2022-11-23 20:02:20

by Sanan Hasanov

[permalink] [raw]
Subject: Syzkaller found a bug: KASAN: slab-out-of-bounds Write in enqueue_timer

Good day, dear maintainers,

We found a bug using a modified kernel configuration file used by syzbot.

We enhanced the coverage of the configuration file using our tool, klocalizer.

Kernel branch: linux-next 5.11.0+ (HEAD detached at a68aa48d4ed8)

config file: https://drive.google.com/file/d/1TjJi74Vw0t1C9A62BHu9EBRDRmfPdOJ1/view?usp=sharing

Unfortunately, we have no reproducer for this bug yet.

Thank you!

EXT4-fs error (device loop1): ext4_fill_super:4943: inode #2: comm syz-executor.1: iget: bad extra_isize 9640 (inode size 1024)
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
==================================================================
BUG: KASAN: slab-out-of-bounds in hlist_add_head include/linux/list.h:884 [inline]
BUG: KASAN: slab-out-of-bounds in enqueue_timer+0x3a5/0x3e0 kernel/time/timer.c:581
Write of size 8 at addr ffff8880189b3378 by task kworker/2:2/23650

CPU: 2 PID: 23650 Comm: kworker/2:2 Not tainted 5.11.0+ #4
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014
Workqueue: events flush_stashed_error_work
Call Trace:
__dump_stack lib/dump_stack.c:79 [inline]
dump_stack+0xb0/0xf3 lib/dump_stack.c:120
print_address_description.constprop.0+0x1a/0x140 mm/kasan/report.c:230
__kasan_report mm/kasan/report.c:396 [inline]
kasan_report.cold+0x7f/0x10e mm/kasan/report.c:413
hlist_add_head include/linux/list.h:884 [inline]
enqueue_timer+0x3a5/0x3e0 kernel/time/timer.c:581
internal_add_timer+0xb7/0x100 kernel/time/timer.c:609
__mod_timer kernel/time/timer.c:1060 [inline]
mod_timer+0x51e/0x940 kernel/time/timer.c:1106
ext4_update_super+0xcce/0xfb0 fs/ext4/super.c:5537
ext4_commit_super+0x18d/0x4b0 fs/ext4/super.c:5555
flush_stashed_error_work+0x18c/0x260 fs/ext4/super.c:727
process_one_work+0x869/0x1180 kernel/workqueue.c:2275
worker_thread+0x97/0xf90 kernel/workqueue.c:2421
kthread+0x2f1/0x400 kernel/kthread.c:292
ret_from_fork+0x22/0x30 arch/x86/entry/entry_64.S:294

Allocated by task 26673:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
kasan_set_track mm/kasan/common.c:46 [inline]
set_alloc_info mm/kasan/common.c:401 [inline]
____kasan_kmalloc.constprop.0+0x84/0xa0 mm/kasan/common.c:429
kmalloc_node include/linux/slab.h:577 [inline]
kvmalloc_node+0x42/0xc0 mm/util.c:587
kvmalloc include/linux/mm.h:784 [inline]
seq_buf_alloc fs/seq_file.c:35 [inline]
seq_read_iter+0x6e1/0xfc0 fs/seq_file.c:207
kernfs_fop_read_iter+0x3ff/0x5a0 fs/kernfs/file.c:241
call_read_iter include/linux/fs.h:1895 [inline]
new_sync_read+0x3db/0x670 fs/read_write.c:415
vfs_read+0x35d/0x480 fs/read_write.c:496
ksys_read+0x100/0x210 fs/read_write.c:634
do_syscall_64+0x33/0x40 arch/x86/entry/common.c:46
entry_SYSCALL_64_after_hwframe+0x44/0xae

Freed by task 26673:
kasan_save_stack+0x1b/0x40 mm/kasan/common.c:38
kasan_set_track+0x1c/0x30 mm/kasan/common.c:46
kasan_set_free_info+0x20/0x30 mm/kasan/generic.c:356
____kasan_slab_free+0xec/0x120 mm/kasan/common.c:362
kasan_slab_free include/linux/kasan.h:192 [inline]
slab_free_hook mm/slub.c:1547 [inline]
slab_free_freelist_hook mm/slub.c:1580 [inline]
slab_free mm/slub.c:3143 [inline]
kfree+0x8c/0x220 mm/slub.c:4179
kvfree+0x35/0x40 mm/util.c:616
seq_release+0x4f/0x80 fs/seq_file.c:352
kernfs_fop_release+0xd3/0x240 fs/kernfs/file.c:761
__fput+0x21e/0x870 fs/file_table.c:280
task_work_run+0x104/0x1b0 kernel/task_work.c:140
tracehook_notify_resume include/linux/tracehook.h:189 [inline]
exit_to_user_mode_loop kernel/entry/common.c:174 [inline]
exit_to_user_mode_prepare+0x11f/0x130 kernel/entry/common.c:208
__syscall_exit_to_user_mode_work kernel/entry/common.c:290 [inline]
syscall_exit_to_user_mode+0x1d/0x40 kernel/entry/common.c:301
entry_SYSCALL_64_after_hwframe+0x44/0xae

The buggy address belongs to the object at ffff8880189b2000
which belongs to the cache kmalloc-4k of size 4096
The buggy address is located 888 bytes to the right of
4096-byte region [ffff8880189b2000, ffff8880189b3000)
The buggy address belongs to the page:
page:000000002d1437e5 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880189b6000 pfn:0x189b0
head:000000002d1437e5 order:3 compound_mapcount:0 compound_pincount:0
flags: 0x100000000010200(slab|head)
raw: 0100000000010200 ffffea00004eea08 ffffea0000531008 ffff888100042f00
raw: ffff8880189b6000 0000000000040003 00000001ffffffff 0000000000000000
page dumped because: kasan: bad access detected

Memory state around the buggy address:
ffff8880189b3200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8880189b3280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
>ffff8880189b3300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
^
ffff8880189b3380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
ffff8880189b3400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
==================================================================
loop1: detected capacity change from 4096 to 0
EXT4-fs error (device loop1): ext4_fill_super:4943: inode #2: comm syz-executor.1: iget: bad extra_isize 9640 (inode size 1024)
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
loop1: detected capacity change from 4096 to 0
EXT4-fs error (device loop1): ext4_fill_super:4943: inode #2: comm syz-executor.1: iget: bad extra_isize 9640 (inode size 1024)
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
loop1: detected capacity change from 4096 to 0
EXT4-fs error (device loop1): ext4_fill_super:4943: inode #2: comm syz-executor.1: iget: bad extra_isize 9640 (inode size 1024)
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
loop1: detected capacity change from 4096 to 0
EXT4-fs error (device loop1): ext4_fill_super:4943: inode #2: comm syz-executor.1: iget: bad extra_isize 9640 (inode size 1024)
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
loop1: detected capacity change from 4096 to 0
EXT4-fs error (device loop1): ext4_fill_super:4943: inode #2: comm syz-executor.1: iget: bad extra_isize 9640 (inode size 1024)
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
loop1: detected capacity change from 4096 to 0
EXT4-fs error (device loop1): ext4_fill_super:4943: inode #2: comm syz-executor.1: iget: bad extra_isize 9640 (inode size 1024)
EXT4-fs (loop1): get root inode failed
EXT4-fs (loop1): mount failed
loop7: detected capacity change from 512 to 0
[EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e800e01c, mo2=0002]
System zones: 1-20
EXT4-fs error (device loop7): ext4_orphan_get:1411: comm syz-executor.7: bad orphan inode 2374918752
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 512 to 0
[EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e800e01c, mo2=0002]
System zones: 1-20
EXT4-fs error (device loop7): ext4_orphan_get:1411: comm syz-executor.7: bad orphan inode 2374918752
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 262188 to 0
FAT-fs (loop7): bogus number of FAT structure
FAT-fs (loop7): Can't find a valid FAT filesystem
loop7: detected capacity change from 262188 to 0
loop1: detected capacity change from 512 to 0
FAT-fs (loop7): bogus number of FAT structure
FAT-fs (loop7): Can't find a valid FAT filesystem
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
ext4 filesystem being mounted at /syzkaller-testdir3419502593/syzkaller.5cmvS6/1810/file0 supports timestamps until 2038 (0x7fffffff)
loop7: detected capacity change from 262188 to 0
FAT-fs (loop7): bogus number of FAT structure
FAT-fs (loop7): Can't find a valid FAT filesystem
loop1: detected capacity change from 512 to 0
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
ext4 filesystem being mounted at /syzkaller-testdir3419502593/syzkaller.5cmvS6/1811/file0 supports timestamps until 2038 (0x7fffffff)
loop7: detected capacity change from 2048 to 0
loop1: detected capacity change from 512 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
ext4 filesystem being mounted at /syzkaller-testdir3419502593/syzkaller.5cmvS6/1812/file0 supports timestamps until 2038 (0x7fffffff)
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
loop1: detected capacity change from 2048 to 0
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop7: detected capacity change from 2048 to 0
EXT4-fs error (device loop7): ext4_fill_super:4943: inode #2: comm syz-executor.7: iget: root inode unallocated
EXT4-fs (loop7): get root inode failed
EXT4-fs (loop7): mount failed
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
EXT4-fs (loop7): group descriptors corrupted!
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
EXT4-fs (loop7): group descriptors corrupted!
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop7): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
EXT4-fs (loop7): group descriptors corrupted!
loop1: detected capacity change from 2048 to 0
loop7: detected capacity change from 2364 to 0
ISOFS: Unable to identify CD-ROM format.
loop7: detected capacity change from 2364 to 0
ISOFS: Unable to identify CD-ROM format.
loop7: detected capacity change from 2364 to 0
ISOFS: Unable to identify CD-ROM format.
loop7: detected capacity change from 2364 to 0
ISOFS: Unable to identify CD-ROM format.
loop1: detected capacity change from 512 to 0
FAT-fs (loop1): Unrecognized mount option "nfs dos1xfloppy" or missing value
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop7): unsupported descriptor size 99
loop1: detected capacity change from 512 to 0
FAT-fs (loop1): Unrecognized mount option "nfs dos1xfloppy" or missing value
loop7: detected capacity change from 2048 to 0
FAT-fs (loop7): invalid media value (0x16)
FAT-fs (loop7): Can't find a valid FAT filesystem
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 512 to 0
FAT-fs (loop1): Unrecognized mount option "nfs dos1xfloppy" or missing value
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 512 to 0
FAT-fs (loop1): Unrecognized mount option "nfs dos1xfloppy" or missing value
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop7): unsupported descriptor size 99
loop7: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
__nla_validate_parse: 61 callbacks suppressed
netlink: 176 bytes leftover after parsing attributes in process `syz-executor.5'.
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
netlink: 176 bytes leftover after parsing attributes in process `syz-executor.5'.
netlink: 176 bytes leftover after parsing attributes in process `syz-executor.5'.
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
device lo entered promiscuous mode
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
device lo left promiscuous mode
loop7: detected capacity change from 2048 to 0
device lo entered promiscuous mode
device lo left promiscuous mode
device lo entered promiscuous mode
device lo left promiscuous mode
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir2756072593/syzkaller.LtzYSL/397/file0 supports timestamps until 2038 (0x7fffffff)
loop1: detected capacity change from 9472 to 0
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir3419502593/syzkaller.5cmvS6/1831/file0 supports timestamps until 2038 (0x7fffffff)
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir2756072593/syzkaller.LtzYSL/398/file0 supports timestamps until 2038 (0x7fffffff)
netlink: 188 bytes leftover after parsing attributes in process `syz-executor.5'.
loop1: detected capacity change from 9472 to 0
netlink: 188 bytes leftover after parsing attributes in process `syz-executor.5'.
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir3419502593/syzkaller.5cmvS6/1832/file0 supports timestamps until 2038 (0x7fffffff)
loop7: detected capacity change from 2048 to 0
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir2756072593/syzkaller.LtzYSL/399/file0 supports timestamps until 2038 (0x7fffffff)
netlink: 188 bytes leftover after parsing attributes in process `syz-executor.5'.
loop1: detected capacity change from 2048 to 0
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28182 comm=syz-executor.7
loop6: detected capacity change from 2048 to 0
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
loop6: detected capacity change from 2048 to 0
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
loop6: detected capacity change from 2048 to 0
SELinux: unrecognized netlink message: protocol=6 nlmsg_type=91 sclass=netlink_xfrm_socket pid=28200 comm=syz-executor.7
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
FAT-fs (loop1): Unrecognized mount option "@" or missing value
loop7: detected capacity change from 512 to 0
EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
EXT4-fs (loop7): Number of reserved GDT blocks insanely large: 63126
loop1: detected capacity change from 2048 to 0
FAT-fs (loop1): Unrecognized mount option "@" or missing value
loop7: detected capacity change from 512 to 0
loop6: detected capacity change from 2048 to 0
EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
EXT4-fs (loop7): Number of reserved GDT blocks insanely large: 63126
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 512 to 0
EXT4-fs (loop7): Ignoring removed nomblk_io_submit option
EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
loop6: detected capacity change from 2048 to 0
EXT4-fs (loop7): Number of reserved GDT blocks insanely large: 63126
9pnet: Insufficient options for proto=fd
loop7: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
FAT-fs (loop1): Unrecognized mount option "@" or missing value
loop7: detected capacity change from 2048 to 0
9pnet: Insufficient options for proto=fd
loop7: detected capacity change from 2048 to 0
9pnet: Insufficient options for proto=fd
loop7: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
tmpfs: Bad value for 'mpol'
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 65536 to 0
tmpfs: Bad value for 'mpol'
tmpfs: Bad value for 'mpol'
EXT4-fs (loop7): Mount option "nouser_xattr" will be removed by 3.5
Contact [email protected] if you think we should keep it.

loop6: detected capacity change from 2048 to 0
EXT4-fs (loop7): mounted filesystem without journal. Opts: nouser_xattr,dioread_lock,lazytime,auto_da_alloc=0x00000000000000dd,resgid=00000000000000000000,nodiscard,block_validity,min_batch_time=0x0000000000000849,nojournal_checksum,,errors=continue. Quota mode: none.
tmpfs: Bad value for 'mpol'
EXT4-fs error (device loop7): __ext4_new_inode:1067: comm syz-executor.7: reserved inode found cleared - inode=10
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 65536 to 0
EXT4-fs (loop7): Mount option "nouser_xattr" will be removed by 3.5
Contact [email protected] if you think we should keep it.

EXT4-fs (loop7): mounted filesystem without journal. Opts: nouser_xattr,dioread_lock,lazytime,auto_da_alloc=0x00000000000000dd,resgid=00000000000000000000,nodiscard,block_validity,min_batch_time=0x0000000000000849,nojournal_checksum,,errors=continue. Quota mode: none.
EXT4-fs error (device loop7): __ext4_new_inode:1067: comm syz-executor.7: reserved inode found cleared - inode=10
loop6: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
loop6: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
loop7: detected capacity change from 65536 to 0
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 1024 to 0
EXT4-fs (loop7): unsupported inode size: 3072
EXT4-fs (loop7): blocksize: 1024
loop1: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
loop7: detected capacity change from 1024 to 0
ALSA: seq fatal error: cannot create timer (-22)
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
EXT4-fs (loop7): unsupported inode size: 3072
EXT4-fs (loop7): blocksize: 1024
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop1: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 1024 to 0
ALSA: seq fatal error: cannot create timer (-22)
loop1: detected capacity change from 512 to 0
EXT4-fs (loop7): unsupported inode size: 3072
EXT4-fs (loop7): blocksize: 1024
EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 512 to 0
EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
loop7: detected capacity change from 4096 to 0
EXT4-fs (loop7): Unrecognized mount option "??(??1?usrj" or missing value
loop6: detected capacity change from 2048 to 0
loop1: detected capacity change from 512 to 0
EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
EXT4-fs (loop1): couldn't mount as ext2 due to feature incompatibilities
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
loop7: detected capacity change from 4096 to 0
EXT4-fs (loop7): Unrecognized mount option "??(??1?usrj" or missing value
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
loop7: detected capacity change from 4096 to 0
EXT4-fs (loop7): Unrecognized mount option "??(??1?usrj" or missing value
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
loop7: detected capacity change from 4096 to 0
EXT4-fs (loop7): Unrecognized mount option "??(??1?usrj" or missing value
EXT4-fs (sda): re-mounted. Opts: (null). Quota mode: none.
loop7: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
EXT4-fs (sda): re-mounted. Opts: (null). Quota mode: none.
EXT4-fs (sda): re-mounted. Opts: (null). Quota mode: none.
ALSA: seq fatal error: cannot create timer (-22)
loop7: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
loop1: detected capacity change from 2048 to 0
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
loop7: detected capacity change from 128 to 0
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir2756072593/syzkaller.LtzYSL/433/mnt supports timestamps until 2038 (0x7fffffff)
loop1: detected capacity change from 2048 to 0
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
loop7: detected capacity change from 128 to 0
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir2756072593/syzkaller.LtzYSL/434/mnt supports timestamps until 2038 (0x7fffffff)
ALSA: seq fatal error: cannot create timer (-22)
loop1: detected capacity change from 2048 to 0
loop7: detected capacity change from 128 to 0
EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
EXT4-fs (loop7): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
ext4 filesystem being mounted at /syzkaller-testdir2756072593/syzkaller.LtzYSL/435/mnt supports timestamps until 2038 (0x7fffffff)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
loop1: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
loop6: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
loop1: detected capacity change from 2048 to 0
loop7: detected capacity change from 2048 to 0
ALSA: seq fatal error: cannot create timer (-22)
ALSA: seq fatal error: cannot create timer (-22)
loop6: detected capacity change from 2048 to 0


Best regards,
Sanan Hasanov.