last executing test programs: 1.911579854s ago: executing program 3 (id=3124): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000009c0)=@newchain={0x24, 0x1e, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x4, 0xd}, {0x4}}}, 0x24}}, 0x44004) 1.691703706s ago: executing program 3 (id=3129): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000007940)={0x0, 0x0, &(0x7f0000007900)={&(0x7f0000000680)=@newtaction={0x180, 0x30, 0x216822a75a8bdd29, 0xffe4, 0x0, {}, [{0x16c, 0x1, [@m_connmark={0x50, 0x2, 0x0, 0x0, {{0xd}, {0x20, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0xd, 0x5, 0x0, 0x3}, 0x8}}]}, {0xfffffdd6}, {0xc}, {0xc}}}, @m_ct={0x44, 0x1, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc}}}, @m_gact={0xd4, 0x3, 0x0, 0x0, {{0x9}, {0xfffffe23, 0x2, 0x0, 0x1, [@TCA_GACT_PROB={0x0, 0x3, {0x2, 0xea3, 0x6}}, @TCA_GACT_PROB={0xc, 0x3, {0x0, 0x1d28}}, @TCA_GACT_PARMS={0x18, 0x2, {0xb66, 0xb3, 0x10000000, 0x34e, 0xffff}}, @TCA_GACT_PARMS={0x18, 0x2, {0x7ff, 0xd8, 0x0, 0x9, 0x100000e0}}]}, {0x52, 0x6, "a06b1d1931f3579c6d7c5159238a286074602c3726c701f3c0d5382de62a6e8c4fb714fcd674c66cd306a4f78d3d05530609c9b04b7483bd084d70df8e77e6fbd503917aa0a6c737cef0ed021b60"}, {0xc}, {0x1, 0x8, {0x2, 0x2}}}}]}]}, 0x180}}, 0x0) 1.227904314s ago: executing program 3 (id=3138): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000000)={'ip_vti0\x00', &(0x7f0000000400)={'sit0\x00', 0x0, 0x0, 0x0, 0x7, 0x2, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @empty, @empty}}}}) 1.201339546s ago: executing program 3 (id=3140): r0 = syz_open_procfs(0x0, &(0x7f0000000000)='mounts\x00') lseek(r0, 0x4f, 0x0) 1.07325693s ago: executing program 3 (id=3142): r0 = syz_io_uring_setup(0x1098, &(0x7f0000000480)={0x0, 0x0, 0x1, 0x0, 0x2ec}, &(0x7f0000000080), &(0x7f0000000040)) io_uring_enter(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 1.007884376s ago: executing program 4 (id=3143): r0 = socket$inet_sctp(0x2, 0x5, 0x84) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000100)={'syz_tun\x00', &(0x7f00000000c0)=@ethtool_cmd={0x4b, 0x38, 0xa8fe, 0x6, 0x9, 0x5, 0x2, 0x0, 0x3, 0x4c, 0x0, 0x4, 0x0, 0xe, 0x81, 0x3c4f, [0x9, 0xfffffff7]}}) 923.979935ms ago: executing program 3 (id=3145): syz_mount_image$reiserfs(&(0x7f0000000540), &(0x7f0000000140)='./file0\x00', 0x10, &(0x7f00000001c0), 0x0, 0x1119, &(0x7f0000003600)="$eJzs2b9qFUEUB+Df7F5NupW1XwJaWEhIuD6AKRRua6uNSEAwVS4Iiq/hG/gWvoKmsg/ptQhYCis3e9f8IaCSG0H4Ptids2dn9uyUMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYmCRfS3K7StoxVyUpSdcdzI6SdGP+1qe6SsmT3dn80f708TxJfdK9PE02TrqUJO32nfV22k7b7fbBw527n+dv3r56vre3u7/8TEmXw+OVzqKMt/psrqy0BgAAAPy3+itr8v71n1S6eU31AQAAgN9Z9X4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwN/qm9O4HYMqSUm67mB2lKS7ZNyNf/R/AAAAwNWVVHnWXJYftgFO3c+XpvzKL9rvZRFv5UNzYSAAAABwzsuP5x77tWVw9nz9Rz9YrLvvZTKsy9eHdxuZZHNziJdNvu0kdZKtC7UOj9+9GK/S18na9cwJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfrIDByQAAAAAgv6/bkegAAAAAAAAAAAAAAAAAAAAAAAAAAAXBQAA//+XOeFM") lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, 0x0, 0x3) 847.905543ms ago: executing program 4 (id=3147): r0 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r0, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x7f, 0x20203843, 0x0, [0x2], [0x800]}) 774.97317ms ago: executing program 1 (id=3149): socket$tipc(0x1e, 0x5, 0x0) close(0x3) 727.966425ms ago: executing program 4 (id=3150): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e22, @loopback}], 0x41) 639.733284ms ago: executing program 4 (id=3152): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x18, 0x52, 0x1, 0x0, 0x0, {0xa}, [@generic="f0"]}, 0x18}}, 0x0) 625.659616ms ago: executing program 1 (id=3153): r0 = syz_open_dev$vim2m(&(0x7f0000000140), 0x10002, 0x2) ioctl$vim2m_VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000240)={0xf0f048, 0x100000}) 571.808481ms ago: executing program 2 (id=3154): r0 = syz_open_dev$vbi(&(0x7f0000002800), 0x0, 0x2) ioctl$VIDIOC_QUERYBUF_DMABUF(r0, 0xc0585609, &(0x7f0000000100)={0x5, 0x4, 0x4, 0x1000, 0x7, {0x0, 0xea60}, {0x2, 0x0, 0x2, 0x6, 0x3, 0xff, "47e0ec4f"}, 0x1ff, 0x4, {}, 0x474}) 571.645061ms ago: executing program 0 (id=3155): r0 = socket$l2tp6(0xa, 0x2, 0x73) sendto$inet6(r0, 0x0, 0x2c, 0x4004800, &(0x7f0000000180)={0xa, 0x4e22, 0x10003, @mcast2={0xff, 0x5}, 0xfffffffc}, 0x1c) 522.265016ms ago: executing program 1 (id=3156): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x1b, &(0x7f0000000180)=0xc, 0x4) 502.495888ms ago: executing program 0 (id=3157): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$FUSE_NOTIFY_STORE(r0, &(0x7f0000000100)={0x28}, 0x28) 447.950434ms ago: executing program 2 (id=3158): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x890c, 0x0) 447.596754ms ago: executing program 4 (id=3159): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xa, 0x6, 0x56d, 0x7}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000200), &(0x7f00000004c0), 0x1000, r0}, 0x38) 415.685427ms ago: executing program 2 (id=3160): r0 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r0, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x110, 0xd, {0x0, @loopback=0x7f000300, @private=0xa010100}}}], 0x20}, 0x0) 406.419318ms ago: executing program 1 (id=3161): r0 = syz_open_dev$sndpcmc(&(0x7f0000004240), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_STATUS64(r0, 0x40084146, &(0x7f0000000080)) 351.631034ms ago: executing program 0 (id=3162): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000600)=@filter={'filter\x00', 0xc, 0x4, 0x268, 0xffffffff, 0x130, 0x0, 0x98, 0x98, 0xffffffff, 0x1d0, 0x98, 0x1d0, 0x98, 0x4, 0x0, {[{{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xffffffffffffffff}}, {{@ip={@local, @broadcast, 0x0, 0x0, 'ip6tnl0\x00', 'hsr0\x00'}, 0x0, 0x70, 0xa0}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2c8) 329.055226ms ago: executing program 0 (id=3163): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@dellink={0x34, 0x11, 0x1, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x400, 0x41000}, [@IFLA_ALT_IFNAME={0x14, 0x35, 'sit0\x00'}]}, 0x34}}, 0x44000) 328.899406ms ago: executing program 1 (id=3164): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0x5, &(0x7f0000000440)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x50}, @call={0x85, 0x0, 0x0, 0x5}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) 301.240719ms ago: executing program 2 (id=3165): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4005, &(0x7f0000000c00)=0xc, 0x6, 0x2) 171.819172ms ago: executing program 4 (id=3166): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="30000000180005082abd7000f9dbf2250a140000fd00ff010010000014000500ff"], 0x30}, 0x1, 0x0, 0x0, 0xcdb281c6bf6ca511}, 0x4000) 171.536802ms ago: executing program 0 (id=3167): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_INPUT(r0, &(0x7f0000002800)={0xc, {"8f2b8b71f071378505516f44879315d20f7a0508eed827fa6d3776a8ad2e8ac1b4e77b4cf8ef894ca3cf2dd79343bf47a6e49cbec30899345ccf3dc7ab954c77f18cee87f2413ea25ca9b5b2dacd4838f77445d662be02f669a97c3786b245c6d7371e5da8fd779dd3660823ae2f222b4328cfd5983b129955444ffa57c23637e7e45e680dc0dae016a5005d1635aa8d6536da6fc90c434b869881fd76713bc31d4b1ccb6fa02eec688175f2e7282de029e8c7f32da3281c0a3f2fce4334e5d0b2a91f2dcc398c191e24b95798de7138065b06a599b4af56abfab368eef37cde18ab7815d732f2a55928a769df16e06bcb907f289cd54a60b68ee0657c71d0288f14bb8599ac4c8e315241810998a475e4df852483074d5dc16922f280e5840ff4dede9ed5557718b03d6a6863279cd00c84c398a79b0a564cca7dba22ba5ef0a22a70b193fbcdf0e92face4df6a8f7a7a520a7b499a0878e4995bddab5602e96a5b580bbf22e92114152489af5749b562889bf2747877f40dd2aae02b86dd48bcf59f7020e85f4f95b7bb3ba154aa221475768072781af7ff6c471284ee2244c75414f0bd66829d436b2958c3e7b0971a51a640ac6fa4192d2c7c8aa027484fe3a7823b924079e4afe63a3ca1e710f921db2002afec440aa2422529091fd5a59885fd71b84201909d51d54f6e987a63990dc83459c2c63cfe52c970d760d7201ba80a2c36fca29a3d985109a5c049ec4df1e05783a6c15d0ce416cb81356382d961a99ece8ee4fd82a51a59eb3676a3edd24c57099681b4d928bd7e6340af57a9d89b008bcb793c5a510dfe1455e4a0533abb5faca4bfe065999f103b14fe1fa505c4fbed80200dc953dde370c12911636f6347e3e71c56588abdd2b73a18fe9dddd493e2fdc41ac33aaa3d23ebce832c59b46378b91dbb1ed27f66d1edcc9caf02fc68c1b11b76a1b41f22dfcc261ab80c2a76aec05deb47bfa3b00a09ad88ce38af4f3e240c777f35502abac2528b78b37c1b77a4dace28fee192ffd81ef8de7f442ec38acd5aafa3a03c5fb3ad3bdc73f4c77dfc8d87291e4e4cc0aa5b97aeb6d838d487af2ebd7444b09805410109e29b38d05f18acda6c66953d8b91fc966c1eac9010c0e082c53bafa9f36e69dde00742527de48ff8350e094c68148f4f66e72489fc3cdadd81929d9544ac7be8280137d5d62c30ca3ab68a6fe47e74b40ebf550bf833f033a61aa8a8df8ae3fe2b2a47023adde177eb465ec9f5d11df0420d399c5bffcd94c2f320fa530a258261767b2eec5411e440f5cdf781dc71ae9c0a485f46aa06ebcbb75ed1606746eeb97e4503ca29ff10fd92ca79e2b690751117e99997e171016b49520854bf0f106a2b23c7b519194a29167cb1970a0f8117239c04d6f36f86e33982e6aafb326d54ffb6a7de82cdc6f7b6242a82f7748ff063b12d009ad1f352771233704275e954f685a778a0dc5b39fee5d8e05425a88c1e2d784943c79315a9087d4e84b2d7b76fce99d41a6222a8ef45cf7f9906efdb51c084540e81e0cd857da1c6cbae9c189a41e74f383a2da6f169fd6d64c723f3553833777169c81c445c4bb9d1cb65946543fbcd563fd549729cde0c616344a8c9f8d5e7386087924431943f98bef03d9917cf1d0fd9f652405761a9abb4fe1d620247a828af62f13f0922dc2230ab69fbb6ed1e260f9f8adcf273cf7f0d4cb2b46bc523d8f352eee0038ca2f31900d958fbd0b6ee3afbbe3e008c21525cede4fd0d218bcfdc54f46739677f1b3668367b9c5621911242054a0a6fb247aa3569bdc168c2552381e61995f1509cb080b96711728bece1909603821be0f911ae99a334a9b4f02012ab63b9a72b6ccdd825a795d253186cc574a7a9e09b4663311be53358672fc905c3e44ef87cba7579e3a2cfbc12dc37a02f194527fd5e7a6475506fc8967ef5ae7257896f3f6e6daabf2b26974b244cd62eb281e8dcb567388441f653bbadd90511f91b8f4c763f434ceb1c76b9773096969b919aa9cee825d76122130bf8ec5b88efd69b0d2593ddff5537d873d8f3ea197cafeda151d63e6bbe07af200e5ab6ba3384d2fdb37e3877f9b7a6a3054fde994da9f85dc0e45b0d12f456d08383fdeedf38549746d4be64602cfa769db31d49c25fbb44f0c9d3737edae200277dddf9641b6bd7f83563b4afc08b91c1652014b19377a7e112c198a300a853fced4dd9e80bd6daf0097bdabd6ae9c2ce3a4a28271451b23beee5fcc1ac6bc5c39e50fff68d54dcceb3b731d28d11db34f6c0bce80ed0f0f04a65dc95d0cf56e3cf8a17424db66a7348ce5bfaf7e76972d92fad57306ac46416f9c8eda46fda13b76180362fcf6d8e8d1ea853dbca6d1ed081f556c89a2853651b950c7070853b58fe1b133d5866576b01bf1848724b4525934cf2ed4300d54886333788af4adda1102e76c768be6db76ba4aebad40660e4a3285711913461f727016fce9ede048de223cbe1e8911cb021f425e11166aa79d63e4541e2ff4b45f22066a8d4222500a55d52e53cdd749c32cf2a6bf80910c708b9ecd7ebebe445e8182075e36384145401173d366bc1e1ec199474b7978ef7ac8bda752c2837deee78e8dff6b99f222fb1628f946ce9a424609818cdfdd805a49a0a66409b86041d74f23a5066feb6dcda51da5f6da07104cdee075bbc3774658d995e2eaf7b21e2728fa4acd88a84859267ff5bd7913d3ca15dbff78847d92b092917cb16d0c0a904dbac42fa36249465434f44559ecc48be65c8824cbddc8718603b3ab7e0bbe1512ee1def041f498ebd6612db16d7f08b259ced4d396b4cfc2af5ea31e26a53bad9a017582df66f59d44e75e0774a543121de688160f9a237db4658ab7794188831738ed0a530502c514e14f0793294447583f1cad150f1a210c40868db4b208f1d6d98b0763c6823b3ebfd59e6a1cbce2cfc619e9b363aea1aa0f9af6501defff0deb453b1a8be68bc32e0c72fcf6424ea5e255946dbc6cf2111dd38536bc17a23a7b19f57ab5ff09b6753d38d1eab8cd357ecc11cb1fca8d6ec9824180610aa8ce975b58a9844e4e996f381fb8f7fc9fdd79677a12d4adada7b8b297c5763afe4ec885ba2697d922967df49aca88f17c91ed8776f0f7e07c74143f359f04a9de8e351e661c48f3ca6516a5ad00af16db49164b51c970a2ef1b402591c86747f557c8a9e88bf73406f27fcc31ac444e8f88656f9452605b4b65de0fb16c8f3a50828e6cc46e0db536bb0dcbe2237a01a1cc8984332fe751f4b357e1244f1a5c7cd00789f94e253e90e874fff344010000000000000007efd94dcff33696911e2cb16ea51d769686798293a0b6a7711214e01f52efb4f0c92ccda62d58b8ef17a9f67a057b941219bfd74dfa4722698c420e328429bd836fece1a261217eb902d84319e151262020e1cba43543226c7b9f1c852ee94f551028c4c59770fda76fe47fd333069c42860f3c3b259b3bead7d2161bc55dc0cb32e388d6197a9fe8fde4b7e153852dccd23256d482e0a7a3d197e5eaf156da82d68d2893c620cfe221a680f5eed5d64e0309ef7718b6cf0409a4b44f50f0c1b7005e1ebe959cf255482a3bcb5fa6b8e6c59f9aa933ae7db54da01805da29a0f6251571f5c4ac9d04cc2f82ab79c627c7d32856e0084fa357ccb54aa5db1fad1ee8eeef8c93259980ccf2b9212ebf52e0a433c0abd768dbdaa43b133a84b4b899133bde0d4b1af72ff5294dce29a6f5b7b6dd0d1cadc182fc366fe813271b8bae3426ff5edaaefa2a5a631c9a39e8f03fbeadabb641cb3e3a9cd29f5c0295b4d4c1cbf0659b8561126c888b62c0497436e1d457d13894673ff615c7d567a0c30935972c10c05b58538d114e30114013c0d4e859c60fea6557b5326283f31fa5f75a41fcd8150242b24c9f2f41429ada28d06ffc60b37f18cb82fe20e76f01a983fbaac1a10fdd2d0902586d3a0a77889bd997dc12586024e4d2d917c242509d99633ab3dadfd3b22793dcd5376bf77194c08b2c16a3c45bb4e01546cefc4336c9b7ef697b72d0b7eb4d247ef48e6617e225db6dbbbe3f6ae80f555828b5801fae2c0912d05c44f7162a27c97ffef3c26dcfcf48aaef6e95f9d0c1b3d101598d47ab6a34ef41fddbde780777710c7641c93f1d9bff511fce51e2050efc8624efe0180c7d9fedd75d5c674d40457a792b3b4d445e911c42f773264ca8dd51753a3e63ae7a852af0837ee8ed8fcc50fcb3ddc80ce52757e3c4e4959b44d25acec382acb68bbae88ea46730f84b44d51a3fc5d925e5311c376fbd5168255d2a92f0ea51943494d1b02688b001d153ed0c44309338e6e73c4ac805dc19733398ca43ba7e626ef58df84821c889bb6a486f1c70cbb90e35ba867783bf79c7c68d45794821e81ff33773a77c5b600b35a3d2923ad3a666813242d5c1900273cfe5501d184044990357b095b2134b20b8ce6e67e54dc6b3457edafa45b6432ca4a99fe9e78341c50d568d736129536c2c972921606f024b3c3ee555a894c3ad5291ba9529b72ea92e25eba09a449b263dbbd9059413d8b75507c9b201977a87c5f932123f772c51aaab1472ec9d731bd183472cf11b71cb2746acecbaeed100b7e7dbabe703c86ac0d5520d1e47b1367dbb4a0d8230576ccc8626c94039d0554eda8aef0091ca8b81b77d4adb45dccbe5a79fc9d1bfa8666c2938f01c9d77d639f4b11679c8c048a742949d55162a498573ab8b17a3d7297edff24ffd542b0dae89ed6777b1c7922338fd38c323eeba0a61676e49b71e49d272503e297a7c477b364d568ee59448755f604bd719fd3c7d466debf7af1d57f2637c94678c2a0d62086c07cb1f01a1931830018d218c7a979b1b33a972b05868d1b24253776f21696fcef3d850d87ebd0df5d0a2cc12b83bb9a89dbb0525e9676e8fd3b0f09cc4dcbedb87319d25a81399fedfdd2861fa86b8bb9fe20ebfd74118410d42ae50451c2a118ed85b4f600c24218a65c265430c2d28a5ea059ec7bcdfa4a4f02456adbca2aa2b268eaef75aa4e382308e7a15cfc705c53d44ef5ba7c3aef17028eeba1d5be1dd2c80392d905cacb7d9092c442736a78ede86ade7a08a077932f15bfda354372e37ce2e92110c835a80f69f6fe2c8c9b3409c97f9ae5ba7ba8a2c484ce59c5152c0deebb31a8298d8ef2b4cd035887a7deac6cc7b85c0276528f18d30d4488a28695a1e12e4eaab9e5df1479556d225ddd2852e365b1a90b4c107e85207dd1563549191a390db792e9eb483a4c43b0208c67fb659b000e2b660a43fe19d8bd7c0ddff9f2841180342e6fb1054934a26c1d4f8516b27ee944396205506a325a1a32323d4cd2ecf8ca236961a7ddc454c72fddaa78c9ff179c91f296fb8d4c7c3525c18aecdeda77f3fe88c4a936996a83e3efe4603fe2357e51aaa163f0e01d9453c69969a07bb359b8fe443bf3e6488d2f89e4c61743c4967a5aa09e32c03e18f91a6f06dbdf29825c1e427d9b8ee61ba5f8f3afa1937d5c494504bee496cb7c9440a2718b02ca5830067f72ef384652312694558dc5372b475670286c4e69ef446aa0f73be195e7d7c523b12a480d3a2cb41839cf2d73aa9f288fef61f44399c8f9a17516f595353d7afc1f2b36f4c5e1a73da6315e01aa2a91bfbfedb129290ee5bc72cb8114bbad05ee1bd280b76cf70fa56918cbdad6bce1109735cff51f1e1d599e58457f02265229beda2be584a16d37b3c9ee011df1aa5b883edab3824c2d558649a95c21c95", 0x1000}}, 0x1006) 167.391873ms ago: executing program 2 (id=3168): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f0000000380)=@raw={'raw\x00', 0x2, 0x3, 0x290, 0xb, 0x0, 0xf0, 0xf8, 0xf0, 0x1f8, 0x1f8, 0x1f8, 0x1f8, 0x1f8, 0x3, 0x0, {[{{@ip={@multicast1, @multicast1, 0x0, 0x0, 'ip6gretap0\x00', 'syzkaller1\x00', {}, {}, 0x11}, 0xb000000, 0xd8, 0xf8, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x8}}, @common=@unspec=@quota={{0x38}}]}, @unspec=@NOTRACK={0x20}}, {{@uncond, 0x0, 0x98, 0x100, 0x0, {}, [@common=@ttl={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, 'netbios-ns\x00', 'syz0\x00'}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2f0) 84.964561ms ago: executing program 1 (id=3169): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) fgetxattr(r0, &(0x7f0000000400)=@random={'btrfs.', '\'+\x00'}, 0x0, 0x0) 70.775852ms ago: executing program 2 (id=3170): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8932, &(0x7f0000000900)={'wlan1\x00', @local}) 0s ago: executing program 0 (id=3171): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002400)={0x18, 0x3c, 0x107, 0x0, 0x4000, {0x1, 0x7c}, [@nested={0x4, 0xfc}]}, 0x18}, 0x1, 0x0, 0x0, 0xc000}, 0xc010) kernel console output (not intermixed with test programs): inode hash code 20 [ 144.749718][ T8363] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1863: Corrupt directory, running e2fsck is recommended [ 144.820467][ T8363] EXT4-fs warning (device loop2): dx_probe:833: inode #2: comm syz.2.1863: Unrecognised inode hash code 20 [ 144.839695][ T8363] EXT4-fs warning (device loop2): dx_probe:966: inode #2: comm syz.2.1863: Corrupt directory, running e2fsck is recommended [ 144.875320][ T8368] NILFS error (device loop0): nilfs_check_page: bad entry in directory #2: unaligned directory entry - offset=32, inode=11, rec_len=151, name_len=6 [ 144.918469][ T8368] Remounting filesystem read-only [ 145.059755][ T5172] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 145.068818][ T5172] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.087525][ T5172] usb 2-1: Product: syz [ 145.092794][ T5172] usb 2-1: Manufacturer: syz [ 145.097549][ T5172] usb 2-1: SerialNumber: syz [ 145.156178][ T5172] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 145.309604][ T6241] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 145.343433][ T8407] loop2: detected capacity change from 0 to 256 [ 145.434065][ T8415] 9pnet: p9_fd_create_unix (8415): address too long: ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 145.498172][ T8407] FAT-fs (loop2): Directory bread(block 64) failed [ 145.526341][ T8407] FAT-fs (loop2): Directory bread(block 65) failed [ 145.535527][ T8407] FAT-fs (loop2): Directory bread(block 66) failed [ 145.548802][ T8407] FAT-fs (loop2): Directory bread(block 67) failed [ 145.558018][ T8407] FAT-fs (loop2): Directory bread(block 68) failed [ 145.580532][ T8407] FAT-fs (loop2): Directory bread(block 69) failed [ 145.602976][ T8407] FAT-fs (loop2): Directory bread(block 70) failed [ 145.614891][ T8407] FAT-fs (loop2): Directory bread(block 71) failed [ 145.615378][ T6241] usb 4-1: Using ep0 maxpacket: 8 [ 145.624296][ T8407] FAT-fs (loop2): Directory bread(block 72) failed [ 145.665200][ T8407] FAT-fs (loop2): Directory bread(block 73) failed [ 145.753517][ T6241] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 145.759606][ T5172] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 145.769591][ T6241] usb 4-1: config 179 has no interface number 0 [ 145.797455][ T6241] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 145.832941][ T6241] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 145.860689][ T6241] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 145.872818][ T6241] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 145.891689][ T6241] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 145.921208][ T6241] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 145.944807][ T6241] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.990447][ T8392] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 146.212981][ T4205] usb 2-1: USB disconnect, device number 14 [ 146.306333][ T8454] ALSA: mixer_oss: invalid OSS volume 'u' [ 146.323939][ T8457] MTD: Attempt to mount non-MTD device "/dev/nullb0" [ 146.343174][ T8457] VFS: Can't find a romfs filesystem on dev nullb0. [ 146.343174][ T8457] [ 146.459040][ T8463] MTD: Couldn't look up '': -22 [ 146.513293][ T6241] usb 4-1: USB disconnect, device number 9 [ 146.519606][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 146.527904][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 146.529668][ T8470] loop4: detected capacity change from 0 to 16 [ 146.619860][ T8470] erofs: (device loop4): mounted with root inode @ nid 36. [ 146.709089][ T8475] netlink: 'syz.2.1917': attribute type 4 has an invalid length. [ 146.876772][ T5172] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 146.909595][ T5172] ath9k_htc: Failed to initialize the device [ 146.916060][ T4205] usb 2-1: ath9k_htc: USB layer deinitialized [ 147.134745][ T8499] device bond_slave_0 entered promiscuous mode [ 147.141486][ T8499] device bond_slave_1 entered promiscuous mode [ 147.210598][ T8467] loop0: detected capacity change from 0 to 40427 [ 147.262770][ T8506] loop4: detected capacity change from 0 to 512 [ 147.264410][ T8467] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 147.297337][ T8467] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 147.314887][ T8467] F2FS-fs (loop0): invalid crc value [ 147.407857][ T8467] F2FS-fs (loop0): Found nat_bits in checkpoint [ 147.415344][ T8506] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 147.503456][ T8506] ext4 filesystem being mounted at /336/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 147.644965][ T8506] EXT4-fs error (device loop4): ext4_empty_dir:3145: inode #12: block 32: comm syz.4.1932: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=12, rec_len=106, size=2048 fake=1 [ 147.704045][ T8467] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 147.719974][ T8506] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz.4.1932: directory missing '.' [ 147.733323][ T8467] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 147.930759][ T8510] loop2: detected capacity change from 0 to 32768 [ 147.968200][ T8537] loop4: detected capacity change from 0 to 256 [ 148.000956][ T8510] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 148.009139][ T8510] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 148.017805][ T8537] exfat: Deprecated parameter 'namecase' [ 148.025556][ T8510] gfs2: fsid=syz:syz.0: journal 0 mapped with 23 extents in 0ms [ 148.036261][ T8537] exfat: Deprecated parameter 'utf8' [ 148.089986][ T8537] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 148.100490][ T4294] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 148.117945][ T4294] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 148.214069][ T4294] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 96ms [ 148.222528][ T4294] gfs2: fsid=syz:syz.0: jid=0: Done [ 148.229945][ T8510] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 148.395063][ T8545] loop1: detected capacity change from 0 to 2048 [ 148.416299][ T8547] __nla_validate_parse: 49 callbacks suppressed [ 148.416316][ T8547] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1948'. [ 148.551851][ T8545] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 148.610483][ T8510] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 148.610483][ T8510] bh = 2049 (type: exp=14, found=8) [ 148.610483][ T8510] function = gfs2_quota_init, file = fs/gfs2/quota.c, line = 1406 [ 148.739547][ T8510] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 148.809869][ T8510] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 148.849623][ T8510] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 148.864886][ T8510] gfs2: fsid=syz:syz.0: File system withdrawn [ 148.904754][ T8510] CPU: 0 PID: 8510 Comm: syz.2.1935 Not tainted syzkaller #0 [ 148.912147][ T8510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 148.922219][ T8510] Call Trace: [ 148.925498][ T8510] [ 148.928436][ T8510] dump_stack_lvl+0x168/0x230 [ 148.933141][ T8510] ? kobject_uevent_env+0x371/0x890 [ 148.938345][ T8510] ? show_regs_print_info+0x20/0x20 [ 148.943555][ T8510] ? load_image+0x3b0/0x3b0 [ 148.948073][ T8510] ? kobject_uevent_env+0x371/0x890 [ 148.953296][ T8510] gfs2_withdraw+0x111b/0x1460 [ 148.958079][ T8510] ? gfs2_lm+0x220/0x220 [ 148.962333][ T8510] ? gfs2_meta_ra+0x413/0x4d0 [ 148.967019][ T8510] ? gfs2_meta_buffer+0x310/0x310 [ 148.972052][ T8510] ? from_kuid_munged+0x690/0x690 [ 148.977084][ T8510] gfs2_metatype_check_ii+0x74/0x90 [ 148.982378][ T8510] gfs2_quota_init+0xc81/0xe80 [ 148.987163][ T8510] ? qd_get+0x5f0/0x5f0 [ 148.991335][ T8510] gfs2_make_fs_rw+0x3f5/0x560 [ 148.996102][ T8510] ? _raw_spin_unlock+0x24/0x40 [ 149.000955][ T8510] ? gfs2_glock_nq+0xcb0/0x1550 [ 149.005815][ T8510] ? gfs2_jdesc_check+0x290/0x290 [ 149.007716][ T8543] loop4: detected capacity change from 0 to 32768 [ 149.010846][ T8510] gfs2_reconfigure+0x771/0xcd0 [ 149.010917][ T8510] ? gfs2_get_tree+0x1e0/0x1e0 [ 149.026880][ T8510] ? gfs2_freeze_lock+0x52/0xc0 [ 149.031742][ T8510] ? __might_sleep+0xf0/0xf0 [ 149.036335][ T8510] ? hook_sb_remount+0x19/0xc0 [ 149.041092][ T8510] reconfigure_super+0x219/0x880 [ 149.046028][ T8510] path_mount+0xd3e/0x1020 [ 149.050439][ T8510] ? user_path_at_empty+0x13e/0x190 [ 149.055630][ T8510] __se_sys_mount+0x2d6/0x3c0 [ 149.060302][ T8510] ? __x64_sys_mount+0xc0/0xc0 [ 149.065054][ T8510] ? lockdep_hardirqs_on+0x94/0x140 [ 149.070237][ T8510] ? __x64_sys_mount+0x1c/0xc0 [ 149.074992][ T8510] do_syscall_64+0x4c/0xa0 [ 149.079391][ T8510] ? clear_bhb_loop+0x30/0x80 [ 149.084060][ T8510] ? clear_bhb_loop+0x30/0x80 [ 149.088724][ T8510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 149.094608][ T8510] RIP: 0033:0x7f8099aef6c9 [ 149.099007][ T8510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.118595][ T8510] RSP: 002b:00007f8097d56038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 149.126996][ T8510] RAX: ffffffffffffffda RBX: 00007f8099d45fa0 RCX: 00007f8099aef6c9 [ 149.134955][ T8510] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 149.142917][ T8510] RBP: 00007f8099b71f91 R08: 0000000000000000 R09: 0000000000000000 [ 149.150875][ T8510] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 149.158837][ T8510] R13: 00007f8099d46038 R14: 00007f8099d45fa0 R15: 00007ffc3669beb8 [ 149.166811][ T8510] [ 149.169831][ C0] vkms_vblank_simulate: vblank timer overrun [ 149.314718][ T8510] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 [ 149.334344][ T8510] CPU: 1 PID: 8510 Comm: syz.2.1935 Not tainted syzkaller #0 [ 149.341736][ T8510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 149.351794][ T8510] Call Trace: [ 149.355073][ T8510] [ 149.358016][ T8510] dump_stack_lvl+0x168/0x230 [ 149.362707][ T8510] ? show_regs_print_info+0x20/0x20 [ 149.367928][ T8510] ? load_image+0x3b0/0x3b0 [ 149.372444][ T8510] ? __lock_acquire+0x7c60/0x7c60 [ 149.377484][ T8510] ? do_raw_spin_unlock+0x11d/0x230 [ 149.382697][ T8510] gfs2_assert_warn_i+0x18f/0x2c0 [ 149.387737][ T8510] gfs2_quota_cleanup+0x4b4/0x6a0 [ 149.392783][ T8510] gfs2_quota_init+0xd2a/0xe80 [ 149.397566][ T8510] ? qd_get+0x5f0/0x5f0 [ 149.397788][ T8543] XFS (loop4): Mounting V5 filesystem in no-recovery mode. Filesystem will be inconsistent. [ 149.401734][ T8510] gfs2_make_fs_rw+0x3f5/0x560 [ 149.401754][ T8510] ? _raw_spin_unlock+0x24/0x40 [ 149.421357][ T8510] ? gfs2_glock_nq+0xcb0/0x1550 [ 149.426214][ T8510] ? gfs2_jdesc_check+0x290/0x290 [ 149.431252][ T8510] gfs2_reconfigure+0x771/0xcd0 [ 149.436137][ T8510] ? gfs2_get_tree+0x1e0/0x1e0 [ 149.440913][ T8510] ? gfs2_freeze_lock+0x52/0xc0 [ 149.445773][ T8510] ? __might_sleep+0xf0/0xf0 [ 149.450369][ T8510] ? hook_sb_remount+0x19/0xc0 [ 149.455141][ T8510] reconfigure_super+0x219/0x880 [ 149.460092][ T8510] path_mount+0xd3e/0x1020 [ 149.464522][ T8510] ? user_path_at_empty+0x13e/0x190 [ 149.469725][ T8510] __se_sys_mount+0x2d6/0x3c0 [ 149.474419][ T8510] ? __x64_sys_mount+0xc0/0xc0 [ 149.479191][ T8510] ? lockdep_hardirqs_on+0x94/0x140 [ 149.484397][ T8510] ? __x64_sys_mount+0x1c/0xc0 [ 149.489169][ T8510] do_syscall_64+0x4c/0xa0 [ 149.493590][ T8510] ? clear_bhb_loop+0x30/0x80 [ 149.498286][ T8510] ? clear_bhb_loop+0x30/0x80 [ 149.502986][ T8510] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 149.508888][ T8510] RIP: 0033:0x7f8099aef6c9 [ 149.513286][ T8510] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 149.532869][ T8510] RSP: 002b:00007f8097d56038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 149.541261][ T8510] RAX: ffffffffffffffda RBX: 00007f8099d45fa0 RCX: 00007f8099aef6c9 [ 149.549218][ T8510] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 149.557176][ T8510] RBP: 00007f8099b71f91 R08: 0000000000000000 R09: 0000000000000000 [ 149.565141][ T8510] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 149.573090][ T8510] R13: 00007f8099d46038 R14: 00007f8099d45fa0 R15: 00007ffc3669beb8 [ 149.581047][ T8510] [ 149.588031][ T8510] gfs2: unable to remount read-write [ 149.591269][ T4294] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 149.602623][ T4183] XFS (loop4): Unmounting Filesystem [ 149.624615][ T6241] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 149.687414][ T7] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 149.839999][ T8595] device vti0 entered promiscuous mode [ 149.909579][ T4294] usb 2-1: Using ep0 maxpacket: 16 [ 149.947883][ T8601] loop4: detected capacity change from 0 to 256 [ 150.005081][ T8601] FAT-fs (loop4): Directory bread(block 64) failed [ 150.023244][ T8601] FAT-fs (loop4): Directory bread(block 65) failed [ 150.031619][ T8601] FAT-fs (loop4): Directory bread(block 66) failed [ 150.038295][ T8601] FAT-fs (loop4): Directory bread(block 67) failed [ 150.046429][ T8601] FAT-fs (loop4): Directory bread(block 68) failed [ 150.053882][ T4294] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 150.057978][ T8601] FAT-fs (loop4): Directory bread(block 69) failed [ 150.063995][ T4294] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 150.080098][ T8601] FAT-fs (loop4): Directory bread(block 70) failed [ 150.086620][ T8601] FAT-fs (loop4): Directory bread(block 71) failed [ 150.093220][ T8601] FAT-fs (loop4): Directory bread(block 72) failed [ 150.099740][ T6241] usb 4-1: unable to get BOS descriptor or descriptor too short [ 150.107397][ T8601] FAT-fs (loop4): Directory bread(block 73) failed [ 150.155130][ T7] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 150.164260][ T7] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 150.175626][ T7] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 150.184920][ T7] usb 1-1: config 1 has no interface number 0 [ 150.191780][ T6241] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 150.203453][ T6241] usb 4-1: config 1 interface 0 altsetting 247 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 150.216834][ T7] usb 1-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 150.228271][ T7] usb 1-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 150.241924][ T6241] usb 4-1: config 1 interface 0 has no altsetting 0 [ 150.248528][ T6241] usb 4-1: config 1 interface 0 has no altsetting 1 [ 150.259261][ T4294] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 150.273066][ T4294] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.283778][ T4294] usb 2-1: Product: syz [ 150.287969][ T4294] usb 2-1: Manufacturer: syz [ 150.296989][ T4294] usb 2-1: SerialNumber: syz [ 150.459742][ T7] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 150.468805][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.477456][ T6241] usb 4-1: New USB device found, idVendor=2040, idProduct=b990, bcdDevice=f6.75 [ 150.508648][ T6241] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.521497][ T7] usb 1-1: Product: syz [ 150.529865][ T6241] usb 4-1: Product: syz [ 150.534054][ T6241] usb 4-1: Manufacturer: syz [ 150.538647][ T6241] usb 4-1: SerialNumber: syz [ 150.546192][ T7] usb 1-1: Manufacturer: syz [ 150.551559][ T7] usb 1-1: SerialNumber: syz [ 150.609737][ T4294] usb 2-1: 0:2 : does not exist [ 150.638094][ T8631] loop2: detected capacity change from 0 to 164 [ 150.661303][ T4294] usb 2-1: USB disconnect, device number 15 [ 150.723273][ T8633] netlink: 'syz.4.1987': attribute type 10 has an invalid length. [ 150.733240][ T8633] device macvlan0 entered promiscuous mode [ 150.749715][ T8633] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 150.803595][ T8635] netlink: 48 bytes leftover after parsing attributes in process `syz.2.1989'. [ 150.871040][ T6241] smsusb:smsusb_probe: board id=8, interface number 0 [ 150.878119][ T6241] usb 4-1: selecting invalid altsetting 0 [ 150.909452][ T6241] smsusb:smsusb_probe: usb_set_interface failed, rc -22 [ 150.916466][ T6241] smsusb: probe of 4-1:1.0 failed with error -22 [ 150.937850][ T6241] usb 4-1: USB disconnect, device number 10 [ 150.945693][ T4196] udevd[4196]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 151.028794][ T4294] usb 1-1: USB disconnect, device number 8 [ 151.129624][ T4205] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 151.219581][ T5172] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 151.380704][ T4205] usb 3-1: Using ep0 maxpacket: 8 [ 151.405800][ T8657] loop3: detected capacity change from 0 to 256 [ 151.449733][ T4230] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 151.479792][ T5172] usb 5-1: Using ep0 maxpacket: 8 [ 151.519786][ T4205] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 151.533687][ T8659] netlink: 'syz.3.2001': attribute type 21 has an invalid length. [ 151.549457][ T4205] usb 3-1: config 179 has no interface number 0 [ 151.565508][ T4205] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 151.583464][ T4205] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 151.595525][ T4205] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 151.607820][ T4205] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 151.624665][ T4205] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 151.638191][ T5172] usb 5-1: config 0 has an invalid interface number: 161 but max is 0 [ 151.646578][ T4205] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 151.655937][ T5172] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 151.669586][ T4205] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.678395][ T5172] usb 5-1: config 0 has no interface number 0 [ 151.685988][ T5172] usb 5-1: config 0 interface 161 altsetting 0 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 151.702479][ T5172] usb 5-1: config 0 interface 161 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 151.718055][ T8639] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 151.729674][ T4230] usb 2-1: Using ep0 maxpacket: 16 [ 151.875374][ T8676] loop3: detected capacity change from 0 to 1764 [ 151.889961][ T5172] usb 5-1: New USB device found, idVendor=0bfd, idProduct=000c, bcdDevice=b9.d8 [ 151.899202][ T5172] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.907533][ T5172] usb 5-1: Product: syz [ 151.914372][ T5172] usb 5-1: Manufacturer: syz [ 151.918955][ T5172] usb 5-1: SerialNumber: syz [ 151.935171][ T5172] usb 5-1: config 0 descriptor?? [ 151.981017][ T5172] kvaser_usb 5-1:0.161: Cannot get usb endpoint(s) [ 152.029724][ T4230] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 152.047357][ T4230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.055487][ T4230] usb 2-1: Product: syz [ 152.060366][ T4230] usb 2-1: Manufacturer: syz [ 152.069614][ T4230] usb 2-1: SerialNumber: syz [ 152.075881][ T4230] usb 2-1: config 0 descriptor?? [ 152.112137][ T8680] loop3: detected capacity change from 0 to 1024 [ 152.124944][ T4230] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 152.171906][ T4294] usb 3-1: USB disconnect, device number 9 [ 152.189480][ C1] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 152.369577][ T6241] usb 2-1: USB disconnect, device number 16 [ 152.379720][ T1158] usb 2-1: Failed to submit usb control message: -71 [ 152.387656][ T1158] usb 2-1: unable to send the bmi data to the device: -71 [ 152.422163][ T1158] usb 2-1: unable to get target info from device [ 152.431604][ T1158] usb 2-1: could not get target info (-71) [ 152.437528][ T1158] usb 2-1: could not probe fw (-71) [ 152.563093][ T8645] loop4: detected capacity change from 0 to 32768 [ 152.579811][ T8689] (unnamed net_device) (uninitialized): option fail_over_mac: invalid value (3) [ 152.624905][ T8693] netlink: 'syz.0.2025': attribute type 1 has an invalid length. [ 152.686720][ T8645] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 152.706318][ T8699] netlink: 'syz.0.2017': attribute type 10 has an invalid length. [ 152.716650][ T8645] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 152.750402][ T8645] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 152.758096][ T8699] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2017'. [ 152.832463][ T8699] device ipvlan1 entered promiscuous mode [ 152.860897][ T8645] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 152.921560][ T8699] bridge0: port 4(ipvlan1) entered blocking state [ 152.928035][ T8699] bridge0: port 4(ipvlan1) entered disabled state [ 153.030443][ T6241] usb 5-1: USB disconnect, device number 15 [ 153.069363][ T8699] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 153.148361][ T8709] loop3: detected capacity change from 0 to 4096 [ 153.170027][ T8709] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 153.170404][ T8718] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 153.184454][ T8718] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 153.215659][ T8718] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 153.237057][ T8718] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 153.256960][ T8718] device geneve2 entered promiscuous mode [ 153.278789][ T8718] netdevsim netdevsim2 netdevsim0: unset [1, 1] type 2 family 0 port 20000 - 0 [ 153.305520][ T8718] netdevsim netdevsim2 netdevsim1: unset [1, 1] type 2 family 0 port 20000 - 0 [ 153.335080][ T8718] netdevsim netdevsim2 netdevsim2: unset [1, 1] type 2 family 0 port 20000 - 0 [ 153.344197][ T8718] netdevsim netdevsim2 netdevsim3: unset [1, 1] type 2 family 0 port 20000 - 0 [ 153.393583][ T8727] vim2m vim2m.0: Fourcc format (0x47425247) invalid. [ 153.945199][ T8768] netlink: 'syz.3.2051': attribute type 1 has an invalid length. [ 153.961902][ T8768] netlink: 224 bytes leftover after parsing attributes in process `syz.3.2051'. [ 153.991486][ T8768] block nbd0: not configured, cannot reconfigure [ 154.167980][ T8778] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 154.191477][ T7] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 154.242019][ T8780] loop2: detected capacity change from 0 to 1024 [ 154.262757][ T8782] device erspan1 entered promiscuous mode [ 154.298349][ T8780] EXT4-fs (loop2): Test dummy encryption mode enabled [ 154.377477][ T8780] EXT4-fs (loop2): mounted filesystem without journal. Opts: data=ordered,barrier=0x00000000000003ff,stripe=0x0000000000000007,nombcache,nogrpid,inode_readahead_blks=0x0000000000800000,max_batch_time=0x0000000000000000,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 154.499970][ T8759] loop1: detected capacity change from 0 to 32768 [ 154.528981][ T8759] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 154.547480][ T8759] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 154.585163][ T8759] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms [ 154.652555][ T8759] gfs2: fsid=syz:syz.s: first mount done, others may mount [ 154.780207][ T7] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 154.789279][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.840413][ T7] usb 5-1: Product: syz [ 154.844988][ T7] usb 5-1: Manufacturer: syz [ 154.859787][ T7] usb 5-1: SerialNumber: syz [ 154.890421][ T7] usb 5-1: config 0 descriptor?? [ 154.941231][ T7] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 016 [ 155.045941][ T8813] tc_dump_action: action bad kind [ 155.166463][ T8810] loop2: detected capacity change from 0 to 8192 [ 155.226418][ T8825] netlink: 'syz.3.2077': attribute type 1 has an invalid length. [ 155.370724][ T8835] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2081'. [ 155.403031][ T7] (null): failure reading functionality [ 155.439657][ T7] i2c i2c-1: failure reading functionality [ 155.493044][ T7] i2c i2c-1: connected i2c-tiny-usb device [ 155.534292][ T7] usb 5-1: USB disconnect, device number 16 [ 155.567967][ T8844] loop2: detected capacity change from 0 to 1024 [ 155.687189][ T8844] EXT4-fs (loop2): mounted filesystem without journal. Opts: noinit_itable,dax=inode,nolazytime,discard,sb=0x0000000000000001,lazytime,noload,bsddf,journal_dev=0x0000000000000005,,errors=continue. Quota mode: none. [ 155.810656][ T8844] EXT4-fs (loop2): Cannot specify journal on remount [ 155.813598][ T8829] loop0: detected capacity change from 0 to 32768 [ 155.901630][ T8829] read_mapping_page failed! [ 155.969557][ T6241] usb 4-1: new low-speed USB device number 11 using dummy_hcd [ 156.037315][ T8863] loop2: detected capacity change from 0 to 256 [ 156.128168][ T8863] FAT-fs (loop2): Directory bread(block 64) failed [ 156.151558][ T8863] FAT-fs (loop2): Directory bread(block 65) failed [ 156.158160][ T8863] FAT-fs (loop2): Directory bread(block 66) failed [ 156.191886][ T8863] FAT-fs (loop2): Directory bread(block 67) failed [ 156.208444][ T8863] FAT-fs (loop2): Directory bread(block 68) failed [ 156.251874][ T8863] FAT-fs (loop2): Directory bread(block 69) failed [ 156.258477][ T8863] FAT-fs (loop2): Directory bread(block 70) failed [ 156.268754][ T8863] FAT-fs (loop2): Directory bread(block 71) failed [ 156.304544][ T8863] FAT-fs (loop2): Directory bread(block 72) failed [ 156.323251][ T8863] FAT-fs (loop2): Directory bread(block 73) failed [ 156.374675][ T8863] FAT-fs (loop2): Filesystem has been set read-only [ 156.382944][ T8880] x_tables: duplicate entry at hook 3 [ 156.390122][ T6241] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 156.396403][ T25] audit: type=1800 audit(1763382298.696:14): pid=8863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2097" name="pids.current" dev="loop2" ino=1048640 res=0 errno=0 [ 156.400318][ T7] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 156.438754][ T8863] FAT-fs (loop2): error, invalid access to FAT (entry 0x00006c61) [ 156.442545][ T6241] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 156.487543][ T6241] usb 4-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 156.506968][ T6241] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 156.548857][ T6241] usb 4-1: config 0 descriptor?? [ 156.633255][ T8890] netlink: 'syz.2.2107': attribute type 1 has an invalid length. [ 156.769289][ T8900] loop0: detected capacity change from 0 to 1024 [ 156.775920][ T5172] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 156.825573][ T8900] EXT4-fs (loop0): Test dummy encryption mode enabled [ 156.849625][ T6241] usb 4-1: string descriptor 0 read error: -71 [ 156.855916][ T7] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 156.869956][ T6241] qmi_wwan: probe of 4-1:0.0 failed with error -22 [ 156.886705][ T7] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 156.905259][ T8900] EXT4-fs (loop0): mounted filesystem without journal. Opts: data=ordered,barrier=0x00000000000003ff,stripe=0x0000000000000007,nombcache,nogrpid,inode_readahead_blks=0x0000000000800000,max_batch_time=0x0000000000000000,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 156.931904][ C0] vkms_vblank_simulate: vblank timer overrun [ 156.948764][ T6241] usb 4-1: USB disconnect, device number 11 [ 156.986638][ T7] usb 2-1: config 1 interface 1 has no altsetting 1 [ 157.149756][ T5172] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 157.159754][ T7] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.168824][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.180027][ T5172] usb 5-1: config 220 has an invalid descriptor of length 95, skipping remainder of the config [ 157.205100][ T7] usb 2-1: Product: syz [ 157.209305][ T7] usb 2-1: Manufacturer: syz [ 157.216257][ T5172] usb 5-1: config 220 has no interface number 2 [ 157.222026][ T7] usb 2-1: SerialNumber: syz [ 157.233201][ T5172] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 157.264242][ T5172] usb 5-1: config 220 interface 0 has no altsetting 0 [ 157.289245][ T7] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 157.299750][ T5172] usb 5-1: config 220 interface 76 has no altsetting 0 [ 157.302457][ T7] cdc_ncm 2-1:1.0: bind() failure [ 157.306613][ T5172] usb 5-1: config 220 interface 1 has no altsetting 0 [ 157.338002][ T7] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 157.375882][ T7] cdc_ncm 2-1:1.1: bind() failure [ 157.479894][ T5172] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 157.502619][ T8934] overlayfs: unrecognized mount option "\" or missing value [ 157.510094][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 157.518278][ T5172] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.519532][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 157.528361][ T5172] usb 5-1: Product: syz [ 157.554113][ T5172] usb 5-1: Manufacturer: syz [ 157.560705][ T6241] usb 2-1: USB disconnect, device number 17 [ 157.567445][ T5172] usb 5-1: SerialNumber: syz [ 157.615627][ T8936] 9pnet: Insufficient options for proto=fd [ 157.829081][ T8957] netlink: 'syz.3.2141': attribute type 75 has an invalid length. [ 157.916548][ T8961] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2143'. [ 157.959875][ T5172] usb 5-1: selecting invalid altsetting 0 [ 157.965984][ T5172] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 157.978718][ T5172] usb 5-1: No valid video chain found. [ 158.032357][ T5172] usb 5-1: selecting invalid altsetting 0 [ 158.038109][ T5172] usbtest: probe of 5-1:220.1 failed with error -22 [ 158.069115][ T5172] usb 5-1: USB disconnect, device number 17 [ 158.072380][ T7] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 158.149554][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 158.200032][ T8969] loop1: detected capacity change from 0 to 4096 [ 158.244837][ T8977] netlink: 'syz.3.2151': attribute type 49 has an invalid length. [ 158.340704][ T8969] ntfs: (device loop1): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 158.361187][ T8969] ntfs: (device loop1): ntfs_read_locked_inode(): $DATA attribute is missing. [ 158.372969][ T8969] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 158.404086][ T8969] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 158.533939][ T8969] ntfs: volume version 3.1. [ 158.660591][ T8998] loop4: detected capacity change from 0 to 64 [ 158.697480][ T7] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 158.711246][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.746077][ T8998] hfs: request for non-existent node -117440513 in B*Tree [ 158.759258][ T7] usb 1-1: Product: syz [ 158.773046][ T8998] hfs: request for non-existent node -117440513 in B*Tree [ 158.793441][ T7] usb 1-1: Manufacturer: syz [ 158.798052][ T7] usb 1-1: SerialNumber: syz [ 158.812708][ T4294] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 158.822442][ T7] r8152-cfgselector 1-1: config 0 descriptor?? [ 158.932683][ T9012] netlink: 'syz.2.2168': attribute type 30 has an invalid length. [ 158.975326][ T9014] loop4: detected capacity change from 0 to 16 [ 159.022175][ T9014] erofs: (device loop4): mounted with root inode @ nid 36. [ 159.051585][ T9014] erofs: (device loop4): z_erofs_extent_lookback: bogus lookback distance @ nid 36 [ 159.082359][ T9014] erofs: (device loop4): z_erofs_lz4_decompress: failed to decompress -24 in[64, 4032] out[1851] [ 159.089642][ T4294] usb 4-1: Using ep0 maxpacket: 8 [ 159.131289][ T9014] erofs: (device loop4): z_erofs_readpage: failed to read, err [-117] [ 159.249846][ T4294] usb 4-1: config 1 interface 0 altsetting 111 endpoint 0x81 has an invalid bInterval 247, changing to 11 [ 159.262090][ T4294] usb 4-1: config 1 interface 0 has no altsetting 0 [ 159.274765][ T9027] loop1: detected capacity change from 0 to 4096 [ 159.319825][ T7] r8152-cfgselector 1-1: Unknown version 0x0000 [ 159.322093][ T9033] netlink: 'syz.4.2177': attribute type 3 has an invalid length. [ 159.332978][ T9027] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 159.339069][ T9033] netlink: 224 bytes leftover after parsing attributes in process `syz.4.2177'. [ 159.361371][ T7] r8152-cfgselector 1-1: USB disconnect, device number 9 [ 159.440440][ T4294] usb 4-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 0.40 [ 159.451685][ T4294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.472315][ T9038] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2181'. [ 159.481847][ T9027] ntfs3: loop1: failed to convert "c46c" to cp737 [ 159.488980][ T4294] usb 4-1: Product: syz [ 159.510878][ T4294] usb 4-1: Manufacturer: syz [ 159.515525][ T4294] usb 4-1: SerialNumber: syz [ 159.519764][ T9040] loop4: detected capacity change from 0 to 1024 [ 159.528026][ T9038] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2181'. [ 159.539604][ T9038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2181'. [ 159.623034][ T9040] EXT4-fs error (device loop4): ext4_map_blocks:739: inode #3: block 1: comm syz.4.2182: lblock 1 mapped to illegal pblock 1 (length 1) [ 159.640837][ T9040] Quota error (device loop4): write_blk: dquota write failed [ 159.671450][ T9040] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 159.688112][ T9040] EXT4-fs error (device loop4): ext4_acquire_dquot:6209: comm syz.4.2182: Failed to acquire dquot type 0 [ 159.707374][ T9040] EXT4-fs error (device loop4): ext4_free_blocks:6218: comm syz.4.2182: Freeing blocks not in datazone - block = 0, count = 4096 [ 159.726432][ T9040] EXT4-fs error (device loop4): ext4_read_inode_bitmap:140: comm syz.4.2182: Invalid inode bitmap blk 0 in block_group 0 [ 159.740977][ T154] EXT4-fs error (device loop4): ext4_map_blocks:629: inode #3: block 1: comm kworker/u4:2: lblock 1 mapped to illegal pblock 1 (length 1) [ 159.760452][ T9040] EXT4-fs error (device loop4) in ext4_free_inode:362: Corrupt filesystem [ 159.764817][ T154] Quota error (device loop4): remove_tree: Can't read quota data block 1 [ 159.773937][ T9040] EXT4-fs (loop4): 1 orphan inode deleted [ 159.789910][ T154] EXT4-fs error (device loop4): ext4_release_dquot:6245: comm kworker/u4:2: Failed to release dquot type 0 [ 159.805486][ T9040] EXT4-fs (loop4): mounted filesystem without journal. Opts: ; ,errors=continue. Quota mode: writeback. [ 159.849682][ T9040] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback. [ 159.869630][ T4798] usb 3-1: new full-speed USB device number 10 using dummy_hcd [ 159.872136][ T4294] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input10 [ 159.949725][ T3545] bcm5974 4-1:1.0: could not read from device [ 159.974289][ T4294] usb 4-1: USB disconnect, device number 12 [ 159.979812][ T3545] bcm5974 4-1:1.0: could not read from device [ 160.047498][ T9062] netlink: 'syz.0.2192': attribute type 8 has an invalid length. [ 160.061079][ T9060] device netdevsim0 entered promiscuous mode [ 160.100219][ T9060] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 160.218606][ T9074] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 160.239708][ T4798] usb 3-1: config 0 has an invalid interface number: 41 but max is 0 [ 160.253743][ T4798] usb 3-1: config 0 has no interface number 0 [ 160.259962][ T4798] usb 3-1: config 0 interface 41 has no altsetting 0 [ 160.267319][ T9074] device batadv_slave_0 entered promiscuous mode [ 160.373505][ T9082] loop3: detected capacity change from 0 to 512 [ 160.419826][ T4798] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 160.428966][ T5172] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 160.437487][ T9082] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 160.443710][ T4798] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.458917][ T4798] usb 3-1: Product: syz [ 160.466893][ T4798] usb 3-1: Manufacturer: syz [ 160.474126][ T4798] usb 3-1: SerialNumber: syz [ 160.488277][ T9082] EXT4-fs error (device loop3): ext4_orphan_get:1427: comm syz.3.2202: bad orphan inode 131083 [ 160.493905][ T4798] usb 3-1: config 0 descriptor?? [ 160.540860][ T4798] CoreChips: probe of 3-1:0.41 failed with error -22 [ 160.570233][ T7] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 160.606354][ T9095] syz.4.2208 uses old SIOCAX25GETINFO [ 160.618884][ T9082] EXT4-fs (loop3): mounted filesystem without journal. Opts: stripe=0x000000000000003d,init_itable,mb_optimize_scan=0x0000000000000001,,errors=continue. Quota mode: none. [ 160.753510][ T9101] ipt_CLUSTERIP: Please specify an interface name [ 160.799807][ T5172] usb 1-1: config 0 has no interfaces? [ 160.823447][ T9105] loop3: detected capacity change from 0 to 256 [ 160.886266][ T9105] FAT-fs (loop3): Directory bread(block 64) failed [ 160.893942][ T9105] FAT-fs (loop3): Directory bread(block 65) failed [ 160.909948][ T9105] FAT-fs (loop3): Directory bread(block 66) failed [ 160.916570][ T9105] FAT-fs (loop3): Directory bread(block 67) failed [ 160.944433][ T9105] FAT-fs (loop3): Directory bread(block 68) failed [ 160.965172][ T5172] usb 1-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 160.975318][ T9105] FAT-fs (loop3): Directory bread(block 69) failed [ 160.982527][ T5172] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.991534][ T5172] usb 1-1: Product: syz [ 160.995704][ T5172] usb 1-1: Manufacturer: syz [ 161.000697][ T9105] FAT-fs (loop3): Directory bread(block 70) failed [ 161.007409][ T9105] FAT-fs (loop3): Directory bread(block 71) failed [ 161.009721][ T7] usb 2-1: config 0 has an invalid interface number: 23 but max is 0 [ 161.014316][ T5172] usb 1-1: SerialNumber: syz [ 161.027436][ T9105] FAT-fs (loop3): Directory bread(block 72) failed [ 161.030250][ T7] usb 2-1: config 0 has no interface number 0 [ 161.037514][ T9105] FAT-fs (loop3): Directory bread(block 73) failed [ 161.044945][ T7] usb 2-1: config 0 interface 23 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 161.048520][ T5172] r8152-cfgselector 1-1: config 0 descriptor?? [ 161.062933][ T7] usb 2-1: config 0 interface 23 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1023 [ 161.244499][ T7] usb 2-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01 [ 161.270218][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.278259][ T7] usb 2-1: Product: syz [ 161.284781][ T7] usb 2-1: Manufacturer: syz [ 161.289394][ T7] usb 2-1: SerialNumber: syz [ 161.308695][ T7] usb 2-1: config 0 descriptor?? [ 161.331717][ T9078] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 161.343715][ T5172] usbip-host 1-1: 1-1 is not in match_busid table... skip! [ 161.355724][ T9078] raw-gadget.2 gadget: fail, usb_ep_enable returned -22 [ 161.390703][ T7] ums-usbat 2-1:0.23: USB Mass Storage device detected [ 161.576607][ T4294] usb 1-1: USB disconnect, device number 10 [ 161.577000][ T9148] netlink: 'syz.4.2233': attribute type 8 has an invalid length. [ 161.593353][ T9148] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2233'. [ 161.642718][ T7] ums-usbat: probe of 2-1:0.23 failed with error 3 [ 161.665423][ T7] usb 2-1: USB disconnect, device number 18 [ 162.282865][ T9141] orangefs_mount: mount request failed with -4 [ 162.371629][ T9172] libceph: resolve '4..' (ret=-3): failed [ 162.539100][ T9185] loop4: detected capacity change from 0 to 1024 [ 162.587662][ T9185] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 162.638175][ T6245] usb 3-1: USB disconnect, device number 10 [ 162.650222][ T9185] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 162.708496][ T9185] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 162.722801][ T9185] System zones: 0-1, 3-36 [ 162.733305][ T9185] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 163.178275][ T9176] loop1: detected capacity change from 0 to 32768 [ 163.273887][ T9176] ialloc: diAlloc returned -5! [ 163.279845][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 163.339492][ T7] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 163.485008][ T9235] x_tables: unsorted underflow at hook 2 [ 163.551695][ T9232] loop0: detected capacity change from 0 to 4096 [ 163.564477][ T9205] loop3: detected capacity change from 0 to 32768 [ 163.597628][ T9239] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2277'. [ 163.609601][ T7] usb 5-1: Using ep0 maxpacket: 8 [ 163.630662][ T9232] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 163.726932][ T9205] XFS (loop3): Mounting V5 Filesystem [ 163.732767][ T7] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 163.769892][ T9232] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 163.950772][ T7] usb 5-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 163.971804][ T9232] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 163.991006][ T9241] loop1: detected capacity change from 0 to 32768 [ 163.995565][ T7] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.013484][ T9232] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 164.035900][ T7] usb 5-1: Product: syz [ 164.039575][ T9232] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 164.046012][ T7] usb 5-1: Manufacturer: syz [ 164.096866][ T9232] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 164.120262][ T7] usb 5-1: SerialNumber: syz [ 164.137786][ T7] usb 5-1: config 0 descriptor?? [ 164.148459][ T9232] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 164.179527][ T9232] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 164.190233][ T9205] XFS (loop3): Ending clean mount [ 164.214753][ T9232] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 164.261817][ T9232] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 164.320108][ T9232] ntfs: volume version 3.1. [ 164.325815][ T4190] XFS (loop3): Unmounting Filesystem [ 164.488266][ T5172] usb 5-1: USB disconnect, device number 18 [ 164.529805][ T7] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 164.764001][ T9277] netlink: 'syz.3.2286': attribute type 2 has an invalid length. [ 164.778043][ T7] usb 2-1: Using ep0 maxpacket: 8 [ 164.787645][ T9279] loop0: detected capacity change from 0 to 16 [ 164.865767][ T9279] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 164.876938][ T9283] netlink: 256 bytes leftover after parsing attributes in process `syz.3.2295'. [ 164.887660][ T9283] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 164.913064][ T9279] cramfs: Error -3 while decompressing! [ 164.920490][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 164.939460][ T7] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 164.949154][ T7] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 164.958993][ T9279] cramfs: ffffffff961ecf68(453)->ffff88801e457000(4096) [ 164.979467][ T7] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 49 [ 164.989623][ T7] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 164.998689][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.062030][ T7] usb 2-1: config 0 descriptor?? [ 165.100079][ T9261] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 165.374508][ T9306] IPv6: NLM_F_REPLACE set, but no existing node found! [ 165.554109][ T5172] usb 2-1: USB disconnect, device number 19 [ 165.686982][ T4230] usb 1-1: new full-speed USB device number 11 using dummy_hcd [ 165.713870][ T9332] loop2: detected capacity change from 0 to 1024 [ 165.965689][ T9342] loop4: detected capacity change from 0 to 4096 [ 166.081892][ T9342] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 166.099705][ T4230] usb 1-1: config 3 has an invalid interface number: 234 but max is 0 [ 166.107916][ T4230] usb 1-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 166.133175][ T9342] ntfs3: loop4: Failed to load $Extend. [ 166.144430][ T4230] usb 1-1: config 3 has no interface number 0 [ 166.190576][ T4230] usb 1-1: config 3 interface 234 altsetting 0 has an invalid endpoint with address 0x22, skipping [ 166.212893][ T9360] kAFS: unable to lookup cell '/,' [ 166.228747][ T9358] loop2: detected capacity change from 0 to 4096 [ 166.239576][ T4230] usb 1-1: config 3 interface 234 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 13 [ 166.458492][ T9372] netlink: 'syz.3.2331': attribute type 10 has an invalid length. [ 166.487234][ T4230] usb 1-1: New USB device found, idVendor=04dd, idProduct=8006, bcdDevice=60.f5 [ 166.510966][ T4230] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.518976][ T4230] usb 1-1: Product: syz [ 166.525601][ T9372] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2331'. [ 166.531778][ T4230] usb 1-1: Manufacturer: syz [ 166.539158][ T4230] usb 1-1: SerialNumber: syz [ 166.547616][ T9372] device ipvlan1 entered promiscuous mode [ 166.561785][ T9372] bridge0: port 3(ipvlan1) entered blocking state [ 166.568423][ T9372] bridge0: port 3(ipvlan1) entered disabled state [ 166.590879][ T4230] usb 1-1: bad CDC descriptors [ 166.605707][ T9372] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 166.837348][ T9393] loop3: detected capacity change from 0 to 256 [ 166.837551][ T4230] usb 1-1: USB disconnect, device number 11 [ 166.907394][ T9393] FAT-fs (loop3): Directory bread(block 64) failed [ 166.918595][ T9393] FAT-fs (loop3): Directory bread(block 65) failed [ 166.938117][ T9393] FAT-fs (loop3): Directory bread(block 66) failed [ 166.944971][ T9393] FAT-fs (loop3): Directory bread(block 67) failed [ 166.958718][ T9393] FAT-fs (loop3): Directory bread(block 68) failed [ 166.966749][ T9393] FAT-fs (loop3): Directory bread(block 69) failed [ 166.983974][ T9400] loop4: detected capacity change from 0 to 512 [ 166.987019][ T9393] FAT-fs (loop3): Directory bread(block 70) failed [ 166.996797][ T9393] FAT-fs (loop3): Directory bread(block 71) failed [ 167.003862][ T9393] FAT-fs (loop3): Directory bread(block 72) failed [ 167.010514][ T9393] FAT-fs (loop3): Directory bread(block 73) failed [ 167.022333][ T9400] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 167.032526][ T9400] EXT4-fs (loop4): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 167.042716][ T9400] EXT4-fs (loop4): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 167.061496][ T9400] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 167.073153][ T9400] EXT4-fs (loop4): failed to initialize system zone (-117) [ 167.091911][ T9400] EXT4-fs (loop4): mount failed [ 167.169712][ T4798] usb 3-1: new full-speed USB device number 11 using dummy_hcd [ 167.234765][ T9403] loop3: detected capacity change from 0 to 4096 [ 167.302843][ T9403] EXT4-fs (loop3): Test dummy encryption mode enabled [ 167.312577][ T9403] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option [ 167.324808][ T9403] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003] [ 167.333409][ T9403] System zones: 0-5 [ 167.345515][ T9403] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000005,acl,nomblk_io_submit,,errors=continue. Quota mode: writeback. [ 167.499493][ T7] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 167.600065][ T4798] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 167.719294][ T9427] loop0: detected capacity change from 0 to 512 [ 167.769048][ T9427] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -2 [ 167.779705][ T4798] usb 3-1: New USB device found, idVendor=1ac7, idProduct=0001, bcdDevice=cc.19 [ 167.794287][ T4798] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 167.803103][ T4798] usb 3-1: Product: syz [ 167.807337][ T4798] usb 3-1: Manufacturer: syz [ 167.812166][ T4798] usb 3-1: SerialNumber: syz [ 167.820020][ T4798] usb 3-1: config 0 descriptor?? [ 167.827737][ T9432] loop3: detected capacity change from 0 to 64 [ 167.828218][ T9427] EXT4-fs error (device loop0): ext4_orphan_get:1427: comm syz.0.2359: bad orphan inode 15 [ 167.849932][ T9427] ext4_test_bit(bit=14, block=4) = 1 [ 167.855237][ T9427] is_bad_inode(inode)=0 [ 167.859391][ T9427] NEXT_ORPHAN(inode)=0 [ 167.863902][ T7] usb 5-1: config 0 has an invalid interface number: 111 but max is 0 [ 167.873273][ T9427] max_ino=32 [ 167.876663][ T9427] i_nlink=1 [ 167.880094][ T4798] usbtouchscreen: probe of 3-1:0.0 failed with error -32 [ 167.884730][ T7] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 167.887693][ T9427] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota=,acl,noload,data_err=ignore,usrjquota="init_itable=0x0000000000000601,init_itable=0x0000000000000101,noblock_validity,,errors=continue. Quota mode: writeback. [ 167.956484][ T9427] EXT4-fs error (device loop0): ext4_append:79: inode #2: comm syz.0.2359: Logical block already allocated [ 167.965374][ T7] usb 5-1: config 0 has no interface number 0 [ 167.983414][ T7] usb 5-1: too many endpoints for config 0 interface 111 altsetting 99: 44, using maximum allowed: 30 [ 167.995704][ T7] usb 5-1: config 0 interface 111 altsetting 99 has 0 endpoint descriptors, different from the interface descriptor's value: 44 [ 168.012359][ T7] usb 5-1: config 0 interface 111 has no altsetting 0 [ 168.019134][ T7] usb 5-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 168.028212][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 168.038509][ T7] usb 5-1: config 0 descriptor?? [ 168.081570][ T21] usb 3-1: USB disconnect, device number 11 [ 168.082275][ T7] usb 5-1: selecting invalid altsetting 0 [ 168.192470][ T9438] ptrace attach of "./syz-executor exec"[4181] was attempted by "./syz-executor exec"[9438] [ 168.317425][ T4798] usb 5-1: USB disconnect, device number 19 [ 168.602302][ T9442] loop0: detected capacity change from 0 to 32768 [ 168.664115][ T9442] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 168.672772][ T9442] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 168.684333][ T9442] gfs2: fsid=syz:syz.0: journal 0 mapped with 23 extents in 0ms [ 168.712952][ T6241] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 168.720127][ T6241] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 168.769506][ T21] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 168.789517][ T6241] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 69ms [ 168.804573][ T6241] gfs2: fsid=syz:syz.0: jid=0: Done [ 168.811799][ T9442] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 168.922652][ T9467] loop2: detected capacity change from 0 to 8 [ 168.970118][ T9467] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 168.992161][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop2 [ 169.016790][ T9467] process 'syz.2.2378' launched './file2' with NULL argv: empty string added [ 169.049592][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop2 [ 169.059330][ T9467] cramfs: bad data blocksize 3221485570 [ 169.077174][ T9467] cramfs: bad data blocksize 3221485570 [ 169.100806][ T25] kauditd_printk_skb: 10 callbacks suppressed [ 169.100821][ T25] audit: type=1800 audit(1763382311.396:15): pid=9467 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2378" name="file2" dev="loop2" ino=348 res=0 errno=0 [ 169.150189][ T9442] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 169.150189][ T9442] bh = 2049 (type: exp=14, found=8) [ 169.150189][ T9442] function = gfs2_quota_init, file = fs/gfs2/quota.c, line = 1406 [ 169.184047][ T9442] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 169.199886][ T21] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 169.219784][ T21] usb 4-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 169.226145][ T9442] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 169.247284][ T9442] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 169.267886][ T9442] gfs2: fsid=syz:syz.0: File system withdrawn [ 169.275447][ T9442] CPU: 0 PID: 9442 Comm: syz.0.2366 Not tainted syzkaller #0 [ 169.282936][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.287279][ T9478] autofs4:pid:9478:check_dev_ioctl_version: ioctl control interface version mismatch: kernel(1.1), user(1.8192), cmd(0xc018937e) [ 169.292992][ T9442] Call Trace: [ 169.293007][ T9442] [ 169.293016][ T9442] dump_stack_lvl+0x168/0x230 [ 169.293042][ T9442] ? kobject_uevent_env+0x371/0x890 [ 169.293066][ T9442] ? show_regs_print_info+0x20/0x20 [ 169.306448][ T9478] autofs4:pid:9478:validate_dev_ioctl: invalid device control module version supplied for cmd(0xc018937e) [ 169.309586][ T9442] ? load_image+0x3b0/0x3b0 [ 169.309614][ T9442] ? kobject_uevent_env+0x371/0x890 [ 169.309641][ T9442] gfs2_withdraw+0x111b/0x1460 [ 169.353209][ T9442] ? gfs2_lm+0x220/0x220 [ 169.357464][ T9442] ? gfs2_meta_ra+0x404/0x4d0 [ 169.362150][ T9442] ? gfs2_meta_buffer+0x310/0x310 [ 169.367175][ T9442] ? from_kuid_munged+0x690/0x690 [ 169.372190][ T9442] gfs2_metatype_check_ii+0x74/0x90 [ 169.377401][ T9442] gfs2_quota_init+0xc81/0xe80 [ 169.382192][ T9442] ? qd_get+0x5f0/0x5f0 [ 169.386367][ T9442] gfs2_make_fs_rw+0x3f5/0x560 [ 169.391132][ T9442] ? _raw_spin_unlock+0x24/0x40 [ 169.395988][ T9442] ? gfs2_glock_nq+0xcb0/0x1550 [ 169.400843][ T9442] ? gfs2_jdesc_check+0x290/0x290 [ 169.405881][ T9442] gfs2_reconfigure+0x771/0xcd0 [ 169.410750][ T9442] ? gfs2_get_tree+0x1e0/0x1e0 [ 169.415518][ T9442] ? gfs2_freeze_lock+0x52/0xc0 [ 169.420369][ T9442] ? __might_sleep+0xf0/0xf0 [ 169.424958][ T9442] ? hook_sb_remount+0x19/0xc0 [ 169.429726][ T9442] reconfigure_super+0x219/0x880 [ 169.434677][ T9442] path_mount+0xd3e/0x1020 [ 169.439099][ T9442] ? user_path_at_empty+0x13e/0x190 [ 169.444298][ T9442] __se_sys_mount+0x2d6/0x3c0 [ 169.448979][ T9442] ? __x64_sys_mount+0xc0/0xc0 [ 169.453751][ T9442] ? lockdep_hardirqs_on+0x94/0x140 [ 169.458947][ T9442] ? __x64_sys_mount+0x1c/0xc0 [ 169.463712][ T9442] do_syscall_64+0x4c/0xa0 [ 169.468132][ T9442] ? clear_bhb_loop+0x30/0x80 [ 169.472807][ T9442] ? clear_bhb_loop+0x30/0x80 [ 169.477488][ T9442] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 169.483383][ T9442] RIP: 0033:0x7fdfdb43d6c9 [ 169.487804][ T9442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.507408][ T9442] RSP: 002b:00007fdfd96a4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 169.515908][ T9442] RAX: ffffffffffffffda RBX: 00007fdfdb693fa0 RCX: 00007fdfdb43d6c9 [ 169.523880][ T9442] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 169.531854][ T9442] RBP: 00007fdfdb4bff91 R08: 0000000000000000 R09: 0000000000000000 [ 169.539826][ T9442] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 169.547797][ T9442] R13: 00007fdfdb694038 R14: 00007fdfdb693fa0 R15: 00007ffff64ed448 [ 169.555792][ T9442] [ 169.558822][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.586422][ T9442] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 [ 169.629814][ T21] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 169.630444][ T9442] CPU: 0 PID: 9442 Comm: syz.0.2366 Not tainted syzkaller #0 [ 169.646213][ T9442] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.651748][ T21] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 169.656258][ T9442] Call Trace: [ 169.656268][ T9442] [ 169.670399][ T9442] dump_stack_lvl+0x168/0x230 [ 169.674438][ T21] usb 4-1: Product: syz [ 169.675085][ T9442] ? show_regs_print_info+0x20/0x20 [ 169.675115][ T9442] ? load_image+0x3b0/0x3b0 [ 169.679289][ T21] usb 4-1: Manufacturer: syz [ 169.684421][ T9442] ? __lock_acquire+0x7c60/0x7c60 [ 169.684448][ T9442] ? do_raw_spin_unlock+0x11d/0x230 [ 169.684470][ T9442] gfs2_assert_warn_i+0x18f/0x2c0 [ 169.684493][ T9442] gfs2_quota_cleanup+0x4b4/0x6a0 [ 169.710071][ T21] usb 4-1: SerialNumber: syz [ 169.713740][ T9442] gfs2_quota_init+0xd2a/0xe80 [ 169.723055][ T9442] ? qd_get+0x5f0/0x5f0 [ 169.727228][ T9442] gfs2_make_fs_rw+0x3f5/0x560 [ 169.731995][ T9442] ? _raw_spin_unlock+0x24/0x40 [ 169.736856][ T9442] ? gfs2_glock_nq+0xcb0/0x1550 [ 169.741721][ T9442] ? gfs2_jdesc_check+0x290/0x290 [ 169.746763][ T9442] gfs2_reconfigure+0x771/0xcd0 [ 169.751629][ T9442] ? gfs2_get_tree+0x1e0/0x1e0 [ 169.756395][ T9442] ? gfs2_freeze_lock+0x52/0xc0 [ 169.761248][ T9442] ? __might_sleep+0xf0/0xf0 [ 169.765831][ T9442] ? hook_sb_remount+0x19/0xc0 [ 169.770683][ T9442] reconfigure_super+0x219/0x880 [ 169.775623][ T9442] path_mount+0xd3e/0x1020 [ 169.780028][ T9442] ? user_path_at_empty+0x13e/0x190 [ 169.785211][ T9442] __se_sys_mount+0x2d6/0x3c0 [ 169.789878][ T9442] ? __x64_sys_mount+0xc0/0xc0 [ 169.794633][ T9442] ? lockdep_hardirqs_on+0x94/0x140 [ 169.799816][ T9442] ? __x64_sys_mount+0x1c/0xc0 [ 169.804575][ T9442] do_syscall_64+0x4c/0xa0 [ 169.808975][ T9442] ? clear_bhb_loop+0x30/0x80 [ 169.813640][ T9442] ? clear_bhb_loop+0x30/0x80 [ 169.818303][ T9442] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 169.824179][ T9442] RIP: 0033:0x7fdfdb43d6c9 [ 169.828579][ T9442] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 169.848167][ T9442] RSP: 002b:00007fdfd96a4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 169.856568][ T9442] RAX: ffffffffffffffda RBX: 00007fdfdb693fa0 RCX: 00007fdfdb43d6c9 [ 169.864531][ T9442] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 169.872493][ T9442] RBP: 00007fdfdb4bff91 R08: 0000000000000000 R09: 0000000000000000 [ 169.880451][ T9442] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 169.888415][ T9442] R13: 00007fdfdb694038 R14: 00007fdfdb693fa0 R15: 00007ffff64ed448 [ 169.896391][ T9442] [ 169.899508][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.906376][ T21] cdc_ncm 4-1:1.0: skipping garbage [ 169.912450][ T21] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing [ 169.932050][ T9490] netlink: 'syz.2.2388': attribute type 4 has an invalid length. [ 169.940405][ T21] cdc_ncm 4-1:1.0: bind() failure [ 169.955241][ T21] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 169.968137][ T9442] gfs2: unable to remount read-write [ 169.969613][ T21] cdc_ncm 4-1:1.1: bind() failure [ 170.057630][ T9490] device veth1_macvtap left promiscuous mode [ 170.155384][ T9496] netlink: 4096 bytes leftover after parsing attributes in process `syz.4.2393'. [ 170.164874][ T9496] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 170.278569][ T4798] usb 4-1: USB disconnect, device number 13 [ 170.298906][ T9502] RDS: rds_bind could not find a transport for ae0c:91e3:ccfb:11d2:0:5efe:150.125.240.108, load rds_tcp or rds_rdma? [ 170.355503][ T9506] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.2397'. [ 170.455271][ T9512] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2408'. [ 170.469854][ T9513] NILFS (nullb0): couldn't find nilfs on the device [ 170.873539][ T9535] loop0: detected capacity change from 0 to 1764 [ 170.953010][ T9544] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2414'. [ 170.994219][ T9535] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 171.009627][ T9541] Cannot find del_set index 286 as target [ 171.249330][ T9560] loop2: detected capacity change from 0 to 256 [ 171.563150][ T9576] netlink: 'syz.3.2430': attribute type 1 has an invalid length. [ 171.597178][ T9576] netlink: 220 bytes leftover after parsing attributes in process `syz.3.2430'. [ 171.602813][ T9515] loop1: detected capacity change from 0 to 32768 [ 171.687068][ T9515] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 171.711920][ T9515] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 171.774420][ T9515] gfs2: fsid=syz:syz.0: journal 0 mapped with 23 extents in 0ms [ 171.815790][ T21] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 171.828372][ T21] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 171.966560][ T21] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 138ms [ 172.002639][ T21] gfs2: fsid=syz:syz.0: jid=0: Done [ 172.007953][ T9515] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 172.039541][ T7] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 172.171421][ T9604] loop2: detected capacity change from 0 to 4096 [ 172.193703][ T9604] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 172.260661][ T9604] ntfs3: loop2: failed to convert "c46c" to cp932 [ 172.359321][ T9515] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 172.359321][ T9515] bh = 2049 (type: exp=14, found=8) [ 172.359321][ T9515] function = gfs2_quota_init, file = fs/gfs2/quota.c, line = 1406 [ 172.368445][ T9612] loop0: detected capacity change from 0 to 4096 [ 172.384402][ T9515] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 172.385890][ T4798] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 172.408988][ T9515] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 172.418151][ T9515] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 172.424953][ T9515] gfs2: fsid=syz:syz.0: File system withdrawn [ 172.432129][ T9515] CPU: 1 PID: 9515 Comm: syz.1.2400 Not tainted syzkaller #0 [ 172.439515][ T9515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 172.449568][ T9515] Call Trace: [ 172.452845][ T9515] [ 172.455779][ T9515] dump_stack_lvl+0x168/0x230 [ 172.460469][ T9515] ? kobject_uevent_env+0x371/0x890 [ 172.465677][ T9515] ? show_regs_print_info+0x20/0x20 [ 172.470895][ T9515] ? load_image+0x3b0/0x3b0 [ 172.475410][ T9515] ? kobject_uevent_env+0x371/0x890 [ 172.476243][ T9614] xt_CT: No such helper "snmp_trap" [ 172.480616][ T9515] gfs2_withdraw+0x111b/0x1460 [ 172.480653][ T9515] ? gfs2_lm+0x220/0x220 [ 172.480672][ T9515] ? gfs2_meta_ra+0x404/0x4d0 [ 172.480694][ T9515] ? gfs2_meta_buffer+0x310/0x310 [ 172.480714][ T9515] ? from_kuid_munged+0x690/0x690 [ 172.480738][ T9515] gfs2_metatype_check_ii+0x74/0x90 [ 172.480761][ T9515] gfs2_quota_init+0xc81/0xe80 [ 172.480801][ T9515] ? qd_get+0x5f0/0x5f0 [ 172.480832][ T9515] gfs2_make_fs_rw+0x3f5/0x560 [ 172.528414][ T9515] ? _raw_spin_unlock+0x24/0x40 [ 172.533288][ T9515] ? gfs2_glock_nq+0xcb0/0x1550 [ 172.538148][ T9515] ? gfs2_jdesc_check+0x290/0x290 [ 172.543197][ T9515] gfs2_reconfigure+0x771/0xcd0 [ 172.548066][ T9515] ? gfs2_get_tree+0x1e0/0x1e0 [ 172.552842][ T9515] ? gfs2_freeze_lock+0x52/0xc0 [ 172.557707][ T9515] ? __might_sleep+0xf0/0xf0 [ 172.562305][ T9515] ? hook_sb_remount+0x19/0xc0 [ 172.567095][ T9515] reconfigure_super+0x219/0x880 [ 172.572052][ T9515] path_mount+0xd3e/0x1020 [ 172.576479][ T9515] ? user_path_at_empty+0x13e/0x190 [ 172.581682][ T9515] __se_sys_mount+0x2d6/0x3c0 [ 172.586374][ T9515] ? __x64_sys_mount+0xc0/0xc0 [ 172.591149][ T9515] ? lockdep_hardirqs_on+0x94/0x140 [ 172.591556][ T7] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 172.596352][ T9515] ? __x64_sys_mount+0x1c/0xc0 [ 172.610103][ T9515] do_syscall_64+0x4c/0xa0 [ 172.612527][ T7] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.614521][ T9515] ? clear_bhb_loop+0x30/0x80 [ 172.626843][ T7] usb 4-1: Product: syz [ 172.627131][ T9515] ? clear_bhb_loop+0x30/0x80 [ 172.634671][ T7] usb 4-1: Manufacturer: syz [ 172.635918][ T9515] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 172.643664][ T7] usb 4-1: SerialNumber: syz [ 172.646350][ T9515] RIP: 0033:0x7f57874486c9 [ 172.646372][ T9515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.646389][ T9515] RSP: 002b:00007f57856af038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 172.683339][ T9515] RAX: ffffffffffffffda RBX: 00007f578769efa0 RCX: 00007f57874486c9 [ 172.691317][ T9515] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 172.694952][ T9623] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2453'. [ 172.699287][ T9515] RBP: 00007f57874caf91 R08: 0000000000000000 R09: 0000000000000000 [ 172.699304][ T9515] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 172.699316][ T9515] R13: 00007f578769f038 R14: 00007f578769efa0 R15: 00007ffd782817e8 [ 172.699342][ T9515] [ 172.718292][ T9515] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 [ 172.758855][ T9515] CPU: 1 PID: 9515 Comm: syz.1.2400 Not tainted syzkaller #0 [ 172.761175][ T7] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 172.766241][ T9515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 172.784325][ T9515] Call Trace: [ 172.787605][ T9515] [ 172.790536][ T9515] dump_stack_lvl+0x168/0x230 [ 172.795230][ T9515] ? show_regs_print_info+0x20/0x20 [ 172.800447][ T9515] ? load_image+0x3b0/0x3b0 [ 172.804965][ T9515] ? __lock_acquire+0x7c60/0x7c60 [ 172.807717][ T9612] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 172.809996][ T9515] ? do_raw_spin_unlock+0x11d/0x230 [ 172.810025][ T9515] gfs2_assert_warn_i+0x18f/0x2c0 [ 172.810053][ T9515] gfs2_quota_cleanup+0x4b4/0x6a0 [ 172.810084][ T9515] gfs2_quota_init+0xd2a/0xe80 [ 172.810122][ T9515] ? qd_get+0x5f0/0x5f0 [ 172.841117][ T9515] gfs2_make_fs_rw+0x3f5/0x560 [ 172.845885][ T9515] ? _raw_spin_unlock+0x24/0x40 [ 172.850738][ T9515] ? gfs2_glock_nq+0xcb0/0x1550 [ 172.855599][ T9515] ? gfs2_jdesc_check+0x290/0x290 [ 172.860644][ T9515] gfs2_reconfigure+0x771/0xcd0 [ 172.865512][ T9515] ? gfs2_get_tree+0x1e0/0x1e0 [ 172.870288][ T9515] ? gfs2_freeze_lock+0x52/0xc0 [ 172.875145][ T9515] ? __might_sleep+0xf0/0xf0 [ 172.879740][ T9515] ? hook_sb_remount+0x19/0xc0 [ 172.884513][ T9515] reconfigure_super+0x219/0x880 [ 172.889464][ T9515] path_mount+0xd3e/0x1020 [ 172.893888][ T9515] ? user_path_at_empty+0x13e/0x190 [ 172.899096][ T9515] __se_sys_mount+0x2d6/0x3c0 [ 172.903784][ T9515] ? __x64_sys_mount+0xc0/0xc0 [ 172.908566][ T9515] ? lockdep_hardirqs_on+0x94/0x140 [ 172.913773][ T9515] ? __x64_sys_mount+0x1c/0xc0 [ 172.918544][ T9515] do_syscall_64+0x4c/0xa0 [ 172.922962][ T9515] ? clear_bhb_loop+0x30/0x80 [ 172.927640][ T9515] ? clear_bhb_loop+0x30/0x80 [ 172.932299][ T9515] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 172.938200][ T9515] RIP: 0033:0x7f57874486c9 [ 172.942604][ T9515] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 172.962224][ T9515] RSP: 002b:00007f57856af038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 172.970637][ T9515] RAX: ffffffffffffffda RBX: 00007f578769efa0 RCX: 00007f57874486c9 [ 172.978587][ T9515] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 172.986534][ T9515] RBP: 00007f57874caf91 R08: 0000000000000000 R09: 0000000000000000 [ 172.994483][ T9515] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 173.002442][ T9515] R13: 00007f578769f038 R14: 00007f578769efa0 R15: 00007ffd782817e8 [ 173.010427][ T9515] [ 173.015784][ T9515] gfs2: unable to remount read-write [ 173.099655][ T4181] ntfs3: loop0: ntfs_sync_fs r=9 failed, -22. [ 173.106357][ T4181] ntfs3: loop0: ntfs_evict_inode r=9 failed, -22. [ 173.233664][ T9627] loop0: detected capacity change from 0 to 2048 [ 173.259823][ T4798] usb 5-1: config 0 has an invalid interface number: 41 but max is 0 [ 173.274564][ T4798] usb 5-1: config 0 has no interface number 0 [ 173.296889][ T9627] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 173.309930][ T4798] usb 5-1: config 0 interface 41 has no altsetting 0 [ 173.328556][ T9633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2457'. [ 173.349620][ T9633] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2457'. [ 173.371329][ T9633] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2457'. [ 173.399712][ T7] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 173.515687][ T4798] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 173.541106][ T4798] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.559352][ T4798] usb 5-1: Product: syz [ 173.574087][ T4798] usb 5-1: Manufacturer: syz [ 173.578700][ T4798] usb 5-1: SerialNumber: syz [ 173.604965][ T4798] usb 5-1: config 0 descriptor?? [ 173.661198][ T4798] CoreChips: probe of 5-1:0.41 failed with error -22 [ 173.853803][ T4294] usb 4-1: USB disconnect, device number 14 [ 174.390612][ T9651] loop1: detected capacity change from 0 to 64 [ 174.469709][ T7] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 174.487248][ T9651] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing [ 174.508253][ T7] ath9k_htc: Failed to initialize the device [ 174.538479][ T9661] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2470'. [ 174.541598][ T4294] usb 4-1: ath9k_htc: USB layer deinitialized [ 174.658050][ T9663] xt_bpf: check failed: parse error [ 175.062257][ T9683] sock: sock_timestamping_bind_phc: sock not bind to device [ 175.084724][ T4294] usb 5-1: USB disconnect, device number 20 [ 175.174049][ T9687] loop2: detected capacity change from 0 to 1024 [ 175.399118][ T9653] loop3: detected capacity change from 0 to 32768 [ 175.483061][ T9653] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz" [ 175.490440][ T9696] loop0: detected capacity change from 0 to 4096 [ 175.526047][ T9701] IPv6: sit1: Disabled Multicast RS [ 175.532526][ T9653] gfs2: fsid=syz:syz: Now mounting FS (format 1801)... [ 175.556471][ T9696] ntfs: (device loop0): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 175.576995][ T9653] gfs2: fsid=syz:syz.0: journal 0 mapped with 23 extents in 0ms [ 175.589727][ T4294] Bluetooth: hci2: command 0x0406 tx timeout [ 175.589880][ T4798] gfs2: fsid=syz:syz.0: jid=0, already locked for use [ 175.596552][ T4294] Bluetooth: hci0: command 0x0406 tx timeout [ 175.609625][ T9696] ntfs: (device loop0): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 175.655573][ T4798] gfs2: fsid=syz:syz.0: jid=0: Looking at journal... [ 175.659611][ T4294] Bluetooth: hci4: command 0x0406 tx timeout [ 175.675946][ T9704] loop4: detected capacity change from 0 to 512 [ 175.690864][ T4294] Bluetooth: hci1: command 0x0406 tx timeout [ 175.705938][ T4294] Bluetooth: hci3: command 0x0406 tx timeout [ 175.713166][ T9696] ntfs: (device loop0): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 175.774717][ T9704] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 175.776860][ T9708] loop1: detected capacity change from 0 to 256 [ 175.815125][ T9696] ntfs: (device loop0): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 175.854726][ T4798] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 199ms [ 175.862797][ T9704] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a80ce01c, mo2=0002] [ 175.889771][ T9696] ntfs: (device loop0): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 175.901506][ T9704] System zones: 1-12 [ 175.906328][ T9704] EXT4-fs (loop4): orphan cleanup on readonly fs [ 175.913101][ T4798] gfs2: fsid=syz:syz.0: jid=0: Done [ 175.919890][ T9653] gfs2: fsid=syz:syz.0: first mount done, others may mount [ 175.940166][ T9704] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.2493: invalid indirect mapped block 12 (level 1) [ 175.976355][ T9696] ntfs: volume version 3.1. [ 175.994280][ T9704] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.2493: invalid indirect mapped block 2 (level 2) [ 176.004988][ T9696] ntfs: (device loop0): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 176.029017][ T9704] EXT4-fs (loop4): 1 truncate cleaned up [ 176.035177][ T9704] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrquota,nobarrier,,,errors=continue. Quota mode: writeback. [ 176.072701][ T9696] ntfs: (device loop0): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 176.132504][ T9696] ntfs: (device loop0): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 176.180142][ T9696] ntfs: (device loop0): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 176.207224][ T9696] ntfs: (device loop0): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 176.384991][ T9725] netlink: 'syz.4.2500': attribute type 1 has an invalid length. [ 176.472654][ T9725] netlink: 220 bytes leftover after parsing attributes in process `syz.4.2500'. [ 176.599134][ T9653] gfs2: fsid=syz:syz.0: fatal: invalid metadata block [ 176.599134][ T9653] bh = 2049 (type: exp=14, found=8) [ 176.599134][ T9653] function = gfs2_quota_init, file = fs/gfs2/quota.c, line = 1406 [ 176.634583][ T9737] loop0: detected capacity change from 0 to 16 [ 176.664638][ T9653] gfs2: fsid=syz:syz.0: about to withdraw this file system [ 176.676129][ T9653] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount. [ 176.685109][ T9653] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0 [ 176.693533][ T9653] gfs2: fsid=syz:syz.0: File system withdrawn [ 176.699811][ T9653] CPU: 1 PID: 9653 Comm: syz.3.2465 Not tainted syzkaller #0 [ 176.702647][ T9740] overlayfs: missing 'lowerdir' [ 176.707181][ T9653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 176.707195][ T9653] Call Trace: [ 176.707202][ T9653] [ 176.707209][ T9653] dump_stack_lvl+0x168/0x230 [ 176.732923][ T9653] ? kobject_uevent_env+0x371/0x890 [ 176.738138][ T9653] ? show_regs_print_info+0x20/0x20 [ 176.743347][ T9653] ? load_image+0x3b0/0x3b0 [ 176.747862][ T9653] ? kobject_uevent_env+0x371/0x890 [ 176.753069][ T9653] gfs2_withdraw+0x111b/0x1460 [ 176.757854][ T9653] ? gfs2_lm+0x220/0x220 [ 176.762111][ T9653] ? gfs2_meta_ra+0x404/0x4d0 [ 176.766804][ T9653] ? gfs2_meta_buffer+0x310/0x310 [ 176.771832][ T9653] ? from_kuid_munged+0x690/0x690 [ 176.776867][ T9653] gfs2_metatype_check_ii+0x74/0x90 [ 176.782077][ T9653] gfs2_quota_init+0xc81/0xe80 [ 176.786873][ T9653] ? qd_get+0x5f0/0x5f0 [ 176.791051][ T9653] gfs2_make_fs_rw+0x3f5/0x560 [ 176.795821][ T9653] ? _raw_spin_unlock+0x24/0x40 [ 176.800672][ T9653] ? gfs2_glock_nq+0xcb0/0x1550 [ 176.805532][ T9653] ? gfs2_jdesc_check+0x290/0x290 [ 176.810576][ T9653] gfs2_reconfigure+0x771/0xcd0 [ 176.815442][ T9653] ? gfs2_get_tree+0x1e0/0x1e0 [ 176.820215][ T9653] ? gfs2_freeze_lock+0x52/0xc0 [ 176.825072][ T9653] ? __might_sleep+0xf0/0xf0 [ 176.829673][ T9653] ? hook_sb_remount+0x19/0xc0 [ 176.834449][ T9653] reconfigure_super+0x219/0x880 [ 176.839399][ T9653] path_mount+0xd3e/0x1020 [ 176.843829][ T9653] ? user_path_at_empty+0x13e/0x190 [ 176.849035][ T9653] __se_sys_mount+0x2d6/0x3c0 [ 176.853726][ T9653] ? __x64_sys_mount+0xc0/0xc0 [ 176.858500][ T9653] ? lockdep_hardirqs_on+0x94/0x140 [ 176.863697][ T9653] ? __x64_sys_mount+0x1c/0xc0 [ 176.868469][ T9653] do_syscall_64+0x4c/0xa0 [ 176.872894][ T9653] ? clear_bhb_loop+0x30/0x80 [ 176.877574][ T9653] ? clear_bhb_loop+0x30/0x80 [ 176.882256][ T9653] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 176.888154][ T9653] RIP: 0033:0x7f74382d36c9 [ 176.892574][ T9653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 176.912182][ T9653] RSP: 002b:00007f743653a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 176.920596][ T9653] RAX: ffffffffffffffda RBX: 00007f7438529fa0 RCX: 00007f74382d36c9 [ 176.928548][ T9653] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 176.936504][ T9653] RBP: 00007f7438355f91 R08: 0000000000000000 R09: 0000000000000000 [ 176.944471][ T9653] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 176.952428][ T9653] R13: 00007f743852a038 R14: 00007f7438529fa0 R15: 00007ffca3621358 [ 176.960421][ T9653] [ 176.965701][ T9653] gfs2: fsid=syz:syz.0: warning: assertion "!qd->qd_change" failed at function = gfs2_quota_cleanup, file = fs/gfs2/quota.c, line = 1485 [ 176.980001][ T9653] CPU: 1 PID: 9653 Comm: syz.3.2465 Not tainted syzkaller #0 [ 176.987371][ T9653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 176.997425][ T9653] Call Trace: [ 177.000703][ T9653] [ 177.003634][ T9653] dump_stack_lvl+0x168/0x230 [ 177.008321][ T9653] ? show_regs_print_info+0x20/0x20 [ 177.013541][ T9653] ? load_image+0x3b0/0x3b0 [ 177.018063][ T9653] ? __lock_acquire+0x7c60/0x7c60 [ 177.023098][ T9653] ? do_raw_spin_unlock+0x11d/0x230 [ 177.028319][ T9653] gfs2_assert_warn_i+0x18f/0x2c0 [ 177.033449][ T9653] gfs2_quota_cleanup+0x4b4/0x6a0 [ 177.038497][ T9653] gfs2_quota_init+0xd2a/0xe80 [ 177.043291][ T9653] ? qd_get+0x5f0/0x5f0 [ 177.047469][ T9653] gfs2_make_fs_rw+0x3f5/0x560 [ 177.052239][ T9653] ? _raw_spin_unlock+0x24/0x40 [ 177.057097][ T9653] ? gfs2_glock_nq+0xcb0/0x1550 [ 177.061966][ T9653] ? gfs2_jdesc_check+0x290/0x290 [ 177.067016][ T9653] gfs2_reconfigure+0x771/0xcd0 [ 177.071894][ T9653] ? gfs2_get_tree+0x1e0/0x1e0 [ 177.076670][ T9653] ? gfs2_freeze_lock+0x52/0xc0 [ 177.081540][ T9653] ? __might_sleep+0xf0/0xf0 [ 177.086141][ T9653] ? hook_sb_remount+0x19/0xc0 [ 177.090931][ T9653] reconfigure_super+0x219/0x880 [ 177.096020][ T9653] path_mount+0xd3e/0x1020 [ 177.100456][ T9653] ? user_path_at_empty+0x13e/0x190 [ 177.105663][ T9653] __se_sys_mount+0x2d6/0x3c0 [ 177.110345][ T9653] ? __x64_sys_mount+0xc0/0xc0 [ 177.110663][ T9737] erofs: (device loop0): mounted with root inode @ nid 36. [ 177.115117][ T9653] ? lockdep_hardirqs_on+0x94/0x140 [ 177.115141][ T9653] ? __x64_sys_mount+0x1c/0xc0 [ 177.115164][ T9653] do_syscall_64+0x4c/0xa0 [ 177.136650][ T9653] ? clear_bhb_loop+0x30/0x80 [ 177.141344][ T9653] ? clear_bhb_loop+0x30/0x80 [ 177.146030][ T9653] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 177.151931][ T9653] RIP: 0033:0x7f74382d36c9 [ 177.156351][ T9653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 177.175958][ T9653] RSP: 002b:00007f743653a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 177.184371][ T9653] RAX: ffffffffffffffda RBX: 00007f7438529fa0 RCX: 00007f74382d36c9 [ 177.192347][ T9653] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000000 [ 177.200320][ T9653] RBP: 00007f7438355f91 R08: 0000000000000000 R09: 0000000000000000 [ 177.208291][ T9653] R10: 0000000002200020 R11: 0000000000000246 R12: 0000000000000000 [ 177.216265][ T9653] R13: 00007f743852a038 R14: 00007f7438529fa0 R15: 00007ffca3621358 [ 177.224254][ T9653] [ 177.283191][ T9763] netlink: 'syz.1.2521': attribute type 2 has an invalid length. [ 177.325009][ T9763] netlink: 1 bytes leftover after parsing attributes in process `syz.1.2521'. [ 177.541002][ T9774] Cannot find del_set index 1 as target [ 177.638254][ T9779] loop4: detected capacity change from 0 to 128 [ 177.858323][ T9653] gfs2: unable to remount read-write [ 177.868240][ T9789] loop4: detected capacity change from 0 to 764 [ 178.052194][ T9799] sctp: [Deprecated]: syz.0.2540 (pid 9799) Use of struct sctp_assoc_value in delayed_ack socket option. [ 178.052194][ T9799] Use struct sctp_sack_info instead [ 178.566873][ T9818] loop2: detected capacity change from 0 to 4096 [ 178.568825][ T9830] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2553'. [ 178.617495][ T9834] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2555'. [ 178.665286][ T9833] loop4: detected capacity change from 0 to 2048 [ 178.679909][ T9818] ntfs3: loop2: ino=3, Correct links count -> 2. [ 178.680207][ T9834] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 178.759290][ T9833] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 179.352952][ T9878] No such timeout policy "syz0" [ 179.362226][ T9882] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2579'. [ 179.612240][ T9904] loop4: detected capacity change from 0 to 64 [ 179.766707][ T9904] hfs: unable to load iocharset "Sp" [ 179.777486][ T9904] hfs: unable to parse mount options [ 179.995303][ T9930] loop1: detected capacity change from 0 to 256 [ 180.075262][ T9930] exFAT-fs (loop1): failed to load upcase table (idx : 0x000103df, chksum : 0xf3211d0a, utbl_chksum : 0xe619d30d) [ 180.291065][ T9947] loop0: detected capacity change from 0 to 256 [ 180.360122][ T9948] loop4: detected capacity change from 0 to 64 [ 180.417533][ T9948] attempt to access beyond end of device [ 180.417533][ T9948] loop4: rw=0, want=2060, limit=64 [ 180.450248][ T9948] Buffer I/O error on dev loop4, logical block 1029, async page read [ 180.462286][ T9902] loop2: detected capacity change from 0 to 32768 [ 180.517642][ T9948] attempt to access beyond end of device [ 180.517642][ T9948] loop4: rw=0, want=2060, limit=64 [ 180.569678][ T9948] Buffer I/O error on dev loop4, logical block 1029, async page read [ 180.583027][ T9957] loop0: detected capacity change from 0 to 4096 [ 180.655840][ T9957] ntfs3: loop0: Different NTFS' sector size (1024) and media sector size (512) [ 180.662331][ T9902] XFS (loop2): Mounting V5 Filesystem [ 180.695229][ T9973] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2616'. [ 180.815195][ T9981] loop4: detected capacity change from 0 to 64 [ 180.891291][ T9902] XFS (loop2): Ending clean mount [ 180.905229][ T9902] XFS (loop2): Quotacheck needed: Please wait. [ 180.913633][ T9957] ntfs3: loop0: ntfs_sync_inode r=1e failed, -22. [ 180.953806][ T9957] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 180.989670][ T4205] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 181.055471][ T9902] XFS (loop2): Quotacheck: Done. [ 181.091283][ T5756] ntfs3: loop0: ntfs3_write_inode r=1e failed, -22. [ 181.115509][ T9985] loop4: detected capacity change from 0 to 512 [ 181.122643][ T4181] ntfs3: loop0: ntfs_evict_inode r=1e failed, -22. [ 181.145244][ T9985] EXT4-fs (loop4): Test dummy encryption mode enabled [ 181.161949][ T9985] EXT4-fs (loop4): Mount option "nouser_xattr" will be removed by 3.5 [ 181.161949][ T9985] Contact linux-ext4@vger.kernel.org if you think we should keep it. [ 181.161949][ T9985] [ 181.193877][ T4184] XFS (loop2): Unmounting Filesystem [ 181.246717][ T9985] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 181.311245][ T9987] loop0: detected capacity change from 0 to 4096 [ 181.353201][ T9985] EXT4-fs (loop4): 1 truncate cleaned up [ 181.359018][ T9985] EXT4-fs (loop4): mounted filesystem without journal. Opts: test_dummy_encryption=v1,noauto_da_alloc,max_batch_time=0x0000000000000af2,nodioread_nolock,nouser_xattr,grpjquota=,nodiscard,nodioread_nolock,grpquota,minixdf,,errors=continue. Quota mode: writeback. [ 181.409941][ T4205] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.457065][ T9987] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 181.602089][ T9987] ntfs3: loop0: failed to convert "c46c" to macroman [ 181.649821][ T4205] usb 4-1: New USB device found, idVendor=093a, idProduct=2476, bcdDevice= d.5b [ 181.680167][ T4205] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 181.712607][ T4205] usb 4-1: Product: syz [ 181.716788][ T4205] usb 4-1: Manufacturer: syz [ 181.739139][ T4205] usb 4-1: SerialNumber: syz [ 181.777125][ T4205] usb 4-1: config 0 descriptor?? [ 181.820043][ T9997] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2627'. [ 181.846242][ T4205] gspca_main: pac207-2.14.0 probing 093a:2476 [ 181.857688][T10000] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2628'. [ 182.019572][ T4205] gspca_pac207: Failed to read a register (index 0x0000, error -110) [ 182.028855][T10012] loop1: detected capacity change from 0 to 512 [ 182.054578][ T4205] usb 4-1: USB disconnect, device number 15 [ 182.086770][T10012] EXT4-fs (loop1): Ignoring removed mblk_io_submit option [ 182.107368][T10012] EXT4-fs (loop1): orphan cleanup on readonly fs [ 182.123168][T10012] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -13 [ 182.140896][T10012] EXT4-fs error (device loop1): ext4_clear_blocks:883: inode #13: comm syz.1.2635: attempt to clear invalid blocks 2 len 1 [ 182.165462][T10012] EXT4-fs (loop1): Remounting filesystem read-only [ 182.205733][T10012] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 182.238845][T10012] EXT4-fs (loop1): Remounting filesystem read-only [ 182.246624][T10012] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2635: invalid indirect mapped block 1819239214 (level 0) [ 182.269555][ T7] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 182.287432][T10012] EXT4-fs (loop1): Remounting filesystem read-only [ 182.296341][T10012] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #13: comm syz.1.2635: invalid indirect mapped block 1819239214 (level 1) [ 182.317734][T10012] EXT4-fs (loop1): Remounting filesystem read-only [ 182.358529][T10012] EXT4-fs (loop1): 1 truncate cleaned up [ 182.377233][T10012] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=... Quota mode: writeback. [ 182.545510][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 182.648893][T10048] loop3: detected capacity change from 0 to 256 [ 182.694372][ T7] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 182.720249][ T7] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 182.859857][ T7] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 182.868964][ T7] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 182.871442][T10060] netlink: 'syz.2.2657': attribute type 3 has an invalid length. [ 182.899659][ T21] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 182.923250][ T7] usb 1-1: Product: syz [ 182.927450][ T7] usb 1-1: Manufacturer: syz [ 182.990648][ T7] hub 1-1:4.0: USB hub found [ 183.209844][ T7] hub 1-1:4.0: config failed, hub doesn't have any ports! (err -19) [ 183.277687][T10081] loop3: detected capacity change from 0 to 4096 [ 183.349839][ T21] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 183.379304][ T21] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 183.403219][ T21] usb 2-1: config 0 descriptor?? [ 183.410100][T10096] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 183.440431][T10081] NILFS error (device loop3): nilfs_check_page: bad entry in directory #2: disallowed inode number - offset=0, inode=3, rec_len=16, name_len=1 [ 183.473491][T10081] Remounting filesystem read-only [ 183.530147][ T7] usb 1-1: USB disconnect, device number 12 [ 183.919815][ T21] usb 2-1: Cannot set MAC address [ 183.925645][ T21] MOSCHIP usb-ethernet driver: probe of 2-1:0.0 failed with error -71 [ 183.975031][T10121] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 183.976025][ T21] usb 2-1: USB disconnect, device number 20 [ 183.982299][T10121] IPv6: NLM_F_CREATE should be set when creating new route [ 183.982339][T10121] IPv6: NLM_F_CREATE should be set when creating new route [ 184.093305][T10101] loop2: detected capacity change from 0 to 32768 [ 184.101572][ T6245] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 184.104289][T10101] XFS: noikeep mount option is deprecated. [ 184.195793][T10137] netlink: 'syz.0.2693': attribute type 1 has an invalid length. [ 184.205909][T10101] XFS (loop2): Mounting V5 Filesystem [ 184.301091][T10101] XFS (loop2): Ending clean mount [ 184.304336][T10144] loop3: detected capacity change from 0 to 256 [ 184.331294][T10101] XFS (loop2): Quotacheck needed: Please wait. [ 184.338577][T10144] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 184.388102][T10144] befs: Unrecognized mount option "umask=00000000000000000000005" or missing value [ 184.405963][T10144] befs: (nullb0): cannot parse mount options [ 184.412558][T10101] XFS (loop2): Quotacheck: Done. [ 184.417247][T10147] loop0: detected capacity change from 0 to 512 [ 184.477318][T10147] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 184.506390][T10147] EXT4-fs (loop0): orphan cleanup on readonly fs [ 184.555999][T10147] EXT4-fs (loop0): Cannot turn on journaled quota: type 0: error -13 [ 184.570706][T10147] EXT4-fs error (device loop0): ext4_clear_blocks:883: inode #13: comm syz.0.2696: attempt to clear invalid blocks 2 len 1 [ 184.586580][T10147] EXT4-fs (loop0): Remounting filesystem read-only [ 184.609008][T10147] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1147: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 184.619349][ T4184] XFS (loop2): Unmounting Filesystem [ 184.628953][ T6245] usb 5-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=30.20 [ 184.656274][ T6245] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.668641][T10147] EXT4-fs (loop0): Remounting filesystem read-only [ 184.675693][T10147] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2696: invalid indirect mapped block 1819239214 (level 0) [ 184.690561][T10147] EXT4-fs (loop0): Remounting filesystem read-only [ 184.707273][ T6245] usb 5-1: Product: syz [ 184.723114][ T6245] usb 5-1: Manufacturer: syz [ 184.738247][T10147] EXT4-fs error (device loop0): ext4_free_branches:1030: inode #13: comm syz.0.2696: invalid indirect mapped block 1819239214 (level 1) [ 184.767616][ T6245] usb 5-1: SerialNumber: syz [ 184.792995][ T6245] usb 5-1: config 0 descriptor?? [ 184.847481][T10147] EXT4-fs (loop0): Remounting filesystem read-only [ 184.865679][T10147] EXT4-fs (loop0): 1 truncate cleaned up [ 184.881718][T10147] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,init_itable=0x0000000000000004,mblk_io_submit,minixdf,jqfmt=vfsv0,usrjquota=... Quota mode: writeback. [ 184.952863][T10170] loop1: detected capacity change from 0 to 4096 [ 185.036620][T10170] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 185.284029][ T6241] usb 5-1: USB disconnect, device number 21 [ 185.303132][ T6241] f81534a_ctrl 5-1:0.0: failed to set register 0x116: -19 [ 185.333162][ T6241] f81534a_ctrl 5-1:0.0: failed to enable ports: -19 [ 185.857548][T10176] loop3: detected capacity change from 0 to 32768 [ 185.964861][T10176] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 scanned by syz.3.2712 (10176) [ 186.062312][T10176] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm [ 186.115744][T10176] BTRFS info (device loop3): using free space tree [ 186.135963][T10176] BTRFS info (device loop3): has skinny extents [ 186.212532][T10228] loop2: detected capacity change from 0 to 4096 [ 186.309546][ C0] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 186.497043][T10176] BTRFS info (device loop3): enabling ssd optimizations [ 186.734413][T10279] loop4: detected capacity change from 0 to 512 [ 186.797665][T10281] netlink: 300 bytes leftover after parsing attributes in process `syz.2.2753'. [ 186.845038][T10279] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349) [ 186.876384][T10285] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2755'. [ 186.924585][T10285] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2755'. [ 186.940922][T10279] EXT4-fs (loop4): orphan cleanup on readonly fs [ 186.948622][T10279] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:510: comm syz.4.2752: Block bitmap for bg 0 marked uninitialized [ 186.972192][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 187.058258][T10279] EXT4-fs (loop4): Remounting filesystem read-only [ 187.064917][T10279] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 187.080415][T10279] EXT4-fs (loop4): Remounting filesystem read-only [ 187.087059][T10290] PKCS7: Unknown OID: [4] 0.0.22(bad) [ 187.099597][T10279] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:510: comm syz.4.2752: Block bitmap for bg 0 marked uninitialized [ 187.114341][T10279] EXT4-fs (loop4): Remounting filesystem read-only [ 187.118453][T10290] PKCS7: Only support pkcs7_signedData type [ 187.200145][T10279] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 187.235594][T10279] EXT4-fs (loop4): Remounting filesystem read-only [ 187.252759][T10296] loop2: detected capacity change from 0 to 8 [ 187.279789][T10279] EXT4-fs error (device loop4): ext4_read_block_bitmap_nowait:510: comm syz.4.2752: Block bitmap for bg 0 marked uninitialized [ 187.339524][T10279] EXT4-fs (loop4): Remounting filesystem read-only [ 187.346562][T10279] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6178: Corrupt filesystem [ 187.409497][T10279] EXT4-fs (loop4): Remounting filesystem read-only [ 187.416147][T10279] EXT4-fs (loop4): 1 orphan inode deleted [ 187.454249][T10279] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,nolazytime,. Quota mode: none. [ 187.635123][ T25] kauditd_printk_skb: 6 callbacks suppressed [ 187.635137][ T25] audit: type=1400 audit(1763382329.936:16): apparmor="DENIED" operation="setprocattr" info="current" error=-22 profile="unconfined" pid=10315 comm="syz.3.2771" [ 187.703442][T10314] loop2: detected capacity change from 0 to 4096 [ 187.736369][T10271] loop0: detected capacity change from 0 to 32768 [ 187.740461][T10314] ntfs: (device loop2): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 187.797374][T10314] ntfs: (device loop2): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 187.834355][T10271] [ 187.834355][T10271] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.834355][T10271] [ 187.883859][T10314] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 187.931329][T10314] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 187.951865][ T4181] [ 187.951865][ T4181] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 187.951865][ T4181] [ 187.984663][T10314] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 188.000839][ T4181] [ 188.000839][ T4181] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 188.000839][ T4181] [ 188.017290][T10314] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 188.072696][T10314] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 188.115656][T10314] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 188.137742][T10344] loop1: detected capacity change from 0 to 8 [ 188.199729][T10314] ntfs: (device loop2): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 188.229598][ C1] ip6_tunnel: ip6gretap1 xmit: Local address not yet configured! [ 188.262099][T10344] cramfs: bad data blocksize 3222268820 [ 188.276473][T10348] (unnamed net_device) (uninitialized): option miimon: invalid value (18446744073709551615) [ 188.287143][T10314] ntfs: volume version 3.1. [ 188.300890][ T4201] udevd[4201]: incorrect cramfs checksum on /dev/loop1 [ 188.320133][T10344] cramfs: Error -3 while decompressing! [ 188.326369][T10344] cramfs: ffffffff961f10dc(16)->ffff88807156b000(4096) [ 188.386509][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop1 [ 188.396804][T10348] (unnamed net_device) (uninitialized): option miimon: allowed values 0 - 2147483647 [ 188.421095][T10344] cramfs: bad data blocksize 3222268820 [ 188.438917][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop1 [ 188.516536][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop1 [ 188.620553][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop1 [ 189.055179][T10390] netlink: 'syz.4.2806': attribute type 4 has an invalid length. [ 189.064521][T10396] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 189.068957][T10392] loop0: detected capacity change from 0 to 128 [ 189.087843][T10390] netlink: 199836 bytes leftover after parsing attributes in process `syz.4.2806'. [ 189.090298][T10396] overlayfs: missing 'lowerdir' [ 189.141163][T10399] loop3: detected capacity change from 0 to 64 [ 189.151737][T10392] EXT4-fs (loop0): mounted filesystem without journal. Opts: sysvgroups,inode_readahead_blks=0x0000000000004000,usrjquota=,acl,grpjquota=,,errors=continue. Quota mode: none. [ 189.175157][T10392] ext4 filesystem being mounted at /569/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 189.319708][ T6245] usb 2-1: new low-speed USB device number 21 using dummy_hcd [ 189.377036][T10421] loop2: detected capacity change from 0 to 64 [ 189.431864][T10425] 9p: Unknown access argument [ 189.598502][T10439] dlm: no local IP address has been set [ 189.629782][T10439] dlm: cannot start dlm midcomms -107 [ 189.689762][ T6245] usb 2-1: config 0 has an invalid interface number: 113 but max is 0 [ 189.709399][ T6245] usb 2-1: config 0 has an invalid interface association descriptor of length 2, skipping [ 189.710840][T10447] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2834'. [ 189.734602][ T6245] usb 2-1: config 0 has no interface number 0 [ 189.775075][ T6245] usb 2-1: config 0 interface 113 altsetting 53 endpoint 0x4 has invalid maxpacket 16, setting to 8 [ 189.781011][T10453] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.2836'. [ 189.819697][ T6245] usb 2-1: config 0 interface 113 altsetting 53 endpoint 0x1 is Bulk; changing to Interrupt [ 189.847064][ T6245] usb 2-1: config 0 interface 113 altsetting 53 endpoint 0xB has invalid maxpacket 16, setting to 8 [ 189.887342][ T6245] usb 2-1: config 0 interface 113 altsetting 53 has a duplicate endpoint with address 0xB, skipping [ 189.928751][ T6245] usb 2-1: config 0 interface 113 has no altsetting 0 [ 189.945995][ T6245] usb 2-1: New USB device found, idVendor=0df6, idProduct=0056, bcdDevice=65.db [ 189.947188][T10464] netlink: 'syz.0.2840': attribute type 1 has an invalid length. [ 189.975396][ T6245] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.980037][T10466] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2842'. [ 190.013286][T10464] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2840'. [ 190.017428][ T6245] usb 2-1: config 0 descriptor?? [ 190.026477][T10466] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2842'. [ 190.043194][T10466] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2842'. [ 190.059621][T10466] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2842'. [ 190.208079][T10477] loop2: detected capacity change from 0 to 8 [ 190.257762][ T4196] udevd[4196]: incorrect cramfs checksum on /dev/loop2 [ 190.266716][T10477] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 190.296685][T10477] cramfs: Error -3 while decompressing! [ 190.317886][T10477] cramfs: ffffffff961f10a8(26)->ffff888059f5b000(4096) [ 190.350699][T10484] netlink: 'syz.3.2851': attribute type 10 has an invalid length. [ 190.360628][T10477] cramfs: Error -3 while decompressing! [ 190.360975][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop2 [ 190.383853][T10477] cramfs: ffffffff961f10c2(26)->ffff888068c02000(4096) [ 190.399997][T10484] device veth0_macvtap left promiscuous mode [ 190.426096][T10477] cramfs: Error -3 while decompressing! [ 190.434864][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop2 [ 190.461032][T10484] batman_adv: batadv0: Adding interface: macvtap0 [ 190.474574][T10477] cramfs: ffffffff961f10dc(16)->ffff8880698af000(4096) [ 190.488843][T10484] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 190.503715][T10477] cramfs: Error -3 while decompressing! [ 190.536004][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop2 [ 190.558078][T10484] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 190.569004][T10477] cramfs: ffffffff961f10a8(26)->ffff888059f5b000(4096) [ 190.569604][ T6245] asix 2-1:0.113 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 190.610895][ T6245] asix: probe of 2-1:0.113 failed with error -71 [ 190.620349][T10492] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 190.625644][ T5708] udevd[5708]: incorrect cramfs checksum on /dev/loop2 [ 190.654845][ T6245] usb 2-1: USB disconnect, device number 21 [ 191.197809][T10535] netlink: 'syz.2.2873': attribute type 10 has an invalid length. [ 191.282838][T10535] team0: Port device wlan1 added [ 191.302007][T10541] loop1: detected capacity change from 0 to 1024 [ 191.450254][ T5756] hfsplus: b-tree write err: -5, ino 4 [ 191.543885][T10567] loop1: detected capacity change from 0 to 256 [ 191.595441][T10570] netlink: 'syz.2.2893': attribute type 12 has an invalid length. [ 191.629616][ T4801] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 191.739957][T10583] loop1: detected capacity change from 0 to 1024 [ 191.891603][T10591] netlink: 292 bytes leftover after parsing attributes in process `syz.1.2904'. [ 192.039847][ T4801] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 192.079566][ T4801] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 192.089654][ T7] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 192.107311][ T4801] usb 4-1: New USB device found, idVendor=0489, idProduct=e057, bcdDevice= 0.00 [ 192.134305][ T4801] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.180207][ T4801] usb 4-1: config 0 descriptor?? [ 192.303671][T10585] loop4: detected capacity change from 0 to 32768 [ 192.329624][ T7] usb 1-1: Using ep0 maxpacket: 16 [ 192.343996][T10585] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 scanned by syz.4.2901 (10585) [ 192.378719][T10585] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 192.397774][T10604] loop2: detected capacity change from 0 to 8192 [ 192.410498][T10585] BTRFS info (device loop4): force clearing of disk cache [ 192.419034][T10585] BTRFS info (device loop4): setting nodatacow, compression disabled [ 192.429035][T10585] BTRFS info (device loop4): enabling auto defrag [ 192.439105][T10585] BTRFS info (device loop4): turning on sync discard [ 192.449628][ T7] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 192.450690][T10585] BTRFS info (device loop4): using free space tree [ 192.459304][ T7] usb 1-1: config 0 interface 0 altsetting 1 endpoint 0x89 has invalid wMaxPacketSize 0 [ 192.466701][T10585] BTRFS info (device loop4): has skinny extents [ 192.484921][T10604] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal [ 192.495376][T10604] REISERFS (device loop2): using ordered data mode [ 192.502058][T10604] reiserfs: using flush barriers [ 192.511760][T10604] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 192.529907][T10604] REISERFS (device loop2): checking transaction log (loop2) [ 192.545891][T10604] REISERFS (device loop2): Using r5 hash to sort names [ 192.584637][T10604] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 192.619552][ T7] usb 1-1: config 0 interface 0 has no altsetting 0 [ 192.662329][T10604] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage. [ 192.699585][ T4801] Bluetooth: Can't get state to change to load configuration err [ 192.714864][ T4801] Bluetooth: Loading sysconfig file failed [ 192.721135][ T4801] ath3k: probe of 4-1:0.0 failed with error -16 [ 192.744645][ T4801] usb 4-1: USB disconnect, device number 16 [ 192.779729][ T7] usb 1-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 192.790768][ T7] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.795538][T10585] BTRFS info (device loop4): enabling ssd optimizations [ 192.799046][ T7] usb 1-1: Product: syz [ 192.810979][ T7] usb 1-1: Manufacturer: syz [ 192.816207][ T7] usb 1-1: SerialNumber: syz [ 192.823480][ T7] usb 1-1: config 0 descriptor?? [ 193.068992][T10639] loop1: detected capacity change from 0 to 1024 [ 193.351293][ T4205] usb 1-1: USB disconnect, device number 13 [ 193.431728][T10655] loop1: detected capacity change from 0 to 512 [ 193.512043][T10655] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a806e02c, mo2=0022] [ 193.529996][T10655] System zones: 1-12 [ 193.550239][T10655] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.2920: Directory hole found for htree index block 0 [ 193.571685][T10655] EXT4-fs (loop1): Remounting filesystem read-only [ 193.578613][T10655] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -117 [ 193.598974][T10669] loop4: detected capacity change from 0 to 24 [ 193.628490][T10655] EXT4-fs error (device loop1): dx_probe:823: inode #2: comm syz.1.2920: Directory hole found for htree index block 0 [ 193.643756][T10655] EXT4-fs (loop1): Remounting filesystem read-only [ 193.650720][T10655] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -117 [ 193.655579][T10669] MTD: Attempt to mount non-MTD device "/dev/loop4" [ 193.659263][T10655] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=Jdebug,jqfmt=vfsold,dax=never,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 193.683935][T10675] netlink: 14 bytes leftover after parsing attributes in process `syz.3.2934'. [ 193.695373][T10655] EXT4-fs (loop1): re-mounted. Opts: grpjquota=Jdebug,jqfmt=vfsold,dax=never,bsdgroups,usrjquota="nojournal_checksum,errors=remount-ro,,. Quota mode: writeback. [ 193.953987][T10669] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 193.994780][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.001127][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.024551][T10669] romfs: read error for inode 0x70040 [ 194.068074][T10681] netlink: 'syz.0.2938': attribute type 10 has an invalid length. [ 194.170856][T10681] device veth0_macvtap left promiscuous mode [ 194.230465][T10685] dlm: dev_write: no op 0 0 [ 194.458416][T10681] batman_adv: batadv0: Adding interface: macvtap0 [ 194.479691][T10681] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 194.540754][T10681] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 195.079753][T10735] netlink: 188 bytes leftover after parsing attributes in process `syz.1.2963'. [ 195.109687][T10737] netlink: 'syz.2.2964': attribute type 10 has an invalid length. [ 195.143399][T10737] device veth0_macvtap left promiscuous mode [ 195.188785][T10737] batman_adv: batadv0: Adding interface: macvtap0 [ 195.220577][T10737] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 195.323641][T10737] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 195.345772][T10743] loop1: detected capacity change from 0 to 4096 [ 195.489867][T10756] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 195.560984][T10743] NILFS error (device loop1): nilfs_dotdot: directory #12 missing '.' [ 195.600825][T10760] loop2: detected capacity change from 0 to 256 [ 195.623336][T10743] Remounting filesystem read-only [ 195.681325][T10766] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2979'. [ 195.801430][T10774] netlink: 'syz.1.2982': attribute type 4 has an invalid length. [ 195.818980][T10776] ieee802154 phy0 wpan0: encryption failed: -22 [ 196.058461][T10794] xt_CT: You must specify a L4 protocol and not use inversions on it [ 196.098399][T10796] loop0: detected capacity change from 0 to 1024 [ 196.218755][T10810] loop1: detected capacity change from 0 to 256 [ 196.649606][T10832] loop3: detected capacity change from 0 to 4096 [ 196.689615][T10832] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 196.768436][T10832] ntfs3: loop3: failed to convert "c46c" to macgaelic [ 196.789700][T10852] x_tables: duplicate entry at hook 1 [ 196.815294][T10856] xt_cluster: node mask cannot exceed total number of nodes [ 196.901586][T10860] netlink: 'syz.4.3027': attribute type 10 has an invalid length. [ 196.923919][T10864] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3026'. [ 196.973414][T10860] device veth0_macvtap left promiscuous mode [ 197.039127][T10874] loop3: detected capacity change from 0 to 256 [ 197.055916][T10860] batman_adv: batadv0: Adding interface: macvtap0 [ 197.096003][T10860] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.209705][T10860] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 197.309143][T10886] loop2: detected capacity change from 0 to 4096 [ 197.322816][T10895] loop1: detected capacity change from 0 to 64 [ 197.388248][T10902] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 197.394844][T10886] NILFS error (device loop2): nilfs_dotdot: directory #12 missing '.' [ 197.448407][T10886] Remounting filesystem read-only [ 197.609594][T10917] loop1: detected capacity change from 0 to 136 [ 197.799841][T10933] netlink: 'syz.1.3056': attribute type 10 has an invalid length. [ 197.820898][T10933] device veth0_macvtap left promiscuous mode [ 197.840655][T10933] batman_adv: batadv0: Adding interface: macvtap0 [ 197.860134][T10933] batman_adv: batadv0: The MTU of interface macvtap0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 197.886474][T10933] batman_adv: batadv0: Not using interface macvtap0 (retrying later): interface not active [ 198.000755][ T4801] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 198.269508][ T4250] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 198.423731][ T4801] usb 5-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 198.436407][ T4801] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.473989][ T4801] usb 5-1: config 0 descriptor?? [ 198.561565][ T4801] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 198.824748][ T4250] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 198.846685][ T4250] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.855312][ T4250] usb 4-1: Product: syz [ 198.860055][ T4250] usb 4-1: Manufacturer: syz [ 198.875327][ T4250] usb 4-1: SerialNumber: syz [ 198.886798][T10968] netlink: 'syz.0.3077': attribute type 10 has an invalid length. [ 198.902164][ T4250] usb 4-1: config 0 descriptor?? [ 198.942788][ T4250] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 198.964451][T10971] hsr0: VLAN not yet supported [ 198.989687][ T4801] gp8psk: usb in 128 operation failed. [ 199.049575][ T4801] gp8psk: usb in 137 operation failed. [ 199.055073][ T4801] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 199.077106][ T4801] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 199.102420][ T4801] usb 5-1: USB disconnect, device number 22 [ 199.238273][T10984] loop1: detected capacity change from 0 to 512 [ 199.286190][T10961] loop2: detected capacity change from 0 to 32768 [ 199.357464][ T4250] usb 4-1: USB disconnect, device number 17 [ 199.375455][T10984] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,errors=continue,abort,bsdgroups,,errors=continue. Quota mode: writeback. [ 199.380450][T10961] (syz.2.3073,10961,1):ocfs2_find_slot:468 ERROR: no free slots available! [ 199.390949][T10984] ext4 filesystem being mounted at /521/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 199.412286][T10992] loop0: detected capacity change from 0 to 256 [ 199.440516][T10961] (syz.2.3073,10961,0):ocfs2_mount_volume:1811 ERROR: status = -22 [ 199.468096][T10961] (syz.2.3073,10961,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 199.482656][T10992] FAT-fs (loop0): Directory bread(block 64) failed [ 199.490331][T10992] FAT-fs (loop0): Directory bread(block 65) failed [ 199.496907][T10992] FAT-fs (loop0): Directory bread(block 66) failed [ 199.504408][T10992] FAT-fs (loop0): Directory bread(block 67) failed [ 199.519736][T10992] FAT-fs (loop0): Directory bread(block 68) failed [ 199.546614][T10992] FAT-fs (loop0): Directory bread(block 69) failed [ 199.590287][T10992] FAT-fs (loop0): Directory bread(block 70) failed [ 199.596867][T10992] FAT-fs (loop0): Directory bread(block 71) failed [ 199.658475][T10992] FAT-fs (loop0): Directory bread(block 72) failed [ 199.666537][T10992] FAT-fs (loop0): Directory bread(block 73) failed [ 199.733217][T10998] netlink: 'syz.1.3090': attribute type 10 has an invalid length. [ 199.801907][T11000] x_tables: unsorted entry at hook 1 [ 200.040805][T11014] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3098'. [ 200.064616][T11014] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3098'. [ 200.080890][T11012] loop0: detected capacity change from 0 to 2048 [ 200.083242][T11014] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3098'. [ 200.190964][T11012] EXT4-fs (loop0): mounted filesystem without journal. Opts: min_batch_time=0x000000000000000d,mb_optimize_scan=0x0000000000000001,acl,,errors=continue. Quota mode: none. [ 200.399586][ C1] ip6_tunnel: ip6gretap2 xmit: Local address not yet configured! [ 200.476746][T10961] loop2: detected capacity change from 0 to 32768 [ 200.542308][T11006] loop4: detected capacity change from 0 to 32768 [ 200.554894][T10961] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.3073 (10961) [ 200.618477][T11006] jfs_lookup: dtSearch returned -5 [ 200.628937][T10961] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 200.679314][T10961] BTRFS info (device loop2): turning off barriers [ 200.710272][T10961] BTRFS info (device loop2): max_inline at 0 [ 200.716301][T10961] BTRFS info (device loop2): enabling all of the rescue options [ 200.720034][T11039] cgroup: No subsys list or none specified [ 200.732502][T10961] BTRFS info (device loop2): ignoring data csums [ 200.738840][T10961] BTRFS info (device loop2): ignoring bad roots [ 200.823934][T10961] BTRFS info (device loop2): disabling log replay at mount time [ 200.838150][T10961] BTRFS info (device loop2): force zlib compression, level 3 [ 200.877248][T10961] BTRFS info (device loop2): allowing degraded mounts [ 200.896978][T10961] BTRFS info (device loop2): using free space tree [ 200.940032][T10961] BTRFS info (device loop2): has skinny extents [ 200.946339][T10961] workqueue: max_active 2097158 requested for btrfs-worker is out of range, clamping between 1 and 512 [ 201.025098][T10961] workqueue: max_active 2097158 requested for btrfs-worker-high is out of range, clamping between 1 and 512 [ 201.129931][T10961] workqueue: max_active 2097158 requested for btrfs-delalloc is out of range, clamping between 1 and 512 [ 201.153417][T11051] loop1: detected capacity change from 0 to 1024 [ 201.171765][T11030] loop0: detected capacity change from 0 to 32768 [ 201.189832][T10961] workqueue: max_active 2097158 requested for btrfs-endio is out of range, clamping between 1 and 512 [ 201.210446][T10961] workqueue: max_active 2097158 requested for btrfs-endio-meta is out of range, clamping between 1 and 512 [ 201.222932][T10961] workqueue: max_active 2097158 requested for btrfs-endio-meta-write is out of range, clamping between 1 and 512 [ 201.323033][T11030] JBD2: Ignoring recovery information on journal [ 201.345731][T10961] workqueue: max_active 2097158 requested for btrfs-endio-raid56 is out of range, clamping between 1 and 512 [ 201.453892][T10961] workqueue: max_active 2097158 requested for btrfs-rmw is out of range, clamping between 1 and 512 [ 201.495905][T10961] workqueue: max_active 2097158 requested for btrfs-endio-write is out of range, clamping between 1 and 512 [ 201.508262][T11030] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 201.559636][T11085] netlink: 'syz.3.3124': attribute type 13 has an invalid length. [ 201.593654][T11091] loop1: detected capacity change from 0 to 256 [ 201.629603][T11030] (syz.0.3104,11030,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry too close to end - offset=32, inode=17057, rec_len=280, name_len=10 [ 201.655568][T10961] workqueue: max_active 2097158 requested for btrfs-readahead is out of range, clamping between 1 and 512 [ 201.737307][ T5756] BTRFS warning (device loop2): checksum verify failed on 5337088 wanted 0x324c5e2d0cac2dc8f61cbfdfc8cd69d9816061b1498b9e1bff7d10a59610160b found 0x3fff8ff18ac4f264f26c9b61444b99be3a51e4b9014c9227426415668fcd4ed9 level 0 [ 201.829660][T11105] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3129'. [ 201.838726][T11105] netlink: 196 bytes leftover after parsing attributes in process `syz.3.3129'. [ 201.840782][T11030] (syz.0.3104,11030,0):ocfs2_prepare_dir_for_insert:4311 ERROR: status = -2 [ 201.867456][T11091] FAT-fs (loop1): Directory bread(block 64) failed [ 201.872515][T11030] (syz.0.3104,11030,0):ocfs2_mknod:298 ERROR: status = -2 [ 201.881390][ T5756] BTRFS warning (device loop2): checksum verify failed on 5328896 wanted 0xe27e479340067083b74b333c1de55c530774f48d9bb4dbb5f2229db663324412 found 0x95f62be744ba79d2c7edda0b7f35c3ed250500c283e6cfbf6ba5d84a2ae65a3d level 1 [ 201.903393][T11030] (syz.0.3104,11030,0):ocfs2_mknod:502 ERROR: status = -2 [ 201.905770][T11091] FAT-fs (loop1): Directory bread(block 65) failed [ 201.921489][T11030] (syz.0.3104,11030,0):ocfs2_create:676 ERROR: status = -2 [ 201.979578][T11091] FAT-fs (loop1): Directory bread(block 66) failed [ 201.986458][T11091] FAT-fs (loop1): Directory bread(block 67) failed [ 202.002549][T11105] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3129'. [ 202.044997][T11091] FAT-fs (loop1): Directory bread(block 68) failed [ 202.065849][T11105] netlink: 196 bytes leftover after parsing attributes in process `syz.3.3129'. [ 202.076005][T11091] FAT-fs (loop1): Directory bread(block 69) failed [ 202.085561][T11091] FAT-fs (loop1): Directory bread(block 70) failed [ 202.113266][T11091] FAT-fs (loop1): Directory bread(block 71) failed [ 202.127041][ T4181] ocfs2: Unmounting device (7,0) on (node local) [ 202.128004][T11091] FAT-fs (loop1): Directory bread(block 72) failed [ 202.183327][T11091] FAT-fs (loop1): Directory bread(block 73) failed [ 202.330789][T10961] BTRFS error (device loop2): open_ctree failed: -22 [ 202.508731][T11129] loop1: detected capacity change from 0 to 64 [ 202.817783][T11146] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3152'. [ 202.913538][T11132] loop3: detected capacity change from 0 to 8192 [ 203.072535][T11132] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 203.090061][T11132] REISERFS (device loop3): using ordered data mode [ 203.096593][T11132] reiserfs: using flush barriers [ 203.124581][T11132] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 203.188069][T11132] REISERFS (device loop3): checking transaction log (loop3) [ 203.257680][T11179] xt_CT: You must specify a L4 protocol and not use inversions on it [ 203.267679][T11132] REISERFS (device loop3): Using r5 hash to sort names [ 203.276699][T11132] REISERFS (device loop3): using 3.5.x disk format [ 203.291488][T11176] IPv6: NLM_F_CREATE should be specified when creating new route [ 203.305527][T11132] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 203.392286][T11132] [ 203.394640][T11132] ====================================================== [ 203.401649][T11132] WARNING: possible circular locking dependency detected [ 203.408663][T11132] syzkaller #0 Not tainted [ 203.413075][T11132] ------------------------------------------------------ [ 203.420085][T11132] syz.3.3145/11132 is trying to acquire lock: [ 203.426140][T11132] ffff888078ce8090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock+0x75/0xd0 [ 203.435110][T11132] [ 203.435110][T11132] but task is already holding lock: [ 203.442465][T11132] ffff88805f071020 (&type->i_mutex_dir_key#17/3){+.+.}-{3:3}, at: open_xa_dir+0x11d/0x6b0 [ 203.452402][T11132] [ 203.452402][T11132] which lock already depends on the new lock. [ 203.452402][T11132] [ 203.462797][T11132] [ 203.462797][T11132] the existing dependency chain (in reverse order) is: [ 203.471802][T11132] [ 203.471802][T11132] -> #1 (&type->i_mutex_dir_key#17/3){+.+.}-{3:3}: [ 203.480503][T11132] down_write_nested+0x3b/0x60 [ 203.485794][T11132] open_xa_dir+0x11d/0x6b0 [ 203.490733][T11132] reiserfs_for_each_xattr+0x174/0x7b0 [ 203.496714][T11132] reiserfs_delete_xattrs+0x1c/0x80 [ 203.502430][T11132] reiserfs_evict_inode+0x22e/0x490 [ 203.508150][T11132] evict+0x485/0x870 [ 203.512572][T11132] reiserfs_new_inode+0x5c8/0x1860 [ 203.518220][T11132] reiserfs_symlink+0x4cf/0x770 [ 203.523599][T11132] vfs_symlink+0x247/0x3d0 [ 203.528547][T11132] do_symlinkat+0x1be/0x6c0 [ 203.529860][T11189] xt_bpf: check failed: parse error [ 203.533582][T11132] __x64_sys_symlink+0x7a/0x90 [ 203.544018][T11132] do_syscall_64+0x4c/0xa0 [ 203.548951][T11132] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 203.555364][T11132] [ 203.555364][T11132] -> #0 (&sbi->lock){+.+.}-{3:3}: [ 203.562571][T11132] __lock_acquire+0x2c33/0x7c60 [ 203.567952][T11132] lock_acquire+0x197/0x3f0 [ 203.572979][T11132] __mutex_lock_common+0x1eb/0x2390 [ 203.578699][T11132] mutex_lock_nested+0x17/0x20 [ 203.583991][T11132] reiserfs_write_lock+0x75/0xd0 [ 203.589445][T11132] reiserfs_mkdir+0x30c/0x970 [ 203.594647][T11132] open_xa_dir+0x318/0x6b0 [ 203.599594][T11132] xattr_lookup+0x22/0x2a0 [ 203.604524][T11132] reiserfs_xattr_set_handle+0xf4/0xf20 [ 203.610572][T11132] reiserfs_xattr_set+0x435/0x550 [ 203.616096][T11132] __vfs_setxattr+0x3e0/0x420 [ 203.621270][T11132] __vfs_setxattr_noperm+0x129/0x5e0 [ 203.627056][T11132] vfs_setxattr+0x168/0x2f0 [ 203.632058][T11132] setxattr+0x2da/0x300 [ 203.636706][T11132] path_setxattr+0x142/0x280 [ 203.641793][T11132] __x64_sys_lsetxattr+0xb4/0xd0 [ 203.647228][T11132] do_syscall_64+0x4c/0xa0 [ 203.652141][T11132] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 203.658543][T11132] [ 203.658543][T11132] other info that might help us debug this: [ 203.658543][T11132] [ 203.668749][T11132] Possible unsafe locking scenario: [ 203.668749][T11132] [ 203.676182][T11132] CPU0 CPU1 [ 203.681536][T11132] ---- ---- [ 203.686873][T11132] lock(&type->i_mutex_dir_key#17/3); [ 203.692314][T11132] lock(&sbi->lock); [ 203.698790][T11132] lock(&type->i_mutex_dir_key#17/3); [ 203.706747][T11132] lock(&sbi->lock); [ 203.710702][T11132] [ 203.710702][T11132] *** DEADLOCK *** [ 203.710702][T11132] [ 203.718815][T11132] 3 locks held by syz.3.3145/11132: [ 203.723982][T11132] #0: ffff8880780e0460 (sb_writers#31){.+.+}-{0:0}, at: mnt_want_write+0x3d/0x90 [ 203.733177][T11132] #1: ffff88805f0702e0 (&type->i_mutex_dir_key#17){++++}-{3:3}, at: vfs_setxattr+0x141/0x2f0 [ 203.743416][T11132] #2: ffff88805f071020 (&type->i_mutex_dir_key#17/3){+.+.}-{3:3}, at: open_xa_dir+0x11d/0x6b0 [ 203.753742][T11132] [ 203.753742][T11132] stack backtrace: [ 203.759606][T11132] CPU: 1 PID: 11132 Comm: syz.3.3145 Not tainted syzkaller #0 [ 203.767052][T11132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 203.777107][T11132] Call Trace: [ 203.780374][T11132] [ 203.783305][T11132] dump_stack_lvl+0x168/0x230 [ 203.787983][T11132] ? load_image+0x3b0/0x3b0 [ 203.792467][T11132] ? show_regs_print_info+0x20/0x20 [ 203.797649][T11132] ? print_circular_bug+0x12b/0x1a0 [ 203.802823][T11132] check_noncircular+0x274/0x310 [ 203.807741][T11132] ? add_chain_block+0x940/0x940 [ 203.812661][T11132] ? lockdep_lock+0xdc/0x1e0 [ 203.817231][T11132] ? stack_trace_save+0xe0/0xe0 [ 203.822057][T11132] ? mark_lock+0x94/0x320 [ 203.826384][T11132] ? _find_first_zero_bit+0xce/0xf0 [ 203.831568][T11132] __lock_acquire+0x2c33/0x7c60 [ 203.836418][T11132] ? lockdep_unlock+0x134/0x2d0 [ 203.841245][T11132] ? lockdep_lock+0x1e0/0x1e0 [ 203.845900][T11132] ? verify_lock_unused+0x140/0x140 [ 203.851075][T11132] ? add_lock_to_list+0x18d/0x280 [ 203.856073][T11132] ? __lock_acquire+0x289d/0x7c60 [ 203.861087][T11132] lock_acquire+0x197/0x3f0 [ 203.865593][T11132] ? reiserfs_write_lock+0x75/0xd0 [ 203.870683][T11132] ? __might_sleep+0xf0/0xf0 [ 203.875253][T11132] ? read_lock_is_recursive+0x10/0x10 [ 203.880610][T11132] ? reiserfs_write_lock+0x75/0xd0 [ 203.885721][T11132] __mutex_lock_common+0x1eb/0x2390 [ 203.890905][T11132] ? reiserfs_write_lock+0x75/0xd0 [ 203.895991][T11132] ? memset+0x1e/0x40 [ 203.899966][T11132] ? mutex_lock_io_nested+0x60/0x60 [ 203.905166][T11132] ? dquot_initialize+0x20/0x20 [ 203.909996][T11132] ? memset+0x1e/0x40 [ 203.913960][T11132] mutex_lock_nested+0x17/0x20 [ 203.918717][T11132] reiserfs_write_lock+0x75/0xd0 [ 203.923633][T11132] reiserfs_mkdir+0x30c/0x970 [ 203.928298][T11132] ? reiserfs_symlink+0x770/0x770 [ 203.933320][T11132] ? __rwlock_init+0x140/0x140 [ 203.938062][T11132] ? do_raw_spin_unlock+0x11d/0x230 [ 203.943237][T11132] open_xa_dir+0x318/0x6b0 [ 203.947631][T11132] ? listxattr_filler+0x410/0x410 [ 203.952633][T11132] xattr_lookup+0x22/0x2a0 [ 203.957023][T11132] ? reiserfs_xattr_set_handle+0xc5/0xf20 [ 203.962718][T11132] reiserfs_xattr_set_handle+0xf4/0xf20 [ 203.968250][T11132] ? __mutex_unlock_slowpath+0x19e/0x6a0 [ 203.973859][T11132] ? chown_one_xattr+0x90/0x90 [ 203.978599][T11132] ? mutex_unlock+0x10/0x10 [ 203.983081][T11132] ? journal_begin+0x1f1/0x350 [ 203.987823][T11132] ? reiserfs_write_unlock+0xa2/0x110 [ 203.993172][T11132] reiserfs_xattr_set+0x435/0x550 [ 203.998177][T11132] ? reiserfs_get_page+0x400/0x400 [ 204.003264][T11132] ? trusted_set+0x7d/0xe0 [ 204.007658][T11132] ? trusted_get+0xc0/0xc0 [ 204.012047][T11132] __vfs_setxattr+0x3e0/0x420 [ 204.016707][T11132] __vfs_setxattr_noperm+0x129/0x5e0 [ 204.021973][T11132] vfs_setxattr+0x168/0x2f0 [ 204.026456][T11132] ? xattr_permission+0x500/0x500 [ 204.031461][T11132] ? strncpy_from_user+0x1fb/0x360 [ 204.036564][T11132] setxattr+0x2da/0x300 [ 204.040707][T11132] ? path_setxattr+0x280/0x280 [ 204.045473][T11132] ? __mnt_want_write+0x1e2/0x260 [ 204.050481][T11132] path_setxattr+0x142/0x280 [ 204.055056][T11132] ? simple_xattr_list_add+0xf0/0xf0 [ 204.060340][T11132] ? lock_chain_count+0x20/0x20 [ 204.065188][T11132] ? vtime_user_exit+0x2dc/0x400 [ 204.070102][T11132] __x64_sys_lsetxattr+0xb4/0xd0 [ 204.075037][T11132] do_syscall_64+0x4c/0xa0 [ 204.079432][T11132] ? clear_bhb_loop+0x30/0x80 [ 204.084101][T11132] ? clear_bhb_loop+0x30/0x80 [ 204.088754][T11132] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 204.094631][T11132] RIP: 0033:0x7f74382d36c9 [ 204.099042][T11132] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 204.118623][T11132] RSP: 002b:00007f743653a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 204.127012][T11132] RAX: ffffffffffffffda RBX: 00007f7438529fa0 RCX: 00007f74382d36c9 [ 204.134960][T11132] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000200000000100 [ 204.142908][T11132] RBP: 00007f7438355f91 R08: 0000000000000003 R09: 0000000000000000 [ 204.150857][T11132] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 204.158803][T11132] R13: 00007f743852a038 R14: 00007f7438529fa0 R15: 00007ffca3621358 [ 204.166756][T11132]