last executing test programs: 3.291473615s ago: executing program 1 (id=2057): r0 = syz_io_uring_setup(0xf03, &(0x7f0000000080)={0x0, 0x0, 0x10, 0x3, 0x3}, &(0x7f0000000440)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000180)) syz_io_uring_modify_offsets$generic(r1, r2, 0x2c, 0x10000) io_uring_enter(r0, 0x1, 0x20, 0x1, 0x0, 0x0) io_uring_enter(r0, 0x6516, 0x6d93, 0x8, 0x0, 0x0) 2.963444828s ago: executing program 3 (id=2063): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000040)="11da3cf44b1a8c3d8a39ccbd630e8ef9170ccf07ef1800322de53ae3b183ee66", 0x20) close(r0) 2.801684953s ago: executing program 1 (id=2066): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800e80010000d0428bd7000fcdbff2500008000", @ANYRES32=r0, @ANYBLOB="1000000000000000280012800b00010062726964676500001800028005001900840000000c001e"], 0x48}}, 0x4084) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 2.614550007s ago: executing program 3 (id=2068): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000001340)) ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000001c0)=0x40) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000180)=0x6f) 2.55958356s ago: executing program 0 (id=2069): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20040890}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0xfffffd66, &(0x7f0000000200)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101804bc9555e1affd5020000000900010001797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000000009000300737975320000000014000000110001"], 0x7c}}, 0x0) close(r0) 2.437691184s ago: executing program 1 (id=2070): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x94, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @broadcast}}}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x1}]}, 0x94}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000600)={0xa4, 0x0, 0x1, 0x505, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @mcast2}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @private0={0xfc, 0x0, '\x00', 0x1}}}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x10, 0x6, 0x0, 0x1, [@CTA_NAT_PROTO={0xc, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MAX={0x6, 0x2, 0x4e24}]}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x4040081}, 0x0) 2.436582592s ago: executing program 3 (id=2071): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x20004001}, 0x4000018) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000540)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310007000008000a40fffffffc14000000110001"], 0x64}}, 0x24000000) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWSET={0x6c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x28, 0x12, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @last={{0x9}, @val={0x4}}}, {0x10, 0x1, 0x0, 0x1, @counter={{0xc}, @void}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x134}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x94}, 0x1, 0x0, 0x0, 0x4044050}, 0x4000000) 2.261693324s ago: executing program 0 (id=2073): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000002fc0)=[{{&(0x7f0000000340)={0xa, 0x4e23, 0xfffffff9, @dev={0xfe, 0x80, '\x00', 0x36}, 0x9}, 0x1c, &(0x7f00000004c0)=[{&(0x7f00000005c0)="05", 0x1}], 0x1}}, {{&(0x7f0000000500)={0xa, 0x4e22, 0x3, @remote, 0x40}, 0x1c, &(0x7f0000000b00)=[{&(0x7f00000006c0)="02", 0x1}], 0x1}}], 0x2, 0x24000045) shutdown(r0, 0x1) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000000)={0x0, 0x5, 0x30}, 0xc) 2.26060489s ago: executing program 4 (id=2074): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000040)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000000)={0xffffffffffffffff}, 0x13f, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f00000000c0)={0x13, 0x10, 0xfa00, {&(0x7f0000000f00), r1}}, 0x18) 2.217907478s ago: executing program 1 (id=2075): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$unix(r1, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000540)=[@rights={{0x18, 0x1, 0x1, [r0, r1]}}], 0x18, 0xcc040}, 0x64004084) close(r1) recvmsg$unix(r0, &(0x7f0000000400)={0x0, 0x0, 0x0}, 0x0) 2.094487072s ago: executing program 3 (id=2077): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x30, 0x24, 0x20, 0x2, 0x0, {0x0, 0x0, 0x0, 0x0, {0x7}, {0xffff, 0xffff}, {0x0, 0x5}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x4}}]}, 0x30}}, 0x4000000) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000007000010010ab4be68e8da23507"], 0x28}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 1.911302299s ago: executing program 1 (id=2078): r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000180)={{}, {0x1, 0x5}, [{}], {}, [], {0x10, 0x1}, {0x20, 0x7}}, 0x2c, 0x1) setreuid(0xffffffffffffffff, 0xee01) setxattr$system_posix_acl(&(0x7f0000000080)='./file1/file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', 0x0, 0x0, 0x3) 1.895588368s ago: executing program 4 (id=2079): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000080)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x6, 0x10, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x40100, 0x0, 0x0, 0x0, 0x800}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xf535}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0xb6}}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r2, 0x2000012, 0xe, 0x0, &(0x7f0000000ac0)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x97}, 0x50) 1.851795473s ago: executing program 3 (id=2081): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000106a05310300000000000109022400010000800009040002010300010009210000000122f80409058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x44, &(0x7f00000002c0)={0x60, 0x1, 0x36, "6155eddc60887a156e164605c83840d2161617ada36952d6aba68e192f68ae4695ed521b9c68d71e289cadc4aaa4147c842a6aff7d34"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000580)={0x20, 0x89, 0x2, 0x1}}) syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 1.719915909s ago: executing program 1 (id=2082): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) sendmsg$NBD_CMD_CONNECT(r0, &(0x7f0000001ac0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x48, r1, 0x1, 0xffffbffe, 0x0, {}, [@NBD_ATTR_SOCKETS={0x1c, 0x7, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}, {0xc, 0x1, 0x0, 0x1, {0x8, 0x1, r2}}]}, @NBD_ATTR_SERVER_FLAGS={0xc, 0x5, 0xfb2e77a8993c1937}, @NBD_ATTR_SIZE_BYTES={0xc, 0x2, 0x10001}]}, 0x48}}, 0x20000000) 1.606445489s ago: executing program 4 (id=2084): sendmsg$NL802154_CMD_GET_SEC_DEVKEY(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010300000031e0158d6f3e020000000000000000000001"], 0x20}}, 0x0) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0xfff}, 0x10) write(r0, &(0x7f0000000180)="2000000012005f0214f9f4070000fbe40a0000000200", 0x41d) 1.583686724s ago: executing program 0 (id=2085): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x70bd2d, 0x0, {{@in=@multicast1, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20, 0x0, 0x0, 0xee01}, {0x1, 0x20000000000}, {0x1, 0x2, 0x0, 0x1}, 0x400000, 0x0, 0x2, 0x0, 0x1}}, 0xb8}}, 0x4004880) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001300e9990000000002000000e0000001000000000000000000000000e00000010000000000000000000000004e2400000000000002000010"], 0xb8}}, 0x0) 1.440212005s ago: executing program 4 (id=2087): r0 = creat(&(0x7f00000001c0)='./file0\x00', 0x1) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) write$qrtrtun(r0, &(0x7f0000000300)="ca0e808bb3", 0x5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r1, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x5, 0x5], &(0x7f0000000280)=[0x2], 0x0, 0x2}}, 0x40) 1.390979422s ago: executing program 0 (id=2089): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='numa_maps\x00') r1 = shmget$private(0x0, 0x800000, 0x54003f00, &(0x7f0000800000/0x800000)=nil) shmat(r1, &(0x7f0000000000/0x4000)=nil, 0xbbdccba4532b703b) read$FUSE(r0, &(0x7f0000003380)={0x2020}, 0x2077) 1.119064747s ago: executing program 0 (id=2090): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0xa82, 0x0) write$cgroup_int(r0, &(0x7f0000000000)=0x922, 0x12) syz_mount_image$erofs(&(0x7f0000000000), &(0x7f00000001c0)='./file1\x00', 0x0, &(0x7f0000000800)=ANY=[@ANYBLOB="00ea2eb34e7ea51c9446c55a2d1e0be39af9faf44ad59cb6ad1c94490d970e811439edddc71c9b18946b559ce53bee0a1abe562fc3f3898e5826eda1962cf6e3c4c0ade50151923a70b46eacfc1aaaebcf156e549eae4b2f81fd363b7ef31cd30cd93cb2814e0dbc24a7a107e295e86e09283c825fe177c89c6385f68f2c843cffffffff15539bab6142ceed9265ba989d1a283fc4ffc83f3a7a6c746823e656ad78f3b5a336cdbd83dad59e0debb36b4ea5e658e253f01637cc03f704a08019f95b92fffff7fff8dd21552d6967ab1b01e5d52a5793eb179deee4572770a5197127b090287bca2a4eaa1705b42c16968d0201d3ba3cc8000000657ea095f152b149ccc23d4ecbcdb5620cc48f95f563c2230f859d196e6c4f00b8e3a7b01fcb1d79dcc09b7a854ec8c31dd27ff9b4a2864e1dcaf719d20b56769d51228ecc1915fb8c8b598c11b3c296b05f9c5355fc6f19a7b28f5ae9a0d0804ccc5716cfac0246ddffa2f12077a02a959aa1b74373c38b2bcc90743b80666eae25dea73e127263b8fdbc64fe862b994ca8473d000000000000000094654729e4c442741c3a73c017c555a77a006acb", @ANYRESHEX], 0x1, 0x1a3, &(0x7f00000009c0)="$eJzsmDFP6lAUx/+3hTY8XsJb31veSx4JvOGVtrxnZHBgdtBEo3GTSCVoEQMdgM34IZz9BM7Ehe+hgzo5qJtxcKhpe6GXSnHAGBLPb7j99dyTy7mH5JAAgiA+LTfXj1dnuWzK86/IQuXxWznMkYT8fub5z0V95fxEf7jsD5ZLkePS6fiPYpOCCQCDsgyHv7uu64r7Wf5chzT0pLi/iSdo3LchYYO7BYYt7nuCN8Ggadpu3ba0naZd9UT3FsNbTG8pRuu7P2KoCvWJF2l3e/sV27ZaI1ERjcwq8S3l9ZUlLAn1id/XsDd62D8YkGBwL4Jhjfsi1GFvgpYI9/+RCM+Xp96fZFy+Z97ISWJeSiV5B2Hw5C4FRLYUAHNR4cdIOJ/cU4acMJ8SwvwoOI3DQrvb+1tvVGpWzTowzeKC/k/X/5sFfxAF65T5l/Ln0xfh/GRMrsIUdCqO0zKCdfRudlQ4LXPSxFX8+Sch/zuomvGYiP978I398h55GTiOrZYgCIIgCIIgCIIgCIIgCGIWfoL5/4KOUXoVMlf97JcAAAD//z7Sbhk=") syz_init_net_socket$bt_bnep(0x1f, 0x3, 0x4) 933.975795ms ago: executing program 4 (id=2092): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x3ff, 0x2, 0x5}, 0x1c) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x0, 0x1000, 0x0, 0x3ff, 0x2, 0x5}, 0x1c) 752.97447ms ago: executing program 0 (id=2094): r0 = semget$private(0x0, 0x7, 0x191) semtimedop(r0, &(0x7f0000000200)=[{0x0, 0xffff, 0x2000}], 0x1, 0x0) semop(r0, &(0x7f0000000340)=[{0x2, 0x8, 0x1800}, {0x2, 0xf8ab}], 0x2) semctl$GETZCNT(r0, 0x0, 0xf, 0x0) 739.802497ms ago: executing program 2 (id=2095): r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c000000020000000000000000000004"], 0x0, 0x26, 0x0, 0x2}, 0x28) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xd, 0x3, &(0x7f0000000800)=ANY=[@ANYBLOB="18000000000000000000000000000000950000000000000009000000dfa2bff372df8cdbeb318ab2bec8fc36903c0ec359caa1af3c914019395cc154010c693709800000000000000016a85adef34bf78c76e6222337923e1bea6ef682cc4375f594425d408ccc58187feb0e3d43347f989007a7c63f6dae2acb4af936461f34a8a32a50bbbb69ec85168947b86df9f2609bf93f7a1be259621818c3c75da31290bce645451b851111dd98ac4d8da9317c2c082020e0b2d634086785f3fe41a3053645cc413790faf7e229c782845b5bb774f7f154263178151ea93ff2cac4b181332c9c9a1c7d85616c8100000000000000d8300d19d585000000fc005774b56a7142047326f940e95b8489e1c5650f5c61299a295f39c88456391cffdef93e29f10f4a11f0cfbfc0ff976b20fef6033495b9b94777db9bb9b678ffc1130000009faa798226a080c01e47151268a02dc1a557cfdcf76305fbf6643df66b1b4d2d5e7bf698fc5a18d984ecb91e6683a5f522d536e2f3c43b89823659d1945258fc668950e5aacfffffffffffffff7f7a266c90e64efc8d8f730867202a9ee94e6a00"], &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @sock_ops, r0, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x1, 0x0, 0xffffffffffffffff, 0xf5010000}, 0x6d) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a090400000000221e000002000002400004803c0001800e000100696d6d656469617465000000280002801c000280180002800900020073797a310000080008000180fffffffc08000140000000000900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x94}}, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000007c0)={r1, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8, 0x0, 0x0}}, 0x10) 631.959474ms ago: executing program 4 (id=2096): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sync() 629.83214ms ago: executing program 2 (id=2106): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x10000, &(0x7f0000000100)={[{@grpid}, {@auto_da_alloc}, {@lazytime}, {@journal_dev={'journal_dev', 0x3d, 0x6}}]}, 0x7, 0x4d4, &(0x7f0000000180)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpiuJN4NDEejTdNvOrRePIPwIMHE0NCDBfA05jZnWm3291ttz8p+/kk232e2WfmeZ6ZeWaffZ7OBNCzhrI/ScT/IuJORDxVjy5MMFR/e3j/+sSj+9cnYjZNz/yT1NI9yOK5Yr2deWS4FFH6MmnaYN301WsXxqvVqSt5fHTm4mej01evvX7+4vi5qXNTl8ZOnTpx/NjJN8fe6L5SLfLL6vVg/xeXD+x79+zt9yfKxfKB/L2xHm2VuyvGUIfPXuluU4+9XQ3hZPF+urGhhWHZBvLTupK1/+vVw2c3u0DAhknTNO1v//Fs2uzmoiXAlpXEZpcA2BzFF332+7d4bVDX47Fw73T9B1BW74f5q/5JOUp5mkrT79u1NBQRH8/++032ik7jEH+uUwEAgJ7zy+miJ9jc/yvF3oZ0/8/nUAYj4umI2B0Rz0TEnoh4NqKW9rmIeL45gyQi7ZD/nqb4fP4/5rMIpburrmQHWf/vrXxua2H/r+j9xWBfHtsVUXSYp47m+2Q4Kv2fnK9OHWuz/W1L5N/Y/8teWf5FXzAvx91y0wDd5PjM+Mpqu9i9mxH7y831T8rZgSumcZKI2BcR+7vY7mBD+Pxr3x2Yi1Ty96/rb0vXvyZtMaXX9XxcK+m3Ea/Wj/9sNB7/ZD7HpPP85OhAVKeOjmZnwdGWefz2+60P2uW/ZP1/+qt5lXdO/nxm1fUuZMd/R8P5H8X87fwk6mASkczN105HpH3d5XHrj/YrrPT835Z8VAsX7evz8ZmZK8citiXvLV4+Nr9uES/SZ/UfPtK6/e/O18n2xAsRkZ3EL0bESxFxMC/7oYg4HBFHOtT/17df/nTl9V9fWf0nW17/Fhz/+fn6ZQaKlbMlfRcO3XnU5uKxvON/ohYazpe0vv4lCy4Ryy3p6vYeAAAAbA2lqP3vf2lkLlwqjYzUx4D2xI5S9fL0zMGIuDRZv0dgMCqlYqSrPh5cSYrxz8GG+FhT/Hg+bvxV3/ZafGTicnVysysPPW5nrc0ni9p/5u8ux3mBLWgN5tGALWqp9r/39gYVBNhwvv+hdzW0/9k2SWb9pww8mXz/Q+9q1f5vxPcd711wzYCtL9WWoadp/9C7yvHhXLh223PLu22BJ5Hvf+hJ3d7Xv5xA8biGaxfS/tZpBqLFEwMG1rgYeWB7i7w2JZD1rNZwg5WIWF7i7SvJougCtn/CQ6m7DfbH4o/6otNaSRfPcSgC2V5ZMvG5vWt+8hfPRFnr0+aH+XZaaTgW5aWOzuoDG3oZAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAWDf/BQAA//8mic8a") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15) pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c) write$cgroup_int(r0, &(0x7f0000000800)=0x72, 0x12) 433.290685ms ago: executing program 2 (id=2097): syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000100)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[], 0x2, 0x638, &(0x7f0000000ac0)="$eJzs3c1rHOcdB/DvrGRZssFRGttxSyAihrRU1NYLSqte6pZSVAglpIeehS1j4bWTSkpRQmnUN3rtIX9AetCtp0IvhYIgPbe3XHUMFHrJST1tmdlZvVjydjdeeWXn8zEz8zzzzDzze347L7trxAb40lqazuhOiixNv7lZ1ne355u72/MPOuUk55M0ktH2IsXDpPgkuZX2lK+WK+vuiscd56PVxbc//Xz3s3ZttJ6q7Rvd9uvNVj1lKslIvRxUf7efuL9if4Rlwq53EgfDdi5J64ifXz1o6e7CE1+3wFlQtJ+b+1r1lT1ZXeYZr98HtJ+K7Wf2M21r2AEAAADAoI0fX/XCXvaymUvDCAcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACeVfXv/1e/+j++vyrFVIrO7/+PddqTXBxiqN2N9bbZTuO0AwEAAAAAAACA0/fqXvaymUudeqtII8lrVeVyNb+Y97KelazlRjaznI1sZC2zSSYPdTS2ubyxsTbbw55zJ+4512PAE08+ZgAAAAAAAAB4Dv0mSwf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGdBkYy0F9V0uVOeTGM0yXiSsXK7reRfnfKzbGfYAQAAAMBT8MJe9rKZS516q6g+81+tPveP5708zEZWs5FmVnKn+i6g/am/sbs939zdnn9QTsf7/f5/+gqj6jHt7x5OPvK1aouJ3M1qteZGbuedNHMnjWrP0rVOPCfH9esypuJ7tR4ju1Mvy5H/sV6evpEetpmsMnJuPyMzdWxlNl7snomjr85Wv0eaTWP/m5/Lp5DzC/WySC7++KnlvBd1Jl5NnYm5Q2ff1e6ZSL7+1z//7F7z4f17d9enz86Q+nC+1Wp1yo+eE/OHMvHyc5+Jw2aqTFzZry/lR/lppjOVt7KW1fwiy9nISqbyw6q0XJ/P5Xyye6ZuHam9Vc0nHh/JWP26tO8e/cX0WrXvpazmJ3knd7KSN6p/c5nNt7OQhSweeoWv9HDVN/q76q9/oy6UA/xD94E+ZWVeX6zz+mFy5J47WbUdXnOQpRQZ9L1x9Gt1oTzGb+vl2fBoJmYPZeKl7ufLn6rbynrz4f21e8vv9ni81+tleR39/kw9Jcrz5Svli1XVjp4dZdtLJ7bNVm2X99sax9qu7Lf9vyt1rH4Pd7ynuart5RPb5qu2a4faTnq/BcCZd+GbF8Ym/j3xz4mPJ343cW/izfEfnP/O+VfGcu4f5747OjPyeuOV4i/5OL86+PwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8cevvf3B/udlcWXuk0Gq1PnxM0xctjKSfvf7+t0EevfN7RAMczmAL4/1s3DobMfdT+G+r1RpIh1tdTtqBFVq1M5G6IRWGfGMCTt3NjQfv3lx//4NvrXYekQsLizOLC2/M37y72lyZac+HHCRwKg4e+sOOBAAAAAAAAAAAAOjV0/hzgmGPEQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHi2LU1ndCdFZmduzJT13e35Zjl1ygdbjiZpJCl+mRSfJLfSnjJ5qLvi+BF2qvlHq4tvf/r57mcHfY12tm+cvF8/tuopU0lG6uWg+rv9xP0V+yMsE3a9kzgYtv8FAAD//ywaEHk=") r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0) fcntl$lock(r0, 0x6, &(0x7f0000000000)={0x0, 0x1, 0x3a, 0x8, 0xffffffffffffffff}) symlink(&(0x7f00000005c0)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', &(0x7f00000002c0)='.\x02\x00') 298.329301ms ago: executing program 2 (id=2098): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x7c, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xe, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x4c, 0x2, [@TCA_GRED_DPS={0x16, 0x3, {0xa, 0x8, 0x0, 0x3}}, @TCA_GRED_PARMS={0x38, 0x1, {0x7, 0x3, 0x7, 0x9, 0x6, 0x800004, 0x1, 0xffff8001, 0x3fd, 0x2, 0xc, 0x5, 0x25, 0xc, 0x3, 0x8}}]}}]}, 0x7c}}, 0x24008004) 122.38807ms ago: executing program 2 (id=2099): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x1f, 0x11, &(0x7f0000000200)=ANY=[@ANYBLOB="18000000ffffffff000000000000000085000000a8000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b705000000000000850000000400000095"], &(0x7f0000000b00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1a, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000340)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000500)={r1, r0}, 0xc) 269.89µs ago: executing program 3 (id=2100): mmap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x8, 0x32, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x50) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x18, 0x16, &(0x7f0000000400)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8b, 0x0, 0x0, 0x0, 0x80}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xfeff}, {0x85, 0x0, 0x0, 0x86}, {0x7, 0x1, 0xb, 0x9, 0x0, 0x20}}, {{0x5, 0x0, 0x5, 0x9, 0x0, 0x1, 0x80000000}}, [@jmp={0x5, 0x0, 0x7, 0x0, 0x0, 0x2, 0x10}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}}, @initr0={0x18, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0xacb}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}, {0x7, 0x0, 0xb, 0x0, 0x0, 0x0, 0x500}}}, &(0x7f0000000000)='GPL\x00', 0x3, 0xfed, &(0x7f0000000780)=""/4077, 0x41000, 0x4b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8000d}, 0x94) 0s ago: executing program 2 (id=2101): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x208004, 0x21fffc, 0xc, 0x0, 0x2, 0xfffffffe}) write$P9_RGETATTR(0xffffffffffffffff, &(0x7f0000000180)={0xa0, 0x19, 0xffff, {0x95c, {0x80, 0x3, 0x2}, 0x8b, 0xee00, 0x0, 0xff, 0x8001, 0x4000081, 0xbf45, 0x20000008000007, 0xa, 0x40000000000b, 0x2, 0x2, 0x1, 0xb1f, 0x4, 0x8000000000407, 0x4}}, 0xa0) r0 = syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x2) ioctl$SCSI_IOCTL_GET_BUS_NUMBER(r0, 0x5393, &(0x7f00000001c0)) kernel console output (not intermixed with test programs): loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.988849][ T5611] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.134087][ T7701] vlan2: entered promiscuous mode [ 178.134107][ T7701] bond0: entered promiscuous mode [ 178.134120][ T7701] bond_slave_0: entered promiscuous mode [ 178.134428][ T7701] bond_slave_1: entered promiscuous mode [ 178.200871][ T7707] loop1: detected capacity change from 0 to 24 [ 178.284249][ T5595] IPVS: starting estimator thread 0... [ 178.370778][ T7710] IPVS: using max 8 ests per chain, 19200 per kthread [ 178.780052][ T7720] program syz.1.782 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 179.063574][ T7728] loop0: detected capacity change from 0 to 512 [ 179.086596][ T7725] netlink: 40 bytes leftover after parsing attributes in process `syz.2.760'. [ 179.153146][ T7728] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 179.444401][ T5606] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.928288][ T7742] loop0: detected capacity change from 0 to 512 [ 179.943625][ T7742] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 179.993502][ T7748] loop4: detected capacity change from 0 to 256 [ 180.019757][ T7742] EXT4-fs error (device loop0): ext4_orphan_get:1423: comm syz.0.787: bad orphan inode 131083 [ 180.019782][ T7742] loop0: lost filesystem error report for type 5 error -117 [ 180.029066][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 180.029086][ C0] EXT4-fs (loop0): initial error at time 1777420040: ext4_orphan_get:1423 [ 180.029108][ C0] EXT4-fs (loop0): last error at time 1777420040: ext4_orphan_get:1423 [ 180.214762][ T7748] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xffade8b4, utbl_chksum : 0xe619d30d) [ 180.233574][ T7742] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.288562][ T37] audit: type=1800 audit(1777420040.769:30): pid=7742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.787" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 180.886754][ T7757] loop4: detected capacity change from 0 to 1024 [ 180.902844][ T7757] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 180.902959][ T7757] EXT4-fs (loop4): stripe (65535) is not aligned with cluster size (16), stripe is disabled [ 181.090886][ T7757] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 181.156222][ T5606] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 181.243468][ T7757] EXT4-fs error (device loop4): htree_dirblock_to_tree:1080: inode #2: block 48: comm syz.4.797: bad entry in directory: directory entry overrun - offset=76, inode=16, rec_len=65540, size=1024 fake=0 [ 181.247069][ T7757] EXT4-fs (loop4): Remounting filesystem read-only [ 182.223426][ T5612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.261368][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 182.406584][ T7773] loop4: detected capacity change from 0 to 16 [ 182.411787][ T10] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 182.411812][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 182.425259][ T10] usb 1-1: config 0 descriptor?? [ 182.434153][ T10] cp210x 1-1:0.0: cp210x converter detected [ 182.447346][ T7773] erofs (device loop4): mounted with root inode @ nid 36. [ 182.850689][ T10] cp210x 1-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 182.948298][ T10] usb 1-1: cp210x converter now attached to ttyUSB0 [ 183.082802][ T10] usb 1-1: USB disconnect, device number 6 [ 183.114057][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 183.362475][ T7767] loop2: detected capacity change from 0 to 40427 [ 183.377666][ T10] cp210x 1-1:0.0: device disconnected [ 183.395361][ T7767] F2FS-fs (loop2): build fault injection rate: 174 [ 183.395381][ T7767] F2FS-fs (loop2): build fault injection type: 0x3bfe8c [ 183.405397][ T7767] F2FS-fs (loop2): invalid crc value [ 184.012642][ T7767] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 184.153775][ T7767] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 184.209853][ T7825] netlink: 4 bytes leftover after parsing attributes in process `syz.1.826'. [ 184.465478][ T5614] bio_check_eod: 32 callbacks suppressed [ 184.465494][ T5614] syz-executor: attempt to access beyond end of device [ 184.465494][ T5614] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 184.516898][ T5614] CPU: 0 UID: 0 PID: 5614 Comm: syz-executor Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 184.516918][ T5614] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 184.516929][ T5614] Call Trace: [ 184.516934][ T5614] [ 184.516940][ T5614] dump_stack_lvl+0xe8/0x150 [ 184.516959][ T5614] f2fs_stop_checkpoint+0x383/0x540 [ 184.516980][ T5614] f2fs_write_end_io+0x1274/0x1740 [ 184.517004][ T5614] __submit_merged_bio+0x256/0x6a0 [ 184.517019][ T5614] __submit_merged_write_cond+0x3c9/0x4e0 [ 184.517040][ T5614] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 184.517075][ T5614] f2fs_write_data_pages+0x287e/0x34f0 [ 184.517105][ T5614] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 184.517143][ T5614] ? do_raw_spin_lock+0x12b/0x2f0 [ 184.517163][ T5614] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 184.517177][ T5614] ? lockdep_hardirqs_on+0x7a/0x110 [ 184.517191][ T5614] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 184.517204][ T5614] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 184.517215][ T5614] ? reacquire_held_locks+0x104/0x190 [ 184.517225][ T5614] ? rt_spin_lock+0x1e0/0x400 [ 184.517239][ T5614] ? rt_spin_unlock+0x14f/0x200 [ 184.517252][ T5614] ? rt_spin_unlock+0x160/0x200 [ 184.517261][ T5614] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 184.517274][ T5614] do_writepages+0x32e/0x550 [ 184.517286][ T5614] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 184.517298][ T5614] ? rt_spin_unlock+0x14f/0x200 [ 184.517323][ T5614] filemap_fdatawrite+0x1ec/0x2f0 [ 184.517348][ T5614] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 184.517400][ T5614] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 184.517423][ T5614] ? __rcu_read_unlock+0x83/0xe0 [ 184.517440][ T5614] ? rt_spin_unlock+0x160/0x200 [ 184.517452][ T5614] f2fs_sync_dirty_inodes+0x30e/0x830 [ 184.517472][ T5614] f2fs_write_checkpoint+0x9df/0x26a0 [ 184.517485][ T5614] ? __lock_acquire+0x6b5/0x2d10 [ 184.517516][ T5614] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 184.517555][ T5614] kill_f2fs_super+0x314/0x730 [ 184.517572][ T5614] ? __pfx_kill_f2fs_super+0x10/0x10 [ 184.517590][ T5614] ? lockdep_hardirqs_on+0x7a/0x110 [ 184.517610][ T5614] deactivate_locked_super+0xbc/0x130 [ 184.517624][ T5614] cleanup_mnt+0x437/0x4d0 [ 184.517637][ T5614] ? _raw_spin_unlock_irq+0x23/0x50 [ 184.517652][ T5614] task_work_run+0x1d9/0x270 [ 184.517664][ T5614] ? __pfx_task_work_run+0x10/0x10 [ 184.517678][ T5614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.517689][ T5614] exit_to_user_mode_loop+0xed/0x480 [ 184.517704][ T5614] ? rcu_is_watching+0x15/0xb0 [ 184.517715][ T5614] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.517725][ T5614] do_syscall_64+0x33e/0xf80 [ 184.517739][ T5614] ? trace_irq_disable+0x3b/0x140 [ 184.517752][ T5614] ? clear_bhb_loop+0x40/0x90 [ 184.517766][ T5614] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 184.517776][ T5614] RIP: 0033:0x7fd2cdd3e017 [ 184.517792][ T5614] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 184.517800][ T5614] RSP: 002b:00007ffec100b578 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 184.517812][ T5614] RAX: 0000000000000000 RBX: 00007fd2cddd2120 RCX: 00007fd2cdd3e017 [ 184.517819][ T5614] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec100b630 [ 184.517825][ T5614] RBP: 00007ffec100b630 R08: 00007ffec100c630 R09: 00000000ffffffff [ 184.517831][ T5614] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec100c6c0 [ 184.517837][ T5614] R13: 00007fd2cddd2120 R14: 000000000002cf99 R15: 00007ffec100c700 [ 184.517853][ T5614] [ 184.517858][ T5614] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 184.579416][ T5595] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 184.580668][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 184.990151][ T5595] usb 4-1: Using ep0 maxpacket: 16 [ 184.995042][ T5595] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 184.995072][ T5595] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 184.995110][ T5595] usb 4-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 184.995131][ T5595] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.057204][ T5595] usb 4-1: config 0 descriptor?? [ 185.312838][ T7842] batadv_slave_0: entered promiscuous mode [ 185.391986][ T7842] batman_adv: batadv0: Adding interface: macsec1 [ 185.392003][ T7842] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 185.392026][ T7842] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 185.392040][ T7842] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 185.392053][ T7842] batman_adv: batadv0: Interface activated: macsec1 [ 185.492490][ T5595] samsung 0003:0419:0600.000A: unknown main item tag 0x0 [ 185.492525][ T5595] samsung 0003:0419:0600.000A: unknown main item tag 0x0 [ 185.492551][ T5595] samsung 0003:0419:0600.000A: unknown main item tag 0x0 [ 185.492577][ T5595] samsung 0003:0419:0600.000A: unknown main item tag 0x0 [ 185.492604][ T5595] samsung 0003:0419:0600.000A: unknown main item tag 0x0 [ 185.492629][ T5595] samsung 0003:0419:0600.000A: unknown main item tag 0x0 [ 185.492654][ T5595] samsung 0003:0419:0600.000A: unexpected long global item [ 185.496678][ T5595] samsung 0003:0419:0600.000A: parse failed [ 185.496745][ T5595] samsung 0003:0419:0600.000A: probe with driver samsung failed with error -22 [ 185.697552][ T5595] usb 4-1: USB disconnect, device number 9 [ 186.039367][ T821] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 186.192342][ T821] usb 2-1: config 0 has an invalid interface number: 66 but max is 0 [ 186.192367][ T821] usb 2-1: config 0 has no interface number 0 [ 186.192396][ T821] usb 2-1: too many endpoints for config 0 interface 66 altsetting 71: 66, using maximum allowed: 30 [ 186.192440][ T821] usb 2-1: config 0 interface 66 altsetting 71 has 0 endpoint descriptors, different from the interface descriptor's value: 66 [ 186.192465][ T821] usb 2-1: config 0 interface 66 has no altsetting 0 [ 186.192495][ T821] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 186.192516][ T821] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.264622][ T821] usb 2-1: config 0 descriptor?? [ 186.267969][ T7870] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.305698][ T821] cp210x 2-1:0.66: cp210x converter detected [ 186.383991][ T7870] bridge0: port 2(bridge_slave_1) entered disabled state [ 186.422933][ T7873] bond0: option mode: unable to set because the bond device has slaves [ 186.702965][ T821] cp210x 2-1:0.66: failed to get vendor val 0x000e size 3: -71 [ 186.754124][ T821] usb 2-1: cp210x converter now attached to ttyUSB0 [ 186.772151][ T821] usb 2-1: USB disconnect, device number 5 [ 186.811244][ T821] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 186.819791][ T821] cp210x 2-1:0.66: device disconnected [ 187.723409][ T7898] loop2: detected capacity change from 0 to 4096 [ 187.995873][ T7909] loop0: detected capacity change from 0 to 512 [ 188.118426][ T7909] EXT4-fs (loop0): bad geometry: block count 768 exceeds size of device (256 blocks) [ 188.199290][ T7912] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 188.902381][ T7908] loop4: detected capacity change from 0 to 131072 [ 188.924907][ T7908] F2FS-fs (loop4): invalid crc value [ 189.006078][ T7908] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 189.049294][ T7908] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 189.240494][ T7929] loop0: detected capacity change from 0 to 256 [ 189.300412][ T7929] exFAT-fs (loop0): error, no upcase table entry. Please run fsck [ 189.300432][ T7929] exFAT-fs (loop0): Filesystem has been set read-only [ 189.300691][ T7929] exFAT-fs (loop0): failed to test first cluster bit of root dir(5) [ 189.699877][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 190.067469][ T7950] loop1: detected capacity change from 0 to 8192 [ 190.151339][ T7950] loop1: AHDI p1 p2 [ 190.151576][ T7950] loop1: p1 size 65535 extends beyond EOD, truncated [ 190.612738][ T7965] loop0: detected capacity change from 0 to 4096 [ 190.673870][ T7965] NILFS (loop0): invalid segment: Checksum error in segment payload [ 190.673893][ T7965] NILFS (loop0): trying rollback from an earlier position [ 190.748714][ T5805] udevd[5805]: inotify_add_watch(7, /dev/loop1p1, 10) failed: No such file or directory [ 190.749638][ T7965] NILFS (loop0): recovery complete [ 190.769131][ T7971] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 190.867359][ T7973] vxcan1: tx address claim with dest, not broadcast [ 191.417646][ T7988] random: crng reseeded on system resumption [ 191.484170][ T7991] loop0: detected capacity change from 0 to 512 [ 191.775241][ T7999] loop1: detected capacity change from 0 to 256 [ 191.812563][ T8001] loop4: detected capacity change from 0 to 1024 [ 191.985195][ T7999] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 192.112577][ T37] audit: type=1800 audit(1777420052.609:31): pid=8001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.901" name="file1" dev="loop4" ino=26 res=0 errno=0 [ 192.280142][ T5722] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 192.329660][ T8011] loop2: detected capacity change from 0 to 128 [ 192.346635][ T8011] EXT4-fs (loop2): Test dummy encryption mode enabled [ 192.364983][ T8011] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042] [ 192.365086][ T8011] System zones: 1-3, 19-19, 35-36 [ 192.469139][ T5722] usb 1-1: Using ep0 maxpacket: 16 [ 192.476754][ T5722] usb 1-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 192.476778][ T5722] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.476796][ T5722] usb 1-1: Product: syz [ 192.476809][ T5722] usb 1-1: Manufacturer: syz [ 192.476822][ T5722] usb 1-1: SerialNumber: syz [ 192.534871][ T8011] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 192.540326][ T5722] usb 1-1: config 0 descriptor?? [ 192.561878][ T8011] ext4 filesystem being mounted at /179/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 192.589993][ T5722] gspca_main: spca508-2.14.0 probing 041e:4018 [ 192.779460][ T5722] gspca_spca508: reg_read err -32 [ 192.780382][ T5722] gspca_spca508: reg_read err -32 [ 192.906153][ T5614] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 192.987828][ T5722] gspca_spca508: reg_read err -71 [ 192.988336][ T5722] gspca_spca508: reg_read err -71 [ 192.988715][ T5722] gspca_spca508: reg write: error -71 [ 192.988797][ T5722] spca508 1-1:0.0: probe with driver spca508 failed with error -71 [ 193.022444][ T5722] usb 1-1: USB disconnect, device number 7 [ 193.029673][ T5731] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 193.147140][ T8030] loop2: detected capacity change from 0 to 256 [ 193.180096][ T5731] usb 2-1: Using ep0 maxpacket: 32 [ 193.188938][ T5731] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 193.188969][ T5731] usb 2-1: config 0 interface 0 has no altsetting 0 [ 193.190904][ T5731] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00 [ 193.190928][ T5731] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.218758][ T5731] usb 2-1: config 0 descriptor?? [ 193.222640][ T8032] loop4: detected capacity change from 0 to 512 [ 193.250580][ T8030] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 193.255495][ T8032] EXT4-fs (loop4): bad geometry: block count 768 exceeds size of device (256 blocks) [ 193.747316][ T8040] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 193.842314][ T5731] usbhid 2-1:0.0: can't add hid device: -71 [ 193.842449][ T5731] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 193.891185][ T5595] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 193.902227][ T5731] usb 2-1: USB disconnect, device number 6 [ 194.039822][ T5595] usb 3-1: Using ep0 maxpacket: 32 [ 194.061060][ T5595] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 194.061084][ T5595] usb 3-1: config 0 has no interface number 0 [ 194.067706][ T5595] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 194.067731][ T5595] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.067749][ T5595] usb 3-1: Product: syz [ 194.067763][ T5595] usb 3-1: Manufacturer: syz [ 194.067776][ T5595] usb 3-1: SerialNumber: syz [ 194.184691][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.184796][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.211681][ T5595] usb 3-1: config 0 descriptor?? [ 194.215885][ T5595] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 194.216532][ T37] audit: type=1800 audit(1777420054.709:32): pid=8041 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.917" name="file1" dev="loop0" ino=26 res=0 errno=0 [ 194.365065][ T8051] netlink: 4 bytes leftover after parsing attributes in process `syz.4.921'. [ 194.495195][ T5595] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 194.516739][ T5595] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 194.624644][ T8057] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 194.862487][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 194.971940][ T5714] usb 3-1: USB disconnect, device number 8 [ 195.006697][ T8066] vxcan1: tx address claim with dest, not broadcast [ 195.028577][ T5714] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 195.060830][ T5714] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 195.064299][ T5714] quatech2 3-1:0.51: device disconnected [ 195.234701][ T5722] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 195.380979][ T5722] usb 5-1: config 0 has an invalid interface number: 66 but max is 0 [ 195.381005][ T5722] usb 5-1: config 0 has no interface number 0 [ 195.381034][ T5722] usb 5-1: too many endpoints for config 0 interface 66 altsetting 71: 66, using maximum allowed: 30 [ 195.381065][ T5722] usb 5-1: config 0 interface 66 altsetting 71 has 0 endpoint descriptors, different from the interface descriptor's value: 66 [ 195.381078][ T5722] usb 5-1: config 0 interface 66 has no altsetting 0 [ 195.381096][ T5722] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 195.381107][ T5722] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.453543][ T5722] usb 5-1: config 0 descriptor?? [ 195.478412][ T5722] cp210x 5-1:0.66: cp210x converter detected [ 195.776864][ T8071] set_capacity_and_notify: 2 callbacks suppressed [ 195.776880][ T8071] loop1: detected capacity change from 0 to 40427 [ 195.800471][ T8071] F2FS-fs (loop1): Invalid log_blocksize (64), supports only 12 [ 195.800494][ T8071] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 195.800835][ T8071] F2FS-fs (loop1): Image doesn't support compression [ 195.801814][ T8071] F2FS-fs (loop1): invalid crc value [ 195.874656][ T5722] cp210x 5-1:0.66: failed to get vendor val 0x000e size 3: -71 [ 195.924942][ T5722] usb 5-1: cp210x converter now attached to ttyUSB0 [ 195.928324][ T5722] usb 5-1: USB disconnect, device number 8 [ 195.956573][ T5722] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 195.958320][ T5722] cp210x 5-1:0.66: device disconnected [ 196.245639][ T8071] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 196.268678][ T8071] F2FS-fs (loop1): Start checkpoint disabled! [ 196.343374][ T8071] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 196.371062][ T8071] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 196.371083][ T8071] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6 [ 196.498414][ T3428] kworker/u8:18: attempt to access beyond end of device [ 196.498414][ T3428] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 196.518006][ T3428] CPU: 0 UID: 0 PID: 3428 Comm: kworker/u8:18 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 196.518035][ T3428] Tainted: [L]=SOFTLOCKUP [ 196.518040][ T3428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 196.518051][ T3428] Workqueue: writeback wb_workfn (flush-7:1) [ 196.518083][ T3428] Call Trace: [ 196.518089][ T3428] [ 196.518096][ T3428] dump_stack_lvl+0xe8/0x150 [ 196.518122][ T3428] f2fs_stop_checkpoint+0x383/0x540 [ 196.518152][ T3428] f2fs_write_end_io+0x1274/0x1740 [ 196.518192][ T3428] __submit_merged_bio+0x256/0x6a0 [ 196.518213][ T3428] __submit_merged_write_cond+0x3c9/0x4e0 [ 196.518243][ T3428] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 196.518283][ T3428] f2fs_write_data_pages+0x287e/0x34f0 [ 196.518325][ T3428] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 196.518352][ T3428] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 196.518400][ T3428] ? __lock_acquire+0x6b5/0x2d10 [ 196.518455][ T3428] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 196.518474][ T3428] do_writepages+0x32e/0x550 [ 196.518494][ T3428] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 196.518510][ T3428] ? reacquire_held_locks+0x104/0x190 [ 196.518524][ T3428] ? rt_spin_lock+0x1e0/0x400 [ 196.518545][ T3428] __writeback_single_inode+0x133/0x10e0 [ 196.518562][ T3428] ? rt_spin_unlock+0x160/0x200 [ 196.518578][ T3428] writeback_sb_inodes+0x97f/0x1980 [ 196.518606][ T3428] ? lockdep_hardirqs_on+0x7a/0x110 [ 196.518632][ T3428] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 196.518679][ T3428] ? rcu_is_watching+0x15/0xb0 [ 196.518702][ T3428] wb_writeback+0x445/0xb00 [ 196.518731][ T3428] ? queue_io+0x251/0x440 [ 196.518751][ T3428] ? __pfx_wb_writeback+0x10/0x10 [ 196.518788][ T3428] wb_workfn+0x3fd/0xf20 [ 196.518807][ T3428] ? look_up_lock_class+0x57/0x110 [ 196.518830][ T3428] ? lapic_next_event+0x11/0x20 [ 196.518864][ T3428] ? __pfx_wb_workfn+0x10/0x10 [ 196.518888][ T3428] ? do_raw_spin_lock+0x12b/0x2f0 [ 196.518911][ T3428] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 196.518935][ T3428] ? process_one_work+0x8b7/0x1710 [ 196.518965][ T3428] ? process_one_work+0x8b7/0x1710 [ 196.518997][ T3428] ? process_one_work+0x8b7/0x1710 [ 196.519012][ T3428] process_one_work+0x9a3/0x1710 [ 196.519051][ T3428] ? __pfx_process_one_work+0x10/0x10 [ 196.519070][ T3428] ? do_raw_spin_lock+0x12b/0x2f0 [ 196.519108][ T3428] worker_thread+0xba8/0x11e0 [ 196.519140][ T3428] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 196.519167][ T3428] ? __kthread_parkme+0x7a/0x1f0 [ 196.519191][ T3428] ? __kthread_parkme+0x19c/0x1f0 [ 196.519217][ T3428] kthread+0x388/0x470 [ 196.519243][ T3428] ? __pfx_worker_thread+0x10/0x10 [ 196.519264][ T3428] ? __pfx_kthread+0x10/0x10 [ 196.519289][ T3428] ret_from_fork+0x514/0xb70 [ 196.519316][ T3428] ? __pfx_ret_from_fork+0x10/0x10 [ 196.519337][ T3428] ? __switch_to+0xc79/0x1410 [ 196.519359][ T3428] ? __pfx_kthread+0x10/0x10 [ 196.519387][ T3428] ret_from_fork_asm+0x1a/0x30 [ 196.519426][ T3428] [ 196.525016][ T3428] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 197.689384][ T5714] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 197.718147][ T8125] loop4: detected capacity change from 0 to 256 [ 197.751797][ T8125] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d) [ 197.839477][ T5714] usb 1-1: Using ep0 maxpacket: 32 [ 197.857970][ T5714] usb 1-1: unable to get BOS descriptor or descriptor too short [ 197.858903][ T5714] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 197.858933][ T5714] usb 1-1: can't read configurations, error -71 [ 198.291929][ T8119] loop2: detected capacity change from 0 to 40427 [ 198.299817][ T8119] F2FS-fs (loop2): Invalid log_blocksize (64), supports only 12 [ 198.299838][ T8119] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 198.300246][ T8119] F2FS-fs (loop2): Image doesn't support compression [ 198.301373][ T8119] F2FS-fs (loop2): invalid crc value [ 198.826689][ T8119] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 198.864598][ T8119] F2FS-fs (loop2): Start checkpoint disabled! [ 198.914053][ T8119] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0 [ 198.921456][ T8119] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 198.921485][ T8119] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 198.950786][ T5595] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 199.099162][ T5595] usb 2-1: Using ep0 maxpacket: 32 [ 199.102023][ T5595] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 199.102048][ T5595] usb 2-1: config 0 has no interface number 0 [ 199.106247][ T5595] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 199.106274][ T5595] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.106293][ T5595] usb 2-1: Product: syz [ 199.106306][ T5595] usb 2-1: Manufacturer: syz [ 199.106320][ T5595] usb 2-1: SerialNumber: syz [ 199.168361][ T5595] usb 2-1: config 0 descriptor?? [ 199.186090][ T5595] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 199.247129][ T1504] kworker/u8:14: attempt to access beyond end of device [ 199.247129][ T1504] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 199.280820][ T1504] CPU: 1 UID: 0 PID: 1504 Comm: kworker/u8:14 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 199.280854][ T1504] Tainted: [L]=SOFTLOCKUP [ 199.280861][ T1504] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 199.280874][ T1504] Workqueue: writeback wb_workfn (flush-7:2) [ 199.280915][ T1504] Call Trace: [ 199.280923][ T1504] [ 199.280931][ T1504] dump_stack_lvl+0xe8/0x150 [ 199.280960][ T1504] f2fs_stop_checkpoint+0x383/0x540 [ 199.280996][ T1504] f2fs_write_end_io+0x1274/0x1740 [ 199.281042][ T1504] __submit_merged_bio+0x256/0x6a0 [ 199.281069][ T1504] __submit_merged_write_cond+0x3c9/0x4e0 [ 199.281108][ T1504] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 199.281160][ T1504] f2fs_write_data_pages+0x287e/0x34f0 [ 199.281221][ T1504] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 199.281296][ T1504] ? __lock_acquire+0x6b5/0x2d10 [ 199.281340][ T1504] ? finish_task_switch+0x41f/0xbe0 [ 199.281382][ T1504] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 199.281406][ T1504] do_writepages+0x32e/0x550 [ 199.281431][ T1504] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 199.281450][ T1504] ? reacquire_held_locks+0x104/0x190 [ 199.281470][ T1504] ? rt_spin_lock+0x1e0/0x400 [ 199.281499][ T1504] __writeback_single_inode+0x133/0x10e0 [ 199.281522][ T1504] ? rt_spin_unlock+0x160/0x200 [ 199.281545][ T1504] writeback_sb_inodes+0x97f/0x1980 [ 199.281583][ T1504] ? lockdep_hardirqs_on+0x7a/0x110 [ 199.281616][ T1504] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 199.281676][ T1504] ? rcu_is_watching+0x15/0xb0 [ 199.281705][ T1504] wb_writeback+0x445/0xb00 [ 199.281746][ T1504] ? queue_io+0x251/0x440 [ 199.281772][ T1504] ? __pfx_wb_writeback+0x10/0x10 [ 199.281820][ T1504] wb_workfn+0x3fd/0xf20 [ 199.281844][ T1504] ? look_up_lock_class+0x57/0x110 [ 199.281887][ T1504] ? __pfx_wb_workfn+0x10/0x10 [ 199.281918][ T1504] ? do_raw_spin_lock+0x12b/0x2f0 [ 199.281945][ T1504] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 199.281971][ T1504] ? process_one_work+0x8b7/0x1710 [ 199.281995][ T1504] ? process_one_work+0x8b7/0x1710 [ 199.282027][ T1504] ? process_one_work+0x8b7/0x1710 [ 199.282049][ T1504] process_one_work+0x9a3/0x1710 [ 199.282093][ T1504] ? __pfx_process_one_work+0x10/0x10 [ 199.282118][ T1504] ? do_raw_spin_lock+0x12b/0x2f0 [ 199.282159][ T1504] worker_thread+0xba8/0x11e0 [ 199.282210][ T1504] kthread+0x388/0x470 [ 199.282240][ T1504] ? __pfx_worker_thread+0x10/0x10 [ 199.282262][ T1504] ? __pfx_kthread+0x10/0x10 [ 199.282290][ T1504] ret_from_fork+0x514/0xb70 [ 199.282317][ T1504] ? __pfx_ret_from_fork+0x10/0x10 [ 199.282341][ T1504] ? __switch_to+0xc79/0x1410 [ 199.282364][ T1504] ? __pfx_kthread+0x10/0x10 [ 199.282394][ T1504] ret_from_fork_asm+0x1a/0x30 [ 199.282437][ T1504] [ 199.283501][ T1504] F2FS-fs (loop2): Stopped filesystem due to reason: 3 [ 199.578093][ T8153] netlink: 40 bytes leftover after parsing attributes in process `syz.4.966'. [ 199.843909][ T5595] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 199.911316][ T5595] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 199.985368][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 199.987465][ T5714] usb 2-1: USB disconnect, device number 7 [ 200.104565][ T5714] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 200.128575][ T5714] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 200.132784][ T5714] quatech2 2-1:0.51: device disconnected [ 200.359201][ T5595] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 200.513145][ T5595] usb 4-1: Using ep0 maxpacket: 8 [ 200.518506][ T5595] usb 4-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 200.518534][ T5595] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.518553][ T5595] usb 4-1: Product: syz [ 200.518573][ T5595] usb 4-1: Manufacturer: syz [ 200.518586][ T5595] usb 4-1: SerialNumber: syz [ 200.561169][ T8172] loop0: detected capacity change from 0 to 2048 [ 200.587407][ T5595] usb 4-1: config 0 descriptor?? [ 200.606460][ T5595] radio-usb-si4713 4-1:0.0: Si4713 development board discovered: (10C4:8244) [ 200.664713][ T8172] [EXT4 FS bs=2048, gc=1, bpg=262144, ipg=32, mo=a802c028, mo2=0002] [ 200.664847][ T8172] System zones: 0-7 [ 200.681242][ T8172] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 200.745694][ T8172] EXT4-fs error (device loop0): ext4_find_extent:939: inode #2: comm syz.0.974: pblk 1 bad header/extent: invalid magic - magic 2, entries 0, max 3(0), depth 0(4) [ 200.750985][ T8172] EXT4-fs (loop0): Remounting filesystem read-only [ 200.968554][ T5606] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.225294][ T5595] radio-usb-si4713 4-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 201.227201][ T5595] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 201.262233][ T5595] usb 4-1: USB disconnect, device number 10 [ 201.310842][ T8187] loop1: detected capacity change from 0 to 256 [ 201.341579][ T8187] exFAT-fs (loop1): error, no upcase table entry. Please run fsck [ 201.341594][ T8187] exFAT-fs (loop1): Filesystem has been set read-only [ 201.341742][ T8187] exFAT-fs (loop1): failed to test first cluster bit of root dir(5) [ 201.460070][ T5616] Bluetooth: hci2: command 0x0406 tx timeout [ 201.460104][ T5616] Bluetooth: hci1: command 0x0406 tx timeout [ 201.539183][ T5616] Bluetooth: hci0: command 0x0406 tx timeout [ 202.011124][ T8198] loop2: detected capacity change from 0 to 128 [ 202.026459][ T8198] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 202.026519][ T8198] hpfs: filesystem error: improperly stopped [ 202.026533][ T8198] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 202.026655][ T8198] hpfs: You really don't want any checks? You are crazy... [ 202.027370][ T8198] hpfs: hpfs_map_sector(): read error [ 202.027381][ T8198] hpfs: code page support is disabled [ 202.029860][ T8198] hpfs: hpfs_map_4sectors(): unaligned read [ 202.031966][ T8198] hpfs: hpfs_map_4sectors(): unaligned read [ 202.031978][ T8198] hpfs: filesystem error: unable to find root dir [ 202.071373][ T8197] loop0: detected capacity change from 0 to 512 [ 202.105527][ T8178] loop4: detected capacity change from 0 to 40427 [ 202.115774][ T8197] EXT4-fs: Ignoring removed bh option [ 202.115832][ T8197] EXT4-fs: Ignoring removed mblk_io_submit option [ 202.144802][ T8178] F2FS-fs (loop4): Invalid log_blocksize (64), supports only 12 [ 202.144824][ T8178] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 202.146256][ T8178] F2FS-fs (loop4): Image doesn't support compression [ 202.151732][ T8197] EXT4-fs error (device loop0): ext4_iget_extra_inode:5128: inode #15: comm syz.0.984: corrupted in-inode xattr: e_value size too large [ 202.151761][ T8197] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 202.152175][ T8178] F2FS-fs (loop4): invalid crc value [ 202.152788][ T8197] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.984: couldn't read orphan inode 15 (err -117) [ 202.152815][ T8197] loop0: lost filesystem error report for type 5 error -117 [ 202.160482][ T8197] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 202.469719][ T5606] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.934975][ T8178] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 203.116751][ T8178] F2FS-fs (loop4): Start checkpoint disabled! [ 203.211998][ T8178] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0 [ 203.213941][ T8178] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 203.213958][ T8178] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 203.285935][ T180] kworker/u8:7: attempt to access beyond end of device [ 203.285935][ T180] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 203.285996][ T180] CPU: 1 UID: 0 PID: 180 Comm: kworker/u8:7 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 203.286021][ T180] Tainted: [L]=SOFTLOCKUP [ 203.286028][ T180] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 203.286039][ T180] Workqueue: writeback wb_workfn (flush-7:4) [ 203.286074][ T180] Call Trace: [ 203.286080][ T180] [ 203.286088][ T180] dump_stack_lvl+0xe8/0x150 [ 203.286115][ T180] f2fs_stop_checkpoint+0x383/0x540 [ 203.286153][ T180] f2fs_write_end_io+0x1274/0x1740 [ 203.286198][ T180] __submit_merged_bio+0x256/0x6a0 [ 203.286225][ T180] __submit_merged_write_cond+0x3c9/0x4e0 [ 203.286271][ T180] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 203.286339][ T180] f2fs_write_data_pages+0x287e/0x34f0 [ 203.286405][ T180] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 203.286445][ T180] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 203.286515][ T180] ? __lock_acquire+0x6b5/0x2d10 [ 203.286589][ T180] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 203.286615][ T180] do_writepages+0x32e/0x550 [ 203.286640][ T180] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 203.286660][ T180] ? reacquire_held_locks+0x104/0x190 [ 203.286680][ T180] ? rt_spin_lock+0x1e0/0x400 [ 203.286712][ T180] __writeback_single_inode+0x133/0x10e0 [ 203.286736][ T180] ? rt_spin_unlock+0x160/0x200 [ 203.286761][ T180] writeback_sb_inodes+0x97f/0x1980 [ 203.286801][ T180] ? lockdep_hardirqs_on+0x7a/0x110 [ 203.286834][ T180] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 203.286896][ T180] ? rcu_is_watching+0x15/0xb0 [ 203.286928][ T180] wb_writeback+0x445/0xb00 [ 203.286964][ T180] ? queue_io+0x251/0x440 [ 203.286993][ T180] ? __pfx_wb_writeback+0x10/0x10 [ 203.287042][ T180] wb_workfn+0x3fd/0xf20 [ 203.287067][ T180] ? look_up_lock_class+0x57/0x110 [ 203.287110][ T180] ? __pfx_wb_workfn+0x10/0x10 [ 203.287139][ T180] ? do_raw_spin_lock+0x12b/0x2f0 [ 203.287168][ T180] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 203.287196][ T180] ? process_one_work+0x8b7/0x1710 [ 203.287222][ T180] ? process_one_work+0x8b7/0x1710 [ 203.287260][ T180] ? process_one_work+0x8b7/0x1710 [ 203.287282][ T180] process_one_work+0x9a3/0x1710 [ 203.287338][ T180] ? __pfx_process_one_work+0x10/0x10 [ 203.287359][ T180] ? do_raw_spin_lock+0x12b/0x2f0 [ 203.287405][ T180] worker_thread+0xba8/0x11e0 [ 203.287460][ T180] kthread+0x388/0x470 [ 203.287491][ T180] ? __pfx_worker_thread+0x10/0x10 [ 203.287513][ T180] ? __pfx_kthread+0x10/0x10 [ 203.287543][ T180] ret_from_fork+0x514/0xb70 [ 203.287572][ T180] ? __pfx_ret_from_fork+0x10/0x10 [ 203.287596][ T180] ? __switch_to+0xc79/0x1410 [ 203.287622][ T180] ? __pfx_kthread+0x10/0x10 [ 203.287653][ T180] ret_from_fork_asm+0x1a/0x30 [ 203.287699][ T180] [ 203.331079][ T180] F2FS-fs (loop4): Stopped filesystem due to reason: 3 [ 203.930237][ T5595] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 204.089809][ T5595] usb 2-1: Using ep0 maxpacket: 8 [ 204.096904][ T5595] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 204.096933][ T5595] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.097030][ T5595] usb 2-1: Product: syz [ 204.097044][ T5595] usb 2-1: Manufacturer: syz [ 204.097057][ T5595] usb 2-1: SerialNumber: syz [ 204.143489][ T5595] usb 2-1: config 0 descriptor?? [ 204.162349][ T5595] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244) [ 204.536963][ T37] audit: type=1326 audit(1777420065.009:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.540475][ T37] audit: type=1326 audit(1777420065.029:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.545433][ T37] audit: type=1326 audit(1777420065.039:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.550914][ T37] audit: type=1326 audit(1777420065.039:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.552099][ T37] audit: type=1326 audit(1777420065.049:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=251 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.553399][ T37] audit: type=1326 audit(1777420065.049:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.555811][ T37] audit: type=1326 audit(1777420065.049:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.627643][ T37] audit: type=1326 audit(1777420065.119:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.627694][ T37] audit: type=1326 audit(1777420065.119:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8255 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f72f556d60e code=0x7ffc0000 [ 204.636890][ T37] audit: type=1326 audit(1777420065.119:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8250 comm="syz.3.1003" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f72f55acdd9 code=0x7ffc0000 [ 204.861745][ T5595] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 204.863886][ T5595] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 204.888204][ T5595] usb 2-1: USB disconnect, device number 8 [ 205.584336][ T8276] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1017'. [ 205.741712][ T8283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1032'. [ 206.309206][ T5624] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 206.839096][ T5624] usb 5-1: Using ep0 maxpacket: 16 [ 206.845964][ T5624] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.845995][ T5624] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 206.846041][ T5624] usb 5-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 206.846063][ T5624] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.894440][ T5624] usb 5-1: config 0 descriptor?? [ 207.272639][ T8310] loop2: detected capacity change from 0 to 512 [ 207.378400][ T5624] belkin 0003:1020:0006.000B: unknown main item tag 0x0 [ 207.378424][ T5624] belkin 0003:1020:0006.000B: unknown main item tag 0x0 [ 207.378440][ T5624] belkin 0003:1020:0006.000B: unknown main item tag 0x0 [ 207.378455][ T5624] belkin 0003:1020:0006.000B: unknown main item tag 0x0 [ 207.378470][ T5624] belkin 0003:1020:0006.000B: unknown main item tag 0x0 [ 207.378485][ T5624] belkin 0003:1020:0006.000B: unknown main item tag 0x0 [ 207.378500][ T5624] belkin 0003:1020:0006.000B: unexpected long global item [ 207.378985][ T8310] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 207.379541][ T8310] EXT4-fs (loop2): orphan cleanup on readonly fs [ 207.395038][ T5624] belkin 0003:1020:0006.000B: parse failed [ 207.395111][ T5624] belkin 0003:1020:0006.000B: probe with driver belkin failed with error -22 [ 207.427532][ T8310] EXT4-fs warning (device loop2): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 207.439947][ T8310] EXT4-fs (loop2): Cannot turn on quotas: error -117 [ 207.603388][ T8310] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.1030: bg 0: block 15: invalid block bitmap [ 207.603408][ T8310] loop2: lost filesystem error report for type 5 error -117 [ 207.612741][ C0] EXT4-fs (loop2): error count since last fsck: 1 [ 207.612762][ C0] EXT4-fs (loop2): initial error at time 1777420068: ext4_validate_block_bitmap:432 [ 207.612780][ C0] EXT4-fs (loop2): last error at time 1777420068: ext4_validate_block_bitmap:432 [ 207.612833][ T8310] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 207.612852][ T8310] loop2: lost filesystem error report for type 5 error -117 [ 207.617000][ T8310] EXT4-fs warning (device loop2): ext4_evict_inode:195: inode #16: comm syz.2.1030: data will be lost [ 207.656269][ T5714] usb 5-1: USB disconnect, device number 9 [ 207.741972][ T8310] EXT4-fs (loop2): 1 truncate cleaned up [ 207.813421][ T8310] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 207.842044][ T8310] EXT4-fs error (device loop2): ext4_get_link:106: inode #16: comm syz.2.1030: bad symlink. [ 207.861270][ T8310] EXT4-fs error (device loop2): ext4_get_link:106: inode #16: comm syz.2.1030: bad symlink. [ 207.972530][ T5614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 208.773802][ T8328] loop4: detected capacity change from 0 to 1024 [ 208.919224][ T5714] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 209.071173][ T5714] usb 3-1: Using ep0 maxpacket: 16 [ 209.074845][ T5714] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 209.074876][ T5714] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 209.074916][ T5714] usb 3-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 209.074938][ T5714] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.151694][ T5714] usb 3-1: config 0 descriptor?? [ 209.771361][ T8326] loop1: detected capacity change from 0 to 40427 [ 209.823380][ T8321] loop0: detected capacity change from 0 to 40427 [ 209.983513][ T8326] F2FS-fs (loop1): build fault injection rate: 174 [ 209.983538][ T8326] F2FS-fs (loop1): build fault injection type: 0x3bfe8c [ 210.001087][ T8321] F2FS-fs (loop0): Invalid log_blocksize (64), supports only 12 [ 210.001110][ T8321] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 210.055467][ T8321] F2FS-fs (loop0): Image doesn't support compression [ 210.061571][ T8326] F2FS-fs (loop1): invalid crc value [ 210.085728][ T8328] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 210.108048][ T8321] F2FS-fs (loop0): invalid crc value [ 210.300694][ T5714] samsung 0003:0419:0600.000C: unknown main item tag 0x0 [ 210.300717][ T5714] samsung 0003:0419:0600.000C: unknown main item tag 0x0 [ 210.300741][ T5714] samsung 0003:0419:0600.000C: unknown main item tag 0x0 [ 210.300758][ T5714] samsung 0003:0419:0600.000C: unknown main item tag 0x0 [ 210.300788][ T5714] samsung 0003:0419:0600.000C: unexpected long global item [ 210.301163][ T5714] samsung 0003:0419:0600.000C: parse failed [ 210.301201][ T5714] samsung 0003:0419:0600.000C: probe with driver samsung failed with error -22 [ 210.511226][ T8321] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 210.516466][ T5714] usb 3-1: USB disconnect, device number 9 [ 210.547419][ T37] kauditd_printk_skb: 2 callbacks suppressed [ 210.547436][ T37] audit: type=1800 audit(1777420070.989:44): pid=8328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1047" name="file1" dev="loop4" ino=18 res=0 errno=0 [ 210.595300][ T8321] F2FS-fs (loop0): Start checkpoint disabled! [ 210.726228][ T8321] F2FS-fs (loop0): f2fs_disable_checkpoint() finish, err:0 [ 210.741089][ T8321] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 210.741117][ T8321] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 210.784770][ T8326] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 210.869809][ T5612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 210.959368][ T8326] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 211.054737][ T3385] kworker/u8:16: attempt to access beyond end of device [ 211.054737][ T3385] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 211.057452][ T3385] CPU: 1 UID: 0 PID: 3385 Comm: kworker/u8:16 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 211.057482][ T3385] Tainted: [L]=SOFTLOCKUP [ 211.057489][ T3385] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 211.057501][ T3385] Workqueue: writeback wb_workfn (flush-7:0) [ 211.057535][ T3385] Call Trace: [ 211.057542][ T3385] [ 211.057549][ T3385] dump_stack_lvl+0xe8/0x150 [ 211.057578][ T3385] f2fs_stop_checkpoint+0x383/0x540 [ 211.057612][ T3385] f2fs_write_end_io+0x1274/0x1740 [ 211.057655][ T3385] __submit_merged_bio+0x256/0x6a0 [ 211.057682][ T3385] __submit_merged_write_cond+0x3c9/0x4e0 [ 211.057727][ T3385] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 211.057782][ T3385] f2fs_write_data_pages+0x287e/0x34f0 [ 211.057838][ T3385] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 211.057873][ T3385] ? __pfx_f2fs_available_free_memory+0x10/0x10 [ 211.057939][ T3385] ? __lock_acquire+0x6b5/0x2d10 [ 211.057981][ T3385] ? __lock_acquire+0x6b5/0x2d10 [ 211.058028][ T3385] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 211.058052][ T3385] do_writepages+0x32e/0x550 [ 211.058077][ T3385] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 211.058097][ T3385] ? reacquire_held_locks+0x104/0x190 [ 211.058118][ T3385] ? rt_spin_lock+0x1e0/0x400 [ 211.058146][ T3385] __writeback_single_inode+0x133/0x10e0 [ 211.058169][ T3385] ? rt_spin_unlock+0x160/0x200 [ 211.058192][ T3385] writeback_sb_inodes+0x97f/0x1980 [ 211.058229][ T3385] ? lockdep_hardirqs_on+0x7a/0x110 [ 211.058262][ T3385] ? __pfx_writeback_sb_inodes+0x10/0x10 [ 211.058316][ T3385] ? rcu_is_watching+0x15/0xb0 [ 211.058345][ T3385] wb_writeback+0x445/0xb00 [ 211.058377][ T3385] ? queue_io+0x251/0x440 [ 211.058402][ T3385] ? __pfx_wb_writeback+0x10/0x10 [ 211.058448][ T3385] wb_workfn+0x3fd/0xf20 [ 211.058471][ T3385] ? look_up_lock_class+0x57/0x110 [ 211.058513][ T3385] ? __pfx_wb_workfn+0x10/0x10 [ 211.058543][ T3385] ? do_raw_spin_lock+0x12b/0x2f0 [ 211.058571][ T3385] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 211.058599][ T3385] ? process_one_work+0x8b7/0x1710 [ 211.058623][ T3385] ? process_one_work+0x8b7/0x1710 [ 211.058658][ T3385] ? process_one_work+0x8b7/0x1710 [ 211.058679][ T3385] process_one_work+0x9a3/0x1710 [ 211.058721][ T3385] ? __pfx_process_one_work+0x10/0x10 [ 211.058741][ T3385] ? do_raw_spin_lock+0x12b/0x2f0 [ 211.058783][ T3385] worker_thread+0xba8/0x11e0 [ 211.058829][ T3385] kthread+0x388/0x470 [ 211.058856][ T3385] ? __pfx_worker_thread+0x10/0x10 [ 211.058877][ T3385] ? __pfx_kthread+0x10/0x10 [ 211.058903][ T3385] ret_from_fork+0x514/0xb70 [ 211.058936][ T3385] ? __pfx_ret_from_fork+0x10/0x10 [ 211.058960][ T3385] ? __switch_to+0xc79/0x1410 [ 211.058983][ T3385] ? __pfx_kthread+0x10/0x10 [ 211.059010][ T3385] ret_from_fork_asm+0x1a/0x30 [ 211.059050][ T3385] [ 211.256954][ T8350] loop2: detected capacity change from 0 to 1024 [ 211.364652][ T3385] F2FS-fs (loop0): Stopped filesystem due to reason: 3 [ 211.412978][ T8350] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended. mounting read-only. [ 211.547473][ T5611] syz-executor: attempt to access beyond end of device [ 211.547473][ T5611] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 211.605439][ T5611] CPU: 0 UID: 0 PID: 5611 Comm: syz-executor Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 211.605472][ T5611] Tainted: [L]=SOFTLOCKUP [ 211.605480][ T5611] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 211.605491][ T5611] Call Trace: [ 211.605499][ T5611] [ 211.605508][ T5611] dump_stack_lvl+0xe8/0x150 [ 211.605540][ T5611] f2fs_stop_checkpoint+0x383/0x540 [ 211.605577][ T5611] f2fs_write_end_io+0x1274/0x1740 [ 211.605624][ T5611] __submit_merged_bio+0x256/0x6a0 [ 211.605651][ T5611] __submit_merged_write_cond+0x3c9/0x4e0 [ 211.605692][ T5611] ? __pfx___submit_merged_write_cond+0x10/0x10 [ 211.605748][ T5611] f2fs_write_data_pages+0x287e/0x34f0 [ 211.605809][ T5611] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 211.605893][ T5611] ? do_raw_spin_lock+0x12b/0x2f0 [ 211.605932][ T5611] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 211.605958][ T5611] ? lockdep_hardirqs_on+0x7a/0x110 [ 211.605983][ T5611] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 211.606009][ T5611] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 211.606030][ T5611] ? reacquire_held_locks+0x104/0x190 [ 211.606050][ T5611] ? rt_spin_lock+0x1e0/0x400 [ 211.606079][ T5611] ? rt_spin_unlock+0x14f/0x200 [ 211.606104][ T5611] ? rt_spin_unlock+0x160/0x200 [ 211.606123][ T5611] ? __pfx_f2fs_write_data_pages+0x10/0x10 [ 211.606148][ T5611] do_writepages+0x32e/0x550 [ 211.606171][ T5611] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 211.606194][ T5611] ? rt_spin_unlock+0x14f/0x200 [ 211.606225][ T5611] filemap_fdatawrite+0x1ec/0x2f0 [ 211.606253][ T5611] ? __pfx_filemap_fdatawrite+0x10/0x10 [ 211.606272][ T5611] ? __lock_acquire+0x6b5/0x2d10 [ 211.606338][ T5611] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 211.606368][ T5611] ? rt_spin_unlock+0x160/0x200 [ 211.606391][ T5611] f2fs_sync_dirty_inodes+0x30e/0x830 [ 211.606432][ T5611] f2fs_write_checkpoint+0x9df/0x26a0 [ 211.606456][ T5611] ? __lock_acquire+0x6b5/0x2d10 [ 211.606512][ T5611] ? __pfx_f2fs_write_checkpoint+0x10/0x10 [ 211.606586][ T5611] kill_f2fs_super+0x314/0x730 [ 211.606618][ T5611] ? __pfx_kill_f2fs_super+0x10/0x10 [ 211.606654][ T5611] ? lockdep_hardirqs_on+0x7a/0x110 [ 211.606692][ T5611] deactivate_locked_super+0xbc/0x130 [ 211.606712][ T5611] cleanup_mnt+0x437/0x4d0 [ 211.606725][ T5611] ? _raw_spin_unlock_irq+0x23/0x50 [ 211.606740][ T5611] task_work_run+0x1d9/0x270 [ 211.606753][ T5611] ? __pfx_task_work_run+0x10/0x10 [ 211.606767][ T5611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.606779][ T5611] exit_to_user_mode_loop+0xed/0x480 [ 211.606794][ T5611] ? rcu_is_watching+0x15/0xb0 [ 211.606805][ T5611] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.606822][ T5611] do_syscall_64+0x33e/0xf80 [ 211.606836][ T5611] ? trace_irq_disable+0x3b/0x140 [ 211.606850][ T5611] ? clear_bhb_loop+0x40/0x90 [ 211.606863][ T5611] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 211.606873][ T5611] RIP: 0033:0x7faa8963e017 [ 211.606885][ T5611] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8 [ 211.606894][ T5611] RSP: 002b:00007fffebf84178 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 211.606907][ T5611] RAX: 0000000000000000 RBX: 00007faa896d2120 RCX: 00007faa8963e017 [ 211.606919][ T5611] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffebf84230 [ 211.606930][ T5611] RBP: 00007fffebf84230 R08: 00007fffebf85230 R09: 00000000ffffffff [ 211.606943][ T5611] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fffebf852c0 [ 211.606949][ T5611] R13: 00007faa896d2120 R14: 0000000000033797 R15: 00007fffebf85300 [ 211.606966][ T5611] [ 211.618380][ T5611] F2FS-fs (loop1): Stopped filesystem due to reason: 3 [ 212.084147][ T37] audit: type=1326 audit(1777420072.559:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 212.084201][ T37] audit: type=1326 audit(1777420072.579:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 212.116660][ T37] audit: type=1326 audit(1777420072.609:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 212.131161][ T37] audit: type=1326 audit(1777420072.629:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 212.133601][ T37] audit: type=1326 audit(1777420072.629:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 212.133846][ T37] audit: type=1326 audit(1777420072.629:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 212.379779][ T37] audit: type=1326 audit(1777420072.769:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4260bbe159 code=0x7ffc0000 [ 212.383067][ T37] audit: type=1326 audit(1777420072.879:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4260bbe159 code=0x7ffc0000 [ 212.392619][ T37] audit: type=1326 audit(1777420072.879:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8355 comm="syz.4.1050" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f4260bbe159 code=0x7ffc0000 [ 212.566614][ T8360] input: syz0 as /devices/virtual/input/input13 [ 213.215460][ T8372] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1055'. [ 213.215487][ T8372] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1055'. [ 213.215504][ T8372] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1055'. [ 213.273429][ T8372] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1055'. [ 213.273459][ T8372] netlink: 'syz.3.1055': attribute type 6 has an invalid length. [ 213.457467][ T8378] loop0: detected capacity change from 0 to 1024 [ 213.749161][ T5731] kernel write not supported for file bpf-map (pid: 5731 comm: kworker/0:5) [ 214.128260][ T8395] loop1: detected capacity change from 0 to 256 [ 214.319960][ T8395] FAT-fs (loop1): Directory bread(block 64) failed [ 214.319993][ T8395] FAT-fs (loop1): Directory bread(block 65) failed [ 214.320089][ T8395] FAT-fs (loop1): Directory bread(block 66) failed [ 214.320110][ T8395] FAT-fs (loop1): Directory bread(block 67) failed [ 214.320203][ T8395] FAT-fs (loop1): Directory bread(block 68) failed [ 214.320224][ T8395] FAT-fs (loop1): Directory bread(block 69) failed [ 214.320334][ T8395] FAT-fs (loop1): Directory bread(block 70) failed [ 214.320355][ T8395] FAT-fs (loop1): Directory bread(block 71) failed [ 214.320445][ T8395] FAT-fs (loop1): Directory bread(block 72) failed [ 214.320466][ T8395] FAT-fs (loop1): Directory bread(block 73) failed [ 214.734423][ T8398] loop4: detected capacity change from 0 to 512 [ 214.774116][ T8398] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 214.774432][ T8398] EXT4-fs (loop4): orphan cleanup on readonly fs [ 214.774518][ T8398] EXT4-fs error (device loop4): ext4_ext_check_inode:521: inode #4: comm syz.4.1069: pblk 0 bad header/extent: too large eh_max - magic f30a, entries 1, max 2052(4), depth 0(0) [ 214.774556][ T8398] loop4: lost file I/O error report for ino 4 type 5 pos 0x0 len 0x0 error -117 [ 214.785170][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 214.785193][ C1] EXT4-fs (loop4): last error at time 1777420075: ext4_ext_check_inode:521: inode 4 [ 214.822629][ T8398] EXT4-fs error (device loop4): ext4_quota_enable:7228: comm syz.4.1069: Bad quota inode: 4, type: 1 [ 214.822661][ T8398] loop4: lost filesystem error report for type 5 error -117 [ 214.871317][ T8398] EXT4-fs warning (device loop4): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 214.872437][ T8398] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 214.911871][ T8398] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 215.116865][ T8400] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.121018][ T5612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.606511][ T8417] loop0: detected capacity change from 0 to 2048 [ 215.672037][ T8417] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 215.879199][ T8424] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 215.892895][ T8432] program syz.1.1081 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 216.054733][ T5606] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.605135][ T10] kernel read not supported for file /dsp (pid: 10 comm: kworker/0:1) [ 216.964450][ T8470] netlink: 'syz.2.1099': attribute type 1 has an invalid length. [ 216.964469][ T8470] netlink: 'syz.2.1099': attribute type 2 has an invalid length. [ 217.332791][ T8484] loop2: detected capacity change from 0 to 512 [ 217.473846][ T8484] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 217.896181][ T5614] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 218.557240][ T8512] mmap: syz.1.1124 (8512) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 218.590322][ T8511] loop4: detected capacity change from 0 to 512 [ 218.667124][ T8511] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 222 vs 220 free clusters [ 218.673021][ C1] EXT4-fs (loop4): error count since last fsck: 1 [ 218.673042][ C1] EXT4-fs (loop4): initial error at time 1777420079: ext4_mb_generate_buddy:1317 [ 218.673065][ C1] EXT4-fs (loop4): last error at time 1777420079: ext4_mb_generate_buddy:1317 [ 218.704571][ T8511] EXT4-fs (loop4): Remounting filesystem read-only [ 218.704765][ T8511] EXT4-fs warning (device loop4): ext4_evict_inode:270: couldn't mark inode dirty (err -30) [ 218.704844][ T8511] EXT4-fs (loop4): 1 orphan inode deleted [ 218.737501][ T8511] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 218.862681][ T5612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.180369][ T8519] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1116'. [ 219.180488][ T8519] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.181370][ T8519] bridge0: port 1(bridge_slave_0) entered blocking state [ 219.181570][ T8519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 219.226534][ T8519] bridge_slave_0: left allmulticast mode [ 219.226567][ T8519] bridge_slave_0: left promiscuous mode [ 219.292271][ T8519] bridge0: port 1(bridge_slave_0) entered disabled state [ 219.436671][ T8530] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1123'. [ 219.579273][ T32] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 219.605781][ T8536] netlink: 'syz.0.1126': attribute type 4 has an invalid length. [ 219.733378][ T32] usb 2-1: Using ep0 maxpacket: 16 [ 219.735231][ T32] usb 2-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 25 [ 219.735261][ T32] usb 2-1: config 0 interface 0 has no altsetting 0 [ 219.735292][ T32] usb 2-1: New USB device found, idVendor=0e8f, idProduct=0012, bcdDevice= 0.00 [ 219.735314][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.774885][ T32] usb 2-1: config 0 descriptor?? [ 219.787926][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 220.392134][ T32] hid_parser_main: 2 callbacks suppressed [ 220.392157][ T32] greenasia 0003:0E8F:0012.000D: unknown main item tag 0x0 [ 220.392189][ T32] greenasia 0003:0E8F:0012.000D: unknown main item tag 0x0 [ 220.392215][ T32] greenasia 0003:0E8F:0012.000D: unknown main item tag 0x0 [ 220.392242][ T32] greenasia 0003:0E8F:0012.000D: unknown main item tag 0x0 [ 220.392267][ T32] greenasia 0003:0E8F:0012.000D: unknown main item tag 0x0 [ 220.392294][ T32] greenasia 0003:0E8F:0012.000D: unknown main item tag 0x0 [ 220.392319][ T32] greenasia 0003:0E8F:0012.000D: unknown main item tag 0x7 [ 220.392345][ T32] greenasia 0003:0E8F:0012.000D: invalid report_size 12084 [ 220.392361][ T32] greenasia 0003:0E8F:0012.000D: item 0 2 1 7 parsing failed [ 220.393038][ T32] greenasia 0003:0E8F:0012.000D: parse failed [ 220.393103][ T32] greenasia 0003:0E8F:0012.000D: probe with driver greenasia failed with error -22 [ 220.502764][ T8552] loop4: detected capacity change from 0 to 1024 [ 220.534257][ T32] usb 2-1: USB disconnect, device number 9 [ 220.727037][ T4928] block nbd0: Receive control failed (result -32) [ 221.671773][ T8579] program syz.4.1156 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 222.347395][ T8601] netem: change failed [ 222.566073][ T8608] loop2: detected capacity change from 0 to 16 [ 222.629746][ T8608] erofs (device loop2): mounted with root inode @ nid 36. [ 222.933822][ T821] kernel write not supported for file /media7 (pid: 821 comm: kworker/1:2) [ 225.096497][ T8687] loop1: detected capacity change from 0 to 256 [ 225.316581][ T8691] loop1: detected capacity change from 0 to 2048 [ 225.334681][ T8691] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 225.334711][ T8691] NILFS (loop1): mounting unchecked fs [ 225.421387][ T8691] NILFS (loop1): recovery complete [ 225.431822][ T8696] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 225.963386][ T5714] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 226.112832][ T5714] usb 4-1: unable to get BOS descriptor or descriptor too short [ 226.114682][ T5714] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 226.114705][ T5714] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 226.146198][ T5714] usb 4-1: string descriptor 0 read error: -22 [ 226.146362][ T5714] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 1.40 [ 226.146385][ T5714] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.172595][ T8709] loop1: detected capacity change from 0 to 4096 [ 226.488847][ T8709] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512). [ 226.727659][ T8699] loop2: detected capacity change from 0 to 32768 [ 227.058317][ T5714] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -71 [ 227.074582][ T5714] usb 4-1: USB disconnect, device number 11 [ 227.259422][ T8709] ntfs3(loop1): ino=19, mi_enum_attr [ 227.260289][ T8709] ntfs3(loop1): Mark volume as dirty due to NTFS errors [ 227.344567][ T8699] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 227.493510][ T8699] XFS (loop2): Ending clean mount [ 227.517108][ T8734] loop0: detected capacity change from 0 to 256 [ 227.555635][ T8736] loop4: detected capacity change from 0 to 512 [ 227.556325][ T8736] vfat: Unknown parameter 'uäéšã»P2/cÝ' [ 227.581988][ T8734] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x32e3664b, utbl_chksum : 0xe619d30d) [ 227.611777][ T8699] XFS (loop2): syz.2.1200 should use fallocate; XFS_IOC_{ALLOC,FREE}SP ioctl unsupported [ 227.631642][ T8734] exFAT-fs (loop0): valid_size(150994954) is greater than size(10) [ 227.635588][ T37] kauditd_printk_skb: 143 callbacks suppressed [ 227.635603][ T37] audit: type=1800 audit(1777420088.129:197): pid=8734 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1211" name="file1" dev="loop0" ino=1048639 res=0 errno=0 [ 227.817181][ T5614] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791 [ 229.313982][ T8773] loop1: detected capacity change from 0 to 256 [ 229.455089][ T8773] FAT-fs (loop1): Directory bread(block 64) failed [ 229.455118][ T8773] FAT-fs (loop1): Directory bread(block 65) failed [ 229.455217][ T8773] FAT-fs (loop1): Directory bread(block 66) failed [ 229.455239][ T8773] FAT-fs (loop1): Directory bread(block 67) failed [ 229.455332][ T8773] FAT-fs (loop1): Directory bread(block 68) failed [ 229.455354][ T8773] FAT-fs (loop1): Directory bread(block 69) failed [ 229.455445][ T8773] FAT-fs (loop1): Directory bread(block 70) failed [ 229.455465][ T8773] FAT-fs (loop1): Directory bread(block 71) failed [ 229.455556][ T8773] FAT-fs (loop1): Directory bread(block 72) failed [ 229.455577][ T8773] FAT-fs (loop1): Directory bread(block 73) failed [ 229.818280][ T8777] loop2: detected capacity change from 0 to 32768 [ 230.437475][ T8799] netlink: 'syz.1.1240': attribute type 1 has an invalid length. [ 230.546253][ T8777] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt [ 230.546253][ T8777] [ 230.597322][ T8777] ERROR: (device loop2): remounting filesystem as read-only [ 230.597339][ T8777] xtLookup: xtSearch returned -5 [ 230.597350][ T8777] add_index: get/read_metapage failed! [ 230.597377][ T8777] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt [ 230.597377][ T8777] [ 230.597411][ T8777] xtLookup: xtSearch returned -5 [ 230.597420][ T8777] free_index: error reading directory table [ 230.597428][ T8777] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt [ 230.597428][ T8777] [ 230.597455][ T8777] xtLookup: xtSearch returned -5 [ 230.597463][ T8777] free_index: error reading directory table [ 230.597470][ T8777] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt [ 230.597470][ T8777] [ 230.597497][ T8777] xtLookup: xtSearch returned -5 [ 230.597505][ T8777] free_index: error reading directory table [ 230.597512][ T8777] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt [ 230.597512][ T8777] [ 230.597538][ T8777] xtLookup: xtSearch returned -5 [ 230.597546][ T8777] free_index: error reading directory table [ 230.597553][ T8777] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt [ 230.597553][ T8777] [ 230.597579][ T8777] xtLookup: xtSearch returned -5 [ 230.597587][ T8777] free_index: error reading directory table [ 230.844358][ T8777] ERROR: (device loop2): xtSearch: xt_getpage: xtree page corrupt [ 230.844358][ T8777] [ 230.844399][ T8777] xtLookup: xtSearch returned -5 [ 230.844409][ T8777] add_index: get/read_metapage failed! [ 230.899466][ T32] kernel read not supported for file /binder/stats (pid: 32 comm: kworker/1:0) [ 230.934328][ T8814] loop4: detected capacity change from 0 to 1024 [ 231.074606][ T5731] kernel read not supported for file /adsp1 (pid: 5731 comm: kworker/0:5) [ 231.489286][ T5714] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 231.654543][ T5714] usb 1-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 231.654583][ T5714] usb 1-1: config 2 interface 0 has no altsetting 0 [ 231.677758][ T5714] usb 1-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b [ 231.677786][ T5714] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.677796][ T5714] usb 1-1: Product: syz [ 231.677804][ T5714] usb 1-1: Manufacturer: syz [ 231.677811][ T5714] usb 1-1: SerialNumber: syz [ 231.742167][ T5714] usb 1-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state [ 231.742205][ T5714] usb 1-1: selecting invalid altsetting 0 [ 231.774591][ T5714] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 231.775103][ T5714] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0) [ 231.775151][ T5714] usb 1-1: media controller created [ 231.831984][ T5714] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 232.028589][ T5714] usb 1-1: USB disconnect, device number 10 [ 232.589152][ T5722] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 232.740139][ T5722] usb 4-1: Using ep0 maxpacket: 32 [ 232.742354][ T5722] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 232.742378][ T5722] usb 4-1: config 0 has no interface number 0 [ 232.742421][ T5722] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.742446][ T5722] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 232.742482][ T5722] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 232.742504][ T5722] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.756282][ T5722] usb 4-1: config 0 descriptor?? [ 233.284571][ T8871] loop1: detected capacity change from 0 to 512 [ 233.374896][ T5722] uclogic 0003:28BD:0094.000E: pen parameters not found [ 233.374927][ T5722] uclogic 0003:28BD:0094.000E: interface is invalid, ignoring [ 233.600655][ T5714] usb 4-1: USB disconnect, device number 12 [ 233.739610][ T8879] loop0: detected capacity change from 0 to 128 [ 233.833948][ T8855] loop2: detected capacity change from 0 to 32768 [ 233.854634][ T8879] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 233.858951][ T8879] ext4 filesystem being mounted at /249/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 234.022953][ T8886] loop1: detected capacity change from 0 to 512 [ 234.055127][ T8886] EXT4-fs (loop1): revision level too high, forcing read-only mode [ 234.055582][ T8886] EXT4-fs (loop1): orphan cleanup on readonly fs [ 234.058167][ T8886] Quota error (device loop1): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6). [ 234.058281][ T8886] EXT4-fs warning (device loop1): ext4_enable_quotas:7269: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix. [ 234.124341][ T8886] EXT4-fs (loop1): Cannot turn on quotas: error -117 [ 234.185797][ T8886] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1278: bg 0: block 15: invalid block bitmap [ 234.185829][ T8886] loop1: lost filesystem error report for type 5 error -117 [ 234.189862][ C0] EXT4-fs (loop1): error count since last fsck: 1 [ 234.189878][ C0] EXT4-fs (loop1): initial error at time 1777420094: ext4_validate_block_bitmap:432 [ 234.189896][ C0] EXT4-fs (loop1): last error at time 1777420094: ext4_validate_block_bitmap:432 [ 234.201612][ T5606] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 234.250661][ T8886] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6679: Corrupt filesystem [ 234.250685][ T8886] loop1: lost filesystem error report for type 5 error -117 [ 234.276251][ T8886] EXT4-fs warning (device loop1): ext4_evict_inode:195: inode #16: comm syz.1.1278: data will be lost [ 234.276496][ T8886] EXT4-fs (loop1): 1 truncate cleaned up [ 234.292607][ T8886] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 234.354139][ T8886] EXT4-fs error (device loop1): ext4_get_link:106: inode #16: comm syz.1.1278: bad symlink. [ 234.379955][ T8886] EXT4-fs error (device loop1): ext4_get_link:106: inode #16: comm syz.1.1278: bad symlink. [ 234.578573][ T5611] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 234.616380][ T8894] batadv_slave_0: entered promiscuous mode [ 234.637936][ T8894] batman_adv: batadv0: Adding interface: macsec1 [ 234.637952][ T8894] batman_adv: batadv0: The MTU of interface macsec1 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 234.637979][ T8894] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.637993][ T8894] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.638007][ T8894] batman_adv: batadv0: Interface activated: macsec1 [ 234.938162][ T8901] tipc: Started in network mode [ 234.938190][ T8901] tipc: Node identity ac14140f, cluster identity 4711 [ 234.938477][ T8901] tipc: New replicast peer: 255.255.255.255 [ 234.994933][ T8901] tipc: Enabled bearer , priority 10 [ 235.039518][ T32] usb 2-1: new full-speed USB device number 10 using dummy_hcd [ 235.211408][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 235.211439][ T32] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 235.211474][ T32] usb 2-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 235.211495][ T32] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 235.269952][ T32] usb 2-1: config 0 descriptor?? [ 235.408596][ T8908] sch_tbf: burst 0 is lower than device veth0_to_bridge mtu (1514) ! [ 235.708227][ T32] elan 0003:04F3:0755.000F: unknown main item tag 0x0 [ 235.708263][ T32] elan 0003:04F3:0755.000F: unknown main item tag 0x0 [ 235.708292][ T32] elan 0003:04F3:0755.000F: unknown main item tag 0x0 [ 235.708318][ T32] elan 0003:04F3:0755.000F: unknown main item tag 0x0 [ 235.708345][ T32] elan 0003:04F3:0755.000F: unknown main item tag 0x0 [ 235.709370][ T32] elan 0003:04F3:0755.000F: failed to start in urb: -90 [ 235.755614][ T32] elan 0003:04F3:0755.000F: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.1-1/input0 [ 235.927950][ T10] usb 2-1: USB disconnect, device number 10 [ 236.059149][ T32] tipc: Node number set to 2886997007 [ 236.059365][ T8921] fido_id[8921]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 236.384363][ T8935] loop4: detected capacity change from 0 to 64 [ 236.848865][ T8947] loop4: detected capacity change from 0 to 256 [ 236.852431][ T8947] exfat: Deprecated parameter 'utf8' [ 236.852544][ T8947] exfat: Deprecated parameter 'namecase' [ 236.852600][ T8947] exfat: Deprecated parameter 'namecase' [ 236.867856][ T8947] exFAT-fs (loop4): failed to load upcase table (idx : 0x0001fe89, chksum : 0xc3758327, utbl_chksum : 0xe619d30d) [ 237.265056][ T8954] overlayfs: invalid origin (0000) [ 237.963145][ T8986] loop1: detected capacity change from 0 to 256 [ 238.131537][ T8992] loop2: detected capacity change from 0 to 128 [ 238.885867][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.885867][ T3385] loop2: rw=1, sector=145, nr_sectors = 16 limit=128 [ 238.886021][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.886021][ T3385] loop2: rw=1, sector=169, nr_sectors = 8 limit=128 [ 238.886137][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.886137][ T3385] loop2: rw=1, sector=185, nr_sectors = 8 limit=128 [ 238.886250][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.886250][ T3385] loop2: rw=1, sector=201, nr_sectors = 8 limit=128 [ 238.886373][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.886373][ T3385] loop2: rw=1, sector=217, nr_sectors = 8 limit=128 [ 238.886484][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.886484][ T3385] loop2: rw=1, sector=233, nr_sectors = 8 limit=128 [ 238.886600][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.886600][ T3385] loop2: rw=1, sector=249, nr_sectors = 8 limit=128 [ 238.895224][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.895224][ T3385] loop2: rw=1, sector=265, nr_sectors = 8 limit=128 [ 238.895366][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.895366][ T3385] loop2: rw=1, sector=281, nr_sectors = 8 limit=128 [ 238.895481][ T3385] kworker/u8:16: attempt to access beyond end of device [ 238.895481][ T3385] loop2: rw=1, sector=297, nr_sectors = 8 limit=128 [ 239.251658][ T9016] loop4: detected capacity change from 0 to 2048 [ 239.364797][ T9016] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 239.685385][ T9038] netlink: 'syz.0.1341': attribute type 4 has an invalid length. [ 239.742206][ T5612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 240.379315][ T32] kernel read not supported for file /dsp1 (pid: 32 comm: kworker/1:0) [ 240.993382][ T9079] loop0: detected capacity change from 0 to 128 [ 241.020081][ T9079] EXT4-fs (loop0): Test dummy encryption mode enabled [ 241.038949][ T9079] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042] [ 241.040807][ T9079] System zones: 1-3, 19-19, 35-36 [ 241.066580][ T9079] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback. [ 241.104006][ T9079] ext4 filesystem being mounted at /268/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 241.285538][ T5606] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 241.481814][ T32] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 241.631692][ T32] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.631726][ T32] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.631763][ T32] usb 5-1: New USB device found, idVendor=2006, idProduct=0118, bcdDevice= 0.00 [ 241.631784][ T32] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.687345][ T32] usb 5-1: config 0 descriptor?? [ 242.120657][ T32] hkems 0003:2006:0118.0010: unknown main item tag 0x1 [ 242.125360][ T32] hkems 0003:2006:0118.0010: hidraw0: USB HID v0.00 Device [HID 2006:0118] on usb-dummy_hcd.4-1/input0 [ 242.125390][ T32] hkems 0003:2006:0118.0010: no inputs found [ 242.125403][ T32] hkems 0003:2006:0118.0010: force feedback init failed [ 242.323719][ T32] usb 5-1: USB disconnect, device number 10 [ 242.946408][ T9123] program syz.4.1377 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 243.390829][ T9137] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1383'. [ 243.390914][ T9137] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.438191][ T9137] bridge0: port 1(bridge_slave_0) entered blocking state [ 243.438385][ T9137] bridge0: port 1(bridge_slave_0) entered forwarding state [ 243.438898][ T9137] bridge_slave_0: left allmulticast mode [ 243.438926][ T9137] bridge_slave_0: left promiscuous mode [ 243.495147][ T9137] bridge0: port 1(bridge_slave_0) entered disabled state [ 243.858948][ T9159] loop4: detected capacity change from 0 to 512 [ 244.033400][ T9164] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1395'. [ 244.092779][ T9159] EXT4-fs error (device loop4): ext4_xattr_inode_iget:441: inode #12: comm syz.4.1392: missing EA_INODE flag [ 244.092811][ T9159] loop4: lost file I/O error report for ino 12 type 5 pos 0x0 len 0x0 error -117 [ 244.104665][ T9169] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1395'. [ 244.106583][ C1] EXT4-fs (loop4): initial error at time 1777420104: ext4_xattr_inode_iget:441: inode 12 [ 244.106608][ C1] EXT4-fs (loop4): last error at time 1777420104: ext4_xattr_inode_iget:441: inode 12 [ 244.200711][ T9159] EXT4-fs error (device loop4): ext4_xattr_inode_iget:446: comm syz.4.1392: error while reading EA inode 12 err=-117 [ 244.200744][ T9159] loop4: lost filesystem error report for type 5 error -117 [ 244.202470][ T9159] EXT4-fs (loop4): 1 orphan inode deleted [ 244.207404][ T9159] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 244.350544][ T9175] block nbd1: Unsupported socket: should be TCP or UNIX. [ 244.354537][ T9173] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1398'. [ 244.487609][ T9181] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1403'. [ 244.558169][ T9183] loop0: detected capacity change from 0 to 65 [ 244.585627][ T9183] BFS-fs: bfs_fill_super(): NOTE: filesystem loop0 was created with 512 inodes, the real maximum is 511, mounting anyway [ 244.715486][ T5612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 244.925591][ T9194] pimreg: tun_chr_ioctl cmd 1074025677 [ 244.925928][ T9194] pimreg: linktype set to 6 [ 245.223026][ T9204] netlink: 'syz.0.1411': attribute type 12 has an invalid length. [ 245.223045][ T9204] netlink: 'syz.0.1411': attribute type 29 has an invalid length. [ 245.223058][ T9204] netlink: 148 bytes leftover after parsing attributes in process `syz.0.1411'. [ 245.507368][ T9207] erspan0: entered promiscuous mode [ 245.656180][ T9217] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1418'. [ 246.509457][ T9248] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1433'. [ 246.710848][ T67] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.716632][ T67] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.716680][ T67] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.716714][ T67] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 246.984367][ T9267] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1441'. [ 247.236630][ T9239] loop0: detected capacity change from 0 to 32768 [ 247.791068][ T5722] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 247.940084][ T5722] usb 2-1: Using ep0 maxpacket: 16 [ 247.989542][ T5722] usb 2-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 247.989571][ T5722] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.989593][ T5722] usb 2-1: Product: syz [ 247.989606][ T5722] usb 2-1: Manufacturer: syz [ 247.989619][ T5722] usb 2-1: SerialNumber: syz [ 247.997345][ T5722] usb 2-1: config 0 descriptor?? [ 248.051567][ T5722] visor 2-1:0.0: Sony Clie 3.5 converter detected [ 248.450546][ T5722] usb 2-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 248.551709][ T9300] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1457'. [ 248.551731][ T9300] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1457'. [ 248.551757][ T9300] netlink: 'syz.3.1457': attribute type 18 has an invalid length. [ 248.764175][ T5722] usb 2-1: USB disconnect, device number 11 [ 248.811123][ T5722] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 248.811865][ T5722] visor 2-1:0.0: device disconnected [ 249.230135][ T9294] loop2: detected capacity change from 0 to 32768 [ 249.404272][ T9313] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1462'. [ 249.404391][ T9313] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1462'. [ 249.479257][ T9294] jfs_readdir called with invalid offset! [ 249.679223][ T9320] skbuff: bad partial csum: csum=65535/2 headroom=4 headlen=65543 [ 250.064971][ T9334] loop4: detected capacity change from 0 to 128 [ 250.198989][ T9339] loop0: detected capacity change from 0 to 2048 [ 250.228401][ T9339] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 250.501202][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 250.954321][ T9355] loop2: detected capacity change from 0 to 256 [ 250.955492][ T9355] exfat: Deprecated parameter 'namecase' [ 250.955542][ T9355] exfat: Deprecated parameter 'utf8' [ 251.034876][ T9355] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xea424414, utbl_chksum : 0xe619d30d) [ 253.090278][ T9404] loop1: detected capacity change from 0 to 32768 [ 253.166339][ T9404] ocfs2: Slot 0 on device (7,1) was already allocated to this node! [ 253.180258][ T9404] JBD2: Ignoring recovery information on journal [ 253.219040][ T9404] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 253.310915][ T9404] OCFS2: ERROR (device loop1): int ocfs2_validate_gd_self(struct super_block *, struct buffer_head *, int): Group descriptor #32 has an invalid fs_generation of #1 [ 253.311011][ T9404] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted. [ 253.311022][ T9404] OCFS2: File system is now read-only. [ 253.311038][ T9404] (syz.1.1502,9404,1):ocfs2_search_chain:1913 ERROR: status = -30 [ 253.311059][ T9404] (syz.1.1502,9404,1):ocfs2_search_chain:2036 ERROR: status = -30 [ 253.311079][ T9404] (syz.1.1502,9404,1):ocfs2_claim_suballoc_bits:2123 ERROR: status = -30 [ 253.311099][ T9404] (syz.1.1502,9404,1):ocfs2_claim_suballoc_bits:2176 ERROR: status = -30 [ 253.311118][ T9404] (syz.1.1502,9404,1):__ocfs2_claim_clusters:2557 ERROR: status = -30 [ 253.311137][ T9404] (syz.1.1502,9404,1):__ocfs2_claim_clusters:2565 ERROR: status = -30 [ 253.311158][ T9404] (syz.1.1502,9404,1):ocfs2_local_alloc_new_window:1197 ERROR: status = -30 [ 253.311176][ T9404] (syz.1.1502,9404,1):ocfs2_local_alloc_new_window:1222 ERROR: status = -30 [ 253.311196][ T9404] (syz.1.1502,9404,1):ocfs2_local_alloc_slide_window:1296 ERROR: status = -30 [ 253.311341][ T9404] (syz.1.1502,9404,1):ocfs2_local_alloc_slide_window:1315 ERROR: status = -30 [ 253.311362][ T9404] (syz.1.1502,9404,1):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -30 [ 253.311386][ T9404] (syz.1.1502,9404,1):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30 [ 253.311406][ T9404] (syz.1.1502,9404,1):ocfs2_reserve_clusters_with_limit:1266 ERROR: status = -30 [ 253.311438][ T9404] (syz.1.1502,9404,1):ocfs2_reserve_clusters_with_limit:1315 ERROR: status = -30 [ 253.311457][ T9404] (syz.1.1502,9404,1):ocfs2_symlink:1924 ERROR: status = -30 [ 253.311581][ T9404] (syz.1.1502,9404,1):ocfs2_symlink:2078 ERROR: status = -30 [ 254.014467][ T5611] ocfs2: Unmounting device (7,1) on (node local) [ 254.645954][ T9428] tap0: tun_chr_ioctl cmd 1074025680 [ 254.964630][ T9438] batadv_slave_0: entered promiscuous mode [ 255.006655][ T9438] batman_adv: batadv0: Adding interface: macsec2 [ 255.006672][ T9438] batman_adv: batadv0: The MTU of interface macsec2 is too small (1468) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 255.006699][ T9438] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 255.006714][ T9438] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 255.006728][ T9438] batman_adv: batadv0: Interface activated: macsec2 [ 255.522568][ T9459] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1524'. [ 255.622756][ T1336] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.622837][ T1336] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.949196][ T5714] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 256.189192][ T5714] usb 2-1: Using ep0 maxpacket: 16 [ 256.194000][ T5714] usb 2-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 256.194030][ T5714] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.194049][ T5714] usb 2-1: Product: syz [ 256.194063][ T5714] usb 2-1: Manufacturer: syz [ 256.194077][ T5714] usb 2-1: SerialNumber: syz [ 256.254551][ T5714] usb 2-1: config 0 descriptor?? [ 256.283661][ T5714] gspca_main: spca508-2.14.0 probing 041e:4018 [ 256.496524][ T5714] gspca_spca508: reg_read err -32 [ 256.539214][ T5714] gspca_spca508: reg_read err -32 [ 256.755795][ T5714] gspca_spca508: reg_read err -71 [ 256.756193][ T5714] gspca_spca508: reg_read err -71 [ 256.756653][ T5714] gspca_spca508: reg write: error -71 [ 256.756744][ T5714] spca508 2-1:0.0: probe with driver spca508 failed with error -71 [ 256.828151][ T5714] usb 2-1: USB disconnect, device number 12 [ 257.241445][ T9516] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1551'. [ 257.289412][ T32] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 257.491274][ T32] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 257.491316][ T32] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 257.491337][ T32] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 257.491359][ T32] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 257.494270][ T32] usb 5-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 257.494303][ T32] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.494322][ T32] usb 5-1: Product: syz [ 257.494335][ T32] usb 5-1: Manufacturer: syz [ 257.494348][ T32] usb 5-1: SerialNumber: syz [ 257.511417][ T32] usb 5-1: config 0 descriptor?? [ 257.525728][ T9526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1556'. [ 257.525749][ T9526] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1556'. [ 257.525772][ T9526] netlink: 'syz.3.1556': attribute type 19 has an invalid length. [ 257.525785][ T9526] netlink: 'syz.3.1556': attribute type 20 has an invalid length. [ 257.534610][ T9526] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1556'. [ 257.534629][ T9526] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1556'. [ 257.534652][ T9526] netlink: 'syz.3.1556': attribute type 19 has an invalid length. [ 257.534665][ T9526] netlink: 'syz.3.1556': attribute type 20 has an invalid length. [ 257.795984][ T32] adutux 5-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 257.933513][ T9539] loop0: detected capacity change from 0 to 512 [ 257.955631][ T9539] EXT4-fs error (device loop0): ext4_orphan_get:1397: inode #15: comm syz.0.1561: iget: bad i_size value: 38620345925642 [ 257.955664][ T9539] loop0: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117 [ 257.959058][ C0] EXT4-fs (loop0): error count since last fsck: 1 [ 257.959077][ C0] EXT4-fs (loop0): initial error at time 1777420118: ext4_orphan_get:1397: inode 15 [ 257.959104][ C0] EXT4-fs (loop0): last error at time 1777420118: ext4_orphan_get:1397: inode 15 [ 257.959714][ T9539] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz.0.1561: couldn't read orphan inode 15 (err -117) [ 257.973210][ T9539] loop0: lost filesystem error report for type 5 error -117 [ 258.010288][ T32] usb 5-1: USB disconnect, device number 11 [ 258.066454][ T9539] EXT4-fs (loop0): mounted filesystem 00000000-0000-00a1-0000-000000000000 r/w without journal. Quota mode: writeback. [ 258.291937][ T5722] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 258.321221][ T5606] EXT4-fs (loop0): unmounting filesystem 00000000-0000-00a1-0000-000000000000. [ 258.450053][ T9549] UHID_CREATE from different security context by process 703 (syz.0.1565), this is not allowed. [ 258.452331][ T5722] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 258.452356][ T5722] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 258.452373][ T5722] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 258.452417][ T5722] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 258.452440][ T5722] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 258.454140][ T5722] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 258.454165][ T5722] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 258.454184][ T5722] usb 2-1: Product: syz [ 258.454196][ T5722] usb 2-1: Manufacturer: syz [ 258.485650][ T5722] cdc_wdm 2-1:1.0: skipping garbage [ 258.485669][ T5722] cdc_wdm 2-1:1.0: skipping garbage [ 258.590735][ T5722] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 258.590755][ T5722] cdc_wdm 2-1:1.0: Unknown control protocol [ 258.919250][ T5714] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 259.073840][ T5714] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 259.073869][ T5714] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 259.073886][ T5714] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 259.073905][ T5714] usb 1-1: config 220 has no interface number 2 [ 259.073971][ T5714] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 259.073997][ T5714] usb 1-1: config 220 interface 0 has no altsetting 0 [ 259.074013][ T5714] usb 1-1: config 220 interface 76 has no altsetting 0 [ 259.074029][ T5714] usb 1-1: config 220 interface 1 has no altsetting 0 [ 259.095401][ T5714] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 259.095419][ T5714] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.095429][ T5714] usb 1-1: Product: syz [ 259.095436][ T5714] usb 1-1: Manufacturer: syz [ 259.095444][ T5714] usb 1-1: SerialNumber: syz [ 259.157032][ T9573] tipc: Enabling of bearer rejected, already enabled [ 259.357301][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -EPIPE [ 259.447348][ T5714] usb 1-1: selecting invalid altsetting 0 [ 259.480863][ T5714] uvcvideo 1-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 259.480896][ T5714] uvcvideo 1-1:220.0: No valid video chain found. [ 259.524132][ T5714] usb 1-1: selecting invalid altsetting 0 [ 259.524167][ T5714] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 259.569228][ T5714] usb 1-1: USB disconnect, device number 11 [ 259.635696][ T5722] usb 2-1: USB disconnect, device number 13 [ 259.690391][ T9575] bridge0: port 2(bridge_slave_1) entered disabled state [ 260.373514][ T9606] netlink: 13 bytes leftover after parsing attributes in process `syz.0.1590'. [ 260.497244][ T9609] loop4: detected capacity change from 0 to 512 [ 260.510000][ T9609] EXT4-fs: Ignoring removed oldalloc option [ 260.511748][ T9609] EXT4-fs (loop4): Test dummy encryption mode enabled [ 260.768696][ T9609] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 261.158153][ T5612] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 262.323114][ T9676] faux_driver vkms: [drm] Unknown color mode 6; guessing buffer size. [ 262.373691][ T9677] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1622'. [ 262.918283][ T9703] program syz.0.1634 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 263.036747][ T9697] bond1: invalid ARP target 0.0.0.0 specified for addition [ 263.036772][ T9697] bond1: option arp_ip_target: invalid value (0) [ 263.232058][ T9714] vxcan0: tx drop: invalid sa for name 0x0000000000000001 [ 263.333142][ T9697] bond1 (unregistering): Released all slaves [ 263.759449][ T9724] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1645'. [ 264.010868][ T9733] loop0: detected capacity change from 0 to 1024 [ 264.038667][ T9733] EXT4-fs (loop0): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 264.038811][ T9733] ext4 filesystem being mounted at /320/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 264.316027][ T5606] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 264.558354][ T37] audit: type=1804 audit(1777420124.939:198): pid=9752 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.1657" name="/newroot/340/file0" dev="tmpfs" ino=1779 res=1 errno=0 [ 264.602209][ T37] audit: type=1804 audit(1777420125.069:199): pid=9755 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.1657" name="/newroot/340/file0" dev="tmpfs" ino=1779 res=1 errno=0 [ 264.888321][ T9765] sctp: [Deprecated]: syz.4.1660 (pid 9765) Use of struct sctp_assoc_value in delayed_ack socket option. [ 264.888321][ T9765] Use struct sctp_sack_info instead [ 266.217328][ T9740] loop1: detected capacity change from 0 to 40427 [ 266.406557][ T9740] F2FS-fs (loop1): invalid crc value [ 267.703736][ T37] audit: type=1326 audit(1777420128.199:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1677" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f72f55acdd9 code=0x0 [ 267.760503][ T9740] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1 [ 267.790218][ T9809] netlink: 844 bytes leftover after parsing attributes in process `syz.2.1678'. [ 267.844656][ T9740] F2FS-fs (loop1): Start checkpoint disabled! [ 267.879582][ T5731] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 267.936931][ T9740] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0 [ 268.031144][ T5731] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 268.031172][ T5731] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.058099][ T5731] usb 1-1: config 0 descriptor?? [ 268.072235][ T5731] cp210x 1-1:0.0: cp210x converter detected [ 268.637723][ T9820] program syz.3.1685 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 268.687323][ T5731] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 268.687377][ T5731] cp210x 1-1:0.0: GPIO initialisation failed: -71 [ 268.759718][ T5731] usb 1-1: cp210x converter now attached to ttyUSB0 [ 268.786593][ T5731] usb 1-1: USB disconnect, device number 12 [ 268.813804][ T5731] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 268.816057][ T5731] cp210x 1-1:0.0: device disconnected [ 269.072564][ T9836] loop1: detected capacity change from 0 to 64 [ 269.193062][ C1] wlan0: beacon TX faster than countdown (channel/color switch) completion [ 270.111141][ T37] audit: type=1326 audit(1777420130.609:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.111191][ T37] audit: type=1326 audit(1777420130.609:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.175015][ T37] audit: type=1326 audit(1777420130.669:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=216 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.175067][ T37] audit: type=1326 audit(1777420130.669:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.175107][ T37] audit: type=1326 audit(1777420130.669:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.175147][ T37] audit: type=1326 audit(1777420130.669:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4260bdd60e code=0x7ffc0000 [ 270.175187][ T37] audit: type=1326 audit(1777420130.669:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.183655][ T37] audit: type=1326 audit(1777420130.679:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=19 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.185662][ T37] audit: type=1326 audit(1777420130.679:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9869 comm="syz.4.1707" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4260c1cdd9 code=0x7ffc0000 [ 270.808321][ T9890] loop4: detected capacity change from 0 to 256 [ 270.894717][ T9890] FAT-fs (loop4): unable to read block(103987194760) for building NFS inode [ 271.582620][ T9903] block nbd4: NBD_DISCONNECT [ 271.619567][ T9903] block nbd4: Send disconnect failed -32 [ 271.620688][ T9899] block nbd4: Disconnected due to user request. [ 271.658418][ T9899] block nbd4: shutting down sockets [ 272.473178][ T9933] pim6reg1: tun_chr_ioctl cmd 1074025681 [ 272.966258][ T9948] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1739'. [ 273.117626][ T9954] netlink: 'syz.2.1743': attribute type 3 has an invalid length. [ 273.117646][ T9954] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1743'. [ 273.950256][ T41] wlan1: BSS 50:50:50:50:50:50 switches to unsupported channel (0 MHz), disconnecting [ 274.204581][ T41] wlan1: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 274.480847][ T9998] tun0: tun_chr_ioctl cmd 1074025677 [ 274.480997][ T9998] tun0: linktype set to 270 [ 275.243821][T10024] bridge0: port 2(bridge_slave_1) entered disabled state [ 275.479933][T10037] loop1: detected capacity change from 0 to 16 [ 275.487896][T10037] erofs (device loop1): mounted with root inode @ nid 36. [ 275.593707][T10037] erofs (device loop1): invalid de[0].nameoff 14 @ nid 36 [ 276.752287][T10055] loop4: detected capacity change from 0 to 32768 [ 276.868084][T10055] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 276.986091][T10055] XFS (loop4): Ending clean mount [ 277.025278][T10055] XFS (loop4): Quotacheck needed: Please wait. [ 277.595651][T10055] XFS (loop4): Quotacheck: Done. [ 277.726956][ T5612] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 278.463782][T10098] loop0: detected capacity change from 0 to 128 [ 278.567421][T10104] tap0: tun_chr_ioctl cmd 1074025677 [ 278.567669][T10104] tap0: linktype set to 805 [ 278.580387][T10098] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 278.608298][T10098] ext4 filesystem being mounted at /343/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 278.940211][ T5606] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 279.723423][T10132] bond1: invalid ARP target 0.0.0.0 specified for addition [ 279.723448][T10132] bond1: option arp_ip_target: invalid value (0) [ 279.806820][T10132] bond1 (unregistering): Released all slaves [ 280.321401][T10150] loop1: detected capacity change from 0 to 4096 [ 280.324992][T10152] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1825'. [ 280.417891][T10154] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1825'. [ 280.633675][T10163] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 280.890174][T10174] loop4: detected capacity change from 0 to 256 [ 281.030259][T10174] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 281.153350][T10174] exFAT-fs (loop4): start_clu is invalid cluster(0xffffffff) [ 281.222103][ C0] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 281.418359][T10180] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1838'. [ 281.517625][T10185] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1840'. [ 281.573452][T10185] ipvlan3: entered allmulticast mode [ 281.573472][T10185] syz_tun: entered allmulticast mode [ 281.639215][ T5722] usb 1-1: new low-speed USB device number 13 using dummy_hcd [ 281.802343][ T5722] usb 1-1: config 0 has no interfaces? [ 281.802380][ T5722] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 281.802402][ T5722] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.836929][ T5722] usb 1-1: config 0 descriptor?? [ 282.085133][ T5722] usb 1-1: USB disconnect, device number 13 [ 282.115849][T10192] bond1: invalid ARP target 0.0.0.0 specified for addition [ 282.115874][T10192] bond1: option arp_ip_target: invalid value (0) [ 282.238141][T10192] bond1 (unregistering): Released all slaves [ 282.857797][ T5722] kernel read not supported for file /media4 (pid: 5722 comm: kworker/1:4) [ 282.978526][T10212] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1850'. [ 283.106971][T10215] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1852'. [ 283.125055][T10217] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 283.126713][T10217] bond0: option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0) [ 284.417602][T10237] pim6reg: entered allmulticast mode [ 284.417886][T10243] pim6reg: left allmulticast mode [ 285.908694][T10256] loop1: detected capacity change from 0 to 131072 [ 285.926227][T10256] F2FS-fs (loop1): Test dummy encryption mode enabled [ 285.928415][T10256] F2FS-fs (loop1): invalid crc value [ 286.043517][T10256] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 286.063207][T10256] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 286.655869][T10288] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 287.164734][T10302] macvlan2: entered promiscuous mode [ 287.164754][T10302] bridge0: entered promiscuous mode [ 287.509305][ T5714] usb 4-1: new low-speed USB device number 13 using dummy_hcd [ 287.728677][ T5714] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1056, setting to 8 [ 287.728711][ T5714] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 8 [ 287.728751][ T5714] usb 4-1: New USB device found, idVendor=046d, idProduct=c293, bcdDevice= 0.00 [ 287.728773][ T5714] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.744071][ T5714] usb 4-1: config 0 descriptor?? [ 287.745122][T10306] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 287.924959][T10317] loop0: detected capacity change from 0 to 256 [ 288.100773][T10304] loop4: detected capacity change from 0 to 40427 [ 288.247780][T10317] FAT-fs (loop0): Directory bread(block 64) failed [ 288.247811][T10317] FAT-fs (loop0): Directory bread(block 65) failed [ 288.247973][T10317] FAT-fs (loop0): Directory bread(block 66) failed [ 288.247995][T10317] FAT-fs (loop0): Directory bread(block 67) failed [ 288.248150][T10317] FAT-fs (loop0): Directory bread(block 68) failed [ 288.248172][T10317] FAT-fs (loop0): Directory bread(block 69) failed [ 288.248328][T10317] FAT-fs (loop0): Directory bread(block 70) failed [ 288.248408][T10317] FAT-fs (loop0): Directory bread(block 71) failed [ 288.248573][T10317] FAT-fs (loop0): Directory bread(block 72) failed [ 288.248594][T10317] FAT-fs (loop0): Directory bread(block 73) failed [ 288.284444][ T5714] logitech 0003:046D:C293.0011: unknown main item tag 0x3 [ 288.284481][ T5714] logitech 0003:046D:C293.0011: unknown main item tag 0x5 [ 288.284507][ T5714] logitech 0003:046D:C293.0011: item fetching failed at offset 36/40 [ 288.285162][ T5714] logitech 0003:046D:C293.0011: parse failed [ 288.285258][ T5714] logitech 0003:046D:C293.0011: probe with driver logitech failed with error -22 [ 288.454673][T10304] F2FS-fs (loop4): invalid crc value [ 288.522628][ T5714] usb 4-1: USB disconnect, device number 13 [ 289.028972][T10304] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0 [ 289.215940][T10304] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 290.463931][ T32] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 290.629959][ T32] usb 4-1: Using ep0 maxpacket: 32 [ 290.633069][ T32] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 290.633093][ T32] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 290.633111][ T32] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 290.633131][ T32] usb 4-1: config 1 has no interface number 0 [ 290.633171][ T32] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 290.633204][ T32] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 290.633242][ T32] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 290.633263][ T32] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.778737][ T32] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 291.103404][ T32] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 291.175039][T10375] block nbd4: not configured, cannot reconfigure [ 291.372729][ T5714] usb 4-1: USB disconnect, device number 14 [ 291.434091][ T5714] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 291.777022][T10393] loop1: detected capacity change from 0 to 512 [ 291.862676][T10393] EXT4-fs (loop1): 1 truncate cleaned up [ 291.875533][T10393] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 292.055134][ T5611] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 292.489393][ T5714] usb 1-1: new low-speed USB device number 14 using dummy_hcd [ 292.494393][T10411] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1933'. [ 292.642439][ T5714] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 292.642466][ T5714] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 292.642485][ T5714] usb 1-1: config 0 has no interface number 0 [ 292.642524][ T5714] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 292.642548][ T5714] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 10 [ 292.642571][ T5714] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 292.642604][ T5714] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 292.642625][ T5714] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.724048][ T5714] usb 1-1: config 0 descriptor?? [ 292.730609][T10421] loop1: detected capacity change from 0 to 512 [ 293.043860][T10421] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 293.043997][T10421] ext4 filesystem being mounted at /353/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 293.087317][T10421] EXT4-fs (loop1): shut down requested (2) [ 293.196389][ T5611] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 293.385772][ T5714] input: USB Keyspan Remote 06cd:0202 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.21/input/input16 [ 293.549213][ T5714] input: failed to attach handler kbd to device input16, error: -5 [ 293.606187][ T5714] usb 1-1: USB disconnect, device number 14 [ 293.773798][T10447] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 294.186992][T10455] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1951'. [ 294.283292][T10460] sch_tbf: burst 1735 is lower than device lo mtu (65550) ! [ 294.489550][T10470] program syz.0.1959 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 294.794825][T10482] loop1: detected capacity change from 0 to 1024 [ 294.915257][T10482] hfsplus: bad catalog entry type [ 295.129309][ T5714] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 295.209811][ T821] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 295.279172][ T5714] usb 5-1: Using ep0 maxpacket: 16 [ 295.305940][ T5714] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 295.305992][ T5714] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 295.306016][ T5714] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 295.306060][ T5714] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 295.306083][ T5714] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.366927][ T5714] usb 5-1: config 0 descriptor?? [ 295.401605][ T821] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 295.401632][ T821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.417712][ T821] usb 4-1: config 0 descriptor?? [ 295.459911][T10498] loop1: detected capacity change from 0 to 512 [ 295.472996][ T821] cp210x 4-1:0.0: cp210x converter detected [ 295.851828][ T5714] hid-picolcd 0003:04D8:F002.0012: No report with id 0xf3 found [ 295.851853][ T5714] hid-picolcd 0003:04D8:F002.0012: No report with id 0xf4 found [ 295.861897][ T821] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 295.899892][ T821] usb 4-1: cp210x converter now attached to ttyUSB0 [ 295.968490][T10498] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #11: comm syz.1.1972: invalid indirect mapped block 256 (level 2) [ 295.968528][T10498] loop1: lost file I/O error report for ino 11 type 5 pos 0x0 len 0x0 error -117 [ 295.972063][ C1] EXT4-fs (loop1): initial error at time 1777420156: ext4_free_branches:1023: inode 11 [ 295.972096][ C1] EXT4-fs (loop1): last error at time 1777420156: ext4_free_branches:1023: inode 11 [ 296.010664][ T821] usb 5-1: USB disconnect, device number 12 [ 296.083946][ T32] usb 4-1: USB disconnect, device number 15 [ 296.116694][T10498] EXT4-fs (loop1): 2 truncates cleaned up [ 296.124229][ T32] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 296.132501][T10498] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 296.202598][T10500] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm ext4lazyinit: bg 0: block 5: invalid block bitmap [ 296.265283][T10498] EXT4-fs error (device loop1): ext4_validate_block_bitmap:432: comm syz.1.1972: bg 0: block 5: invalid block bitmap [ 296.318073][ T32] cp210x 4-1:0.0: device disconnected [ 296.424832][T10498] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 296.424862][T10498] EXT4-fs (loop1): This should not happen!! Data will be lost [ 296.424862][T10498] [ 296.424877][T10498] EXT4-fs (loop1): Total free blocks count 0 [ 296.424889][T10498] EXT4-fs (loop1): Free/Dirty block details [ 296.424928][T10498] EXT4-fs (loop1): free_blocks=0 [ 296.424962][T10498] EXT4-fs (loop1): dirty_blocks=66 [ 296.424976][T10498] EXT4-fs (loop1): Block reservation details [ 296.424986][T10498] EXT4-fs (loop1): i_reserved_data_blocks=66 [ 296.541042][ T57] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 4 with max blocks 64 with error 28 [ 296.554778][ T5611] EXT4-fs warning (device loop1): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost [ 296.768116][T10518] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1979'. [ 297.590085][ T5722] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 297.759283][ T5722] usb 2-1: Using ep0 maxpacket: 32 [ 297.763651][ T5722] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 297.763674][ T5722] usb 2-1: config 0 has no interface number 0 [ 297.767068][ T5722] usb 2-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 297.767093][ T5722] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 297.767112][ T5722] usb 2-1: Product: syz [ 297.767125][ T5722] usb 2-1: Manufacturer: syz [ 297.767137][ T5722] usb 2-1: SerialNumber: syz [ 297.814133][ T5722] usb 2-1: config 0 descriptor?? [ 297.821465][ T5722] usb 2-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 297.821502][ T5722] usb 2-1: selecting invalid altsetting 1 [ 297.821517][ T5722] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 297.843861][ T5722] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 297.845753][ T5722] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 297.845802][ T5722] usb 2-1: media controller created [ 297.884077][ T5722] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 298.009187][ T5714] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 298.110998][ T5722] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-32 [ 298.111069][ T5722] zl10353_read_register: readreg error (reg=127, ret==-32) [ 298.165039][ T5714] usb 4-1: config 0 has an invalid interface number: 214 but max is 0 [ 298.165066][ T5714] usb 4-1: config 0 has no interface number 0 [ 298.165109][ T5714] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 298.165134][ T5714] usb 4-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 298.168937][ T5714] usb 4-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 298.168962][ T5714] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 298.168980][ T5714] usb 4-1: Manufacturer: syz [ 298.168994][ T5714] usb 4-1: SerialNumber: syz [ 298.237029][ T5714] usb 4-1: config 0 descriptor?? [ 298.713158][T10567] overlayfs: upper fs does not support file handles, falling back to index=off. [ 298.713174][T10567] overlayfs: NFS export requires "index=on", falling back to nfs_export=off. [ 298.744358][T10575] netlink: 'syz.2.2007': attribute type 2 has an invalid length. [ 298.881053][ T5714] usbtouchscreen 4-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 298.927922][ T5714] usb 4-1: USB disconnect, device number 16 [ 299.255098][T10538] usb 2-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 299.258686][ T5722] usb 2-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 299.331834][ T5722] usb 2-1: USB disconnect, device number 14 [ 299.693984][T10573] loop4: detected capacity change from 0 to 32768 [ 299.874593][T10573] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 299.899148][ T5731] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 300.057336][ T5731] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1056, setting to 64 [ 300.057385][ T5731] usb 4-1: New USB device found, idVendor=05ac, idProduct=029c, bcdDevice= 0.00 [ 300.057407][ T5731] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.125689][T10573] XFS (loop4): Ending clean mount [ 300.149523][ T5731] usb 4-1: config 0 descriptor?? [ 300.150538][T10592] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 300.157849][T10612] vxlan0: entered promiscuous mode [ 300.170514][T10612] vxlan0: entered allmulticast mode [ 300.172026][ T3428] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 300.172068][ T3428] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 300.172102][ T3428] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 300.172135][ T3428] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 300.593771][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593806][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593833][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593859][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593885][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593910][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593936][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593961][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.593987][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.594012][ T5731] apple 0003:05AC:029C.0013: unknown main item tag 0x0 [ 300.694276][ T5731] apple 0003:05AC:029C.0013: hidraw0: USB HID v4.08 Device [HID 05ac:029c] on usb-dummy_hcd.3-1/input0 [ 300.790194][ T5714] usb 4-1: USB disconnect, device number 17 [ 301.012180][ T5612] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d [ 301.567780][T10641] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2035'. [ 302.389249][ T5722] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 302.539243][ T5722] usb 1-1: Using ep0 maxpacket: 8 [ 302.541261][ T5722] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 302.541284][ T5722] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 302.541297][ T5722] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 302.541309][ T5722] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 302.541331][ T5722] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 302.541342][ T5722] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.757417][ T5722] usb 1-1: GET_CAPABILITIES returned 0 [ 302.757465][ T5722] usbtmc 1-1:16.0: can't read capabilities [ 303.037631][T10684] netpci0: tun_chr_ioctl cmd 1074025672 [ 303.037652][T10684] netpci0: ignored: set checksum enabled [ 303.129369][ T5722] usb 1-1: USB disconnect, device number 15 [ 303.337673][T10692] netlink: 340 bytes leftover after parsing attributes in process `syz.3.2054'. [ 304.037101][T10724] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2066'. [ 304.037133][T10724] netlink: 'syz.1.2066': attribute type 30 has an invalid length. [ 304.102515][ T1041] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.104123][ T1041] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.104191][ T1041] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 304.104262][ T1041] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 305.183920][ T821] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 305.332578][ T821] usb 4-1: Using ep0 maxpacket: 16 [ 305.334843][ T821] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 305.334880][ T821] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 305.334901][ T821] usb 4-1: config 0 interface 0 has no altsetting 0 [ 305.334934][ T821] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 305.334955][ T821] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 305.416957][T10770] ref_ctr_offset mismatch. inode: 0x877 offset: 0x5 ref_ctr_offset(old): 0x2 ref_ctr_offset(new): 0x0 [ 305.475982][ T821] usb 4-1: config 0 descriptor?? [ 305.690516][T10777] loop0: detected capacity change from 0 to 16 [ 305.854949][T10777] erofs (device loop0): mounted with root inode @ nid 36. [ 305.918842][ T821] hid (null): unknown global tag 0xd [ 305.924325][ T821] hid (null): report_id 0 is invalid [ 306.135152][ T5714] usb 4-1: USB disconnect, device number 18 [ 306.158588][T10794] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 306.158588][T10794] The task syz.0.2094 (10794) triggered the difference, watch for misbehavior. [ 306.476794][T10798] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2098'. [ 306.594488][ T4928] block nbd1: Receive control failed (result -32) [ 306.620790][ T4928] block nbd1: Receive control failed (result -32) [ 306.681987][T10760] nbd1: detected capacity change from 0 to 128 [ 306.723200][ T5906] [ 306.723211][ T5906] ====================================================== [ 306.723218][ T5906] WARNING: possible circular locking dependency detected [ 306.723233][ T5906] syzkaller #0 Tainted: G L [ 306.723244][ T5906] ------------------------------------------------------ [ 306.723251][ T5906] udevd/5906 is trying to acquire lock: [ 306.723261][ T5906] ffff88805b54fe60 (&nsock->tx_lock){+.+.}-{4:4}, at: nbd_queue_rq+0x37b/0x1100 [ 306.723310][ T5906] [ 306.723310][ T5906] but task is already holding lock: [ 306.723317][ T5906] ffff888060f4e170 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc6/0x1100 [ 306.723355][ T5906] [ 306.723355][ T5906] which lock already depends on the new lock. [ 306.723355][ T5906] [ 306.723362][ T5906] [ 306.723362][ T5906] the existing dependency chain (in reverse order) is: [ 306.723369][ T5906] [ 306.723369][ T5906] -> #6 (&cmd->lock){+.+.}-{4:4}: [ 306.723394][ T5906] mutex_lock_nested+0x5a/0x1d0 [ 306.723413][ T5906] nbd_queue_rq+0xc6/0x1100 [ 306.723434][ T5906] blk_mq_dispatch_rq_list+0xa77/0x1910 [ 306.723458][ T5906] __blk_mq_sched_dispatch_requests+0xddb/0x1610 [ 306.723483][ T5906] blk_mq_sched_dispatch_requests+0xda/0x1a0 [ 306.723506][ T5906] blk_mq_run_hw_queue+0x368/0x520 [ 306.723526][ T5906] blk_mq_dispatch_list+0xd1f/0xe20 [ 306.723549][ T5906] blk_mq_flush_plug_list+0x48d/0x570 [ 306.723574][ T5906] __blk_flush_plug+0x3ed/0x4d0 [ 306.723600][ T5906] __submit_bio+0x28d/0x580 [ 306.723624][ T5906] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 306.723648][ T5906] block_read_full_folio+0x7b7/0x830 [ 306.723675][ T5906] filemap_read_folio+0x137/0x3b0 [ 306.723701][ T5906] do_read_cache_folio+0x2bf/0x560 [ 306.723731][ T5906] read_part_sector+0xb8/0x2b0 [ 306.723750][ T5906] adfspart_check_ICS+0xb1/0x960 [ 306.723769][ T5906] bdev_disk_changed+0x817/0x1770 [ 306.723788][ T5906] blkdev_get_whole+0x2e5/0x480 [ 306.723807][ T5906] bdev_open+0x31e/0xcc0 [ 306.723824][ T5906] blkdev_open+0x485/0x620 [ 306.723836][ T5906] do_dentry_open+0x83d/0x13e0 [ 306.723848][ T5906] vfs_open+0x3b/0x350 [ 306.723859][ T5906] path_openat+0x2e43/0x38a0 [ 306.723877][ T5906] do_file_open+0x23e/0x4a0 [ 306.723893][ T5906] do_sys_openat2+0x113/0x200 [ 306.723905][ T5906] __x64_sys_openat+0x138/0x170 [ 306.723919][ T5906] do_syscall_64+0x15f/0xf80 [ 306.723937][ T5906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.723951][ T5906] [ 306.723951][ T5906] -> #5 (set->srcu){.+.+}-{0:0}: [ 306.723971][ T5906] __synchronize_srcu+0xca/0x300 [ 306.723991][ T5906] elevator_switch+0x1e8/0x7a0 [ 306.724009][ T5906] elevator_change+0x2cc/0x450 [ 306.724028][ T5906] elevator_set_default+0x36c/0x430 [ 306.724047][ T5906] blk_register_queue+0x3e9/0x4e0 [ 306.724067][ T5906] __add_disk+0x677/0xd50 [ 306.724079][ T5906] add_disk_fwnode+0xfb/0x480 [ 306.724092][ T5906] nbd_dev_add+0x72c/0xb50 [ 306.724105][ T5906] nbd_init+0x168/0x1f0 [ 306.724123][ T5906] do_one_initcall+0x250/0x870 [ 306.724142][ T5906] do_initcall_level+0x104/0x190 [ 306.724161][ T5906] do_initcalls+0x59/0xa0 [ 306.724178][ T5906] kernel_init_freeable+0x2a6/0x3e0 [ 306.724196][ T5906] kernel_init+0x1d/0x1d0 [ 306.724208][ T5906] ret_from_fork+0x514/0xb70 [ 306.724226][ T5906] ret_from_fork_asm+0x1a/0x30 [ 306.724244][ T5906] [ 306.724244][ T5906] -> #4 (&q->elevator_lock){+.+.}-{4:4}: [ 306.724263][ T5906] mutex_lock_nested+0x5a/0x1d0 [ 306.724276][ T5906] elevator_change+0x1b3/0x450 [ 306.724294][ T5906] elevator_set_none+0xb5/0x140 [ 306.724312][ T5906] blk_mq_update_nr_hw_queues+0x607/0x1a80 [ 306.724326][ T5906] nbd_start_device+0x17f/0xb20 [ 306.724339][ T5906] nbd_genl_connect+0x1651/0x1c80 [ 306.724352][ T5906] genl_family_rcv_msg_doit+0x22a/0x330 [ 306.724375][ T5906] genl_rcv_msg+0x61c/0x7a0 [ 306.724395][ T5906] netlink_rcv_skb+0x232/0x4b0 [ 306.724410][ T5906] genl_rcv+0x28/0x40 [ 306.724430][ T5906] netlink_unicast+0x780/0x920 [ 306.724444][ T5906] netlink_sendmsg+0x813/0xb40 [ 306.724460][ T5906] sock_sendmsg_nosec+0x112/0x150 [ 306.724482][ T5906] ____sys_sendmsg+0x55c/0x870 [ 306.724498][ T5906] ___sys_sendmsg+0x2a5/0x360 [ 306.724515][ T5906] __x64_sys_sendmsg+0x1c3/0x2a0 [ 306.724531][ T5906] do_syscall_64+0x15f/0xf80 [ 306.724549][ T5906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.724563][ T5906] [ 306.724563][ T5906] -> #3 (&q->q_usage_counter(io)#50){++++}-{0:0}: [ 306.724586][ T5906] blk_alloc_queue+0x54e/0x690 [ 306.724603][ T5906] __blk_mq_alloc_disk+0x197/0x390 [ 306.724624][ T5906] nbd_dev_add+0x499/0xb50 [ 306.724637][ T5906] nbd_init+0x168/0x1f0 [ 306.724654][ T5906] do_one_initcall+0x250/0x870 [ 306.724671][ T5906] do_initcall_level+0x104/0x190 [ 306.724688][ T5906] do_initcalls+0x59/0xa0 [ 306.724710][ T5906] kernel_init_freeable+0x2a6/0x3e0 [ 306.724728][ T5906] kernel_init+0x1d/0x1d0 [ 306.724740][ T5906] ret_from_fork+0x514/0xb70 [ 306.724756][ T5906] ret_from_fork_asm+0x1a/0x30 [ 306.724774][ T5906] [ 306.724774][ T5906] -> #2 (fs_reclaim){+.+.}-{0:0}: [ 306.724793][ T5906] fs_reclaim_acquire+0x71/0x100 [ 306.724811][ T5906] kmem_cache_alloc_node_noprof+0x4b/0x6e0 [ 306.724828][ T5906] __alloc_skb+0x1d0/0x7d0 [ 306.724843][ T5906] tcp_stream_alloc_skb+0x3f/0x5c0 [ 306.724865][ T5906] tcp_sendmsg_locked+0x134b/0x5370 [ 306.724886][ T5906] tcp_sendmsg+0x2f/0x50 [ 306.724906][ T5906] sock_sendmsg_nosec+0xf9/0x150 [ 306.724927][ T5906] sock_write_iter+0x308/0x410 [ 306.724945][ T5906] vfs_write+0x629/0xba0 [ 306.724962][ T5906] ksys_write+0x156/0x270 [ 306.724980][ T5906] do_syscall_64+0x15f/0xf80 [ 306.724998][ T5906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.725011][ T5906] [ 306.725011][ T5906] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 306.725031][ T5906] lock_sock_nested+0x41/0x130 [ 306.725043][ T5906] tcp_sendmsg+0x21/0x50 [ 306.725064][ T5906] sock_sendmsg_nosec+0xf9/0x150 [ 306.725084][ T5906] sock_sendmsg+0x1ca/0x2d0 [ 306.725104][ T5906] __sock_xmit+0x251/0x510 [ 306.725118][ T5906] nbd_disconnect+0x3b9/0x560 [ 306.725137][ T5906] nbd_ioctl+0xc80/0xe40 [ 306.725151][ T5906] blkdev_ioctl+0x5e6/0x750 [ 306.725162][ T5906] __se_sys_ioctl+0xff/0x170 [ 306.725180][ T5906] do_syscall_64+0x15f/0xf80 [ 306.725197][ T5906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.725210][ T5906] [ 306.725210][ T5906] -> #0 (&nsock->tx_lock){+.+.}-{4:4}: [ 306.725229][ T5906] __lock_acquire+0x15a5/0x2d10 [ 306.725250][ T5906] lock_acquire+0x106/0x350 [ 306.725269][ T5906] mutex_lock_nested+0x5a/0x1d0 [ 306.725282][ T5906] nbd_queue_rq+0x37b/0x1100 [ 306.725295][ T5906] blk_mq_dispatch_rq_list+0xa77/0x1910 [ 306.725314][ T5906] __blk_mq_sched_dispatch_requests+0xddb/0x1610 [ 306.725336][ T5906] blk_mq_sched_dispatch_requests+0xda/0x1a0 [ 306.725357][ T5906] blk_mq_run_hw_queue+0x368/0x520 [ 306.725374][ T5906] blk_mq_dispatch_list+0xd1f/0xe20 [ 306.725392][ T5906] blk_mq_flush_plug_list+0x48d/0x570 [ 306.725412][ T5906] __blk_flush_plug+0x3ed/0x4d0 [ 306.725431][ T5906] __submit_bio+0x28d/0x580 [ 306.725451][ T5906] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 306.725469][ T5906] block_read_full_folio+0x7b7/0x830 [ 306.725490][ T5906] filemap_read_folio+0x137/0x3b0 [ 306.725510][ T5906] do_read_cache_folio+0x2bf/0x560 [ 306.725530][ T5906] read_part_sector+0xb8/0x2b0 [ 306.725549][ T5906] adfspart_check_ICS+0xb1/0x960 [ 306.725569][ T5906] bdev_disk_changed+0x817/0x1770 [ 306.725587][ T5906] blkdev_get_whole+0x2e5/0x480 [ 306.725606][ T5906] bdev_open+0x31e/0xcc0 [ 306.725625][ T5906] blkdev_open+0x485/0x620 [ 306.725636][ T5906] do_dentry_open+0x83d/0x13e0 [ 306.725647][ T5906] vfs_open+0x3b/0x350 [ 306.725659][ T5906] path_openat+0x2e43/0x38a0 [ 306.725674][ T5906] do_file_open+0x23e/0x4a0 [ 306.725691][ T5906] do_sys_openat2+0x113/0x200 [ 306.725703][ T5906] __x64_sys_openat+0x138/0x170 [ 306.725721][ T5906] do_syscall_64+0x15f/0xf80 [ 306.725738][ T5906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.725751][ T5906] [ 306.725751][ T5906] other info that might help us debug this: [ 306.725751][ T5906] [ 306.725756][ T5906] Chain exists of: [ 306.725756][ T5906] &nsock->tx_lock --> set->srcu --> &cmd->lock [ 306.725756][ T5906] [ 306.725779][ T5906] Possible unsafe locking scenario: [ 306.725779][ T5906] [ 306.725784][ T5906] CPU0 CPU1 [ 306.725788][ T5906] ---- ---- [ 306.725793][ T5906] lock(&cmd->lock); [ 306.725803][ T5906] lock(set->srcu); [ 306.725813][ T5906] lock(&cmd->lock); [ 306.725824][ T5906] lock(&nsock->tx_lock); [ 306.725833][ T5906] [ 306.725833][ T5906] *** DEADLOCK *** [ 306.725833][ T5906] [ 306.725837][ T5906] 3 locks held by udevd/5906: [ 306.725846][ T5906] #0: ffff888024d494c8 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0xe0/0xcc0 [ 306.725885][ T5906] #1: ffff8880262eff18 (set->srcu){.+.+}-{0:0}, at: blk_mq_run_hw_queue+0x33e/0x520 [ 306.725923][ T5906] #2: ffff888060f4e170 (&cmd->lock){+.+.}-{4:4}, at: nbd_queue_rq+0xc6/0x1100 [ 306.725956][ T5906] [ 306.725956][ T5906] stack backtrace: [ 306.725968][ T5906] CPU: 1 UID: 0 PID: 5906 Comm: udevd Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 306.725989][ T5906] Tainted: [L]=SOFTLOCKUP [ 306.725995][ T5906] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 306.726010][ T5906] Call Trace: [ 306.726017][ T5906] [ 306.726023][ T5906] dump_stack_lvl+0xe8/0x150 [ 306.726043][ T5906] print_circular_bug+0x2e1/0x300 [ 306.726061][ T5906] check_noncircular+0x12e/0x150 [ 306.726079][ T5906] __lock_acquire+0x15a5/0x2d10 [ 306.726109][ T5906] ? nbd_queue_rq+0x37b/0x1100 [ 306.726123][ T5906] lock_acquire+0x106/0x350 [ 306.726143][ T5906] ? nbd_queue_rq+0x37b/0x1100 [ 306.726160][ T5906] ? nbd_queue_rq+0x37b/0x1100 [ 306.726176][ T5906] ? nbd_queue_rq+0x37b/0x1100 [ 306.726190][ T5906] mutex_lock_nested+0x5a/0x1d0 [ 306.726204][ T5906] ? nbd_queue_rq+0x37b/0x1100 [ 306.726220][ T5906] nbd_queue_rq+0x37b/0x1100 [ 306.726239][ T5906] ? __pfx_nbd_queue_rq+0x10/0x10 [ 306.726254][ T5906] ? preempt_schedule_common+0x82/0xd0 [ 306.726272][ T5906] ? preempt_schedule_thunk+0x16/0x30 [ 306.726291][ T5906] blk_mq_dispatch_rq_list+0xa77/0x1910 [ 306.726318][ T5906] ? sbitmap_get+0x229/0x390 [ 306.726337][ T5906] ? __pfx_blk_mq_dispatch_rq_list+0x10/0x10 [ 306.726358][ T5906] ? __blk_mq_alloc_driver_tag+0x2e7/0x6e0 [ 306.726382][ T5906] __blk_mq_sched_dispatch_requests+0xddb/0x1610 [ 306.726411][ T5906] ? __pfx___blk_mq_sched_dispatch_requests+0x10/0x10 [ 306.726433][ T5906] ? blk_mq_hw_queue_need_run+0x13c/0x690 [ 306.726456][ T5906] ? blk_mq_run_hw_queue+0x33e/0x520 [ 306.726475][ T5906] ? blk_mq_run_hw_queue+0x33e/0x520 [ 306.726497][ T5906] blk_mq_sched_dispatch_requests+0xda/0x1a0 [ 306.726519][ T5906] ? blk_mq_run_hw_queue+0x33e/0x520 [ 306.726539][ T5906] blk_mq_run_hw_queue+0x368/0x520 [ 306.726559][ T5906] blk_mq_dispatch_list+0xd1f/0xe20 [ 306.726580][ T5906] ? bdev_count_inflight+0x1cf/0x210 [ 306.726595][ T5906] ? blk_mq_dispatch_list+0x190/0xe20 [ 306.726618][ T5906] ? __pfx_blk_mq_dispatch_list+0x10/0x10 [ 306.726641][ T5906] ? rcu_is_watching+0x15/0xb0 [ 306.726656][ T5906] blk_mq_flush_plug_list+0x48d/0x570 [ 306.726678][ T5906] ? blk_add_rq_to_plug+0x300/0x450 [ 306.726699][ T5906] ? blk_mq_submit_bio+0x1b66/0x29d0 [ 306.726725][ T5906] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 306.726750][ T5906] __blk_flush_plug+0x3ed/0x4d0 [ 306.726772][ T5906] ? __pfx___blk_flush_plug+0x10/0x10 [ 306.726792][ T5906] ? blkg_get+0x20/0x1d0 [ 306.726816][ T5906] __submit_bio+0x28d/0x580 [ 306.726839][ T5906] ? __pfx___submit_bio+0x10/0x10 [ 306.726862][ T5906] ? bio_associate_blkg+0x6d/0x230 [ 306.726886][ T5906] submit_bio_noacct_nocheck+0x2f4/0xa40 [ 306.726909][ T5906] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 306.726937][ T5906] block_read_full_folio+0x7b7/0x830 [ 306.726962][ T5906] ? __pfx_blkdev_get_block+0x10/0x10 [ 306.726977][ T5906] filemap_read_folio+0x137/0x3b0 [ 306.726998][ T5906] ? __pfx_blkdev_read_folio+0x10/0x10 [ 306.727020][ T5906] ? __pfx_filemap_read_folio+0x10/0x10 [ 306.727041][ T5906] ? filemap_add_folio+0x3d9/0x610 [ 306.727061][ T5906] do_read_cache_folio+0x2bf/0x560 [ 306.727083][ T5906] ? __pfx_blkdev_read_folio+0x10/0x10 [ 306.727107][ T5906] read_part_sector+0xb8/0x2b0 [ 306.727128][ T5906] adfspart_check_ICS+0xb1/0x960 [ 306.727149][ T5906] ? seq_buf_printf+0x212/0x2d0 [ 306.727169][ T5906] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 306.727189][ T5906] ? __pfx_adfspart_check_ICS+0x10/0x10 [ 306.727215][ T5906] bdev_disk_changed+0x817/0x1770 [ 306.727243][ T5906] ? __pfx_bdev_disk_changed+0x10/0x10 [ 306.727265][ T5906] ? blkdev_get_whole+0xe5/0x480 [ 306.727286][ T5906] blkdev_get_whole+0x2e5/0x480 [ 306.727309][ T5906] bdev_open+0x31e/0xcc0 [ 306.727333][ T5906] blkdev_open+0x485/0x620 [ 306.727348][ T5906] ? __pfx_blkdev_open+0x10/0x10 [ 306.727361][ T5906] do_dentry_open+0x83d/0x13e0 [ 306.727379][ T5906] vfs_open+0x3b/0x350 [ 306.727390][ T5906] ? path_openat+0x2e2b/0x38a0 [ 306.727409][ T5906] path_openat+0x2e43/0x38a0 [ 306.727439][ T5906] ? __pfx_path_openat+0x10/0x10 [ 306.727458][ T5906] ? kasan_save_track+0x4f/0x80 [ 306.727473][ T5906] ? kasan_save_track+0x3e/0x80 [ 306.727488][ T5906] ? __kasan_slab_alloc+0x6c/0x80 [ 306.727504][ T5906] ? kmem_cache_alloc_noprof+0x33b/0x680 [ 306.727524][ T5906] ? do_raw_spin_lock+0x12b/0x2f0 [ 306.727546][ T5906] do_file_open+0x23e/0x4a0 [ 306.727563][ T5906] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 306.727584][ T5906] ? __pfx_do_file_open+0x10/0x10 [ 306.727601][ T5906] ? rt_mutex_slowunlock+0x4a7/0x8b0 [ 306.727624][ T5906] ? alloc_fd+0x64e/0x6c0 [ 306.727641][ T5906] do_sys_openat2+0x113/0x200 [ 306.727655][ T5906] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 306.727675][ T5906] ? __pfx_do_sys_openat2+0x10/0x10 [ 306.727692][ T5906] ? rcu_is_watching+0x15/0xb0 [ 306.727713][ T5906] __x64_sys_openat+0x138/0x170 [ 306.727729][ T5906] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.727744][ T5906] do_syscall_64+0x15f/0xf80 [ 306.727763][ T5906] ? clear_bhb_loop+0x40/0x90 [ 306.727781][ T5906] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 306.727795][ T5906] RIP: 0033:0x7f8f25458407 [ 306.727809][ T5906] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 306.727822][ T5906] RSP: 002b:00007ffc6a9ffe60 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 306.727837][ T5906] RAX: ffffffffffffffda RBX: 00007f8f2536a880 RCX: 00007f8f25458407 [ 306.727849][ T5906] RDX: 00000000000a0800 RSI: 000055a6c9f17430 RDI: ffffffffffffff9c [ 306.727859][ T5906] RBP: 000055a6c9f16910 R08: 0000000000000000 R09: 0000000000000000 [ 306.727869][ T5906] R10: 0000000000000000 R11: 0000000000000202 R12: 000055a6c9f2ee00 [ 306.727879][ T5906] R13: 000055a6c9f24190 R14: 0000000000000000 R15: 000055a6c9f2ee00 [ 306.727896][ T5906] [ 306.739581][ T5722] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 306.757218][ T5906] block nbd1: Dead connection, failed to find a fallback [ 306.757251][ T5906] block nbd1: shutting down sockets [ 306.757265][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.757290][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.757431][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.757452][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.757544][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.757564][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.757651][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.757672][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.757759][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.757779][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.757881][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.757901][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.758007][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.758027][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.758115][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.758135][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.761472][ T5906] ldm_validate_partition_table(): Disk read failed. [ 306.761550][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.761573][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.761672][ T5906] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 306.761692][ T5906] Buffer I/O error on dev nbd1, logical block 0, async page read [ 306.767959][ T5906] Dev nbd1: unable to read RDB block 0 [ 306.768454][ T5906] nbd1: unable to read partition table [ 306.783979][ T5906] ldm_validate_partition_table(): Disk read failed. [ 306.784294][ T5906] Dev nbd1: unable to read RDB block 0 [ 306.796861][ T5906] nbd1: unable to read partition table [ 307.779976][ T821] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 308.179511][ T5731] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 308.820325][ T821] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 309.859552][ T32] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 310.899373][ T821] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 311.220478][ T5624] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 311.299460][ T5624] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 311.942143][ T821] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 312.979651][ T32] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 314.019466][ T821] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 314.259565][ T5624] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 315.060759][ T821] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 316.099352][ T5722] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog