last executing test programs: 1.087207423s ago: executing program 2 (id=2813): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000006c0)=@newlink={0x2c, 0x10, 0x801, 0xfffffffd, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x102, 0x20000}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004071}, 0x0) 992.98979ms ago: executing program 3 (id=2814): r0 = openat$vicodec1(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) ioctl$VIDIOC_ENUM_FMT(r0, 0xc0585611, &(0x7f0000000200)={0x0, 0x3, 0x1, "6e145c0ef63b736608314ceb833d278f8739057c56b9f38df459aa6db8a9f4d6", 0x5a563e5b}) 989.928001ms ago: executing program 1 (id=2815): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$RDS_GET_MR(r0, 0x114, 0x2, &(0x7f0000000580)={{0x0}, 0x0, 0x4}, 0x20) 802.694256ms ago: executing program 0 (id=2817): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0xf6, &(0x7f0000000000), &(0x7f0000000280)=0x4) 802.509476ms ago: executing program 2 (id=2818): r0 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$sock_int(r0, 0x1, 0x4a, 0x0, &(0x7f0000000180)) 802.070596ms ago: executing program 3 (id=2819): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x73, &(0x7f0000002900)={0x0, 0x4, 0x20, 0xfff, 0x5}, &(0x7f0000002940)=0x18) 774.129388ms ago: executing program 1 (id=2820): r0 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCINQ(r0, 0x541b, &(0x7f00000005c0)) 674.422716ms ago: executing program 0 (id=2821): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCSETA(r0, 0x560a, &(0x7f0000001040)={0x0, 0x3, 0x4, 0x20, 0x0, "0000e5ff0100"}) 673.855366ms ago: executing program 3 (id=2822): r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x141000) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r0, 0xc1105511, &(0x7f0000000140)={0xa, 0x0, 0x1, 0x0, 'syz0\x00'}) 606.285201ms ago: executing program 2 (id=2823): r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='map_files\x00') getdents(r0, 0xfffffffffffffffd, 0x3b) 548.348226ms ago: executing program 1 (id=2824): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syncfs(0xffffffffffffffff) 532.959827ms ago: executing program 3 (id=2825): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0x2, 0x0, 0xfffffed4, 0x1}}, 0x20) 513.665829ms ago: executing program 0 (id=2826): r0 = socket(0x1e, 0x4, 0x0) setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4) 462.703193ms ago: executing program 2 (id=2827): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETCHAIN(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, 0x4, 0xa, 0x301, 0x0, 0x0, {0x2, 0x0, 0x6}}, 0x14}, 0x1, 0x0, 0x0, 0x4000010}, 0x840) 357.364591ms ago: executing program 1 (id=2828): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x18, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000000b7030000000001028500000083000000bc090000000000005509010000001e009500000000000000bf91000000000000b7020000000000008500000000000000b7000000000000009500000000000000"], &(0x7f0000000200)='syzkaller\x00', 0x6, 0xb, &(0x7f0000001e40)=""/4099}, 0x90) 356.758941ms ago: executing program 0 (id=2829): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='auxv\x00') preadv(r0, &(0x7f00000005c0)=[{&(0x7f0000000300)=""/110, 0x6e}], 0x1, 0x0, 0x0) 345.339962ms ago: executing program 3 (id=2830): r0 = syz_open_procfs(0x0, &(0x7f0000019100)='net/fib_trie\x00') pread64(r0, &(0x7f0000000080)=""/102356, 0x18fd4, 0x1c) 222.471452ms ago: executing program 2 (id=2831): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f00000014c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="020d00001000000000000000000000000800120002000200000000080000000010003200ffff0000000000000000000010002b00000000000000000000000000fc020000000000000000000000000000030005000000000002000000ac1414aa0000000000000000030006000000000002"], 0x80}}, 0x0) 209.013213ms ago: executing program 1 (id=2832): r0 = syz_io_uring_setup(0x7ac6, &(0x7f0000000000)={0x0, 0x7071, 0x800, 0x1, 0x12c}, &(0x7f00000003c0), &(0x7f00000000c0)) io_uring_register$IORING_REGISTER_IOWQ_AFF(r0, 0x11, 0xfffffffffffffffe, 0x3c) 208.407053ms ago: executing program 0 (id=2840): r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x0, 0x0) ioctl$VIDIOC_ENUMSTD(r0, 0xc0485619, &(0x7f0000000140)={0x5f4fd380, 0x80000, "8ed33c3b53996828dd226ddb9a7657c5191a23d4f9096811", {0x10000, 0x5}, 0x6}) 194.130765ms ago: executing program 3 (id=2833): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10}, [@call={0x85, 0x0, 0x0, 0x20}, @printk={@lli, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x40}, {0x85, 0x0, 0x0, 0x17}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r0, 0x0, 0xe, 0x0, &(0x7f0000000100)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 81.695383ms ago: executing program 0 (id=2834): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=@allocspi={0x118, 0x16, 0x1, 0x70bd28, 0x25dfdbfb, {{{@in6=@local, @in=@multicast2, 0x4e23, 0xf, 0x4e23, 0xe, 0x2, 0xa0, 0x0, 0x5e}, {@in6=@private0={0xfc, 0x0, '\x00', 0x1}, 0x4d6, 0x6c}, @in=@private=0xa0100fc, {0x8, 0x100, 0x5, 0x7, 0x1000, 0x1, 0x0, 0x10000}, {0x2, 0x9, 0x3, 0x195d}, {0x9, 0x6, 0x81}, 0x70bd25, 0x3501, 0xa, 0x1, 0xda, 0xec}, 0x3, 0x32b}, [@srcaddr={0x14, 0xd, @in=@remote}, @lastused={0xc, 0xf, 0xaa1}]}, 0x118}, 0x1, 0x0, 0x0, 0x8000}, 0x24000014) 18.530969ms ago: executing program 2 (id=2835): r0 = socket$rxrpc(0x21, 0x2, 0xa) setsockopt$RXRPC_MIN_SECURITY_LEVEL(r0, 0x110, 0x4, &(0x7f0000000180)=0x4, 0x4) 0s ago: executing program 1 (id=2836): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000680)=@newsa={0x170, 0x1a, 0x633, 0x0, 0x0, {{@in=@private=0xa010101, @in=@broadcast, 0x0, 0x4000, 0x4e24, 0x8001, 0x0, 0x20}, {@in=@dev, 0x0, 0x32}, @in6=@mcast1, {0x323, 0x0, 0x0, 0x0, 0x4000}, {}, {}, 0x70bd29, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @encap={0x1c, 0x20, {0x0, 0x4e22, 0x0, @in=@remote}}, @encap={0x1c, 0x4, {0x2, 0x4e21}}]}, 0x170}}, 0x0) kernel console output (not intermixed with test programs): sector size (1024) and media sector size (512). [ 144.353590][ T8427] ntfs3: loop0: ino=1e, "file1" ntfs_sync_inode failed, -22. [ 144.363969][ T8427] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 144.492869][ T2947] ntfs3: loop0: ino=1e, ntfs3_write_inode failed, -22. [ 144.856593][ T8444] process 'syz.2.1140' launched './file0' with NULL argv: empty string added [ 144.957429][ T8447] loop0: detected capacity change from 0 to 256 [ 145.065387][ T8447] FAT-fs (loop0): Directory bread(block 64) failed [ 145.086492][ T8447] FAT-fs (loop0): Directory bread(block 65) failed [ 145.114826][ T8447] FAT-fs (loop0): Directory bread(block 66) failed [ 145.121406][ T8447] FAT-fs (loop0): Directory bread(block 67) failed [ 145.156556][ T8449] loop3: detected capacity change from 0 to 4096 [ 145.173441][ T8447] FAT-fs (loop0): Directory bread(block 68) failed [ 145.198329][ T8447] FAT-fs (loop0): Directory bread(block 69) failed [ 145.224577][ T8447] FAT-fs (loop0): Directory bread(block 70) failed [ 145.253043][ T8447] FAT-fs (loop0): Directory bread(block 71) failed [ 145.271586][ T8449] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 145.280211][ T8447] FAT-fs (loop0): Directory bread(block 72) failed [ 145.301201][ T8447] FAT-fs (loop0): Directory bread(block 73) failed [ 145.346643][ T8449] ntfs3: loop3: Failed to load $Extend (-22). [ 145.358903][ T8449] ntfs3: loop3: Failed to initialize $Extend. [ 145.400882][ T8423] loop1: detected capacity change from 0 to 65536 [ 145.520360][ T8423] XFS (loop1): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 145.649593][ T8423] XFS (loop1): Ending clean mount [ 145.841512][ T5782] XFS (loop1): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 145.938230][ T8469] bond1: entered allmulticast mode [ 146.527075][ T8494] netlink: 'syz.1.1150': attribute type 1 has an invalid length. [ 146.548089][ T8494] netlink: 146340 bytes leftover after parsing attributes in process `syz.1.1150'. [ 146.793377][ T28] audit: type=1326 audit(1756461186.385:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8503 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 146.848161][ T28] audit: type=1326 audit(1756461186.385:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8503 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 146.882698][ T28] audit: type=1326 audit(1756461186.435:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8503 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 146.906199][ T8506] netlink: 'syz.0.1166': attribute type 10 has an invalid length. [ 146.944383][ T28] audit: type=1326 audit(1756461186.435:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8503 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 146.979078][ T8506] bond0: (slave geneve1): Enslaving as an active interface with an up link [ 147.004399][ T28] audit: type=1326 audit(1756461186.455:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8503 comm="syz.3.1165" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 147.382817][ T8528] netlink: 'syz.1.1177': attribute type 13 has an invalid length. [ 147.495613][ T28] audit: type=1326 audit(1756461187.095:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8531 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 147.556676][ T28] audit: type=1326 audit(1756461187.095:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8531 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 147.598716][ T28] audit: type=1326 audit(1756461187.115:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8531 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=104 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 147.663749][ T28] audit: type=1326 audit(1756461187.115:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8531 comm="syz.1.1180" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 147.732531][ T8542] netlink: 'syz.3.1184': attribute type 12 has an invalid length. [ 147.924570][ T8550] netlink: 'syz.2.1189': attribute type 5 has an invalid length. [ 148.217866][ T8565] loop1: detected capacity change from 0 to 164 [ 148.271009][ T8565] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 148.446873][ T8573] loop0: detected capacity change from 0 to 1764 [ 149.144502][ T5844] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 149.246411][ T8609] loop1: detected capacity change from 0 to 256 [ 149.334496][ T5844] usb 3-1: Using ep0 maxpacket: 16 [ 149.356597][ T5844] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 149.388822][ T5844] usb 3-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 149.415640][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.447504][ T5844] usb 3-1: Product: syz [ 149.451814][ T5844] usb 3-1: Manufacturer: syz [ 149.457223][ T8615] syz.3.1219 uses obsolete (PF_INET,SOCK_PACKET) [ 149.475020][ T5844] usb 3-1: SerialNumber: syz [ 149.499057][ T5844] usb 3-1: config 0 descriptor?? [ 149.514182][ T5844] hub 3-1:0.0: bad descriptor, ignoring hub [ 149.527316][ T5844] hub: probe of 3-1:0.0 failed with error -5 [ 149.566041][ T5844] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input8 [ 150.084888][ T8638] loop3: detected capacity change from 0 to 512 [ 150.102138][ T8640] netlink: 'syz.1.1232': attribute type 9 has an invalid length. [ 150.132017][ T8642] loop0: detected capacity change from 0 to 256 [ 150.147295][ T8638] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 150.190649][ T8638] ext4 filesystem being mounted at /325/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 150.381313][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 151.058691][ T8676] loop2: detected capacity change from 0 to 164 [ 151.130276][ T8676] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 151.263158][ T8686] netlink: set zone limit has 4 unknown bytes [ 151.441999][ T8693] syz.1.1256 (8693): drop_caches: 0 [ 151.474187][ T8694] loop3: detected capacity change from 0 to 256 [ 151.937689][ T8712] netlink: 460 bytes leftover after parsing attributes in process `syz.2.1265'. [ 151.942763][ T8714] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1266'. [ 151.956377][ T8714] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1266'. [ 152.407414][ T8726] loop1: detected capacity change from 0 to 4096 [ 152.431896][ T8726] ntfs3: loop1: Different NTFS sector size (2048) and media sector size (512). [ 152.449860][ T8735] loop0: detected capacity change from 0 to 128 [ 152.541841][ T8726] ntfs3: loop1: Failed to initialize $Extend/$ObjId. [ 152.789841][ T8739] loop2: detected capacity change from 0 to 4096 [ 152.830035][ T8739] ntfs3: loop2: Different NTFS sector size (1024) and media sector size (512). [ 152.834004][ T8744] loop3: detected capacity change from 0 to 164 [ 152.902294][ T8744] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 153.372289][ T8758] loop2: detected capacity change from 0 to 512 [ 153.438131][ T8758] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 153.477350][ T8758] ext4 filesystem being mounted at /314/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 153.653630][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.025406][ T8786] loop1: detected capacity change from 0 to 1764 [ 154.208447][ T8792] loop1: detected capacity change from 0 to 512 [ 154.243758][ T8792] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 154.263360][ T8798] JFS: discard option not supported on device [ 154.270945][ T5784] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 154.283947][ T8792] ext4 filesystem being mounted at /312/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 154.313941][ T8798] Mount JFS Failure: -22 [ 154.336048][ T8798] jfs_mount failed w/return code = -22 [ 154.353657][ T9] usb 3-1: USB disconnect, device number 6 [ 154.505819][ T5784] usb 1-1: Using ep0 maxpacket: 16 [ 154.524422][ T5784] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 154.552363][ T5784] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 154.571563][ T5784] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.601530][ T5784] usb 1-1: Product: syz [ 154.606059][ T5782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 154.606674][ T5784] usb 1-1: Manufacturer: syz [ 154.629452][ T5784] usb 1-1: SerialNumber: syz [ 154.631998][ T8809] netlink: 9 bytes leftover after parsing attributes in process `syz.2.1320'. [ 154.644753][ T8809] 0·: renamed from hsr0 (while UP) [ 154.645602][ T5784] usb 1-1: config 0 descriptor?? [ 154.658483][ T8809] 0·: entered allmulticast mode [ 154.664054][ T8809] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 154.674073][ T5784] hub 1-1:0.0: bad descriptor, ignoring hub [ 154.724400][ T5784] hub: probe of 1-1:0.0 failed with error -5 [ 154.733302][ T5784] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9 [ 154.868998][ T8815] netlink: 460 bytes leftover after parsing attributes in process `syz.1.1312'. [ 154.879526][ T8816] loop2: detected capacity change from 0 to 128 [ 155.394006][ T8831] loop3: detected capacity change from 0 to 4096 [ 155.419996][ T8831] __ntfs_error: 1 callbacks suppressed [ 155.420009][ T8831] ntfs: (device loop3): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 155.447740][ T8831] ntfs: (device loop3): ntfs_read_locked_inode(): $DATA attribute is missing. [ 155.471836][ T8831] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 155.504549][ T8831] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 155.558065][ T8831] ntfs: volume version 3.1. [ 155.580604][ T8831] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 155.611226][ T8831] ntfs: (device loop3): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 155.630027][ T8831] ntfs: (device loop3): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 155.663217][ T8831] ntfs: (device loop3): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is missing. [ 155.673425][ T8831] ntfs: (device loop3): ntfs_read_locked_index_inode(): Failed with error code -2 while reading index inode (mft_no 0x0, name_len 2. [ 155.687866][ T8831] ntfs: (device loop3): load_and_init_quota(): Failed to load $Quota/$Q index. [ 155.699067][ T8843] loop1: detected capacity change from 0 to 64 [ 156.190746][ T8859] loop0: detected capacity change from 0 to 512 [ 156.263174][ T8859] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 156.349652][ T8859] ext4 filesystem being mounted at /330/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 156.621827][ T5780] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 156.771806][ T8881] netlink: 9 bytes leftover after parsing attributes in process `syz.1.1346'. [ 156.810997][ T8881] 0·: renamed from hsr0 (while UP) [ 156.827850][ T8881] 0·: entered allmulticast mode [ 156.833293][ T8881] A link change request failed with some changes committed already. Interface 70· may have been left with an inconsistent configuration, please check. [ 156.873829][ T8879] loop3: detected capacity change from 0 to 4096 [ 156.918976][ T8879] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512). [ 157.330974][ T8893] loop0: detected capacity change from 0 to 512 [ 157.381507][ T8893] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 157.411568][ T8893] ext4 filesystem being mounted at /334/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 157.522588][ T8869] loop2: detected capacity change from 0 to 40427 [ 157.554739][ T8869] F2FS-fs (loop2): Wrong secs_per_zone / total_sections (4285726721, 24) [ 157.566377][ T8869] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 157.575163][ T8869] F2FS-fs (loop2): heap/no_heap options were deprecated [ 157.585369][ T8869] F2FS-fs (loop2): invalid crc value [ 157.605404][ T8869] F2FS-fs (loop2): Found nat_bits in checkpoint [ 157.651359][ T5780] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 157.798362][ T8869] F2FS-fs (loop2): Try to recover 1th superblock, ret: -30 [ 157.836711][ T8869] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 157.917152][ T8906] netlink: 'syz.0.1354': attribute type 13 has an invalid length. [ 158.316700][ T8919] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1365'. [ 158.462498][ T8924] netlink: 'syz.0.1367': attribute type 21 has an invalid length. [ 158.480926][ T8924] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1367'. [ 158.666970][ T8934] loop2: detected capacity change from 0 to 64 [ 159.057455][ T8950] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1378'. [ 159.291938][ T8962] loop0: detected capacity change from 0 to 64 [ 159.424390][ T5844] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 159.534512][ T786] usb 1-1: USB disconnect, device number 7 [ 159.614387][ T5844] usb 2-1: Using ep0 maxpacket: 16 [ 159.621849][ T5844] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 159.647547][ T5844] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 159.658338][ T5844] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.678745][ T5844] usb 2-1: Product: syz [ 159.683002][ T5844] usb 2-1: Manufacturer: syz [ 159.691677][ T5844] usb 2-1: SerialNumber: syz [ 159.735086][ T5844] usb 2-1: config 0 descriptor?? [ 159.753307][ T5844] hub 2-1:0.0: bad descriptor, ignoring hub [ 159.784967][ T5844] hub: probe of 2-1:0.0 failed with error -5 [ 159.793953][ T5844] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input10 [ 160.365870][ T786] usb 2-1: USB disconnect, device number 6 [ 160.448549][ T8993] netlink: 'syz.3.1400': attribute type 1 has an invalid length. [ 160.463652][ T8993] netlink: 146340 bytes leftover after parsing attributes in process `syz.3.1400'. [ 160.567603][ T8995] loop2: detected capacity change from 0 to 4096 [ 160.585611][ T8995] __ntfs_error: 10 callbacks suppressed [ 160.585626][ T8995] ntfs: (device loop2): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 160.618904][ T8995] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 160.640977][ T8995] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 160.694919][ T8995] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 160.729172][ T8995] ntfs: volume version 3.1. [ 160.737451][ T8995] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 160.773277][ T8995] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 160.807029][ T8995] ntfs: (device loop2): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 160.854707][ T8995] ntfs: (device loop2): ntfs_read_locked_index_inode(): $INDEX_ROOT attribute is missing. [ 160.872905][ T8995] ntfs: (device loop2): ntfs_read_locked_index_inode(): Failed with error code -2 while reading index inode (mft_no 0x0, name_len 2. [ 160.923899][ T8995] ntfs: (device loop2): load_and_init_quota(): Failed to load $Quota/$Q index. [ 161.431951][ T9017] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1411'. [ 161.443297][ T9017] netlink: 'syz.2.1411': attribute type 1 has an invalid length. [ 161.549498][ T9021] loop2: detected capacity change from 0 to 256 [ 161.562907][ T8989] loop0: detected capacity change from 0 to 65536 [ 161.602534][ T9021] FAT-fs (loop2): Directory bread(block 64) failed [ 161.630979][ T9021] FAT-fs (loop2): Directory bread(block 65) failed [ 161.639576][ T9021] FAT-fs (loop2): Directory bread(block 66) failed [ 161.645205][ T8989] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 161.646281][ T9021] FAT-fs (loop2): Directory bread(block 67) failed [ 161.661466][ T9021] FAT-fs (loop2): Directory bread(block 68) failed [ 161.672981][ T9021] FAT-fs (loop2): Directory bread(block 69) failed [ 161.679678][ T9021] FAT-fs (loop2): Directory bread(block 70) failed [ 161.686227][ T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 161.694162][ T9021] FAT-fs (loop2): Directory bread(block 71) failed [ 161.701215][ T9021] FAT-fs (loop2): Directory bread(block 72) failed [ 161.708582][ T9021] FAT-fs (loop2): Directory bread(block 73) failed [ 161.789565][ T8989] XFS (loop0): Ending clean mount [ 161.875100][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 161.911180][ T8] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 161.929092][ T8] usb 4-1: config 179 has no interface number 0 [ 161.953505][ T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 161.994210][ T5780] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 162.014018][ T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 162.054091][ T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 162.094934][ T8] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 162.146019][ T8] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 162.194699][ T8] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 162.224423][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.286070][ T9015] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 162.925809][ T9061] loop0: detected capacity change from 0 to 16 [ 163.011981][ T9061] erofs: (device loop0): mounted with root inode @ nid 36. [ 163.038287][ T5827] usb 4-1: USB disconnect, device number 5 [ 163.038342][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 163.053639][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 163.677857][ T9087] program syz.1.1437 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 163.823116][ T9092] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1439'. [ 164.094897][ T9065] DRBG: could not allocate digest TFM handle: hmac(sha512) [ 164.710790][ T9135] hsr0: VLAN not yet supported [ 164.730752][ T9136] overlayfs: disabling nfs_export due to verity=on [ 164.785504][ T9136] overlayfs: conflicting options: userxattr,redirect_dir=on [ 165.118069][ T9153] loop2: detected capacity change from 0 to 512 [ 165.194599][ T9153] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 165.202955][ T9153] EXT4-fs (loop2): orphan cleanup on readonly fs [ 165.245811][ T9153] EXT4-fs warning (device loop2): ext4_enable_quotas:7175: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 165.318803][ T9153] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 165.328513][ T9153] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #13: comm syz.2.1467: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 0(0) [ 165.359600][ T9153] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.1467: couldn't read orphan inode 13 (err -117) [ 165.409979][ T9153] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 165.574766][ T9153] EXT4-fs (loop2): warning: mounting fs with errors, running e2fsck is recommended [ 165.607351][ T9153] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=8856c01c, mo2=0002] [ 165.657845][ T9153] EXT4-fs warning (device loop2): ext4_enable_quotas:7175: Failed to enable quota tracking (type=2, err=-22, ino=15). Please run e2fsck to fix. [ 165.811090][ T9181] loop1: detected capacity change from 0 to 2048 [ 165.843052][ T9181] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 165.871006][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 165.916679][ T9186] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 166.041937][ T9190] netlink: 'syz.2.1482': attribute type 1 has an invalid length. [ 166.294122][ T9195] loop0: detected capacity change from 0 to 4096 [ 166.332601][ T9195] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 166.491872][ T9207] tmpfs: Bad value for 'usrquota_block_hardlimit' [ 166.894659][ T9219] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 166.935828][ T9219] batadv_slave_0: entered promiscuous mode [ 166.941710][ T9219] batadv_slave_0: entered allmulticast mode [ 167.005530][ T9219] netlink: 'syz.3.1498': attribute type 8 has an invalid length. [ 167.163351][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1504'. [ 167.252621][ T9236] loop3: detected capacity change from 0 to 512 [ 167.351482][ T9236] EXT4-fs (loop3): Cannot turn on journaled quota: type 1: error -13 [ 167.387002][ T9236] EXT4-fs error (device loop3): ext4_orphan_get:1399: inode #13: comm syz.3.1505: iget: bad i_size value: 12154757448730 [ 167.404183][ T9244] loop0: detected capacity change from 0 to 256 [ 167.411039][ T9236] EXT4-fs error (device loop3): ext4_orphan_get:1404: comm syz.3.1505: couldn't read orphan inode 13 (err -117) [ 167.484544][ T9236] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 167.531339][ T9244] FAT-fs (loop0): Directory bread(block 64) failed [ 167.553026][ T9244] FAT-fs (loop0): Directory bread(block 65) failed [ 167.565455][ T9236] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000. [ 167.592625][ T9244] FAT-fs (loop0): Directory bread(block 66) failed [ 167.624178][ T9244] FAT-fs (loop0): Directory bread(block 67) failed [ 167.659936][ T9244] FAT-fs (loop0): Directory bread(block 68) failed [ 167.693233][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.703919][ T9244] FAT-fs (loop0): Directory bread(block 69) failed [ 167.720366][ T9244] FAT-fs (loop0): Directory bread(block 70) failed [ 167.727411][ T9244] FAT-fs (loop0): Directory bread(block 71) failed [ 167.734242][ T9244] FAT-fs (loop0): Directory bread(block 72) failed [ 167.748006][ T9244] FAT-fs (loop0): Directory bread(block 73) failed [ 168.378384][ T9276] loop2: detected capacity change from 0 to 2048 [ 168.419174][ T9276] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 168.502963][ T9286] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 168.675912][ T9290] netlink: 'syz.3.1529': attribute type 21 has an invalid length. [ 168.683776][ T9290] netlink: 128 bytes leftover after parsing attributes in process `syz.3.1529'. [ 168.725236][ T9290] netlink: 'syz.3.1529': attribute type 4 has an invalid length. [ 168.733008][ T9290] netlink: 3 bytes leftover after parsing attributes in process `syz.3.1529'. [ 168.769177][ T9292] (unnamed net_device) (uninitialized): option all_slaves_active: invalid value (6) [ 169.465295][ T9316] loop2: detected capacity change from 0 to 4096 [ 169.511828][ T9316] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 169.615962][ T9316] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 169.640518][ T9316] ntfs3: loop2: Failed to initialize $Extend/$Reparse. [ 169.727764][ T9316] ntfs3: loop2: ino=5, "/" directory corrupted [ 169.810248][ T42] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 169.828312][ T5779] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 169.852565][ T5779] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 169.882594][ T5779] ntfs3: loop2: ino=3, ntfs_set_state failed, -22. [ 169.902634][ T2947] ntfs3: loop2: ino=3, ntfs3_write_inode failed, -22. [ 170.492891][ T9358] x_tables: ip_tables: socket match: used from hooks POSTROUTING, but only valid from PREROUTING/INPUT [ 170.549553][ T9330] loop3: detected capacity change from 0 to 32768 [ 170.593384][ T9330] XFS (loop3): DAX unsupported by block device. Turning off DAX. [ 170.642854][ T9330] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 170.729782][ T9330] XFS (loop3): Ending clean mount [ 170.782374][ T9375] loop1: detected capacity change from 0 to 2048 [ 170.811616][ T9375] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0 [ 170.824797][ T9330] XFS (loop3): Quotacheck needed: Please wait. [ 170.865423][ T9375] UDF-fs: warning (device loop1): udf_load_vrs: No anchor found [ 170.880176][ T9375] UDF-fs: Scanning with blocksize 512 failed [ 170.969420][ T9375] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 170.985911][ T9330] XFS (loop3): Quotacheck: Done. [ 171.231352][ T5781] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb [ 171.335685][ T9389] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1574'. [ 171.628721][ T9395] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1580'. [ 171.842017][ T9405] netlink: 'syz.0.1582': attribute type 32 has an invalid length. [ 171.946569][ T9412] comedi comedi1: pcl726: I/O port conflict (0x3,16) [ 172.033136][ T9416] vlan0: entered promiscuous mode [ 172.525279][ T786] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 172.726044][ T786] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 172.744678][ T786] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 172.775924][ T786] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 172.788416][ T786] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 172.810588][ T786] usb 1-1: SerialNumber: syz [ 172.833600][ T786] usb 1-1: bad CDC descriptors [ 172.896905][ T9450] loop3: detected capacity change from 0 to 4096 [ 172.927530][ T9450] NILFS (loop3): invalid segment: Checksum error in segment payload [ 172.936276][ T9450] NILFS (loop3): trying rollback from an earlier position [ 172.978206][ T9454] loop2: detected capacity change from 0 to 1024 [ 173.011920][ T9454] EXT4-fs: Ignoring removed bh option [ 173.017591][ T9450] NILFS (loop3): recovery complete [ 173.089406][ T9454] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 173.131838][ T9454] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 173.138881][ T8] usb 1-1: USB disconnect, device number 8 [ 173.528240][ T9470] loop3: detected capacity change from 0 to 4096 [ 173.544145][ T9470] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 173.589391][ T9470] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 173.619797][ T9470] ntfs3: loop3: Failed to initialize $Extend/$Reparse. [ 173.689153][ T9470] ntfs3: loop3: ino=5, "/" directory corrupted [ 173.824559][ T2947] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -22. [ 173.831578][ T5781] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 173.846119][ T5781] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 173.876129][ T5781] ntfs3: loop3: ino=3, ntfs_set_state failed, -22. [ 173.885149][ T9482] loop1: detected capacity change from 0 to 16 [ 173.894028][ T2929] ntfs3: loop3: ino=3, ntfs3_write_inode failed, -22. [ 173.915191][ T9482] erofs: (device loop1): mounted with root inode @ nid 36. [ 174.082242][ T9486] loop3: detected capacity change from 0 to 64 [ 174.101253][ T6039] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 174.316820][ T6039] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 174.333079][ T6039] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 174.376456][ T6039] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 174.394466][ T6039] usb 3-1: config 1 has no interface number 0 [ 174.407339][ T6039] usb 3-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 174.433081][ T6039] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 174.457429][ T6039] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 174.468933][ T6039] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.512051][ T6039] usb 3-1: Product: syz [ 174.529662][ T6039] usb 3-1: Manufacturer: syz [ 174.535196][ T6039] usb 3-1: SerialNumber: syz [ 174.958118][ T6039] usb 3-1: USB disconnect, device number 7 [ 175.448163][ T9542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1644'. [ 175.461477][ T9542] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1644'. [ 175.495578][ T9542] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 175.621988][ T9549] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1654'. [ 176.365349][ T9580] netlink: 'syz.1.1663': attribute type 30 has an invalid length. [ 176.432511][ T9582] loop3: detected capacity change from 0 to 1024 [ 176.665087][ T2947] hfsplus: b-tree write err: -5, ino 4 [ 176.890859][ T9569] loop2: detected capacity change from 0 to 40427 [ 176.928515][ T9569] F2FS-fs (loop2): invalid crc value [ 176.967686][ T9569] F2FS-fs (loop2): Found nat_bits in checkpoint [ 177.140257][ T9569] F2FS-fs (loop2): Start checkpoint disabled! [ 177.177796][ T9569] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6 [ 177.238726][ T9607] loop0: detected capacity change from 0 to 4096 [ 177.288513][ T9569] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix. [ 177.318185][ T9607] NILFS (loop0): invalid segment: Checksum error in segment payload [ 177.360389][ T9607] NILFS (loop0): trying rollback from an earlier position [ 177.437733][ T9607] NILFS (loop0): recovery complete [ 177.966023][ T9630] loop3: detected capacity change from 0 to 16 [ 177.994825][ T9630] erofs: (device loop3): mounted with root inode @ nid 36. [ 178.131670][ T9632] loop0: detected capacity change from 0 to 1024 [ 178.165627][ T9632] EXT4-fs: Ignoring removed bh option [ 178.171086][ T9632] EXT4-fs: inline encryption not supported [ 178.218943][ T9632] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 178.251756][ T9632] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 178.350425][ T9644] loop1: detected capacity change from 0 to 256 [ 178.392254][ T9632] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 2: comm syz.0.1688: lblock 2 mapped to illegal pblock 2 (length 1) [ 178.423467][ T9644] FAT-fs (loop1): Directory bread(block 64) failed [ 178.440032][ T9632] __quota_error: 2 callbacks suppressed [ 178.440048][ T9632] Quota error (device loop0): qtree_write_dquot: dquota write failed [ 178.444454][ T9644] FAT-fs (loop1): Directory bread(block 65) failed [ 178.451744][ T9632] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 48: comm syz.0.1688: lblock 0 mapped to illegal pblock 48 (length 1) [ 178.474539][ T9644] FAT-fs (loop1): Directory bread(block 66) failed [ 178.481275][ T9644] FAT-fs (loop1): Directory bread(block 67) failed [ 178.488858][ T9632] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 178.494539][ T9644] FAT-fs (loop1): Directory bread(block 68) failed [ 178.504193][ T9632] EXT4-fs error (device loop0): ext4_acquire_dquot:6940: comm syz.0.1688: Failed to acquire dquot type 0 [ 178.514480][ T9644] FAT-fs (loop1): Directory bread(block 69) failed [ 178.524028][ T9632] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 178.533733][ T9644] FAT-fs (loop1): Directory bread(block 70) failed [ 178.540874][ T9644] FAT-fs (loop1): Directory bread(block 71) failed [ 178.543223][ T9632] EXT4-fs error (device loop0): ext4_evict_inode:252: inode #11: comm syz.0.1688: mark_inode_dirty error [ 178.554566][ T9644] FAT-fs (loop1): Directory bread(block 72) failed [ 178.563500][ T9632] EXT4-fs warning (device loop0): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 178.574792][ T9644] FAT-fs (loop1): Directory bread(block 73) failed [ 178.580259][ T9632] EXT4-fs (loop0): 1 orphan inode deleted [ 178.593779][ T9632] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 178.607820][ T2929] EXT4-fs error (device loop0): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 178.642340][ T2929] Quota error (device loop0): remove_tree: Can't read quota data block 1 [ 178.653550][ T2929] EXT4-fs error (device loop0): ext4_release_dquot:6976: comm kworker/u4:6: Failed to release dquot type 0 [ 178.676711][ T9632] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.696042][ T9632] EXT4-fs error (device loop0): __ext4_get_inode_loc:4483: comm syz.0.1688: Invalid inode table block 1 in block_group 0 [ 178.719394][ T9632] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 178.730330][ T9632] EXT4-fs error (device loop0): ext4_quota_off:7224: inode #3: comm syz.0.1688: mark_inode_dirty error [ 178.929551][ T9636] loop2: detected capacity change from 0 to 32768 [ 178.982759][ T9636] XFS (loop2): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 179.023084][ T9650] loop1: detected capacity change from 0 to 4096 [ 179.035499][ T9650] ntfs: (device loop1): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 179.061200][ T9650] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 179.074189][ T9650] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0xa as bad. Run chkdsk. [ 179.143971][ T9636] XFS (loop2): Ending clean mount [ 179.145685][ T9650] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 179.217419][ T9650] ntfs: volume version 3.1. [ 179.234538][ T9650] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 179.254923][ T9650] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 179.284858][ T9650] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated. Mounting read-only. Run chkdsk. [ 179.492562][ T5779] XFS (loop2): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a [ 179.994103][ T9683] loop1: detected capacity change from 0 to 16 [ 180.030115][ T9683] erofs: (device loop1): mounted with root inode @ nid 36. [ 180.294544][ T5844] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 180.498925][ T5844] usb 1-1: config 0 has no interfaces? [ 180.525064][ T5844] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 180.541700][ T5844] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.565111][ T5844] usb 1-1: config 0 descriptor?? [ 180.690932][ T9702] loop1: detected capacity change from 0 to 1024 [ 180.789348][ T5783] Bluetooth: hci0: unexpected cc 0x100c length: 65 > 3 [ 180.800978][ T5844] usb 1-1: USB disconnect, device number 9 [ 180.827488][ T2947] hfsplus: b-tree write err: -5, ino 4 [ 180.933860][ T9708] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1722'. [ 180.960688][ T9672] loop3: detected capacity change from 0 to 65536 [ 181.013481][ T9672] XFS (loop3): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 181.133073][ T9672] XFS (loop3): Ending clean mount [ 181.271724][ T5781] XFS (loop3): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3 [ 181.716913][ T9738] loop0: detected capacity change from 0 to 256 [ 181.818126][ T9742] loop2: detected capacity change from 0 to 1024 [ 181.841512][ T9738] FAT-fs (loop0): Directory bread(block 64) failed [ 181.866584][ T9738] FAT-fs (loop0): Directory bread(block 65) failed [ 181.873285][ T9738] FAT-fs (loop0): Directory bread(block 66) failed [ 181.918664][ T9738] FAT-fs (loop0): Directory bread(block 67) failed [ 181.939752][ T9738] FAT-fs (loop0): Directory bread(block 68) failed [ 181.969268][ T601] hfsplus: b-tree write err: -5, ino 4 [ 181.980303][ T9738] FAT-fs (loop0): Directory bread(block 69) failed [ 181.994858][ T9738] FAT-fs (loop0): Directory bread(block 70) failed [ 182.001515][ T9738] FAT-fs (loop0): Directory bread(block 71) failed [ 182.054493][ T9738] FAT-fs (loop0): Directory bread(block 72) failed [ 182.061074][ T9738] FAT-fs (loop0): Directory bread(block 73) failed [ 182.593432][ T9768] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1747'. [ 182.620455][ T9768] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 182.904530][ T5844] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 183.122704][ T5844] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 183.132306][ T9789] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1757'. [ 183.141656][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.160376][ T5844] usb 1-1: Product: syz [ 183.165362][ T5844] usb 1-1: Manufacturer: syz [ 183.169990][ T5844] usb 1-1: SerialNumber: syz [ 183.199675][ T5844] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 183.218655][ T23] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 183.293102][ T9792] loop3: detected capacity change from 0 to 1024 [ 183.374006][ T2947] hfsplus: b-tree write err: -5, ino 4 [ 183.678545][ T5844] usb 1-1: USB disconnect, device number 10 [ 184.289402][ T23] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 184.310324][ T23] ath9k_htc: Failed to initialize the device [ 184.327501][ T5844] usb 1-1: ath9k_htc: USB layer deinitialized [ 184.363138][ T9827] loop2: detected capacity change from 0 to 1024 [ 184.405373][ T9827] EXT4-fs: Ignoring removed bh option [ 184.410957][ T9827] EXT4-fs: inline encryption not supported [ 184.443909][ T9827] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 184.502967][ T9827] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 184.543762][ T9827] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 2: comm syz.2.1776: lblock 2 mapped to illegal pblock 2 (length 1) [ 184.564861][ T9827] __quota_error: 5 callbacks suppressed [ 184.564876][ T9827] Quota error (device loop2): qtree_write_dquot: dquota write failed [ 184.614484][ T9827] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 48: comm syz.2.1776: lblock 0 mapped to illegal pblock 48 (length 1) [ 184.687911][ T9827] Quota error (device loop2): v2_write_file_info: Can't write info structure [ 184.712058][ T9827] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.1776: Failed to acquire dquot type 0 [ 184.726716][ T9827] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 184.757126][ T9827] EXT4-fs error (device loop2): ext4_evict_inode:252: inode #11: comm syz.2.1776: mark_inode_dirty error [ 184.793099][ T9827] EXT4-fs warning (device loop2): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 184.819147][ T9827] EXT4-fs (loop2): 1 orphan inode deleted [ 184.833555][ T9827] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.859542][ T2929] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:6: lblock 1 mapped to illegal pblock 1 (length 1) [ 184.883735][ T28] audit: type=1326 audit(1756461224.475:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.3.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 184.910962][ T2929] Quota error (device loop2): remove_tree: Can't read quota data block 1 [ 184.934471][ T2929] EXT4-fs error (device loop2): ext4_release_dquot:6976: comm kworker/u4:6: Failed to release dquot type 0 [ 184.948845][ T28] audit: type=1326 audit(1756461224.505:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.3.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 184.976574][ T9827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 185.031227][ T28] audit: type=1326 audit(1756461224.505:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.3.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=66 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 185.064876][ T9827] EXT4-fs error (device loop2): __ext4_get_inode_loc:4483: comm syz.2.1776: Invalid inode table block 1 in block_group 0 [ 185.086883][ T28] audit: type=1326 audit(1756461224.505:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.3.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 185.118176][ T9827] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 185.129843][ T9827] EXT4-fs error (device loop2): ext4_quota_off:7224: inode #3: comm syz.2.1776: mark_inode_dirty error [ 185.146478][ T28] audit: type=1326 audit(1756461224.505:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9854 comm="syz.3.1789" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 185.445853][ T9872] xt_CT: You must specify a L4 protocol and not use inversions on it [ 185.565001][ T23] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 185.637842][ T9882] vivid-007: disconnect [ 185.643703][ T9879] vivid-007: reconnect [ 185.672964][ T9884] loop0: detected capacity change from 0 to 64 [ 185.775631][ T23] usb 2-1: config 0 has an invalid interface number: 156 but max is 0 [ 185.783849][ T23] usb 2-1: config 0 has no interface number 0 [ 185.808353][ T23] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 185.829943][ T23] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 185.863269][ T23] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 185.890185][ T23] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice=d6.b9 [ 185.915599][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.925848][ T9892] loop3: detected capacity change from 0 to 1024 [ 185.932900][ T9892] EXT4-fs: Ignoring removed bh option [ 185.939632][ T9892] EXT4-fs: inline encryption not supported [ 185.948363][ T9892] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 185.962112][ T23] usb 2-1: config 0 descriptor?? [ 185.972939][ T23] gspca_main: spca561-2.14.0 probing abcd:cdee [ 186.014194][ T9892] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 186.050201][ T9892] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 2: comm syz.3.1806: lblock 2 mapped to illegal pblock 2 (length 1) [ 186.081963][ T9892] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 186.091618][ T9892] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 48: comm syz.3.1806: lblock 0 mapped to illegal pblock 48 (length 1) [ 186.114881][ T6039] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 186.132618][ T9892] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 186.145719][ T9892] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.1806: Failed to acquire dquot type 0 [ 186.159405][ T9892] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 186.201506][ T23] spca561: probe of 2-1:0.156 failed with error -22 [ 186.211436][ T9892] EXT4-fs error (device loop3): ext4_evict_inode:252: inode #11: comm syz.3.1806: mark_inode_dirty error [ 186.242960][ T23] usb 2-1: Quirk or no altest; falling back to MIDI 1.0 [ 186.256417][ T9892] EXT4-fs warning (device loop3): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 186.269009][ T23] usb 2-1: MIDIStreaming interface descriptor not found [ 186.287308][ T9892] EXT4-fs (loop3): 1 orphan inode deleted [ 186.294243][ T9892] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 186.315135][ T6039] usb 3-1: Using ep0 maxpacket: 8 [ 186.345819][ T42] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 186.357151][ T5795] Bluetooth: hci1: command 0x0406 tx timeout [ 186.367213][ T5102] Bluetooth: hci2: command 0x0406 tx timeout [ 186.373256][ T5102] Bluetooth: hci0: command 0x0406 tx timeout [ 186.379349][ T5794] Bluetooth: hci3: command 0x0406 tx timeout [ 186.397361][ T6039] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 186.418521][ T42] EXT4-fs error (device loop3): ext4_release_dquot:6976: comm kworker/u4:2: Failed to release dquot type 0 [ 186.419144][ T23] usb 2-1: USB disconnect, device number 7 [ 186.434358][ T6039] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.478854][ T6039] usb 3-1: config 0 has no interface number 0 [ 186.480626][ T9892] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 186.490895][ T6039] usb 3-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 186.521815][ T6039] usb 3-1: config 0 interface 52 has no altsetting 0 [ 186.529698][ T9892] EXT4-fs error (device loop3): __ext4_get_inode_loc:4483: comm syz.3.1806: Invalid inode table block 1 in block_group 0 [ 186.549635][ T9892] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 186.570364][ T6039] usb 3-1: New USB device found, idVendor=06cb, idProduct=0009, bcdDevice= 8.00 [ 186.573395][ T9892] EXT4-fs error (device loop3): ext4_quota_off:7224: inode #3: comm syz.3.1806: mark_inode_dirty error [ 186.589441][ T6039] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=184 [ 186.627396][ T6039] usb 3-1: SerialNumber: syz [ 186.640045][ T6039] usb 3-1: config 0 descriptor?? [ 186.711269][ T9910] netlink: 'syz.0.1815': attribute type 5 has an invalid length. [ 187.138206][ T9] usb 3-1: USB disconnect, device number 8 [ 187.224828][ T6039] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 187.444564][ T6039] usb 2-1: Using ep0 maxpacket: 8 [ 187.451185][ T6039] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 187.459594][ T6039] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 187.469425][ T6039] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 187.479316][ T6039] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 187.489335][ T6039] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.502390][ T6039] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 187.512268][ T6039] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.948903][ T23] usb 2-1: USB disconnect, device number 8 [ 188.546493][ T9936] QAT: failed to copy from user cfg_data. [ 188.590091][ T9937] loop1: detected capacity change from 0 to 1024 [ 188.602609][ T9937] EXT4-fs: Ignoring removed bh option [ 188.625674][ T9937] EXT4-fs: inline encryption not supported [ 188.656239][ T9937] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 188.697305][ T9937] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 188.727552][ T9937] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 2: comm syz.1.1826: lblock 2 mapped to illegal pblock 2 (length 1) [ 188.743445][ T9937] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 48: comm syz.1.1826: lblock 0 mapped to illegal pblock 48 (length 1) [ 188.765398][ T9937] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.1826: Failed to acquire dquot type 0 [ 188.784538][ T6039] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 188.792073][ T9937] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 188.813329][ T9937] EXT4-fs error (device loop1): ext4_evict_inode:252: inode #11: comm syz.1.1826: mark_inode_dirty error [ 188.827483][ T9937] EXT4-fs warning (device loop1): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 188.839849][ T9937] EXT4-fs (loop1): 1 orphan inode deleted [ 188.846994][ T9937] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 188.864077][ T42] EXT4-fs error (device loop1): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 188.880558][ T42] EXT4-fs error (device loop1): ext4_release_dquot:6976: comm kworker/u4:2: Failed to release dquot type 0 [ 188.895813][ T9937] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.899260][ T9947] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1831'. [ 188.925062][ T9937] EXT4-fs error (device loop1): __ext4_get_inode_loc:4483: comm syz.1.1826: Invalid inode table block 1 in block_group 0 [ 188.965295][ T9937] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 188.989867][ T6039] usb 4-1: config 0 has an invalid interface number: 235 but max is 0 [ 188.999062][ T9937] EXT4-fs error (device loop1): ext4_quota_off:7224: inode #3: comm syz.1.1826: mark_inode_dirty error [ 189.015096][ T6039] usb 4-1: config 0 has no interface number 0 [ 189.021246][ T6039] usb 4-1: config 0 interface 235 altsetting 16 endpoint 0x5 has invalid wMaxPacketSize 0 [ 189.040272][ T6039] usb 4-1: config 0 interface 235 has no altsetting 0 [ 189.052225][ T6039] usb 4-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18 [ 189.066258][ T6039] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.092623][ T6039] usb 4-1: Product: syz [ 189.099330][ T6039] usb 4-1: Manufacturer: syz [ 189.105440][ T6039] usb 4-1: SerialNumber: syz [ 189.148870][ T9954] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1836'. [ 189.168038][ T6039] usb 4-1: config 0 descriptor?? [ 189.192064][ T6039] keyspan 4-1:0.235: Keyspan 1 port adapter converter detected [ 189.231127][ T6039] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 87 [ 189.253856][ T6039] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 7 [ 189.288383][ T6039] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 81 [ 189.312782][ T6039] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 1 [ 189.323377][ T6039] keyspan 4-1:0.235: found no endpoint descriptor for endpoint 85 [ 189.337787][ T6039] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 189.393996][ T6039] usb 4-1: USB disconnect, device number 6 [ 189.445806][ T6039] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 189.480389][ T6039] keyspan 4-1:0.235: device disconnected [ 189.600074][ T9969] loop1: detected capacity change from 0 to 2048 [ 189.613798][ T9969] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 189.677646][ T9972] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 189.731863][ T9969] NILFS (loop1): bad btree node (ino=16, blocknr=15): level = 1, flags = 0x0, nchildren = 157 [ 189.746196][ T9969] NILFS error (device loop1): nilfs_bmap_last_key: broken bmap (inode number=16) [ 189.770772][ T9969] Remounting filesystem read-only [ 189.778653][ T9969] NILFS (loop1): error -5 truncating bmap (ino=16) [ 189.841082][ T9978] netlink: 'syz.0.1847': attribute type 21 has an invalid length. [ 189.892856][ T5782] NILFS (loop1): discard dirty page: offset=4096, ino=6 [ 189.906490][ T5782] NILFS (loop1): discard dirty block: blocknr=39, size=1024 [ 189.914051][ T5782] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 189.928391][ T5782] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 189.940509][ T5782] NILFS (loop1): discard dirty block: blocknr=18446744073709551615, size=1024 [ 189.956519][ T5782] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer [ 190.343127][ T9995] loop1: detected capacity change from 0 to 4096 [ 190.363350][ T9995] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512). [ 190.552786][T10007] loop3: detected capacity change from 0 to 1024 [ 190.592972][T10009] netlink: 'syz.1.1862': attribute type 5 has an invalid length. [ 190.604514][ T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 190.675671][T10007] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 190.747554][T10007] EXT4-fs error (device loop3): ext4_empty_dir:3166: inode #11: block 38: comm syz.3.1861: Attempting to read directory block (38) that is past i_size (39680) [ 190.819449][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 190.824388][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 190.838124][ T9] usb 1-1: config 179 has an invalid interface number: 65 but max is 0 [ 190.854329][ T9] usb 1-1: config 179 has no interface number 0 [ 190.871926][ T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 190.921954][ T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 190.954061][ T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 190.989881][ T9] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 191.014343][ T9] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 191.054431][ T9] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 191.083752][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.109048][ T9999] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 191.559157][T10039] loop1: detected capacity change from 0 to 4096 [ 191.599762][T10039] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512). [ 191.747700][T10047] loop2: detected capacity change from 0 to 164 [ 191.872375][T10039] ntfs3: loop1: failed to convert "c46c" to cp855 [ 191.908065][ T5827] usb 1-1: USB disconnect, device number 11 [ 191.908061][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 191.908199][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 192.044692][T10052] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1882'. [ 192.068218][T10052] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1882'. [ 192.114754][T10052] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1882'. [ 192.139946][T10052] netlink: 108 bytes leftover after parsing attributes in process `syz.3.1882'. [ 192.163484][T10052] netlink: 84 bytes leftover after parsing attributes in process `syz.3.1882'. [ 192.177661][T10057] netlink: 'syz.2.1885': attribute type 7 has an invalid length. [ 192.403138][T10065] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1890'. [ 193.040932][T10093] netlink: 176 bytes leftover after parsing attributes in process `syz.0.1903'. [ 193.410949][T10111] loop2: detected capacity change from 0 to 256 [ 193.674952][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 193.864715][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 193.874419][ T9] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 193.882761][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 193.909291][ T9] usb 1-1: config 0 has no interface number 0 [ 193.934536][ T9] usb 1-1: config 0 interface 52 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 193.980317][ T9] usb 1-1: config 0 interface 52 has no altsetting 0 [ 193.999163][ T9] usb 1-1: New USB device found, idVendor=06cb, idProduct=0009, bcdDevice= 8.00 [ 194.020131][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=184 [ 194.044655][ T9] usb 1-1: SerialNumber: syz [ 194.063372][ T9] usb 1-1: config 0 descriptor?? [ 194.358160][T10149] loop1: detected capacity change from 0 to 164 [ 194.523419][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.533225][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.570162][ T23] usb 1-1: USB disconnect, device number 12 [ 194.859169][T10165] loop2: detected capacity change from 0 to 4096 [ 194.874405][T10165] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 195.051712][T10165] ntfs3: loop2: failed to convert "c46c" to cp855 [ 195.075353][ T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 195.284485][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 195.293575][ T9] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 195.332381][ T9] usb 2-1: config 0 has no interface number 0 [ 195.346881][ T9] usb 2-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 195.371018][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.394314][ T9] usb 2-1: Product: syz [ 195.398525][ T9] usb 2-1: Manufacturer: syz [ 195.419468][ T9] usb 2-1: SerialNumber: syz [ 195.437012][ T9] usb 2-1: config 0 descriptor?? [ 195.449576][ T9] radio-si470x 2-1:0.35: could not find interrupt in endpoint [ 195.469978][ T9] radio-si470x: probe of 2-1:0.35 failed with error -5 [ 195.576554][T10191] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=io+mem:owns=io+mem [ 195.660682][ T9] radio-raremono 2-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 195.697568][T10193] loop3: detected capacity change from 0 to 4096 [ 195.707614][T10193] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 195.735293][ T5827] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 195.766180][T10193] ntfs3: loop3: failed to convert "c46c" to cp855 [ 195.876477][ T9] radio-raremono 2-1:0.35: raremono_cmd_main failed (-71) [ 195.900715][ T9] radio-raremono 2-1:0.35: V4L2 device registered as radio48 [ 195.925063][ T5827] usb 1-1: Using ep0 maxpacket: 8 [ 195.925234][ T9] usb 2-1: USB disconnect, device number 9 [ 195.943230][ T5827] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.956771][ T9] radio-raremono 2-1:0.35: Thanko's Raremono disconnected [ 195.964475][ T786] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 195.975141][ T5827] usb 1-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a [ 195.995813][ T5827] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.021390][T10200] loop3: detected capacity change from 0 to 1764 [ 196.022831][ T5827] usb 1-1: config 0 descriptor?? [ 196.054853][ T5827] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 196.147016][T10202] loop3: detected capacity change from 0 to 164 [ 196.184686][ T786] usb 3-1: Using ep0 maxpacket: 8 [ 196.205356][ T786] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 196.214990][ T786] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 196.225907][ T786] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 196.236384][ T786] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 196.246997][ T786] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 196.271750][ T786] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 196.293166][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.482243][T10209] netlink: 'syz.1.1960': attribute type 1 has an invalid length. [ 196.491991][ T5827] gspca_vc032x: reg_w err -71 [ 196.504617][T10209] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1960'. [ 196.506071][ T5827] vc032x: probe of 1-1:0.0 failed with error -71 [ 196.551097][ T5827] usb 1-1: USB disconnect, device number 13 [ 196.633662][ T28] kauditd_printk_skb: 4 callbacks suppressed [ 196.633674][ T28] audit: type=1326 audit(1756461236.225:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.1.1963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 196.662616][ C0] vkms_vblank_simulate: vblank timer overrun [ 196.677477][ T28] audit: type=1326 audit(1756461236.225:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.1.1963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 196.706432][ T28] audit: type=1326 audit(1756461236.245:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.1.1963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 196.728765][ C0] vkms_vblank_simulate: vblank timer overrun [ 196.741245][ T28] audit: type=1326 audit(1756461236.245:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.1.1963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 196.763673][ C0] vkms_vblank_simulate: vblank timer overrun [ 196.770314][ T28] audit: type=1326 audit(1756461236.245:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10213 comm="syz.1.1963" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 196.792661][ C0] vkms_vblank_simulate: vblank timer overrun [ 196.803999][ T5844] usb 3-1: USB disconnect, device number 9 [ 196.894408][ T786] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 197.057376][T10226] loop1: detected capacity change from 0 to 256 [ 197.078755][ T786] usb 4-1: config 0 has an invalid interface number: 156 but max is 0 [ 197.097386][ T786] usb 4-1: config 0 has no interface number 0 [ 197.108048][T10226] FAT-fs (loop1): Directory bread(block 64) failed [ 197.117688][ T786] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 197.146699][T10226] FAT-fs (loop1): Directory bread(block 65) failed [ 197.158686][ T786] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 197.163602][T10226] FAT-fs (loop1): Directory bread(block 66) failed [ 197.184794][T10226] FAT-fs (loop1): Directory bread(block 67) failed [ 197.187939][ T786] usb 4-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 197.207983][T10226] FAT-fs (loop1): Directory bread(block 68) failed [ 197.212026][T10228] loop0: detected capacity change from 0 to 1764 [ 197.216180][T10226] FAT-fs (loop1): Directory bread(block 69) failed [ 197.221043][ T786] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice=d6.b9 [ 197.228505][T10226] FAT-fs (loop1): Directory bread(block 70) failed [ 197.259262][ T786] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.264387][T10226] FAT-fs (loop1): Directory bread(block 71) failed [ 197.274719][T10226] FAT-fs (loop1): Directory bread(block 72) failed [ 197.281306][T10226] FAT-fs (loop1): Directory bread(block 73) failed [ 197.289539][ T786] usb 4-1: config 0 descriptor?? [ 197.307597][ T786] gspca_main: spca561-2.14.0 probing abcd:cdee [ 197.564722][ T786] spca561: probe of 4-1:0.156 failed with error -22 [ 197.592276][ T786] usb 4-1: Quirk or no altest; falling back to MIDI 1.0 [ 197.609663][ T786] usb 4-1: MIDIStreaming interface descriptor not found [ 197.744815][ T786] usb 4-1: USB disconnect, device number 7 [ 197.864769][T10245] loop0: detected capacity change from 0 to 164 [ 198.020119][T10247] loop2: detected capacity change from 0 to 2048 [ 198.047751][T10251] loop0: detected capacity change from 0 to 256 [ 198.107138][T10252] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 198.215941][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.316381][T10247] Remounting filesystem read-only [ 198.322825][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.333905][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.345478][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.373309][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.396146][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.440195][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.475176][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.512031][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.536537][T10247] NILFS error (device loop2): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 198.571262][ T28] audit: type=1800 audit(1756461238.155:120): pid=10247 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1980" name="file2" dev="loop2" ino=16 res=0 errno=0 [ 198.760513][T10247] syz.2.1980 (10247) used greatest stack depth: 17936 bytes left [ 198.828476][T10276] loop3: detected capacity change from 0 to 256 [ 198.926709][T10276] FAT-fs (loop3): Directory bread(block 64) failed [ 198.948121][T10276] FAT-fs (loop3): Directory bread(block 65) failed [ 198.959291][T10276] FAT-fs (loop3): Directory bread(block 66) failed [ 198.966257][T10276] FAT-fs (loop3): Directory bread(block 67) failed [ 198.972880][T10276] FAT-fs (loop3): Directory bread(block 68) failed [ 198.988925][T10276] FAT-fs (loop3): Directory bread(block 69) failed [ 198.998321][T10276] FAT-fs (loop3): Directory bread(block 70) failed [ 199.008146][T10276] FAT-fs (loop3): Directory bread(block 71) failed [ 199.017432][T10276] FAT-fs (loop3): Directory bread(block 72) failed [ 199.024049][T10276] FAT-fs (loop3): Directory bread(block 73) failed [ 199.205723][ T786] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 199.232294][T10287] binder: 10286:10287 ioctl c0046209 200000000000000 returned -22 [ 199.407437][ T786] usb 3-1: config 0 has an invalid interface number: 156 but max is 0 [ 199.424325][ T786] usb 3-1: config 0 has no interface number 0 [ 199.440690][ T786] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 199.464177][ T786] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 199.494613][ T786] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 199.526447][ T786] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice=d6.b9 [ 199.556931][ T786] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.581066][ T786] usb 3-1: config 0 descriptor?? [ 199.588883][T10301] netlink: 372 bytes leftover after parsing attributes in process `syz.0.2004'. [ 199.595202][T10303] loop3: detected capacity change from 0 to 64 [ 199.605025][ T786] gspca_main: spca561-2.14.0 probing abcd:cdee [ 199.834440][ T5784] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 199.839064][ T786] spca561: probe of 3-1:0.156 failed with error -22 [ 199.878487][ T786] usb 3-1: Quirk or no altest; falling back to MIDI 1.0 [ 199.905497][ T786] usb 3-1: MIDIStreaming interface descriptor not found [ 200.011690][ T786] usb 3-1: USB disconnect, device number 10 [ 200.064994][ T5784] usb 2-1: Using ep0 maxpacket: 16 [ 200.080012][ T5784] usb 2-1: config index 0 descriptor too short (expected 16456, got 72) [ 200.100554][ T5784] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 200.135706][ T5784] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 200.159528][ T5784] usb 2-1: config 0 has an invalid interface number: 125 but max is 1 [ 200.198686][ T5784] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 200.234350][ T5784] usb 2-1: config 0 has no interface number 0 [ 200.246064][ T5784] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64 [ 200.267451][ T5784] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0 [ 200.282957][T10316] netlink: 48 bytes leftover after parsing attributes in process `syz.0.2012'. [ 200.293496][ T5784] usb 2-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0 [ 200.330259][ T5784] usb 2-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 200.364005][ T5784] usb 2-1: config 0 interface 125 has no altsetting 0 [ 200.387734][ T5784] usb 2-1: config 0 interface 125 has no altsetting 2 [ 200.400401][ T5784] usb 2-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27 [ 200.419916][ T5784] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.439704][ T5784] usb 2-1: Product: syz [ 200.449619][ T5784] usb 2-1: Manufacturer: syz [ 200.459737][ T5784] usb 2-1: SerialNumber: syz [ 200.465987][T10320] loop0: detected capacity change from 0 to 8 [ 200.483280][ T5784] usb 2-1: config 0 descriptor?? [ 200.515363][ T5784] usb 2-1: selecting invalid altsetting 2 [ 200.702220][T10324] loop2: detected capacity change from 0 to 512 [ 200.742687][T10324] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 200.781215][T10324] EXT4-fs (loop2): orphan cleanup on readonly fs [ 200.825943][T10324] Quota error (device loop2): do_check_range: Getting block 196613 out of range 1-5 [ 200.844716][T10324] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 200.889349][T10324] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.2016: Failed to acquire dquot type 1 [ 200.911380][ C0] usb 2-1: async_complete: urb error -71 [ 200.917217][ C0] usb 2-1: async_complete: urb error -71 [ 200.923104][ C0] usb 2-1: async_complete: urb error -71 [ 200.949402][ T5784] get_1284_register: usb error -71 [ 200.952283][T10331] ubi0: attaching mtd0 [ 200.965965][T10331] ubi0 error: ubi_attach_mtd_dev: bad VID header (1) or data offsets (65) [ 200.973559][ T5784] uss720: probe of 2-1:0.125 failed with error -71 [ 200.986780][T10324] EXT4-fs (loop2): 1 truncate cleaned up [ 201.005236][ T5784] usb 2-1: USB disconnect, device number 10 [ 201.015334][T10324] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 201.335278][T10344] loop3: detected capacity change from 0 to 256 [ 201.383565][T10344] FAT-fs (loop3): Directory bread(block 64) failed [ 201.391635][T10344] FAT-fs (loop3): Directory bread(block 65) failed [ 201.396909][T10345] loop0: detected capacity change from 0 to 4096 [ 201.399927][T10344] FAT-fs (loop3): Directory bread(block 66) failed [ 201.412340][T10344] FAT-fs (loop3): Directory bread(block 67) failed [ 201.416132][T10345] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512). [ 201.419257][ T6039] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 201.438854][T10344] FAT-fs (loop3): Directory bread(block 68) failed [ 201.446139][T10344] FAT-fs (loop3): Directory bread(block 69) failed [ 201.456068][T10344] FAT-fs (loop3): Directory bread(block 70) failed [ 201.462649][T10344] FAT-fs (loop3): Directory bread(block 71) failed [ 201.469643][T10344] FAT-fs (loop3): Directory bread(block 72) failed [ 201.476530][T10344] FAT-fs (loop3): Directory bread(block 73) failed [ 201.505123][T10345] ntfs3: loop0: ino=5, "/" directory corrupted [ 201.531807][T10345] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 201.589429][T10345] ntfs3: loop0: ino=5, "/" directory corrupted [ 201.654358][ T6039] usb 3-1: Using ep0 maxpacket: 32 [ 201.664125][ T6039] usb 3-1: New USB device found, idVendor=d5ff, idProduct=0066, bcdDevice=d8.b0 [ 201.692491][ T6039] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.720955][ T6039] usb 3-1: config 0 descriptor?? [ 201.737113][ T6039] rndis_host: probe of 3-1:0.0 failed with error -22 [ 201.809123][ T28] audit: type=1326 audit(1756461241.405:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10350 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 201.832738][ T28] audit: type=1326 audit(1756461241.425:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10350 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 201.907575][ T28] audit: type=1326 audit(1756461241.455:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10350 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 201.974422][ T28] audit: type=1326 audit(1756461241.455:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10350 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 201.984417][T10356] SET target dimension over the limit! [ 202.016817][T10359] loop3: detected capacity change from 0 to 256 [ 202.022604][ T5844] usb 3-1: USB disconnect, device number 11 [ 202.063511][T10359] FAT-fs (loop3): Directory bread(block 64) failed [ 202.084444][ T28] audit: type=1326 audit(1756461241.455:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10350 comm="syz.3.2029" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 202.094667][T10359] FAT-fs (loop3): Directory bread(block 65) failed [ 202.166112][T10359] FAT-fs (loop3): Directory bread(block 66) failed [ 202.172813][T10359] FAT-fs (loop3): Directory bread(block 67) failed [ 202.183142][T10359] FAT-fs (loop3): Directory bread(block 68) failed [ 202.224474][T10359] FAT-fs (loop3): Directory bread(block 69) failed [ 202.241667][T10359] FAT-fs (loop3): Directory bread(block 70) failed [ 202.258788][T10359] FAT-fs (loop3): Directory bread(block 71) failed [ 202.274098][T10359] FAT-fs (loop3): Directory bread(block 72) failed [ 202.291039][T10359] FAT-fs (loop3): Directory bread(block 73) failed [ 202.520843][T10372] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2039'. [ 202.530940][T10372] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2039'. [ 202.682065][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 202.754885][T10379] netlink: 14 bytes leftover after parsing attributes in process `syz.1.2043'. [ 203.039254][T10391] loop3: detected capacity change from 0 to 256 [ 203.074561][T10391] exfat: Deprecated parameter 'utf8' [ 203.086620][T10391] exfat: Deprecated parameter 'utf8' [ 203.134531][T10391] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x7bac8b1f, utbl_chksum : 0xe619d30d) [ 203.564486][ T5844] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 203.731142][T10421] loop3: detected capacity change from 0 to 512 [ 203.754167][T10421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none. [ 203.774401][ T5844] usb 3-1: Using ep0 maxpacket: 16 [ 203.781295][ T5844] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 203.794339][ T5844] usb 3-1: config 0 descriptor has 1 excess byte, ignoring [ 203.803553][T10421] EXT4-fs warning (device loop3): dx_probe:869: inode #2: comm syz.3.2064: Unimplemented hash flags: 0x0001 [ 203.815754][ T5844] usb 3-1: config 0 has no interface number 0 [ 203.824721][T10421] EXT4-fs warning (device loop3): dx_probe:966: inode #2: comm syz.3.2064: Corrupt directory, running e2fsck is recommended [ 203.826741][ T5844] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 203.858614][ T5844] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 203.866827][ T5844] usb 3-1: Product: syz [ 203.871018][ T5844] usb 3-1: Manufacturer: syz [ 203.882441][ T5844] usb 3-1: SerialNumber: syz [ 203.889406][ T5844] usb 3-1: config 0 descriptor?? [ 203.898111][ T5844] usb 3-1: Found UVC 0.00 device syz (046d:08f3) [ 203.914455][ T5844] usb 3-1: No valid video chain found. [ 204.000852][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 204.118107][T10434] loop1: detected capacity change from 0 to 256 [ 204.239836][ T6039] usb 3-1: USB disconnect, device number 12 [ 204.259163][T10434] FAT-fs (loop1): Directory bread(block 64) failed [ 204.282430][T10434] FAT-fs (loop1): Directory bread(block 65) failed [ 204.304021][T10434] FAT-fs (loop1): Directory bread(block 66) failed [ 204.320871][T10434] FAT-fs (loop1): Directory bread(block 67) failed [ 204.349402][T10434] FAT-fs (loop1): Directory bread(block 68) failed [ 204.374686][T10434] FAT-fs (loop1): Directory bread(block 69) failed [ 204.390816][T10434] FAT-fs (loop1): Directory bread(block 70) failed [ 204.412028][T10434] FAT-fs (loop1): Directory bread(block 71) failed [ 204.416107][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.426803][T10434] FAT-fs (loop1): Directory bread(block 72) failed [ 204.440203][T10434] FAT-fs (loop1): Directory bread(block 73) failed [ 204.440641][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.455904][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.474430][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.482433][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.500307][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.542020][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.550568][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.558960][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.567205][T10440] netlink: 'syz.3.2074': attribute type 3 has an invalid length. [ 204.794515][ T5844] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 204.848794][T10454] SET target dimension over the limit! [ 204.972895][T10458] loop3: detected capacity change from 0 to 8 [ 204.988631][ T5844] usb 1-1: Using ep0 maxpacket: 32 [ 205.025482][ T5844] usb 1-1: config 0 has an invalid interface number: 35 but max is 0 [ 205.033613][ T5844] usb 1-1: config 0 has no interface number 0 [ 205.053460][ T5844] usb 1-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 205.074021][ T5844] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.094497][ T5844] usb 1-1: Product: syz [ 205.098707][ T5844] usb 1-1: Manufacturer: syz [ 205.110941][ T5844] usb 1-1: SerialNumber: syz [ 205.129646][ T5844] usb 1-1: config 0 descriptor?? [ 205.152659][ T5844] radio-si470x 1-1:0.35: could not find interrupt in endpoint [ 205.181373][ T5844] radio-si470x: probe of 1-1:0.35 failed with error -5 [ 205.374622][ T5844] radio-raremono 1-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 205.402072][T10472] (unnamed net_device) (uninitialized): option downdelay: invalid value (18446744073709551609) [ 205.428960][T10472] (unnamed net_device) (uninitialized): option downdelay: allowed values 0 - 2147483647 [ 205.585232][ T5844] radio-raremono 1-1:0.35: raremono_cmd_main failed (-71) [ 205.599705][ T5844] radio-raremono 1-1:0.35: V4L2 device registered as radio48 [ 205.623304][ T5844] usb 1-1: USB disconnect, device number 14 [ 205.650776][ T5844] radio-raremono 1-1:0.35: Thanko's Raremono disconnected [ 205.824790][T10487] PM: Enabling pm_trace changes system date and time during resume. [ 205.824790][T10487] PM: Correct system time has to be restored manually after resume. [ 205.967080][T10491] do_dccp_setsockopt: sockopt(PACKET_SIZE) is deprecated: fix your app [ 206.137958][T10482] loop3: detected capacity change from 0 to 32768 [ 206.217554][T10482] ocfs2: Slot 0 on device (7,3) was already allocated to this node! [ 206.300693][T10482] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 206.332209][T10503] loop1: detected capacity change from 0 to 8 [ 206.618566][ T5781] ocfs2: Unmounting device (7,3) on (node local) [ 206.645416][T10510] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2105'. [ 206.804554][T10514] x_tables: duplicate entry at hook 3 [ 206.862781][T10517] xt_hashlimit: max too large, truncated to 1048576 [ 206.916470][T10518] libceph: resolve '400' (ret=-3): failed [ 207.159981][T10530] loop0: detected capacity change from 0 to 256 [ 207.201811][T10530] exfat: Deprecated parameter 'utf8' [ 207.214664][T10530] exfat: Deprecated parameter 'utf8' [ 207.248085][T10530] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x7bac8b1f, utbl_chksum : 0xe619d30d) [ 207.335296][T10533] team0: Port device dummy0 added [ 207.344561][ T5844] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 207.516184][T10543] capability: warning: `syz.2.2121' uses 32-bit capabilities (legacy support in use) [ 207.536979][ T5844] usb 4-1: Using ep0 maxpacket: 32 [ 207.556028][ T5844] usb 4-1: config 0 has an invalid interface number: 35 but max is 0 [ 207.564172][ T5844] usb 4-1: config 0 has no interface number 0 [ 207.597110][ T5844] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 207.614359][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.623929][ T5844] usb 4-1: Product: syz [ 207.644662][ T5844] usb 4-1: Manufacturer: syz [ 207.649472][ T5844] usb 4-1: SerialNumber: syz [ 207.673981][ T5844] usb 4-1: config 0 descriptor?? [ 207.717243][ T5844] radio-si470x 4-1:0.35: could not find interrupt in endpoint [ 207.728699][ T5844] radio-si470x: probe of 4-1:0.35 failed with error -5 [ 207.749594][T10549] xt_TPROXY: Can be used only with -p tcp or -p udp [ 207.948953][ T5844] radio-raremono 4-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 207.998611][T10559] loop1: detected capacity change from 0 to 256 [ 208.022075][T10559] exfat: Deprecated parameter 'utf8' [ 208.064159][T10559] exfat: Deprecated parameter 'utf8' [ 208.096753][T10561] team0: Port device dummy0 added [ 208.113055][T10559] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x7bac8b1f, utbl_chksum : 0xe619d30d) [ 208.163787][ T5844] radio-raremono 4-1:0.35: raremono_cmd_main failed (-71) [ 208.195762][ T5844] radio-raremono 4-1:0.35: V4L2 device registered as radio48 [ 208.235880][ T5844] usb 4-1: USB disconnect, device number 8 [ 208.242196][ T5844] radio-raremono 4-1:0.35: Thanko's Raremono disconnected [ 208.707017][T10582] netlink: 11 bytes leftover after parsing attributes in process `syz.0.2141'. [ 208.731289][T10584] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2140'. [ 208.743082][T10586] xt_hashlimit: overflow, try lower: 18446744073709551614/15680 [ 208.902815][T10590] loop2: detected capacity change from 0 to 512 [ 208.929025][T10590] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 208.977671][T10590] EXT4-fs (loop2): warning: checktime reached, running e2fsck is recommended [ 209.032821][T10590] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84fc01c, mo2=0102] [ 209.084528][T10590] System zones: 0-2, 18-18, 34-34 [ 209.121712][T10590] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.2145: iget: bad i_size value: 360287970189639680 [ 209.190146][T10590] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.2145: couldn't read orphan inode 15 (err -117) [ 209.232921][T10590] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 209.382754][T10590] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #2: block 3: comm syz.2.2145: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 209.528961][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 209.702064][T10624] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 209.887868][T10633] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2165'. [ 209.926111][T10633] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2165'. [ 209.978586][T10638] ieee802154 phy0 wpan0: encryption failed: -22 [ 210.047453][T10640] SET target dimension over the limit! [ 210.640689][T10669] program syz.0.2183 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 211.529016][T10706] loop3: detected capacity change from 0 to 512 [ 211.558196][T10706] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 211.621214][T10706] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.2202: invalid indirect mapped block 83886080 (level 1) [ 211.650672][T10706] EXT4-fs (loop3): Remounting filesystem read-only [ 211.674128][T10706] EXT4-fs (loop3): 1 orphan inode deleted [ 211.694166][T10706] EXT4-fs (loop3): 1 truncate cleaned up [ 211.709228][T10706] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.849905][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.319281][T10738] validate_nla: 46 callbacks suppressed [ 212.319297][T10738] netlink: 'syz.2.2214': attribute type 4 has an invalid length. [ 212.368244][T10738] netlink: 152 bytes leftover after parsing attributes in process `syz.2.2214'. [ 212.401123][T10742] loop3: detected capacity change from 0 to 512 [ 212.429633][T10738] .`: renamed from bond0 (while UP) [ 212.445461][T10742] EXT4-fs: Ignoring removed i_version option [ 212.473501][T10742] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 212.528495][T10742] EXT4-fs (loop3): 1 truncate cleaned up [ 212.551704][T10742] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 212.616719][T10742] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2244: inode #15: comm syz.3.2217: corrupted in-inode xattr: overlapping e_value [ 212.712117][T10742] EXT4-fs warning (device loop3): ext4_xattr_set_entry:1781: inode #15: comm syz.3.2217: unable to update i_inline_off [ 212.884945][ T5781] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.113050][T10768] loop0: detected capacity change from 0 to 512 [ 213.130770][T10768] EXT4-fs: Ignoring removed nobh option [ 213.205962][T10768] EXT4-fs error (device loop0): ext4_do_update_inode:5230: inode #16: comm syz.0.2230: corrupted inode contents [ 213.229158][T10774] loop1: detected capacity change from 0 to 512 [ 213.237699][T10768] EXT4-fs (loop0): Remounting filesystem read-only [ 213.245400][T10768] EXT4-fs (loop0): 1 truncate cleaned up [ 213.252358][T10768] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.267979][T10768] ext4 filesystem being mounted at /551/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 213.271865][ T601] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 213.312440][T10774] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 213.325604][ T601] Quota error (device loop0): write_blk: dquota write failed [ 213.333877][ T5780] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 213.340415][ T601] Quota error (device loop0): remove_free_dqentry: Can't write block (5) with free entries [ 213.353540][T10776] netlink: 88 bytes leftover after parsing attributes in process `syz.3.2233'. [ 213.367959][T10778] netlink: 209844 bytes leftover after parsing attributes in process `syz.2.2234'. [ 213.377726][ T601] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started [ 213.396759][T10774] EXT4-fs (loop1): warning: checktime reached, running e2fsck is recommended [ 213.404319][ T601] Quota error (device loop0): write_blk: dquota write failed [ 213.433036][ T601] Quota error (device loop0): free_dqentry: Can't move quota data block (5) to free list [ 213.433171][T10774] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a84fc01c, mo2=0102] [ 213.443816][ T601] EXT4-fs (loop0): Quota write (off=8, len=24) cancelled because transaction is not started [ 213.461884][ T601] Quota error (device loop0): v2_write_file_info: Can't write info structure [ 213.493370][T10774] System zones: 0-2, 18-18, 34-34 [ 213.509330][ T601] Quota error (device loop0): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 213.527249][T10774] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.2231: iget: bad i_size value: 360287970189639680 [ 213.565198][T10774] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.2231: couldn't read orphan inode 15 (err -117) [ 213.611808][T10774] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 213.703587][T10774] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #2: block 3: comm syz.1.2231: bad entry in directory: inode out of bounds - offset=0, inode=63, rec_len=12, size=4096 fake=1 [ 213.787959][T10785] Lens B: ================= START STATUS ================= [ 213.795480][T10785] Lens B: Focus, Absolute: 0 [ 213.801816][T10785] Lens B: ================== END STATUS ================== [ 213.866332][T10789] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2240'. [ 213.879815][T10789] netlink: 'syz.0.2240': attribute type 1 has an invalid length. [ 213.892329][T10789] netlink: 'syz.0.2240': attribute type 2 has an invalid length. [ 213.906756][T10789] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2240'. [ 213.939932][ T5782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 214.369809][T10811] netlink: 'syz.3.2250': attribute type 4 has an invalid length. [ 214.404549][T10811] netlink: 152 bytes leftover after parsing attributes in process `syz.3.2250'. [ 214.407000][T10813] loop0: detected capacity change from 0 to 256 [ 214.460298][T10811] .`: renamed from bond0 (while UP) [ 214.513085][T10813] FAT-fs (loop0): Directory bread(block 64) failed [ 214.539807][T10813] FAT-fs (loop0): Directory bread(block 65) failed [ 214.552238][T10813] FAT-fs (loop0): Directory bread(block 66) failed [ 214.562274][T10813] FAT-fs (loop0): Directory bread(block 67) failed [ 214.574114][T10813] FAT-fs (loop0): Directory bread(block 68) failed [ 214.582275][T10813] FAT-fs (loop0): Directory bread(block 69) failed [ 214.593682][T10813] FAT-fs (loop0): Directory bread(block 70) failed [ 214.609605][T10813] FAT-fs (loop0): Directory bread(block 71) failed [ 214.628800][T10813] FAT-fs (loop0): Directory bread(block 72) failed [ 214.640986][T10813] FAT-fs (loop0): Directory bread(block 73) failed [ 215.481059][T10852] loop2: detected capacity change from 0 to 256 [ 215.551843][T10852] FAT-fs (loop2): Directory bread(block 64) failed [ 215.563024][T10852] FAT-fs (loop2): Directory bread(block 65) failed [ 215.590727][T10852] FAT-fs (loop2): Directory bread(block 66) failed [ 215.613083][T10852] FAT-fs (loop2): Directory bread(block 67) failed [ 215.629544][T10852] FAT-fs (loop2): Directory bread(block 68) failed [ 215.644610][T10852] FAT-fs (loop2): Directory bread(block 69) failed [ 215.662988][T10852] FAT-fs (loop2): Directory bread(block 70) failed [ 215.693130][T10852] FAT-fs (loop2): Directory bread(block 71) failed [ 215.703717][T10852] FAT-fs (loop2): Directory bread(block 72) failed [ 215.728511][T10852] FAT-fs (loop2): Directory bread(block 73) failed [ 215.953833][T10843] loop1: detected capacity change from 0 to 32768 [ 216.017657][T10843] jfs_mkdir: dtInsert returned -EIO [ 216.023328][T10843] ERROR: (device loop1): jfs_mkdir: [ 216.023328][T10843] [ 216.076139][T10843] ERROR: (device loop1): remounting filesystem as read-only [ 216.157479][T10867] smb3: Unexpected value for 'rdma' [ 216.309797][T10872] loop1: detected capacity change from 0 to 512 [ 216.330249][T10872] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 216.370727][T10872] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #16: comm syz.1.2278: invalid indirect mapped block 83886080 (level 1) [ 216.388853][T10878] netlink: 'syz.0.2279': attribute type 4 has an invalid length. [ 216.397131][T10878] netlink: 152 bytes leftover after parsing attributes in process `syz.0.2279'. [ 216.404855][T10872] EXT4-fs (loop1): Remounting filesystem read-only [ 216.419106][T10872] EXT4-fs (loop1): 1 orphan inode deleted [ 216.420035][T10878] .`: renamed from bond0 (while UP) [ 216.425145][T10872] EXT4-fs (loop1): 1 truncate cleaned up [ 216.437642][T10872] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.534389][ T5844] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 216.536317][ T5782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 216.625444][ T5827] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 216.734797][ T5844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 216.777003][ T5844] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 216.798726][ T5844] usb 4-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 216.813074][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.813858][T10886] loop0: detected capacity change from 0 to 512 [ 216.829641][ T5844] usb 4-1: Product: syz [ 216.833834][ T5844] usb 4-1: Manufacturer: syz [ 216.838930][ T5844] usb 4-1: SerialNumber: syz [ 216.849750][ T5844] usb 4-1: config 0 descriptor?? [ 216.873196][ T5844] snd-usb-audio: probe of 4-1:0.0 failed with error -90 [ 216.896560][ T5827] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 216.899344][T10886] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.920240][ T5827] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.956215][ T5827] usb 3-1: config 0 descriptor?? [ 216.969685][T10886] ext4 filesystem being mounted at /563/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 217.068561][ T28] audit: type=1326 audit(1756461256.665:126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10895 comm="syz.1.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 217.146397][ T5784] usb 4-1: USB disconnect, device number 9 [ 217.147221][ T28] audit: type=1326 audit(1756461256.665:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10895 comm="syz.1.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 217.189003][ T28] audit: type=1326 audit(1756461256.665:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10895 comm="syz.1.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 217.216070][ T5780] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.217444][ T5827] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 217.240204][ T5827] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 217.249179][ T28] audit: type=1326 audit(1756461256.665:129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10895 comm="syz.1.2289" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 217.414178][ T5827] [drm:udl_init] *ERROR* Selecting channel failed [ 217.457690][ T5827] [drm] Initialized udl 0.0.1 20120220 for 3-1:0.0 on minor 2 [ 217.481077][ T5827] [drm] Initialized udl on minor 2 [ 217.503069][ T5827] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 217.540649][ T5827] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 217.555916][ T786] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 217.570727][ T786] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 217.583723][ T5827] usb 3-1: USB disconnect, device number 13 [ 217.678461][T10910] loop1: detected capacity change from 0 to 256 [ 217.740016][T10912] loop0: detected capacity change from 0 to 64 [ 217.802009][T10912] syz.0.2297: attempt to access beyond end of device [ 217.802009][T10912] loop0: rw=0, sector=3072, nr_sectors = 2 limit=64 [ 218.269398][T10931] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 218.278739][T10931] IPv6: NLM_F_CREATE should be set when creating new route [ 218.397826][T10936] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2309'. [ 218.962798][T10958] loop0: detected capacity change from 0 to 4096 [ 219.026246][T10958] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512). [ 219.187827][T10958] ntfs3: loop0: failed to convert "c46c" to iso8859-2 [ 219.369315][T10972] loop1: detected capacity change from 0 to 4096 [ 219.403009][T10972] __ntfs_warning: 6 callbacks suppressed [ 219.403024][T10972] ntfs: (device loop1): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 219.500606][T10972] ntfs: volume version 3.1. [ 220.207769][T11008] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2345'. [ 220.294633][T11011] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2346'. [ 220.351426][T11011] veth4: entered allmulticast mode [ 220.380149][T11015] netlink: 'syz.0.2348': attribute type 1 has an invalid length. [ 220.398733][T11015] netlink: 224 bytes leftover after parsing attributes in process `syz.0.2348'. [ 220.491435][T11019] loop1: detected capacity change from 0 to 512 [ 220.507511][T11019] EXT4-fs: Ignoring removed i_version option [ 220.514256][T11019] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 220.569070][T11019] EXT4-fs (loop1): 1 truncate cleaned up [ 220.579423][T11019] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 220.610509][T11019] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.2350: corrupted in-inode xattr: overlapping e_value [ 220.629832][T11019] EXT4-fs warning (device loop1): ext4_xattr_set_entry:1781: inode #15: comm syz.1.2350: unable to update i_inline_off [ 220.781925][ T5782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.054808][T11041] loop3: detected capacity change from 0 to 2048 [ 221.087966][T11041] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 221.390833][T11054] unsupported nla_type 39 [ 221.485983][T11058] SET target dimension over the limit! [ 221.851527][ T28] audit: type=1326 audit(1756461261.445:136): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11075 comm="syz.2.2376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf62b8ebe9 code=0x7ffc0000 [ 221.931934][ T28] audit: type=1326 audit(1756461261.445:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11075 comm="syz.2.2376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf62b8ebe9 code=0x7ffc0000 [ 221.997564][ T28] audit: type=1326 audit(1756461261.475:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11075 comm="syz.2.2376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=138 compat=0 ip=0x7fbf62b8ebe9 code=0x7ffc0000 [ 222.064409][ T28] audit: type=1326 audit(1756461261.475:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11075 comm="syz.2.2376" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf62b8ebe9 code=0x7ffc0000 [ 222.213380][ T28] audit: type=1326 audit(1756461261.795:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11087 comm="syz.1.2382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 222.294391][ T28] audit: type=1326 audit(1756461261.795:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11087 comm="syz.1.2382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 222.367759][ T28] audit: type=1326 audit(1756461261.805:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11087 comm="syz.1.2382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=123 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 222.435348][ T28] audit: type=1326 audit(1756461261.805:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11087 comm="syz.1.2382" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1c9b18ebe9 code=0x7ffc0000 [ 222.512655][T11103] delete_channel: no stack [ 223.135920][T11132] loop3: detected capacity change from 0 to 16 [ 223.185855][T11132] erofs: (device loop3): mounted with root inode @ nid 36. [ 223.216314][T11132] erofs: (device loop3): z_erofs_read_folio: read error -117 @ 32811 of nid 36 [ 223.891436][T11136] loop0: detected capacity change from 0 to 32768 [ 224.006175][T11163] loop2: detected capacity change from 0 to 256 [ 224.027631][T11163] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 224.081089][T11161] loop3: detected capacity change from 0 to 2048 [ 224.121565][T11161] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 224.636967][T11181] loop1: detected capacity change from 0 to 2048 [ 224.649208][T11181] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 224.703455][T11181] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.803696][T11181] EXT4-fs error (device loop1): empty_inline_dir:1857: inode #12: block 9: comm syz.1.2428: bad entry in directory: rec_len % 4 != 0 - offset=4, inode=13, rec_len=21, size=60 fake=0 [ 224.905337][T11181] EXT4-fs (loop1): Remounting filesystem read-only [ 224.934416][T11181] EXT4-fs warning (device loop1): empty_inline_dir:1864: bad inline directory (dir #12) - inode 13, rec_len 21, name_len 5inline size 60 [ 225.151995][ T5782] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.375920][T11203] loop1: detected capacity change from 0 to 2048 [ 225.411911][T11205] loop3: detected capacity change from 0 to 1764 [ 225.420283][T11203] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 225.544709][ T786] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 225.710540][T11211] netlink: 52 bytes leftover after parsing attributes in process `syz.3.2440'. [ 225.725035][ T786] usb 3-1: Using ep0 maxpacket: 16 [ 225.748465][ T786] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 225.778942][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8 has invalid maxpacket 262, setting to 64 [ 225.814363][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 225.844329][ T786] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 225.854107][ T786] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 225.915618][ T786] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 225.944382][ T786] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 225.952425][ T786] usb 3-1: Manufacturer: syz [ 225.981337][ T786] usb 3-1: config 0 descriptor?? [ 226.211181][ T9] usb 3-1: USB disconnect, device number 14 [ 226.947682][T11265] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 226.969125][T11265] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 227.110515][T11271] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2469'. [ 227.308023][T11275] netlink: 80 bytes leftover after parsing attributes in process `syz.3.2472'. [ 227.405521][ T28] audit: type=1400 audit(1756461267.005:144): apparmor="DENIED" operation="stack" class="file" info="label not found" error=-2 profile="unconfined" name=26260A3A0CCA7C2B08C9DFF78977F306B457CA93031D371D06D2E59E863E2FE54118A4EE43068DF6BA88E1B6DC3A2F2C91AE1C817D6B6014270B8BC51F73363852F4F12EE955F464599F0C485D pid=11279 comm="syz.0.2476" [ 227.508137][T11286] cgroup: none used incorrectly [ 227.630162][T11289] geneve2: entered allmulticast mode [ 227.924502][T11304] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2487'. [ 227.929956][T11305] loop0: detected capacity change from 0 to 256 [ 228.043291][T11305] FAT-fs (loop0): Directory bread(block 64) failed [ 228.071550][T11305] FAT-fs (loop0): Directory bread(block 65) failed [ 228.103798][T11305] FAT-fs (loop0): Directory bread(block 66) failed [ 228.113669][T11305] FAT-fs (loop0): Directory bread(block 67) failed [ 228.154575][T11305] FAT-fs (loop0): Directory bread(block 68) failed [ 228.161483][T11305] FAT-fs (loop0): Directory bread(block 69) failed [ 228.205350][T11305] FAT-fs (loop0): Directory bread(block 70) failed [ 228.227673][T11315] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2493'. [ 228.244451][T11305] FAT-fs (loop0): Directory bread(block 71) failed [ 228.252029][T11315] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2493'. [ 228.255335][T11305] FAT-fs (loop0): Directory bread(block 72) failed [ 228.279862][T11305] FAT-fs (loop0): Directory bread(block 73) failed [ 228.404063][T11321] xt_ecn: cannot match TCP bits for non-tcp packets [ 228.842826][T11336] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2504'. [ 229.088736][T11348] loop0: detected capacity change from 0 to 736 [ 229.148944][T11352] xt_CT: You must specify a L4 protocol and not use inversions on it [ 230.708410][T11386] loop3: detected capacity change from 0 to 32768 [ 230.732271][T11386] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.2528 (11386) [ 230.770936][T11419] netlink: 'syz.0.2543': attribute type 13 has an invalid length. [ 230.823429][T11386] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 230.837829][T11419] gretap0: refused to change device tx_queue_len [ 230.844442][T11386] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 230.844502][T11386] BTRFS info (device loop3): using free space tree [ 230.906222][T11419] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 230.996668][T11386] BTRFS info (device loop3): enabling ssd optimizations [ 231.045566][T11386] BTRFS info (device loop3): auto enabling async discard [ 231.212499][ T5781] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d [ 231.258768][T11447] loop0: detected capacity change from 0 to 1764 [ 231.337248][T11447] iso9660: Corrupted directory entry in block 2 of inode 1920 [ 231.443017][ T5792] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 9 /dev/loop3 scanned by udevd (5792) [ 231.588604][T11461] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2554'. [ 231.754509][ T5784] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 231.957698][T11470] loop2: detected capacity change from 0 to 2048 [ 231.980572][ T5784] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 232.003580][ T5784] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 232.044498][T11475] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 232.059203][ T5784] usb 2-1: config 0 descriptor?? [ 232.163364][T11470] NILFS error (device loop2): nilfs_check_page: bad entry in directory #2: rec_len is too small for name_len - offset=16, inode=2, rec_len=16, name_len=255 [ 232.218915][T11470] Remounting filesystem read-only [ 232.281784][ T5784] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 232.308773][ T5784] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 232.497831][ T5784] [drm:udl_init] *ERROR* Selecting channel failed [ 232.547087][ T5784] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 232.567639][ T5784] [drm] Initialized udl on minor 2 [ 232.584536][ T5784] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 232.608710][ T5784] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 232.616412][T11487] loop0: detected capacity change from 0 to 16 [ 232.647869][ T9] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 232.660466][ T5784] usb 2-1: USB disconnect, device number 11 [ 232.662425][T11487] erofs: (device loop0): mounted with root inode @ nid 36. [ 232.671992][ T9] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 232.741317][T11487] erofs: (device loop0): z_erofs_extent_lookback: bogus lookback distance 1388 @ lcn 42 of nid 36 [ 232.790964][T11487] erofs: (device loop0): z_erofs_read_folio: read error -117 @ 43 of nid 36 [ 232.803357][T11491] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2568'. [ 232.824744][T11491] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2568'. [ 232.844194][T11491] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2568'. [ 232.966546][T11495] loop0: detected capacity change from 0 to 64 [ 233.004221][T11495] Bad inode number on dev loop0: 6 is out of range [ 233.194903][T11501] loop0: detected capacity change from 0 to 64 [ 233.208535][T11502] comedi comedi0: dt2815: I/O port conflict (0x3,2) [ 234.102949][T11536] loop0: detected capacity change from 0 to 128 [ 234.126922][T11536] FAT-fs (loop0): Directory bread(block 162) failed [ 234.142765][T11536] FAT-fs (loop0): Directory bread(block 163) failed [ 234.151355][T11538] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2591'. [ 234.164931][T11536] FAT-fs (loop0): Directory bread(block 164) failed [ 234.171615][T11536] FAT-fs (loop0): Directory bread(block 165) failed [ 234.219129][T11536] FAT-fs (loop0): Directory bread(block 166) failed [ 234.243214][T11536] FAT-fs (loop0): Directory bread(block 167) failed [ 234.283788][T11536] FAT-fs (loop0): Directory bread(block 168) failed [ 234.293208][T11536] FAT-fs (loop0): Directory bread(block 169) failed [ 234.321289][T11536] FAT-fs (loop0): Directory bread(block 162) failed [ 234.345600][T11536] FAT-fs (loop0): Directory bread(block 163) failed [ 234.365741][T11536] syz.0.2590: attempt to access beyond end of device [ 234.365741][T11536] loop0: rw=3, sector=226, nr_sectors = 6 limit=128 [ 234.392834][T11536] syz.0.2590: attempt to access beyond end of device [ 234.392834][T11536] loop0: rw=2051, sector=232, nr_sectors = 2 limit=128 [ 234.626985][T11554] geneve2: entered promiscuous mode [ 234.641351][T11554] geneve2: entered allmulticast mode [ 234.854438][ T786] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 234.956194][T11568] loop0: detected capacity change from 0 to 4096 [ 235.027445][T11571] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 235.054737][ T786] usb 2-1: Using ep0 maxpacket: 32 [ 235.098334][ T786] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 235.151766][ T786] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 235.159421][T11568] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 235.181695][ T786] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 235.207837][ T786] usb 2-1: Product: syz [ 235.225808][ T786] usb 2-1: Manufacturer: syz [ 235.230175][T11568] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=12) [ 235.236178][ T786] usb 2-1: SerialNumber: syz [ 235.263529][ T786] usb 2-1: config 0 descriptor?? [ 235.272105][ T786] quatech2 2-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 235.304473][T11568] Remounting filesystem read-only [ 235.309551][T11568] NILFS (loop0): error -5 truncating bmap (ino=12) [ 235.435457][ T5780] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 235.457560][ T5780] NILFS (loop0): discard dirty page: offset=0, ino=2 [ 235.494912][ T786] usb 2-1: qt2_setup_urbs - submit read urb failed -8 [ 235.501914][ T786] quatech2: probe of 2-1:0.0 failed with error -8 [ 235.509090][ T5780] NILFS (loop0): discard dirty block: blocknr=14, size=4096 [ 235.519165][ T5780] NILFS (loop0): discard dirty page: offset=0, ino=6 [ 235.536492][ T5780] NILFS (loop0): discard dirty block: blocknr=23, size=4096 [ 235.543930][ T5780] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 235.568166][ T5780] NILFS (loop0): discard dirty block: blocknr=24, size=4096 [ 235.580863][ T5780] NILFS (loop0): discard dirty page: offset=8192, ino=6 [ 235.594144][ T5780] NILFS (loop0): discard dirty block: blocknr=25, size=4096 [ 235.766725][ T9] usb 2-1: USB disconnect, device number 12 [ 235.999175][T11605] loop3: detected capacity change from 0 to 512 [ 236.261979][T11612] loop0: detected capacity change from 0 to 4096 [ 236.295245][T11612] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 236.328159][T11617] loop3: detected capacity change from 0 to 128 [ 236.379014][T11617] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (30846!=65535) [ 236.414407][T11612] ntfs: (device loop0): parse_options(): Invalid mft_zone_multiplier. Using default value, i.e. 1. [ 236.464129][T11617] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 ro without journal. Quota mode: writeback. [ 236.478716][T11612] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 236.509823][T11617] EXT4-fs error (device loop3): __ext4_find_entry:1696: inode #2: comm syz.3.2629: checksumming directory block 0 [ 236.525966][T11612] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 236.527168][T11622] loop1: detected capacity change from 0 to 256 [ 236.556454][T11612] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 236.598155][T11612] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. deltaxcn = 0x1, max_cluster = 0x0 [ 236.610177][T11612] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt mapping pairs array in non-resident attribute. [ 236.639552][ T5781] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 236.655766][T11612] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0x1, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 236.729394][T11612] ntfs: (device loop0): check_mft_mirror(): Failed to read $MFTMirr. [ 236.763224][T11612] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Will not be able to remount read-write. Run ntfsfix and/or chkdsk. [ 236.809262][T11612] ntfs: volume version 3.1. [ 238.859143][T11713] loop2: detected capacity change from 0 to 1024 [ 238.878223][T11713] EXT4-fs: Ignoring removed bh option [ 238.970336][T11713] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback. [ 239.121088][ T5779] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-001000000000. [ 239.626222][T11744] devtmpfs: Cannot enable quota on remount [ 239.987200][T11763] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2691'. [ 240.044583][T11763] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2691'. [ 240.053581][T11763] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2691'. [ 240.328278][T11777] loop2: detected capacity change from 0 to 256 [ 240.406587][T11780] loop3: detected capacity change from 0 to 64 [ 240.489251][T11777] FAT-fs (loop2): Directory bread(block 64) failed [ 240.517387][T11777] FAT-fs (loop2): Directory bread(block 65) failed [ 240.547975][T11777] FAT-fs (loop2): Directory bread(block 66) failed [ 240.574680][T11777] FAT-fs (loop2): Directory bread(block 67) failed [ 240.600187][T11783] loop1: detected capacity change from 0 to 4096 [ 240.602225][T11777] FAT-fs (loop2): Directory bread(block 68) failed [ 240.630350][T11777] FAT-fs (loop2): Directory bread(block 69) failed [ 240.652668][T11777] FAT-fs (loop2): Directory bread(block 70) failed [ 240.696687][T11777] FAT-fs (loop2): Directory bread(block 71) failed [ 240.716542][T11777] FAT-fs (loop2): Directory bread(block 72) failed [ 240.723131][T11777] FAT-fs (loop2): Directory bread(block 73) failed [ 241.016934][T11799] netlink: 200 bytes leftover after parsing attributes in process `syz.1.2705'. [ 241.788997][T11827] loop3: detected capacity change from 0 to 4096 [ 241.834525][T11827] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512). [ 241.901558][T11827] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 242.015587][T11827] ntfs3: loop3: failed to convert "c46c" to euc-jp [ 242.224876][ T28] kauditd_printk_skb: 19 callbacks suppressed [ 242.224891][ T28] audit: type=1326 audit(1756461281.815:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.3.2723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 242.289444][ T28] audit: type=1326 audit(1756461281.815:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.3.2723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 242.316467][T11853] loop2: detected capacity change from 0 to 16 [ 242.342175][T11853] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 242.364779][ T28] audit: type=1326 audit(1756461281.855:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.3.2723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 242.388963][T11853] cramfs: empty filesystem [ 242.421194][ T28] audit: type=1326 audit(1756461281.855:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.3.2723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 242.460607][ T28] audit: type=1326 audit(1756461281.855:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11848 comm="syz.3.2723" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa1fb18ebe9 code=0x7ffc0000 [ 242.514786][T11860] netlink: 52 bytes leftover after parsing attributes in process `syz.1.2727'. [ 242.827116][T11871] ufs: You didn't specify the type of your ufs filesystem [ 242.827116][T11871] [ 242.827116][T11871] mount -t ufs -o ufstype=sun|sunx86|44bsd|ufs2|5xbsd|old|hp|nextstep|nextstep-cd|openstep ... [ 242.827116][T11871] [ 242.827116][T11871] >>>WARNING<<< Wrong ufstype may corrupt your filesystem, default is ufstype=old [ 242.884421][T11871] ufs: ufstype=old is supported read-only [ 242.898299][T11871] syz.2.2731: attempt to access beyond end of device [ 242.898299][T11871] nbd2: rw=0, sector=16, nr_sectors = 2 limit=0 [ 243.266222][T11893] xt_CT: You must specify a L4 protocol and not use inversions on it [ 243.569039][T11906] loop2: detected capacity change from 0 to 16 [ 243.593130][T11906] erofs: (device loop2): mounted with root inode @ nid 36. [ 243.626687][T11907] loop3: detected capacity change from 0 to 1024 [ 244.001590][T11922] xt_hashlimit: max too large, truncated to 1048576 [ 244.113264][T11930] loop0: detected capacity change from 0 to 256 [ 244.168427][T11930] exfat: Deprecated parameter 'namecase' [ 244.267683][T11930] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d) [ 244.533911][T11946] netlink: 132 bytes leftover after parsing attributes in process `syz.1.2757'. [ 245.011109][T11969] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2768'. [ 245.223269][T11979] netlink: 'syz.0.2772': attribute type 8 has an invalid length. [ 245.434370][T11985] batadv_slave_0: left promiscuous mode [ 245.440083][T11985] batadv_slave_0: left allmulticast mode [ 245.483502][T11985] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 245.866584][T11999] loop3: detected capacity change from 0 to 4096 [ 245.906969][T12006] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 245.986387][T11999] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 648518346341351424 [ 246.023105][T11999] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=12) [ 246.048540][T11999] Remounting filesystem read-only [ 246.060363][T11999] NILFS (loop3): error -5 truncating bmap (ino=12) [ 246.199185][ T5781] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer [ 246.244400][ T5781] NILFS (loop3): discard dirty page: offset=0, ino=2 [ 246.251138][ T5781] NILFS (loop3): discard dirty block: blocknr=14, size=4096 [ 246.284478][ T5781] NILFS (loop3): discard dirty page: offset=0, ino=6 [ 246.291212][ T5781] NILFS (loop3): discard dirty block: blocknr=23, size=4096 [ 246.319290][ T5781] NILFS (loop3): discard dirty page: offset=4096, ino=6 [ 246.327726][ T5781] NILFS (loop3): discard dirty block: blocknr=24, size=4096 [ 246.337142][ T5781] NILFS (loop3): discard dirty page: offset=8192, ino=6 [ 246.344118][ T5781] NILFS (loop3): discard dirty block: blocknr=25, size=4096 [ 246.350279][T12011] loop0: detected capacity change from 0 to 2048 [ 246.395643][T12013] SET target dimension over the limit! [ 246.418512][T12014] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 246.460570][T12011] NILFS error (device loop0): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 246.495590][T12011] Remounting filesystem read-only [ 246.577079][ T5780] NILFS (loop0): discard dirty page: offset=4096, ino=6 [ 246.584071][ T5780] NILFS (loop0): discard dirty block: blocknr=39, size=1024 [ 246.633158][ T5780] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 246.653425][ T5780] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 246.673559][ T5780] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 246.701762][ T5780] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer [ 246.715093][ T5780] NILFS (loop0): discard dirty page: offset=0, ino=3 [ 246.722089][ T5780] NILFS (loop0): discard dirty block: blocknr=42, size=1024 [ 246.729878][ T5780] NILFS (loop0): discard dirty block: blocknr=43, size=1024 [ 246.755715][ T5780] NILFS (loop0): discard dirty block: blocknr=44, size=1024 [ 246.766943][ T5780] NILFS (loop0): discard dirty block: blocknr=18446744073709551615, size=1024 [ 246.834448][ T5844] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 246.927585][T12030] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 247.024545][ T5844] usb 4-1: Using ep0 maxpacket: 16 [ 247.055570][ T5844] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 247.076292][ T5844] usb 4-1: config 0 has an invalid descriptor of length 214, skipping remainder of the config [ 247.098531][ T5844] usb 4-1: config 0 has no interface number 0 [ 247.111953][ T5844] usb 4-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 247.122469][ T5844] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.139251][ T5844] usb 4-1: Product: syz [ 247.144215][ T5844] usb 4-1: Manufacturer: syz [ 247.153604][ T5844] usb 4-1: SerialNumber: syz [ 247.176672][ T5844] usb 4-1: config 0 descriptor?? [ 247.395252][ T786] usb 4-1: USB disconnect, device number 10 [ 247.478524][T12048] loop2: detected capacity change from 0 to 4096 [ 247.505372][T12048] ntfs3: loop2: Different NTFS sector size (4096) and media sector size (512). [ 247.621846][T12052] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2801'. [ 247.643099][T12052] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2801'. [ 248.056347][T12066] nft_compat: unsupported protocol 1 [ 249.158183][T12116] ================================================================== [ 249.166301][T12116] BUG: KASAN: slab-use-after-free in xfrm_alloc_spi+0x598/0x11f0 [ 249.174161][T12116] Read of size 4 at addr ffff88805e6450a0 by task syz.0.2834/12116 [ 249.182097][T12116] [ 249.184496][T12116] CPU: 0 PID: 12116 Comm: syz.0.2834 Not tainted syzkaller #0 [ 249.191978][T12116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 249.202488][T12116] Call Trace: [ 249.205779][T12116] [ 249.207094][T12120] netlink: 'syz.1.2836': attribute type 32 has an invalid length. [ 249.208717][T12116] dump_stack_lvl+0x16c/0x230 [ 249.208746][T12116] ? __lock_acquire+0x7c80/0x7c80 [ 249.226427][T12116] ? show_regs_print_info+0x20/0x20 [ 249.231648][T12116] ? load_image+0x3b0/0x3b0 [ 249.236300][T12116] ? __virt_addr_valid+0x469/0x540 [ 249.241444][T12116] print_report+0xac/0x220 [ 249.245880][T12116] ? xfrm_alloc_spi+0x598/0x11f0 [ 249.250835][T12116] kasan_report+0x117/0x150 [ 249.255381][T12116] ? xfrm_alloc_spi+0x598/0x11f0 [ 249.260341][T12116] xfrm_alloc_spi+0x598/0x11f0 [ 249.265124][T12116] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 249.270080][T12116] ? verify_spi_info+0x120/0x120 [ 249.275037][T12116] ? xfrm_find_acq+0x79/0x90 [ 249.279651][T12116] xfrm_alloc_userspi+0x5d1/0xa90 [ 249.284691][T12116] ? end_current_label_crit_section+0x170/0x170 [ 249.290969][T12116] ? apparmor_capable+0x137/0x1a0 [ 249.296029][T12116] ? xfrm_dump_policy_done+0x90/0x90 [ 249.301332][T12116] ? __nla_parse+0x40/0x50 [ 249.305766][T12116] xfrm_user_rcv_msg+0x596/0x870 [ 249.310696][T12116] ? lockdep_hardirqs_on+0x98/0x150 [ 249.315899][T12116] ? xfrm_netlink_rcv+0x90/0x90 [ 249.320741][T12116] ? __local_bh_enable_ip+0x12e/0x1c0 [ 249.326109][T12116] ? __dev_queue_xmit+0x245/0x35a0 [ 249.331211][T12116] ? __mutex_trylock_common+0x153/0x250 [ 249.336761][T12116] netlink_rcv_skb+0x216/0x480 [ 249.341520][T12116] ? xfrm_netlink_rcv+0x90/0x90 [ 249.346362][T12116] ? netlink_ack+0x1110/0x1110 [ 249.351221][T12116] ? netlink_deliver_tap+0x2e/0x1b0 [ 249.356410][T12116] ? __lock_acquire+0x7c80/0x7c80 [ 249.361599][T12116] xfrm_netlink_rcv+0x79/0x90 [ 249.366271][T12116] netlink_unicast+0x751/0x8d0 [ 249.371040][T12116] netlink_sendmsg+0x8c1/0xbe0 [ 249.375798][T12116] ? netlink_getsockopt+0x580/0x580 [ 249.380983][T12116] ? aa_sock_msg_perm+0x94/0x150 [ 249.385998][T12116] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 249.391280][T12116] ? security_socket_sendmsg+0x80/0xa0 [ 249.396730][T12116] ? netlink_getsockopt+0x580/0x580 [ 249.401915][T12116] ____sys_sendmsg+0x5bf/0x950 [ 249.406759][T12116] ? __asan_memset+0x22/0x40 [ 249.411342][T12116] ? __sys_sendmsg_sock+0x30/0x30 [ 249.416354][T12116] ? __import_iovec+0x5f2/0x860 [ 249.421214][T12116] ? import_iovec+0x73/0xa0 [ 249.425711][T12116] ___sys_sendmsg+0x220/0x290 [ 249.430386][T12116] ? __sys_sendmsg+0x270/0x270 [ 249.435153][T12116] __se_sys_sendmsg+0x1a5/0x270 [ 249.439997][T12116] ? __x64_sys_sendmsg+0x80/0x80 [ 249.444932][T12116] ? lockdep_hardirqs_on+0x98/0x150 [ 249.450121][T12116] do_syscall_64+0x55/0xb0 [ 249.454528][T12116] ? clear_bhb_loop+0x40/0x90 [ 249.459284][T12116] ? clear_bhb_loop+0x40/0x90 [ 249.463954][T12116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.469851][T12116] RIP: 0033:0x7fc55d58ebe9 [ 249.474282][T12116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.494074][T12116] RSP: 002b:00007fc55e395038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 249.502474][T12116] RAX: ffffffffffffffda RBX: 00007fc55d7b5fa0 RCX: 00007fc55d58ebe9 [ 249.510442][T12116] RDX: 0000000024000014 RSI: 0000200000000200 RDI: 0000000000000003 [ 249.518494][T12116] RBP: 00007fc55d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 249.526452][T12116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 249.534408][T12116] R13: 00007fc55d7b6038 R14: 00007fc55d7b5fa0 R15: 00007ffc1c4941b8 [ 249.542457][T12116] [ 249.545460][T12116] [ 249.547767][T12116] Allocated by task 10301: [ 249.552160][T12116] kasan_set_track+0x4e/0x70 [ 249.556828][T12116] __kasan_slab_alloc+0x6c/0x80 [ 249.561662][T12116] slab_post_alloc_hook+0x6e/0x4d0 [ 249.567225][T12116] kmem_cache_alloc+0x11e/0x2e0 [ 249.572070][T12116] xfrm_state_alloc+0x22/0x2a0 [ 249.576819][T12116] __find_acq_core+0x7d8/0x19d0 [ 249.581654][T12116] xfrm_find_acq+0x6a/0x90 [ 249.586053][T12116] xfrm_alloc_userspi+0x57a/0xa90 [ 249.591058][T12116] xfrm_user_rcv_msg+0x596/0x870 [ 249.596014][T12116] netlink_rcv_skb+0x216/0x480 [ 249.600761][T12116] xfrm_netlink_rcv+0x79/0x90 [ 249.605526][T12116] netlink_unicast+0x751/0x8d0 [ 249.610275][T12116] netlink_sendmsg+0x8c1/0xbe0 [ 249.615024][T12116] ____sys_sendmsg+0x5bf/0x950 [ 249.619777][T12116] ___sys_sendmsg+0x220/0x290 [ 249.624441][T12116] __se_sys_sendmsg+0x1a5/0x270 [ 249.629282][T12116] do_syscall_64+0x55/0xb0 [ 249.633682][T12116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.639575][T12116] [ 249.641883][T12116] The buggy address belongs to the object at ffff88805e645000 [ 249.641883][T12116] which belongs to the cache xfrm_state of size 848 [ 249.655919][T12116] The buggy address is located 160 bytes inside of [ 249.655919][T12116] freed 848-byte region [ffff88805e645000, ffff88805e645350) [ 249.669893][T12116] [ 249.672202][T12116] The buggy address belongs to the physical page: [ 249.678699][T12116] page:ffffea0001799100 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88805e645000 pfn:0x5e644 [ 249.690136][T12116] head:ffffea0001799100 order:2 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 249.699143][T12116] flags: 0xfff00000000840(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 249.707109][T12116] page_type: 0xffffffff() [ 249.711424][T12116] raw: 00fff00000000840 ffff8881416eb8c0 dead000000000122 0000000000000000 [ 249.720079][T12116] raw: ffff88805e645000 000000008010000a 00000001ffffffff 0000000000000000 [ 249.728650][T12116] page dumped because: kasan: bad access detected [ 249.735056][T12116] page_owner tracks the page as allocated [ 249.740838][T12116] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x152820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_HARDWALL), pid 6829, tgid 6825 (syz.3.413), ts 98609921066, free_ts 73486879434 [ 249.761484][T12116] post_alloc_hook+0x1cd/0x210 [ 249.766243][T12116] get_page_from_freelist+0x195c/0x19f0 [ 249.771779][T12116] __alloc_pages+0x1e3/0x460 [ 249.776358][T12116] alloc_slab_page+0x5d/0x170 [ 249.781024][T12116] new_slab+0x87/0x2e0 [ 249.785085][T12116] ___slab_alloc+0xc6d/0x12f0 [ 249.789747][T12116] kmem_cache_alloc+0x1b7/0x2e0 [ 249.794584][T12116] xfrm_state_alloc+0x22/0x2a0 [ 249.799335][T12116] pfkey_add+0x6e1/0x2da0 [ 249.803666][T12116] pfkey_sendmsg+0xbed/0x1050 [ 249.808336][T12116] ____sys_sendmsg+0x5bf/0x950 [ 249.813184][T12116] ___sys_sendmsg+0x220/0x290 [ 249.817850][T12116] __se_sys_sendmsg+0x1a5/0x270 [ 249.822686][T12116] do_syscall_64+0x55/0xb0 [ 249.827086][T12116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.832968][T12116] page last free stack trace: [ 249.837620][T12116] free_unref_page_prepare+0x7ce/0x8e0 [ 249.843064][T12116] free_unref_page+0x32/0x2e0 [ 249.847725][T12116] __slab_free+0x35e/0x410 [ 249.852130][T12116] qlist_free_all+0x75/0xe0 [ 249.856617][T12116] kasan_quarantine_reduce+0x143/0x160 [ 249.862064][T12116] __kasan_slab_alloc+0x22/0x80 [ 249.866899][T12116] slab_post_alloc_hook+0x6e/0x4d0 [ 249.871997][T12116] kmem_cache_alloc+0x11e/0x2e0 [ 249.876833][T12116] getname_flags+0xbb/0x500 [ 249.881324][T12116] user_path_at_empty+0x2c/0x60 [ 249.886161][T12116] do_readlinkat+0xd8/0x480 [ 249.890648][T12116] __x64_sys_readlink+0x7f/0x90 [ 249.895479][T12116] do_syscall_64+0x55/0xb0 [ 249.899879][T12116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 249.905761][T12116] [ 249.908069][T12116] Memory state around the buggy address: [ 249.913684][T12116] ffff88805e644f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 249.921903][T12116] ffff88805e645000: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.929961][T12116] >ffff88805e645080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.938003][T12116] ^ [ 249.943093][T12116] ffff88805e645100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.951231][T12116] ffff88805e645180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 249.959294][T12116] ================================================================== [ 249.967598][T12116] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 249.974799][T12116] CPU: 0 PID: 12116 Comm: syz.0.2834 Not tainted syzkaller #0 [ 249.982264][T12116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 249.992328][T12116] Call Trace: [ 249.995614][T12116] [ 249.998554][T12116] dump_stack_lvl+0x16c/0x230 [ 250.003249][T12116] ? show_regs_print_info+0x20/0x20 [ 250.008543][T12116] ? load_image+0x3b0/0x3b0 [ 250.013042][T12116] panic+0x2c0/0x710 [ 250.016935][T12116] ? bpf_jit_dump+0xd0/0xd0 [ 250.021442][T12116] ? _raw_spin_unlock_irqrestore+0xa9/0x110 [ 250.027336][T12116] ? _raw_spin_unlock_irqrestore+0xae/0x110 [ 250.033228][T12116] ? _raw_spin_unlock+0x40/0x40 [ 250.038075][T12116] ? print_memory_metadata+0x314/0x400 [ 250.043525][T12116] ? xfrm_alloc_spi+0x598/0x11f0 [ 250.048453][T12116] check_panic_on_warn+0x84/0xa0 [ 250.053381][T12116] ? xfrm_alloc_spi+0x598/0x11f0 [ 250.058305][T12116] end_report+0x6f/0x140 [ 250.062536][T12116] kasan_report+0x128/0x150 [ 250.067025][T12116] ? xfrm_alloc_spi+0x598/0x11f0 [ 250.071949][T12116] xfrm_alloc_spi+0x598/0x11f0 [ 250.076705][T12116] ? xfrm_alloc_spi+0x2a1/0x11f0 [ 250.081630][T12116] ? verify_spi_info+0x120/0x120 [ 250.086607][T12116] ? xfrm_find_acq+0x79/0x90 [ 250.091187][T12116] xfrm_alloc_userspi+0x5d1/0xa90 [ 250.096213][T12116] ? end_current_label_crit_section+0x170/0x170 [ 250.102444][T12116] ? apparmor_capable+0x137/0x1a0 [ 250.107454][T12116] ? xfrm_dump_policy_done+0x90/0x90 [ 250.112739][T12116] ? __nla_parse+0x40/0x50 [ 250.117148][T12116] xfrm_user_rcv_msg+0x596/0x870 [ 250.122073][T12116] ? lockdep_hardirqs_on+0x98/0x150 [ 250.127272][T12116] ? xfrm_netlink_rcv+0x90/0x90 [ 250.132113][T12116] ? __local_bh_enable_ip+0x12e/0x1c0 [ 250.137477][T12116] ? __dev_queue_xmit+0x245/0x35a0 [ 250.142575][T12116] ? __mutex_trylock_common+0x153/0x250 [ 250.148116][T12116] netlink_rcv_skb+0x216/0x480 [ 250.152899][T12116] ? xfrm_netlink_rcv+0x90/0x90 [ 250.157754][T12116] ? netlink_ack+0x1110/0x1110 [ 250.162512][T12116] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.167711][T12116] ? __lock_acquire+0x7c80/0x7c80 [ 250.172757][T12116] xfrm_netlink_rcv+0x79/0x90 [ 250.177429][T12116] netlink_unicast+0x751/0x8d0 [ 250.182181][T12116] netlink_sendmsg+0x8c1/0xbe0 [ 250.187371][T12116] ? netlink_getsockopt+0x580/0x580 [ 250.192558][T12116] ? aa_sock_msg_perm+0x94/0x150 [ 250.197484][T12116] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 250.202846][T12116] ? security_socket_sendmsg+0x80/0xa0 [ 250.208290][T12116] ? netlink_getsockopt+0x580/0x580 [ 250.213476][T12116] ____sys_sendmsg+0x5bf/0x950 [ 250.218409][T12116] ? __asan_memset+0x22/0x40 [ 250.222987][T12116] ? __sys_sendmsg_sock+0x30/0x30 [ 250.228008][T12116] ? __import_iovec+0x5f2/0x860 [ 250.232856][T12116] ? import_iovec+0x73/0xa0 [ 250.237415][T12116] ___sys_sendmsg+0x220/0x290 [ 250.242088][T12116] ? __sys_sendmsg+0x270/0x270 [ 250.246866][T12116] __se_sys_sendmsg+0x1a5/0x270 [ 250.251736][T12116] ? __x64_sys_sendmsg+0x80/0x80 [ 250.256679][T12116] ? lockdep_hardirqs_on+0x98/0x150 [ 250.261888][T12116] do_syscall_64+0x55/0xb0 [ 250.266294][T12116] ? clear_bhb_loop+0x40/0x90 [ 250.270966][T12116] ? clear_bhb_loop+0x40/0x90 [ 250.275630][T12116] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 250.281516][T12116] RIP: 0033:0x7fc55d58ebe9 [ 250.285920][T12116] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.305536][T12116] RSP: 002b:00007fc55e395038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.313936][T12116] RAX: ffffffffffffffda RBX: 00007fc55d7b5fa0 RCX: 00007fc55d58ebe9 [ 250.321982][T12116] RDX: 0000000024000014 RSI: 0000200000000200 RDI: 0000000000000003 [ 250.329938][T12116] RBP: 00007fc55d611e19 R08: 0000000000000000 R09: 0000000000000000 [ 250.337964][T12116] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 250.345926][T12116] R13: 00007fc55d7b6038 R14: 00007fc55d7b5fa0 R15: 00007ffc1c4941b8 [ 250.353928][T12116] [ 250.357189][T12116] Kernel Offset: disabled [ 250.361512][T12116] Rebooting in 86400 seconds..