81.281228][T11330] ipt_CLUSTERIP: no config found for 224.0.0.2, need 'new' [ 81.331132][T11339] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2536'. [ 81.335820][T11339] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2536'. [ 81.337308][T11339] netlink: 'syz.0.2536': attribute type 6 has an invalid length. [ 81.637371][T11412] netlink: 'syz.3.2556': attribute type 4 has an invalid length. [ 81.651369][T11417] set match dimension is over the limit! [ 82.047970][T11501] device gre2 entered promiscuous mode [ 82.126759][T11518] A link change request failed with some changes committed already. Interface veth1_to_bond may have been left with an inconsistent configuration, please check. [ 82.152468][T11523] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 57719 - 0 [ 82.153840][T11523] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 57719 - 0 [ 82.155269][T11523] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 57719 - 0 [ 82.156672][T11523] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 57719 - 0 [ 82.172036][T11523] netdevsim netdevsim2 netdevsim0: set [1, 2] type 2 family 0 port 54394 - 0 [ 82.173509][T11523] netdevsim netdevsim2 netdevsim1: set [1, 2] type 2 family 0 port 54394 - 0 [ 82.175003][T11523] netdevsim netdevsim2 netdevsim2: set [1, 2] type 2 family 0 port 54394 - 0 [ 82.176327][T11523] netdevsim netdevsim2 netdevsim3: set [1, 2] type 2 family 0 port 54394 - 0 [ 82.195340][T11523] device geneve2 entered promiscuous mode [ 82.322403][T11551] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found! [ 82.333892][T11551] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 82.350523][T11510] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.2586 (11510) [ 82.355957][T11510] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.359128][T11551] UDF-fs: error (device loop1): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned lenght of impUse field [ 82.362230][T11560] netlink: 'syz.4.2599': attribute type 13 has an invalid length. [ 82.362242][T11510] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 82.377848][T11510] BTRFS info (device loop0): using free space tree [ 82.405042][T11570] x_tables: unsorted entry at hook 1 [ 82.408420][T11560] gretap0: refused to change device tx_queue_len [ 82.409841][T11560] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 82.420204][T11574] overlayfs: bad mount option "redirect_dir=nofollow:/" [ 82.578535][T11510] BTRFS info (device loop0): enabling ssd optimizations [ 82.600835][ T4321] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 82.885382][T11657] xt_HMARK: proto mask must be zero with L3 mode [ 82.905755][T11661] set_capacity_and_notify: 8 callbacks suppressed [ 82.905767][T11661] loop4: detected capacity change from 0 to 1024 [ 82.917089][T11663] Soft offlining pfn 0x1538c9 at process virtual address 0x204c9000 [ 82.944719][T11663] Memory failure: 0x1538c9: unhandlable page. [ 83.065997][T11686] loop2: detected capacity change from 0 to 256 [ 83.078195][T11689] loop1: detected capacity change from 0 to 256 [ 83.096026][T11689] FAT-fs (loop1): Directory bread(block 64) failed [ 83.097248][T11689] FAT-fs (loop1): Directory bread(block 65) failed [ 83.107611][T11689] FAT-fs (loop1): Directory bread(block 66) failed [ 83.108753][T11689] FAT-fs (loop1): Directory bread(block 67) failed [ 83.109902][T11689] FAT-fs (loop1): Directory bread(block 68) failed [ 83.111025][T11689] FAT-fs (loop1): Directory bread(block 69) failed [ 83.112087][T11689] FAT-fs (loop1): Directory bread(block 70) failed [ 83.113113][T11689] FAT-fs (loop1): Directory bread(block 71) failed [ 83.114178][T11689] FAT-fs (loop1): Directory bread(block 72) failed [ 83.115254][T11689] FAT-fs (loop1): Directory bread(block 73) failed [ 83.488691][T11759] fuse: Bad value for 'fd' [ 83.757705][T11808] netlink: 'syz.3.2691': attribute type 10 has an invalid length. [ 83.759092][T11808] device batadv0 entered promiscuous mode [ 83.768014][T11808] bridge0: port 3(batadv0) entered blocking state [ 83.769883][T11808] bridge0: port 3(batadv0) entered disabled state [ 83.776468][T11808] bridge0: port 3(batadv0) entered blocking state [ 83.777679][T11808] bridge0: port 3(batadv0) entered forwarding state [ 83.857236][T11828] loop3: detected capacity change from 0 to 512 [ 83.893661][T11828] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 83.944095][T11828] EXT4-fs error (device loop3): ext4_get_first_dir_block:3605: inode #12: comm syz.3.2697: directory missing '..' [ 83.972774][T11828] EXT4-fs (loop3): Remounting filesystem read-only [ 84.048796][ T39] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 84.050617][ T39] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 84.068102][ T4325] EXT4-fs (loop3): unmounting filesystem. [ 84.251393][T11887] loop0: detected capacity change from 0 to 2048 [ 84.266614][T11887] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 84.725447][T11963] tmpfs: Bad value for 'mpol' [ 84.785219][T11974] __nla_validate_parse: 11 callbacks suppressed [ 84.785233][T11974] netlink: 15 bytes leftover after parsing attributes in process `syz.1.2742'. [ 84.802916][T11974] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2742'. [ 84.904627][T11994] loop2: detected capacity change from 0 to 1024 [ 84.970754][T11994] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 85.017983][ T4332] EXT4-fs (loop2): unmounting filesystem. [ 85.092516][T12021] loop2: detected capacity change from 0 to 2048 [ 85.102604][T12024] loop1: detected capacity change from 0 to 256 [ 85.119001][T12021] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 85.254427][T12043] loop2: detected capacity change from 0 to 128 [ 85.269706][T12043] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 85.270093][T11863] loop4: detected capacity change from 0 to 131072 [ 85.280317][T11863] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 85.281756][T11863] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 85.304409][T12009] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 10 [ 85.307359][T12058] netlink: 'syz.0.2765': attribute type 16 has an invalid length. [ 85.310348][T12058] netlink: 'syz.0.2765': attribute type 3 has an invalid length. [ 85.311618][T12058] netlink: 132 bytes leftover after parsing attributes in process `syz.0.2765'. [ 85.333119][T11863] F2FS-fs (loop4): Found nat_bits in checkpoint [ 85.356984][ T4696] I/O error, dev loop3, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 85.389120][ T4332] EXT4-fs (loop2): unmounting filesystem. [ 85.411093][T11863] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 85.412215][T11863] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 85.902300][T12168] device geneve2 entered promiscuous mode [ 85.930560][T12175] netlink: 'syz.1.2804': attribute type 1 has an invalid length. [ 85.931863][T12175] netlink: 224 bytes leftover after parsing attributes in process `syz.1.2804'. [ 86.145804][T12212] device geneve2 entered promiscuous mode [ 86.329422][T12253] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2834'. [ 86.400769][T12273] netlink: 'syz.4.2836': attribute type 1 has an invalid length. [ 86.402062][T12273] netlink: 'syz.4.2836': attribute type 3 has an invalid length. [ 86.403652][T12256] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512) [ 86.411452][T12273] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2836'. [ 86.428726][T12255] FAT-fs (loop2): Directory bread(block 64) failed [ 86.429795][T12255] FAT-fs (loop2): Directory bread(block 65) failed [ 86.430917][T12255] FAT-fs (loop2): Directory bread(block 66) failed [ 86.431971][T12255] FAT-fs (loop2): Directory bread(block 67) failed [ 86.433018][T12255] FAT-fs (loop2): Directory bread(block 68) failed [ 86.434017][T12255] FAT-fs (loop2): Directory bread(block 69) failed [ 86.435210][T12255] FAT-fs (loop2): Directory bread(block 70) failed [ 86.436209][T12255] FAT-fs (loop2): Directory bread(block 71) failed [ 86.437180][T12255] FAT-fs (loop2): Directory bread(block 72) failed [ 86.457865][T12255] FAT-fs (loop2): Directory bread(block 73) failed [ 86.469265][T12276] xt_policy: output policy not valid in PREROUTING and INPUT [ 86.672858][T12300] EXT4-fs: Ignoring removed orlov option [ 86.724627][T12300] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 86.777021][ T4325] EXT4-fs (loop3): unmounting filesystem. [ 86.904309][T12286] (syz.0.2841,12286,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 86.909669][T12286] (syz.0.2841,12286,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 86.929251][T12341] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2860'. [ 86.941654][T12286] JBD2: Ignoring recovery information on journal [ 86.958062][T12286] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 86.983717][T12286] (syz.0.2841,12286,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0x98842a5e, computed 0xe74db1cd. Applying ECC. [ 86.985583][T12354] netlink: 'syz.1.2861': attribute type 8 has an invalid length. [ 87.002795][T12354] netlink: 'syz.1.2861': attribute type 7 has an invalid length. [ 87.006089][ T4321] ocfs2: Unmounting device (7,0) on (node local) [ 87.020425][T12354] netlink: 194488 bytes leftover after parsing attributes in process `syz.1.2861'. [ 87.041119][T12357] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2864'. [ 87.222015][T12386] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (15) [ 87.345201][T12401] netlink: 'syz.0.2883': attribute type 22 has an invalid length. [ 87.353099][T12401] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2883'. [ 87.481302][T12365] gfs2: fsid=Աrۻ_ [ 87.481302][T12365] b瀫]k;.ĠO:.tU: Trying to join cluster "lock_nolock", "Աrۻ_ [ 87.481302][T12365] b瀫]k;.ĠO:.tU" [ 87.484352][T12365] gfs2: fsid=Աrۻ_ [ 87.484352][T12365] b瀫]k;.ĠO:.tU: Now mounting FS (format 1801)... [ 87.503731][T12365] gfs2: fsid=Աrۻ_ [ 87.503731][T12365] b瀫]k;.ĠO:.tU.s: journal 0 mapped with 5 extents in 0ms [ 87.529538][T12433] erofs: (device loop2): mounted with root inode @ nid 36. [ 87.531808][T12365] gfs2: fsid=Աrۻ_ [ 87.531808][T12365] b瀫]k;.ĠO:.tU.s: first mount done, others may mount [ 88.002140][T12533] overlayfs: missing 'lowerdir' [ 88.003265][T12535] netlink: 'syz.0.2928': attribute type 2 has an invalid length. [ 88.202784][T12583] set_capacity_and_notify: 10 callbacks suppressed [ 88.202795][T12583] loop4: detected capacity change from 0 to 256 [ 88.243721][T12583] FAT-fs (loop4): Directory bread(block 64) failed [ 88.244854][T12583] FAT-fs (loop4): Directory bread(block 65) failed [ 88.246306][T12583] FAT-fs (loop4): Directory bread(block 66) failed [ 88.247335][T12583] FAT-fs (loop4): Directory bread(block 67) failed [ 88.266252][T12583] FAT-fs (loop4): Directory bread(block 68) failed [ 88.266420][T12587] loop0: detected capacity change from 0 to 4096 [ 88.267320][T12583] FAT-fs (loop4): Directory bread(block 69) failed [ 88.275592][T12583] FAT-fs (loop4): Directory bread(block 70) failed [ 88.276713][T12583] FAT-fs (loop4): Directory bread(block 71) failed [ 88.284011][T12583] FAT-fs (loop4): Directory bread(block 72) failed [ 88.285136][T12583] FAT-fs (loop4): Directory bread(block 73) failed [ 88.333484][T12604] xt_hashlimit: overflow, try lower: 3/0 [ 88.360733][T12607] netlink: 'syz.1.2951': attribute type 3 has an invalid length. [ 88.431503][T12622] cgroup: Invalid name [ 88.771517][T12713] loop3: detected capacity change from 0 to 64 [ 88.857804][T12721] loop0: detected capacity change from 0 to 4096 [ 88.892665][T12735] IPVS: Unknown mcast interface: nr0 [ 88.901188][T12721] ntfs: volume version 3.1. [ 88.921749][T12732] loop4: detected capacity change from 0 to 4096 [ 88.940362][T12741] netlink: 'syz.3.2987': attribute type 1 has an invalid length. [ 88.943586][T12741] NCSI netlink: No device for ifindex 0 [ 88.950456][T12732] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 88.965226][T12743] netlink: 'syz.1.2988': attribute type 1 has an invalid length. [ 89.060774][T12754] [U]  [ 89.223386][T12786] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 89.280607][T12786] device bond1 entered promiscuous mode [ 89.282377][T12786] 8021q: adding VLAN 0 to HW filter on device bond1 [ 89.333156][T12834] loop1: detected capacity change from 0 to 256 [ 89.345016][T12837] loop2: detected capacity change from 0 to 512 [ 89.352152][T12834] FAT-fs (loop1): Directory bread(block 64) failed [ 89.357787][T12834] FAT-fs (loop1): Directory bread(block 65) failed [ 89.359652][T12834] FAT-fs (loop1): Directory bread(block 66) failed [ 89.360780][T12834] FAT-fs (loop1): Directory bread(block 67) failed [ 89.361838][T12834] FAT-fs (loop1): Directory bread(block 68) failed [ 89.362933][T12834] FAT-fs (loop1): Directory bread(block 69) failed [ 89.371212][T12837] EXT4-fs error (device loop2): ext4_orphan_get:1425: comm syz.2.3013: bad orphan inode 13 [ 89.373024][T12837] ext4_test_bit(bit=12, block=4) = 1 [ 89.373833][T12837] is_bad_inode(inode)=0 [ 89.374630][T12837] NEXT_ORPHAN(inode)=0 [ 89.376924][T12837] max_ino=32 [ 89.384630][T12837] i_nlink=1 [ 89.385313][T12837] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 89.430596][T12834] FAT-fs (loop1): Directory bread(block 70) failed [ 89.431940][T12834] FAT-fs (loop1): Directory bread(block 71) failed [ 89.433024][T12834] FAT-fs (loop1): Directory bread(block 72) failed [ 89.434052][T12834] FAT-fs (loop1): Directory bread(block 73) failed [ 89.453017][T12837] EXT4-fs warning (device loop2): dx_probe:845: inode #2: comm syz.2.3013: Hash code is SIPHASH, but hash not in dirent [ 89.465067][T12837] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3013: Corrupt directory, running e2fsck is recommended [ 89.467346][T12837] EXT4-fs warning (device loop2): dx_probe:845: inode #2: comm syz.2.3013: Hash code is SIPHASH, but hash not in dirent [ 89.471913][T12855] do_dccp_getsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 89.488805][T12837] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.3013: Corrupt directory, running e2fsck is recommended [ 89.498280][T12837] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 13: comm syz.2.3013: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=0, rec_len=6, size=1024 fake=0 [ 89.542917][T12861] A link change request failed with some changes committed already. Interface vlan0 may have been left with an inconsistent configuration, please check. [ 89.573353][ T4332] EXT4-fs (loop2): unmounting filesystem. [ 89.625504][T12864] loop4: detected capacity change from 0 to 4096 [ 89.644486][T12884] loop3: detected capacity change from 0 to 64 [ 89.868949][T12922] loop4: detected capacity change from 0 to 4096 [ 89.887306][T12922] ntfs: volume version 3.1. [ 89.986351][T12958] __nla_validate_parse: 11 callbacks suppressed [ 89.986362][T12958] netlink: 240 bytes leftover after parsing attributes in process `syz.1.3046'. [ 90.005755][T12942] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 90.072407][T12942] EXT4-fs error (device loop3): ext4_xattr_delete_inode:2916: inode #15: comm syz.3.3042: corrupted xattr block 33 [ 90.089645][T12972] random: crng reseeded on system resumption [ 90.115812][T12942] EXT4-fs (loop3): Remounting filesystem read-only [ 90.116987][T12942] EXT4-fs warning (device loop3): ext4_evict_inode:299: xattr delete (err -117) [ 90.138840][T12980] random: crng reseeded on system resumption [ 90.159112][ T4325] EXT4-fs (loop3): unmounting filesystem. [ 90.252806][T12996] netlink: 'syz.3.3058': attribute type 9 has an invalid length. [ 90.282961][T12993] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 90.367378][T13016] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3065'. [ 90.435781][T13026] Soft offlining pfn 0x153800 at process virtual address 0x20000000 [ 90.442053][T13026] Memory failure: 0x153800: unhandlable page. [ 90.590620][T13056] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3081'. [ 90.620377][T13064] netlink: 16186 bytes leftover after parsing attributes in process `syz.1.3085'. [ 90.747062][T13091] netlink: 224 bytes leftover after parsing attributes in process `syz.1.3094'. [ 91.763231][T13284] romfs: read error for inode 0x8000 [ 92.696900][T13476] netlink: 144 bytes leftover after parsing attributes in process `syz.4.3222'. [ 92.723610][T13478] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 92.763237][ T27] audit: type=1400 audit(92.740:9): apparmor="DENIED" operation="stack_onexec" info="label not found" error=-2 profile="unconfined" name=26AE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F pid=13487 comm="syz.1.3225" [ 92.846540][T13502] validate_nla: 5 callbacks suppressed [ 92.846552][T13502] netlink: 'syz.1.3229': attribute type 4 has an invalid length. [ 92.849899][T13502] netlink: 'syz.1.3229': attribute type 2 has an invalid length. [ 93.039946][T13541] IPv6: NLM_F_CREATE should be specified when creating new route [ 93.049651][T13541] netlink: 1 bytes leftover after parsing attributes in process `syz.3.3241'. [ 93.121443][T13591] netlink: 'syz.2.3246': attribute type 1 has an invalid length. [ 93.126654][T13473] XFS (loop0): Mounting V5 Filesystem [ 93.142883][T13591] netlink: 224 bytes leftover after parsing attributes in process `syz.2.3246'. [ 93.188409][T13473] XFS (loop0): Ending clean mount [ 93.191520][T13473] XFS (loop0): Quotacheck needed: Please wait. [ 93.220348][T13473] XFS (loop0): Quotacheck: Done. [ 93.269655][ T4321] XFS (loop0): Unmounting Filesystem [ 93.345303][T13623] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 93.601263][T13663] netlink: 'syz.4.3275': attribute type 10 has an invalid length. [ 93.602483][T13663] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3275'. [ 93.610338][T13663] device ipvlan1 entered promiscuous mode [ 93.614210][T13663] bridge0: port 3(ipvlan1) entered blocking state [ 93.616779][T13665] netlink: 'syz.1.3274': attribute type 1 has an invalid length. [ 93.619632][T13663] bridge0: port 3(ipvlan1) entered disabled state [ 93.621448][T13663] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 93.627898][T13665] netlink: 'syz.1.3274': attribute type 2 has an invalid length. [ 93.794506][T13693] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3286'. [ 93.795937][T13693] netlink: 'syz.3.3286': attribute type 1 has an invalid length. [ 93.958136][T13719] SET target dimension over the limit! [ 93.961127][T13717] set_capacity_and_notify: 9 callbacks suppressed [ 93.961135][T13717] loop2: detected capacity change from 0 to 64 [ 94.035482][T13683] loop0: detected capacity change from 0 to 32768 [ 94.046201][T13683] (syz.0.3282,13683,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 94.055246][T13683] (syz.0.3282,13683,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 94.083712][T13683] JBD2: Ignoring recovery information on journal [ 94.138986][T13733] loop2: detected capacity change from 0 to 4096 [ 94.139299][T13713] loop3: detected capacity change from 0 to 32768 [ 94.142588][T13713] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.3294 (13713) [ 94.143728][T13683] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 94.158404][T13713] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 94.160126][T13713] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 94.161581][T13713] BTRFS info (device loop3): setting nodatacow, compression disabled [ 94.162934][T13713] BTRFS info (device loop3): turning on flush-on-commit [ 94.164026][T13713] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 94.165574][T13713] BTRFS info (device loop3): use lzo compression, level 0 [ 94.166771][T13713] BTRFS info (device loop3): setting nodatasum [ 94.173595][T13713] BTRFS info (device loop3): use no compression [ 94.174591][T13713] BTRFS info (device loop3): trying to use backup root at mount time [ 94.175830][T13713] BTRFS info (device loop3): max_inline at 0 [ 94.176629][T13733] ntfs: volume version 3.1. [ 94.176811][T13713] BTRFS info (device loop3): using free space tree [ 94.203393][T13733] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 94.205294][T13733] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 94.220518][T13733] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 94.239074][T13733] ntfs: (device loop2): ntfs_read_locked_attr_inode(): Failed with error code -2 while reading attribute inode (mft_no 0x1a, type 0x80, name_len 4). Marking corrupt inode and base inode 0x1a as bad. Run chkdsk. [ 94.242587][T13733] ntfs: (device loop2): load_and_init_usnjrnl(): Failed to load $UsnJrnl/$DATA/$Max attribute. [ 94.244312][T13733] ntfs: (device loop2): load_system_files(): Failed to load $UsnJrnl. Will not be able to remount read-write. Run chkdsk. [ 94.255836][T13761] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 94.351873][ T4321] ocfs2: Unmounting device (7,0) on (node local) [ 94.433726][ T4384] BTRFS warning (device loop3): checksum verify failed on logical 5332992 mirror 1 wanted 0x0a5e5d25 found 0xcee3a718 level 0 [ 94.437123][T13713] BTRFS warning (device loop3): couldn't read tree root [ 94.440140][T13713] BTRFS warning (device loop3): try to load backup roots slot 1 [ 94.441544][ T39] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0xe06dfc66 level 0 [ 94.443657][T13713] BTRFS warning (device loop3): couldn't read tree root [ 94.444768][T13713] BTRFS warning (device loop3): try to load backup roots slot 2 [ 94.448834][T13713] BTRFS error (device loop3): parent transid verify failed on logical 5255168 mirror 1 wanted 5 found 7 [ 94.450857][T13713] BTRFS warning (device loop3): couldn't read tree root [ 94.452011][T13713] BTRFS warning (device loop3): try to load backup roots slot 3 [ 94.519893][T13713] BTRFS info (device loop3): enabling ssd optimizations [ 94.521415][T13713] BTRFS info (device loop3): rebuilding free space tree [ 94.524800][T13713] BTRFS info (device loop3): checking UUID tree [ 94.629979][T13811] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready [ 94.644004][ T4325] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 94.657238][T13819] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609) [ 94.662011][T13819] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 94.743432][T13831] overlayfs: missing 'lowerdir' [ 94.939346][T13862] loop2: detected capacity change from 0 to 164 [ 94.971289][T13862] Symlink component flag not implemented [ 94.972695][T13862] Symlink component flag not implemented (7) [ 95.082755][T13835] loop1: detected capacity change from 0 to 32768 [ 95.107390][T13835] (syz.1.3327,13835,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 95.120530][T13835] (syz.1.3327,13835,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 95.154148][T13835] JBD2: Ignoring recovery information on journal [ 95.224090][T13881] loop2: detected capacity change from 0 to 40427 [ 95.242709][T13835] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 95.249364][T13881] F2FS-fs (loop2): Found nat_bits in checkpoint [ 95.263667][T13914] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3352'. [ 95.264392][T13881] F2FS-fs (loop2): Cannot turn on quotas: -2 on 1 [ 95.265237][T13914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3352'. [ 95.266145][T13881] F2FS-fs (loop2): Cannot turn on quotas: -2 on 2 [ 95.267348][T13914] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3352'. [ 95.295394][T13881] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 95.416466][T13934] netlink: 'syz.4.3357': attribute type 2 has an invalid length. [ 95.466355][ T4327] ocfs2: Unmounting device (7,1) on (node local) [ 95.494982][T13946] (unnamed net_device) (uninitialized): option coupled_control: mode dependency failed, not supported in mode balance-rr(0) [ 95.605834][T13962] i2c i2c-0: Invalid block write size 34 [ 95.763999][T13991] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3381'. [ 95.841916][T14005] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3389'. [ 95.852359][T14006] random: crng reseeded on system resumption [ 95.870873][T14006] hibernate: Hibernate image not generated by this kernel! [ 95.872289][T14006] PM: hibernation: Image mismatch: architecture specific data [ 95.879569][T14012] loop3: detected capacity change from 0 to 64 [ 95.888976][T14012] hfs: invalid catalog max_key_len 1 [ 95.890399][T14012] hfs: unable to open catalog tree [ 95.907513][T14020] Bluetooth: hci0: Opcode 0x080f failed: -22 [ 96.007025][T14041] netlink: 'syz.3.3399': attribute type 1 has an invalid length. [ 96.027616][T14041] netlink: 220 bytes leftover after parsing attributes in process `syz.3.3399'. [ 96.121799][T14062] loop3: detected capacity change from 0 to 64 [ 96.314319][T14097] xt_CT: No such helper "pptp" [ 96.350820][T14116] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3425'. [ 96.362965][T14121] ieee802154 phy1 wpan1: encryption failed: -90 [ 96.443129][T14135] netlink: 'syz.3.3432': attribute type 1 has an invalid length. [ 96.444411][T14135] netlink: 224 bytes leftover after parsing attributes in process `syz.3.3432'. [ 96.575619][T14164] mmap: syz.2.3442 (14164) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 96.690270][T14183] loop4: detected capacity change from 0 to 2048 [ 96.704181][T14183] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 96.892287][T14235] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3464'. [ 96.978763][T14254] syz.1.3470 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 97.146786][T14290] netlink: 2 bytes leftover after parsing attributes in process `syz.4.3483'. [ 97.661912][T14382] cgroup: none used incorrectly [ 97.825921][T14370] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.3510 (14370) [ 97.850987][T14370] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 97.858008][T14370] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 97.859603][T14370] BTRFS info (device loop0): force clearing of disk cache [ 97.877763][T14370] BTRFS info (device loop0): force zlib compression, level 3 [ 97.879147][T14370] BTRFS info (device loop0): enabling auto defrag [ 97.880190][T14370] BTRFS info (device loop0): max_inline at 0 [ 97.881197][T14370] BTRFS info (device loop0): turning on async discard [ 97.882349][T14370] BTRFS info (device loop0): using free space tree [ 97.915888][T14408] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 97.931417][ T4339] Bluetooth: hci0: command 0x080f tx timeout [ 97.956028][T14408] FAT-fs (loop1): error, invalid access to FAT (entry 0x00000001) [ 97.957309][T14408] FAT-fs (loop1): Filesystem has been set read-only [ 98.057813][T14370] BTRFS info (device loop0): enabling ssd optimizations [ 98.059616][T14370] BTRFS info (device loop0): rebuilding free space tree [ 98.095115][T14449] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 98.122288][T14448] libceph: resolve '400' (ret=-3): failed [ 98.172080][T14305] F2FS-fs (loop4): Wrong CP boundary, start(512) end(1536) blocks(0) [ 98.173430][T14305] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 98.181763][T14305] F2FS-fs (loop4): invalid crc value [ 98.206271][T14305] F2FS-fs (loop4): Found nat_bits in checkpoint [ 98.222947][T14305] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 98.224247][T14305] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 98.293860][ T55] BTRFS info (device loop0): qgroup scan completed (inconsistency flag cleared) [ 98.336872][ T4321] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 99.049162][T14615] set_capacity_and_notify: 3 callbacks suppressed [ 99.049179][T14615] loop3: detected capacity change from 0 to 1024 [ 99.068975][T14626] validate_nla: 3 callbacks suppressed [ 99.068986][T14626] netlink: 'syz.4.3594': attribute type 5 has an invalid length. [ 99.106662][T14615] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 99.139005][ T4325] EXT4-fs (loop3): unmounting filesystem. [ 99.175803][T14641] loop2: detected capacity change from 0 to 4096 [ 99.372849][T14665] loop4: detected capacity change from 0 to 8192 [ 99.415002][T14665] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 99.417036][T14665] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 99.454852][T14665] REISERFS (device loop4): using ordered data mode [ 99.456111][T14665] reiserfs: using flush barriers [ 99.472369][T14665] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 99.517103][T14665] REISERFS (device loop4): checking transaction log (loop4) [ 99.585214][T14719] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 99.670710][T14665] REISERFS (device loop4): Using tea hash to sort names [ 99.673144][T14665] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 99.889417][T14724] loop2: detected capacity change from 0 to 40427 [ 99.897778][T14724] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x3ffff [ 99.899212][T14724] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1 [ 99.904532][T14724] F2FS-fs (loop2): invalid crc value [ 99.911347][T14724] F2FS-fs (loop2): Found nat_bits in checkpoint [ 99.942111][T14724] F2FS-fs (loop2): Start checkpoint disabled! [ 99.954298][T14724] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 99.979579][T14771] (unnamed net_device) (uninitialized): option lp_interval: invalid value (0) [ 99.991719][T14771] (unnamed net_device) (uninitialized): option lp_interval: allowed values 1 - 2147483647 [ 99.999069][T14776] loop1: detected capacity change from 0 to 64 [ 100.038220][ T1589] kworker/u4:4: attempt to access beyond end of device [ 100.038220][ T1589] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 100.106770][T14792] loop0: detected capacity change from 0 to 256 [ 100.108904][T14792] exfat: Deprecated parameter 'utf8' [ 100.109801][T14792] exfat: Deprecated parameter 'namecase' [ 100.140515][T14792] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc374f927, utbl_chksum : 0xe619d30d) [ 100.267158][T14831] loop3: detected capacity change from 0 to 256 [ 100.272299][T14832] netlink: 'syz.2.3657': attribute type 10 has an invalid length. [ 100.306086][T14840] loop0: detected capacity change from 0 to 256 [ 100.325442][T14840] FAT-fs (loop0): Directory bread(block 64) failed [ 100.326813][T14840] FAT-fs (loop0): Directory bread(block 65) failed [ 100.331275][T14840] FAT-fs (loop0): Directory bread(block 66) failed [ 100.334704][T14840] FAT-fs (loop0): Directory bread(block 67) failed [ 100.335965][T14840] FAT-fs (loop0): Directory bread(block 68) failed [ 100.340399][T14840] FAT-fs (loop0): Directory bread(block 69) failed [ 100.345635][T14840] FAT-fs (loop0): Directory bread(block 70) failed [ 100.347115][T14840] FAT-fs (loop0): Directory bread(block 71) failed [ 100.355201][T14840] FAT-fs (loop0): Directory bread(block 72) failed [ 100.366944][T14840] FAT-fs (loop0): Directory bread(block 73) failed [ 100.393364][T14832] team0: Device wg1 is of different type [ 100.700192][T14880] loop0: detected capacity change from 0 to 128 [ 100.725087][T14880] affs: No valid root block on device loop0 [ 100.898953][T14908] loop4: detected capacity change from 0 to 4096 [ 100.905129][T14908] EXT4-fs (loop4): bad block size 16384 [ 101.261522][T14961] __nla_validate_parse: 6 callbacks suppressed [ 101.261534][T14961] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3707'. [ 101.612571][T15025] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.3717: inode has both inline data and extents flags [ 101.618242][T15025] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.3717: couldn't read orphan inode 15 (err -117) [ 101.636148][T15025] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 101.751144][ T4327] EXT4-fs (loop1): unmounting filesystem. [ 101.979680][T15026] XFS (loop2): DAX unsupported by block device. Turning off DAX. [ 101.981384][T15026] XFS (loop2): Mounting V5 Filesystem [ 101.982746][T15090] IPv6: NLM_F_REPLACE set, but no existing node found! [ 102.037571][T15102] netlink: 'syz.1.3742': attribute type 21 has an invalid length. [ 102.051045][T15026] XFS (loop2): Ending clean mount [ 102.072510][T15026] XFS (loop2): Quotacheck needed: Please wait. [ 102.104668][T15111] netlink: 288 bytes leftover after parsing attributes in process `syz.4.3744'. [ 102.119079][T15026] XFS (loop2): Quotacheck: Done. [ 102.176414][ T4332] XFS (loop2): Unmounting Filesystem [ 102.251505][T15130] device veth3 entered promiscuous mode [ 102.266374][T15125] EXT2-fs (loop4): warning: mounting ext3 filesystem as ext2 [ 102.307371][T15125] EXT2-fs (loop4): error: ext2_check_page: bad entry in directory #2: : inode out of bounds - offset=108, inode=16777233, rec_len=768, name_len=9 [ 102.423521][T15170] netlink: 10 bytes leftover after parsing attributes in process `syz.1.3757'. [ 102.486481][T15184] netlink: 'syz.0.3774': attribute type 6 has an invalid length. [ 102.579103][T15198] netlink: 'syz.4.3766': attribute type 6 has an invalid length. [ 102.655736][T15206] FAT-fs (loop1): Directory bread(block 64) failed [ 102.656874][T15206] FAT-fs (loop1): Directory bread(block 65) failed [ 102.665755][T15206] FAT-fs (loop1): Directory bread(block 66) failed [ 102.666915][T15206] FAT-fs (loop1): Directory bread(block 67) failed [ 102.675282][T15206] FAT-fs (loop1): Directory bread(block 68) failed [ 102.676330][T15206] FAT-fs (loop1): Directory bread(block 69) failed [ 102.678736][T15206] FAT-fs (loop1): Directory bread(block 70) failed [ 102.679943][T15206] FAT-fs (loop1): Directory bread(block 71) failed [ 102.681008][T15206] FAT-fs (loop1): Directory bread(block 72) failed [ 102.682092][T15206] FAT-fs (loop1): Directory bread(block 73) failed [ 102.947099][T15270] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 102.997612][T15278] netlink: 'syz.2.3792': attribute type 4 has an invalid length. [ 103.039450][T15286] netlink: 10 bytes leftover after parsing attributes in process `syz.0.3795'. [ 103.044237][T15280] EXT2-fs (loop3): warning: mounting ext3 filesystem as ext2 [ 103.047408][T15288] netlink: 'syz.2.3797': attribute type 21 has an invalid length. [ 103.058176][T15280] EXT2-fs (loop3): error: ext2_check_page: bad entry in directory #2: : inode out of bounds - offset=108, inode=16777233, rec_len=768, name_len=9 [ 103.201235][T15312] netlink: 'syz.0.3807': attribute type 4 has an invalid length. [ 103.315090][T15335] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 103.488164][T15367] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3824'. [ 104.378468][T15548] set_capacity_and_notify: 9 callbacks suppressed [ 104.378480][T15548] loop0: detected capacity change from 0 to 64 [ 104.448354][T15556] xt_CT: No such helper "snmp_trap" [ 104.472736][T15572] netlink: 28 bytes leftover after parsing attributes in process `syz.4.3902'. [ 104.679249][T15610] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3903'. [ 105.010376][T15635] loop2: detected capacity change from 0 to 8192 [ 105.018032][T15620] loop3: detected capacity change from 0 to 32768 [ 105.018613][T15635] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 105.022803][T15620] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.3907 (15620) [ 105.034465][T15635] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000001) [ 105.034497][T15635] FAT-fs (loop2): Filesystem has been set read-only [ 105.035773][T15620] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 105.035831][T15620] BTRFS info (device loop3): using crc32c (crc32c-generic) checksum algorithm [ 105.035857][T15620] BTRFS info (device loop3): setting nodatasum [ 105.035867][T15620] BTRFS info (device loop3): force zlib compression, level 3 [ 105.035881][T15620] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 105.035909][T15620] BTRFS info (device loop3): use lzo compression, level 0 [ 105.035920][T15620] BTRFS info (device loop3): turning on flush-on-commit [ 105.035929][T15620] BTRFS info (device loop3): enabling auto defrag [ 105.035945][T15620] BTRFS info (device loop3): max_inline at 4096 [ 105.035955][T15620] BTRFS info (device loop3): using free space tree [ 105.053330][T15654] binder: 15653:15654 ioctl c0046209 9999999999999999 returned -22 [ 105.184965][T15679] loop4: detected capacity change from 0 to 64 [ 105.253179][T15620] BTRFS info (device loop3): enabling ssd optimizations [ 105.314111][ T4325] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 105.394655][T15579] loop0: detected capacity change from 0 to 131072 [ 105.403208][T15579] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0) [ 105.404564][T15579] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 105.440150][T15579] F2FS-fs (loop0): invalid crc value [ 105.467738][T15579] F2FS-fs (loop0): Found nat_bits in checkpoint [ 105.479448][T15718] bad cache= option: nonw [ 105.479448][T15718] [ 105.480569][T15718] CIFS: VFS: bad cache= option: nonw [ 105.496708][T15579] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 105.500466][T15579] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4 [ 105.564219][T15731] loop4: detected capacity change from 0 to 1024 [ 105.606265][ T39] hfsplus: b-tree write err: -5, ino 25 [ 105.607341][ T39] hfsplus: b-tree write err: -5, ino 4 [ 105.608640][ T39] hfsplus: b-tree write err: -5, ino 2 [ 105.751942][T15760] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 105.923053][T15798] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 105.928553][T15793] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 105.956438][T15804] loop4: detected capacity change from 0 to 8 [ 105.997327][T15804] SQUASHFS error: Failed to read block 0x636: -5 [ 105.998814][T15804] SQUASHFS error: Unable to read metadata cache entry [634] [ 105.999933][T15804] SQUASHFS error: Unable to read metadata cache entry [634] [ 106.001123][T15804] SQUASHFS error: Unable to read directory block [629:0] [ 106.100163][T15825] loop2: detected capacity change from 0 to 1024 [ 106.148105][T15825] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 106.229756][ T4332] EXT4-fs (loop2): unmounting filesystem. [ 106.235999][T15862] do_dccp_setsockopt: sockopt(CHANGE_L/R) is deprecated: fix your app [ 106.475254][T15896] loop1: detected capacity change from 0 to 4096 [ 106.562578][T15910] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 106.700854][T15931] loop2: detected capacity change from 0 to 64 [ 106.803986][T15906] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.3997 (15906) [ 106.816845][T15906] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 106.821487][T15906] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 106.822894][T15906] BTRFS info (device loop4): force clearing of disk cache [ 106.823915][T15906] BTRFS info (device loop4): force zlib compression, level 3 [ 106.825050][T15906] BTRFS info (device loop4): enabling auto defrag [ 106.826183][T15906] BTRFS info (device loop4): max_inline at 0 [ 106.827226][T15906] BTRFS info (device loop4): turning on async discard [ 106.835889][T15906] BTRFS info (device loop4): using free space tree [ 106.994598][T16003] netlink: 'syz.1.4023': attribute type 3 has an invalid length. [ 106.995907][T16003] netlink: 199836 bytes leftover after parsing attributes in process `syz.1.4023'. [ 107.003299][T15906] BTRFS info (device loop4): enabling ssd optimizations [ 107.004937][T15906] BTRFS info (device loop4): rebuilding free space tree [ 107.113463][ T11] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared) [ 107.174102][ T4333] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 107.298432][T16022] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 107.312401][T16022] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 107.319016][T16022] REISERFS (device loop1): using ordered data mode [ 107.323732][T16022] reiserfs: using flush barriers [ 107.331076][T16022] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 107.346116][T16022] REISERFS (device loop1): checking transaction log (loop1) [ 107.376700][T16047] netlink: 'syz.3.4034': attribute type 10 has an invalid length. [ 107.473943][T16041] F2FS-fs (loop2): build fault injection attr: rate: 16, type: 0x3ffff [ 107.474695][T16047] team0: Device wg1 is of different type [ 107.475301][T16041] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x2 [ 107.482244][T16041] F2FS-fs (loop2): invalid crc value [ 107.483004][T16022] REISERFS (device loop1): Using tea hash to sort names [ 107.488848][T16041] F2FS-fs (loop2) : inject kvmalloc in f2fs_kvmalloc of build_dirty_segmap+0xc18/0xdb8 [ 107.490409][T16041] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-12) [ 107.490734][T16022] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 107.605581][T16050] netlink: 80 bytes leftover after parsing attributes in process `syz.4.4035'. [ 107.767700][T16080] affs: No valid root block on device loop3 [ 107.834629][T16095] EXT4-fs: Ignoring removed nobh option [ 107.909290][T16095] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #16: comm syz.3.4046: corrupted inode contents [ 107.914427][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 107.915452][T16095] EXT4-fs error (device loop3): ext4_dirty_inode:6137: inode #16: comm syz.3.4046: mark_inode_dirty error [ 107.920394][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 107.921666][T16095] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #16: comm syz.3.4046: corrupted inode contents [ 107.923795][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 107.929638][T16095] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #16: comm syz.3.4046: mark_inode_dirty error [ 107.941314][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 107.955895][T16095] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #16: comm syz.3.4046: corrupted inode contents [ 107.962932][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 107.964236][T16095] EXT4-fs error (device loop3) in ext4_orphan_del:303: Corrupt filesystem [ 107.968776][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 107.969883][T16095] EXT4-fs error (device loop3): ext4_do_update_inode:5272: inode #16: comm syz.3.4046: corrupted inode contents [ 107.987893][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 107.988914][T16095] EXT4-fs error (device loop3): ext4_truncate:4318: inode #16: comm syz.3.4046: mark_inode_dirty error [ 108.030349][T16122] netlink: 'syz.2.4055': attribute type 1 has an invalid length. [ 108.031691][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 108.032703][T16095] EXT4-fs error (device loop3) in ext4_process_orphan:345: Corrupt filesystem [ 108.045454][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 108.046728][T16114] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 108.049902][T16114] ntfs3: loop1: mft corrupted [ 108.050760][T16114] ntfs3: loop1: Failed to load $MFT. [ 108.054208][T16124] overlayfs: unrecognized mount option "\{\" or missing value [ 108.054382][T16095] EXT4-fs (loop3): 1 truncate cleaned up [ 108.066712][T16095] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 108.069239][ T4384] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 108.071046][ T4384] EXT4-fs error (device loop3): ext4_release_dquot:6871: comm kworker/u4:6: Failed to release dquot type 1 [ 108.080928][ T4384] EXT4-fs (loop3): Remounting filesystem read-only [ 108.106743][T16095] EXT4-fs error (device loop3): ext4_empty_dir:3177: inode #12: block 13: comm syz.3.4046: bad entry in directory: inode out of bounds - offset=24, inode=33554445, rec_len=16, size=4096 fake=0 [ 108.132984][T16095] EXT4-fs (loop3): Remounting filesystem read-only [ 108.161716][ T4325] EXT4-fs (loop3): unmounting filesystem. [ 108.164700][ T4384] Quota error (device loop3): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 108.167145][ T4384] EXT4-fs error (device loop3): ext4_release_dquot:6871: comm kworker/u4:6: Failed to release dquot type 1 [ 108.173225][ T4384] EXT4-fs (loop3): Remounting filesystem read-only [ 108.228442][T16146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4059'. [ 108.446679][T16178] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 108.450917][T16193] netlink: 'syz.2.4079': attribute type 3 has an invalid length. [ 108.452230][T16193] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.4079'. [ 108.453887][T16178] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 108.562089][T16205] netlink: 288 bytes leftover after parsing attributes in process `syz.1.4083'. [ 108.617301][T16210] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 108.624033][T16210] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 4096) [ 108.648048][T16223] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 108.696996][T16210] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 108.715324][T16210] Remounting filesystem read-only [ 108.988444][T16279] EXT4-fs: Ignoring removed nobh option [ 109.027295][T16279] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #16: comm syz.1.4111: corrupted inode contents [ 109.030974][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.032089][T16279] EXT4-fs error (device loop1): ext4_dirty_inode:6137: inode #16: comm syz.1.4111: mark_inode_dirty error [ 109.035840][T16277] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 109.040013][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.041133][T16279] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #16: comm syz.1.4111: corrupted inode contents [ 109.046492][T16277] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 4096) [ 109.050134][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.051285][T16279] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #16: comm syz.1.4111: mark_inode_dirty error [ 109.057769][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.058809][T16279] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #16: comm syz.1.4111: corrupted inode contents [ 109.067704][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.068715][T16279] EXT4-fs error (device loop1) in ext4_orphan_del:303: Corrupt filesystem [ 109.079234][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.080286][T16279] EXT4-fs error (device loop1): ext4_do_update_inode:5272: inode #16: comm syz.1.4111: corrupted inode contents [ 109.082476][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.083424][T16279] EXT4-fs error (device loop1): ext4_truncate:4318: inode #16: comm syz.1.4111: mark_inode_dirty error [ 109.083680][T16293] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 109.088344][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.089365][T16279] EXT4-fs error (device loop1) in ext4_process_orphan:345: Corrupt filesystem [ 109.096773][T16295] overlayfs: missing 'lowerdir' [ 109.103999][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.105224][T16279] EXT4-fs (loop1): 1 truncate cleaned up [ 109.106118][T16279] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 109.118646][ T11] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 109.120170][ T11] EXT4-fs error (device loop1): ext4_release_dquot:6871: comm kworker/u4:1: Failed to release dquot type 1 [ 109.123033][T16277] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 109.124921][T16277] Remounting filesystem read-only [ 109.126039][ T11] EXT4-fs (loop1): Remounting filesystem read-only [ 109.150926][T16279] EXT4-fs error (device loop1): ext4_empty_dir:3177: inode #12: block 13: comm syz.1.4111: bad entry in directory: inode out of bounds - offset=24, inode=33554445, rec_len=16, size=4096 fake=0 [ 109.158533][T16279] EXT4-fs (loop1): Remounting filesystem read-only [ 109.186067][T16304] netlink: 128 bytes leftover after parsing attributes in process `syz.4.4118'. [ 109.216758][ T4327] EXT4-fs (loop1): unmounting filesystem. [ 109.217937][ T11] Quota error (device loop1): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 109.218090][ T11] EXT4-fs error (device loop1): ext4_release_dquot:6871: comm kworker/u4:1: Failed to release dquot type 1 [ 109.222925][ T11] EXT4-fs (loop1): Remounting filesystem read-only [ 109.354926][T16328] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4127'. [ 109.362313][T16328] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4127'. [ 109.455713][T16342] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 109.458498][T16341] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 109.532067][T16344] set_capacity_and_notify: 13 callbacks suppressed [ 109.532079][T16344] loop3: detected capacity change from 0 to 4096 [ 109.566640][T16344] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024) [ 109.580087][T16344] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 4096) [ 109.595365][T16367] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 109.638103][T16344] NILFS error (device loop3): nilfs_bmap_lookup_contig: broken bmap (inode number=12) [ 109.640265][T16344] Remounting filesystem read-only [ 109.712564][T16387] Can not set IPV6_FL_F_REFLECT if flowlabel_consistency sysctl is enable [ 109.720798][T16390] netlink: 20 bytes leftover after parsing attributes in process `syz.1.4149'. [ 109.722181][T16390] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4149'. [ 109.864688][T16417] overlayfs: missing 'lowerdir' [ 110.148223][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.151362][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.158191][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.241862][T16473] infiniband syz2: set active [ 110.244145][ T7352] vxcan1 speed is unknown, defaulting to 1000 [ 110.245454][T16473] infiniband syz2: added vxcan1 [ 110.327243][T16473] RDS/IB: syz2: added [ 110.330314][T16473] smc: adding ib device syz2 with port count 1 [ 110.331498][T16473] smc: ib device syz2 port 1 has pnetid [ 110.334700][ T3898] vxcan1 speed is unknown, defaulting to 1000 [ 110.339252][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.368692][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.386817][T16508] netlink: 'syz.4.4186': attribute type 10 has an invalid length. [ 110.412275][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.440393][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.468961][T16521] netlink: 'syz.0.4191': attribute type 21 has an invalid length. [ 110.472662][T16521] netlink: 'syz.0.4191': attribute type 4 has an invalid length. [ 110.500612][T16528] xt_CT: You must specify a L4 protocol and not use inversions on it [ 110.563709][T16473] vxcan1 speed is unknown, defaulting to 1000 [ 110.641065][T16550] netlink: 'syz.0.4203': attribute type 10 has an invalid length. [ 110.790982][T16581] netlink: zone id is out of range [ 110.902697][T16594] loop3: detected capacity change from 0 to 4096 [ 110.911428][T16605] rdma_rxe: rxe_register_device failed with error -23 [ 110.915107][T16605] rdma_rxe: failed to add vxcan1 [ 110.935981][T16607] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 110.958676][T16594] NILFS error (device loop3): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=0, inode=2, rec_len=16, name_len=11 [ 111.591405][ T51] block nbd1: Attempted send on invalid socket [ 111.592452][ T51] I/O error, dev nbd1, sector 128 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 2 [ 111.593965][ T51] gfs2: error 10 reading superblock [ 111.606650][T16716] ieee802154 phy1 wpan1: encryption failed: -22 [ 111.931855][T16776] loop2: detected capacity change from 0 to 1024 [ 112.000321][T16788] loop0: detected capacity change from 0 to 2048 [ 112.000717][ T39] hfsplus: b-tree write err: -5, ino 25 [ 112.002436][ T39] hfsplus: b-tree write err: -5, ino 4 [ 112.003346][ T39] hfsplus: b-tree write err: -5, ino 2 [ 112.040685][T16800] __nla_validate_parse: 13 callbacks suppressed [ 112.040699][T16800] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4289'. [ 112.125262][T16812] device bond0 entered promiscuous mode [ 112.126963][T16812] device bond_slave_0 entered promiscuous mode [ 112.131385][T16812] device bond_slave_1 entered promiscuous mode [ 112.342008][T16856] device bond0 entered promiscuous mode [ 112.346772][T16856] device bond_slave_0 entered promiscuous mode [ 112.350775][T16856] device bond_slave_1 entered promiscuous mode [ 112.418859][T16870] netlink: 11 bytes leftover after parsing attributes in process `syz.0.4322'. [ 112.420329][T16870] netlink: 11 bytes leftover after parsing attributes in process `syz.0.4322'. [ 112.460974][T16878] xt_hashlimit: size too large, truncated to 1048576 [ 112.462202][T16878] xt_hashlimit: max too large, truncated to 1048576 [ 112.524249][T16889] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4319'. [ 112.539337][T16887] i2c i2c-0: DVB: adapter 0 frontend 0 frequency 0 out of range (51000000..2150000000) [ 112.608362][T16904] netdevsim netdevsim1: Direct firmware load for  failed with error -2 [ 112.609965][T16904] netdevsim netdevsim1: Falling back to sysfs fallback for:  [ 112.694937][T16922] nftables ruleset with unbound chain [ 113.084741][T16988] loop4: detected capacity change from 0 to 1764 [ 113.171321][T17012] xt_hashlimit: size too large, truncated to 1048576 [ 113.180457][T17012] xt_hashlimit: max too large, truncated to 1048576 [ 113.201941][T16996] loop0: detected capacity change from 0 to 4096 [ 113.215400][T16996] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 113.237393][T16996] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 113.507775][T17067] loop3: detected capacity change from 0 to 8 [ 113.665761][T17104] device gtp0 entered promiscuous mode [ 113.675659][T17113] netlink: 'syz.3.4390': attribute type 3 has an invalid length. [ 113.678995][T17101] tc_dump_action: action bad kind [ 113.729786][T17122] loop2: detected capacity change from 0 to 64 [ 113.816115][T17139] loop1: detected capacity change from 0 to 64 [ 113.914921][T17166] device gtp0 entered promiscuous mode [ 113.976101][T17178] netlink: 'syz.0.4410': attribute type 2 has an invalid length. [ 113.979872][T17179] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4411'. [ 113.986057][T17179] netlink: 7 bytes leftover after parsing attributes in process `syz.3.4411'. [ 113.986427][T17163] loop4: detected capacity change from 0 to 4096 [ 113.991351][T17163] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 114.011792][T17163] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 114.073242][T17196] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 114.144851][ T1589] hfsplus: b-tree write err: -5, ino 25 [ 114.145919][ T1589] hfsplus: b-tree write err: -5, ino 4 [ 114.146852][ T1589] hfsplus: b-tree write err: -5, ino 2 [ 114.194410][T17220] netlink: 'syz.2.4425': attribute type 2 has an invalid length. [ 114.545992][T17296] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 114.552941][T17298] set_capacity_and_notify: 2 callbacks suppressed [ 114.552959][T17298] loop2: detected capacity change from 0 to 1024 [ 114.575286][T17256] loop0: detected capacity change from 0 to 32768 [ 114.581216][T17256] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop0 scanned by syz.0.4439 (17256) [ 114.585334][T17256] BTRFS info (device loop0): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 114.587339][T17256] BTRFS info (device loop0): using sha256 (sha256-ce) checksum algorithm [ 114.590133][T17256] BTRFS info (device loop0): enabling ssd optimizations [ 114.591207][T17256] BTRFS info (device loop0): not using ssd optimizations [ 114.592362][T17256] BTRFS info (device loop0): turning off barriers [ 114.595247][T17306] overlayfs: missing 'workdir' [ 114.600984][T17256] BTRFS info (device loop0): using free space tree [ 114.604147][ T39] hfsplus: b-tree write err: -5, ino 25 [ 114.605178][ T39] hfsplus: b-tree write err: -5, ino 4 [ 114.606139][ T39] hfsplus: b-tree write err: -5, ino 2 [ 114.664069][T17256] BTRFS warning (device loop0): can't clear the compat_ro:1 feature bit while mounted [ 114.704816][ T4321] BTRFS info (device loop0): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787 [ 114.756136][ T27] audit: type=1326 audit(32790.658:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17315 comm="syz.4.4455" exe="/root/syz-executor" sig=31 arch=c00000b7 syscall=98 compat=0 ip=0xffff8ab77128 code=0x0 [ 114.895233][T17353] loop4: detected capacity change from 0 to 4096 [ 114.947257][T17353] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 115.071121][ T4333] EXT4-fs (loop4): unmounting filesystem. [ 115.111531][T17387] loop2: detected capacity change from 0 to 64 [ 115.172175][T17397] netlink: 256 bytes leftover after parsing attributes in process `syz.1.4480'. [ 115.280871][T17413] (unnamed net_device) (uninitialized): option min_links: invalid value (18446744073709551614) [ 115.281347][T17418] ipt_CLUSTERIP: Please specify destination IP [ 115.282627][T17413] (unnamed net_device) (uninitialized): option min_links: allowed values 0 - 2147483647 [ 115.314106][ T4311] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 9 /dev/loop0 scanned by udevd (4311) [ 115.754193][T17509] loop1: detected capacity change from 0 to 256 [ 115.768947][T17509] exfat: Deprecated parameter 'utf8' [ 115.769923][T17509] exfat: Deprecated parameter 'utf8' [ 115.781910][T17509] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x11a2e9fc, utbl_chksum : 0xe619d30d) [ 115.786067][T17520] ieee802154 phy1 wpan1: encryption failed: -22 [ 115.806265][T17522] netlink: 'syz.4.4529': attribute type 32 has an invalid length. [ 115.867326][T17532] loop2: detected capacity change from 0 to 16 [ 115.872182][T17532] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 115.912364][T17541] loop1: detected capacity change from 0 to 256 [ 115.946574][T17552] netlink: 48 bytes leftover after parsing attributes in process `syz.2.4538'. [ 115.955033][T17541] FAT-fs (loop1): Directory bread(block 64) failed [ 115.967329][T17541] FAT-fs (loop1): Directory bread(block 65) failed [ 115.977614][T17541] FAT-fs (loop1): Directory bread(block 66) failed [ 115.978813][T17541] FAT-fs (loop1): Directory bread(block 67) failed [ 115.979927][T17541] FAT-fs (loop1): Directory bread(block 68) failed [ 115.981043][T17541] FAT-fs (loop1): Directory bread(block 69) failed [ 115.982142][T17541] FAT-fs (loop1): Directory bread(block 70) failed [ 115.983179][T17541] FAT-fs (loop1): Directory bread(block 71) failed [ 115.984242][T17541] FAT-fs (loop1): Directory bread(block 72) failed [ 115.985294][T17541] FAT-fs (loop1): Directory bread(block 73) failed [ 116.015619][T17564] netlink: 'syz.2.4542': attribute type 17 has an invalid length. [ 116.017104][T17564] netlink: 148 bytes leftover after parsing attributes in process `syz.2.4542'. [ 116.092620][T17573] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 116.110367][T17573] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 116.128357][T17573] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 116.202515][T17596] loop1: detected capacity change from 0 to 512 [ 116.221489][T17573] IPv6: ADDRCONF(NETDEV_CHANGE): wireguard0: link becomes ready [ 116.255395][T17596] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 116.311779][ T4327] EXT4-fs (loop1): unmounting filesystem. [ 116.318281][T17619] loop2: detected capacity change from 0 to 1024 [ 116.438134][T17639] x_tables: (null)_tables: pkttype.0 match: invalid size 8 (kernel) != (user) 16 [ 116.536616][T17644] loop2: detected capacity change from 0 to 64 [ 116.707087][T17628] ERROR: (device loop1): diAllocAG: error reading iag [ 116.707087][T17628] [ 116.722036][T17628] ERROR: (device loop1): remounting filesystem as read-only [ 116.728510][T17628] ialloc: diAlloc returned -5! [ 116.758676][T17638] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.4564 (17638) [ 116.778708][T17638] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 116.780367][T17638] BTRFS info (device loop4): using sha256 (sha256-ce) checksum algorithm [ 116.781749][T17638] BTRFS info (device loop4): using free space tree [ 116.871404][T17690] nvme_fabrics: unknown parameter or missing value 'unlock all' in ctrl creation request [ 116.913002][T17698] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4585'. [ 117.045842][T17638] BTRFS info (device loop4): enabling ssd optimizations [ 117.086457][ T4333] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d [ 117.301364][T17774] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 117.363798][T17783] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 117.462733][T17793] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 117.463463][T17806] exfat: Deprecated parameter 'namecase' [ 117.465029][T17806] exfat: Deprecated parameter 'utf8' [ 117.477228][T17806] exFAT-fs (loop0): failed to load upcase table (idx : 0x00012366, chksum : 0x6ab66362, utbl_chksum : 0xe619d30d) [ 117.528443][T17806] fuse: Bad value for 'fd' [ 117.566662][ T4332] EXT4-fs (loop2): unmounting filesystem. [ 117.593350][T17828] __nla_validate_parse: 1 callbacks suppressed [ 117.593365][T17828] netlink: 32 bytes leftover after parsing attributes in process `syz.3.4624'. [ 117.642583][T17835] netlink: 'syz.1.4626': attribute type 3 has an invalid length. [ 117.643949][T17835] netlink: 105116 bytes leftover after parsing attributes in process `syz.1.4626'. [ 117.722601][T17849] device vlan0 entered promiscuous mode [ 117.726906][T17853] netlink: 'syz.1.4634': attribute type 1 has an invalid length. [ 117.837691][T17874] vim2m vim2m.0: Fourcc format (0x31384142) invalid. [ 117.880230][T17878] netlink: 'syz.4.4643': attribute type 10 has an invalid length. [ 117.881656][T17878] netlink: 40 bytes leftover after parsing attributes in process `syz.4.4643'. [ 117.883118][T17878] device team0 entered promiscuous mode [ 117.883960][T17878] device team_slave_0 entered promiscuous mode [ 117.885074][T17878] device team_slave_1 entered promiscuous mode [ 117.899636][T17889] x_tables: ip6_tables: sctp match: only valid for protocol 132 [ 117.910582][T17878] bridge0: port 3(team0) entered blocking state [ 117.912011][T17878] bridge0: port 3(team0) entered disabled state [ 117.918405][T17878] bridge0: port 3(team0) entered blocking state [ 117.919497][T17878] bridge0: port 3(team0) entered forwarding state [ 118.509551][T18004] MINIX-fs: bad superblock [ 118.575891][T18018] xt_l2tp: v2 doesn't support IP mode [ 118.761077][T18061] netlink: 48 bytes leftover after parsing attributes in process `syz.0.4707'. [ 118.768177][T18061] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4707'. [ 118.769645][T18061] netlink: 20 bytes leftover after parsing attributes in process `syz.0.4707'. [ 118.820879][T18069] netlink: 'syz.4.4709': attribute type 21 has an invalid length. [ 118.822293][T18069] netlink: 164 bytes leftover after parsing attributes in process `syz.4.4709'. [ 119.264448][T18135] netlink: 'syz.0.4730': attribute type 6 has an invalid length. [ 119.374559][T18154] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 119.500929][T18165] FAT-fs (loop4): Directory bread(block 64) failed [ 119.502021][T18165] FAT-fs (loop4): Directory bread(block 65) failed [ 119.503084][T18165] FAT-fs (loop4): Directory bread(block 66) failed [ 119.504297][T18165] FAT-fs (loop4): Directory bread(block 67) failed [ 119.505213][T18165] FAT-fs (loop4): Directory bread(block 68) failed [ 119.514450][T18165] FAT-fs (loop4): Directory bread(block 69) failed [ 119.515629][T18165] FAT-fs (loop4): Directory bread(block 70) failed [ 119.524217][T18165] FAT-fs (loop4): Directory bread(block 71) failed [ 119.525527][T18165] FAT-fs (loop4): Directory bread(block 72) failed [ 119.526629][T18165] FAT-fs (loop4): Directory bread(block 73) failed [ 119.540741][T18177] xt_TCPMSS: Only works on TCP SYN packets [ 119.661562][T18152] set_capacity_and_notify: 10 callbacks suppressed [ 119.661573][T18152] loop1: detected capacity change from 0 to 32768 [ 119.700180][T18152] JBD2: Ignoring recovery information on journal [ 119.741301][T18048] loop2: detected capacity change from 0 to 131072 [ 119.745137][T18048] F2FS-fs (loop2): Test dummy encryption mode enabled [ 119.746970][T18048] F2FS-fs (loop2): invalid crc value [ 119.750696][T18152] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 119.790861][ T4327] ocfs2: Unmounting device (7,1) on (node local) [ 119.801841][T18048] F2FS-fs (loop2): Found nat_bits in checkpoint [ 119.830293][T18048] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 119.951535][T18231] xt_CONNSECMARK: invalid mode: 0 [ 120.181398][T18268] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4776'. [ 120.270063][T18282] loop2: detected capacity change from 0 to 512 [ 120.277278][T18282] EXT4-fs: Ignoring removed nobh option [ 120.312773][T18282] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 120.409657][ T4332] EXT4-fs (loop2): unmounting filesystem. [ 120.656353][T18345] loop1: detected capacity change from 0 to 64 [ 120.755891][T18366] netlink: 'syz.1.4808': attribute type 3 has an invalid length. [ 120.821811][T18375] delete_channel: no stack [ 120.897756][T18391] netlink: 'syz.2.4819': attribute type 11 has an invalid length. [ 121.092604][T18419] loop1: detected capacity change from 0 to 64 [ 121.100751][T18419] hfs: unable to locate alternate MDB [ 121.101700][T18419] hfs: continuing without an alternate MDB [ 121.150805][ T39] hfs: new node 0 already hashed? [ 121.151856][ T39] ------------[ cut here ]------------ [ 121.152761][ T39] WARNING: CPU: 1 PID: 39 at fs/hfs/bnode.c:520 hfs_bnode_create+0x40c/0x4c4 [ 121.154191][ T39] Modules linked in: [ 121.154816][ T39] CPU: 1 PID: 39 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 121.156018][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 121.157698][ T39] Workqueue: writeback wb_workfn (flush-7:1) [ 121.158774][ T39] pstate: 62400005 (nZCv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 121.160182][ T39] pc : hfs_bnode_create+0x40c/0x4c4 [ 121.160977][ T39] lr : hfs_bnode_create+0x40c/0x4c4 [ 121.161820][ T39] sp : ffff80001ced6d40 [ 121.162450][ T39] x29: ffff80001ced6d60 x28: ffff7000039dadbc x27: dfff800000000000 [ 121.163644][ T39] x26: 0000000000000080 x25: 0000000000000000 x24: ffff0000d4f5c088 [ 121.164872][ T39] x23: dfff800000000000 x22: 0000000000000000 x21: ffff0000dc478000 [ 121.166091][ T39] x20: 0000000000000000 x19: ffff0000d4f5c000 x18: ffff800011b8bf60 [ 121.167479][ T39] x17: 0000000000000000 x16: ffff8000082d91a4 x15: 0000000000000000 [ 121.168864][ T39] x14: 0000000000000001 x13: 1ffff000039dad10 x12: 0000000000ff0100 [ 121.170259][ T39] x11: ff00800008311550 x10: 0000000000000000 x9 : da402aae582b7300 [ 121.171634][ T39] x8 : da402aae582b7300 x7 : 0000000000000001 x6 : 0000000000000001 [ 121.172926][ T39] x5 : ffff80001ced6818 x4 : ffff8000152f4cc0 x3 : ffff80000a88d9f0 [ 121.174220][ T39] x2 : ffff00019f564d10 x1 : 0000000100000000 x0 : 000000000000001f [ 121.175402][ T39] Call trace: [ 121.175887][ T39] hfs_bnode_create+0x40c/0x4c4 [ 121.176587][ T39] hfs_bmap_alloc+0x4fc/0x5ac [ 121.177282][ T39] hfs_btree_inc_height+0x108/0x890 [ 121.178132][ T39] hfs_brec_insert+0x5c4/0x97c [ 121.178900][ T39] __hfs_ext_write_extent+0x22c/0x484 [ 121.179838][ T39] hfs_ext_write_extent+0x154/0x1e0 [ 121.180720][ T39] hfs_write_inode+0xf0/0x8dc [ 121.181461][ T39] __writeback_single_inode+0x5e0/0x1554 [ 121.182367][ T39] writeback_sb_inodes+0x858/0x143c [ 121.183230][ T39] wb_writeback+0x414/0xfcc [ 121.183885][ T39] wb_workfn+0x360/0xe18 [ 121.184608][ T39] process_one_work+0x7f8/0x13a4 [ 121.185404][ T39] worker_thread+0x8c4/0xfec [ 121.186169][ T39] kthread+0x250/0x2d8 [ 121.186931][ T39] ret_from_fork+0x10/0x20 [ 121.187668][ T39] irq event stamp: 5268502 [ 121.188382][ T39] hardirqs last enabled at (5268501): [] __up_console_sem+0xb4/0xfc [ 121.189758][ T39] hardirqs last disabled at (5268502): [] el1_dbg+0x24/0x80 [ 121.191089][ T39] softirqs last enabled at (5268356): [] hash_ipmark4_gc_do+0x840/0x878 [ 121.192633][ T39] softirqs last disabled at (5268354): [] hash_ipmark4_gc_do+0xa8/0x878 [ 121.194218][ T39] ---[ end trace 0000000000000000 ]--- [ 121.209745][ T39] ------------[ cut here ]------------ [ 121.210572][ T39] kernel BUG at fs/hfs/bnode.c:565! [ 121.211585][ T39] Internal error: Oops - BUG: 00000000f2000800 [#1] PREEMPT SMP [ 121.212865][ T39] Modules linked in: [ 121.213501][ T39] CPU: 1 PID: 39 Comm: kworker/u4:2 Tainted: G W syzkaller #0 [ 121.214837][ T39] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/26/2026 [ 121.216358][ T39] Workqueue: writeback wb_workfn (flush-7:1) [ 121.217335][ T39] pstate: 82400005 (Nzcv daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 121.218587][ T39] pc : hfs_bnode_put+0x358/0x364 [ 121.219440][ T39] lr : hfs_bnode_put+0x358/0x364 [ 121.220265][ T39] sp : ffff80001ced6e40 [ 121.220890][ T39] x29: ffff80001ced6e40 x28: 0000000000000302 x27: dfff800000000000 [ 121.222150][ T39] x26: ffff7000039daddc x25: ffff80001ced6ee0 x24: 1fffe0001a9eb800 [ 121.223559][ T39] x23: ffff0000dc478000 x22: dfff800000000000 x21: 0000000000000000 [ 121.224789][ T39] x20: ffff0000d4f5c080 x19: ffff0000d4f5c000 x18: ffff800011b8bf60 [ 121.226047][ T39] x17: 0000000000000000 x16: ffff8000082eee68 x15: 0000000000000000 [ 121.227270][ T39] x14: 0000000000000001 x13: 1fffe0001a9eb810 x12: 0000000000ff0100 [ 121.228493][ T39] x11: ff00800008fa0468 x10: 0000000000000000 x9 : ffff800008fa0468 [ 121.229762][ T39] x8 : ffff0000c442d340 x7 : ffff8000118c0d24 x6 : 0000000000000000 [ 121.230953][ T39] x5 : 0000000000000000 x4 : 0000000000000001 x3 : ffff800008fa016c [ 121.232088][ T39] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000000 [ 121.233356][ T39] Call trace: [ 121.233878][ T39] hfs_bnode_put+0x358/0x364 [ 121.234686][ T39] hfs_btree_inc_height+0x458/0x890 [ 121.235512][ T39] hfs_brec_insert+0x5c4/0x97c [ 121.236237][ T39] __hfs_ext_write_extent+0x22c/0x484 [ 121.237056][ T39] hfs_ext_write_extent+0x154/0x1e0 [ 121.237847][ T39] hfs_write_inode+0xf0/0x8dc [ 121.238584][ T39] __writeback_single_inode+0x5e0/0x1554 [ 121.239526][ T39] writeback_sb_inodes+0x858/0x143c [ 121.240326][ T39] wb_writeback+0x414/0xfcc [ 121.241030][ T39] wb_workfn+0x360/0xe18 [ 121.241711][ T39] process_one_work+0x7f8/0x13a4 [ 121.242514][ T39] worker_thread+0x8c4/0xfec [ 121.243281][ T39] kthread+0x250/0x2d8 [ 121.243940][ T39] ret_from_fork+0x10/0x20 [ 121.244648][ T39] Code: aa1403e0 97e514eb 17ffffce 97d42b95 (d4210000) [ 121.245771][ T39] ---[ end trace 0000000000000000 ]--- [ 121.589876][ T39] Kernel panic - not syncing: Oops - BUG: Fatal exception [ 121.591051][ T39] SMP: stopping secondary CPUs [ 121.591786][ T39] Kernel Offset: disabled [ 121.592493][ T39] CPU features: 0x080000,000f0097,a65bfea7 [ 121.593464][ T39] Memory Limit: none [ 121.917431][ T39] Rebooting in 86400 seconds..