last executing test programs: 1.508330556s ago: executing program 0 (id=6995): syz_mount_image$exfat(&(0x7f0000001500), &(0x7f0000001540)='./file1\x00', 0x10, &(0x7f0000006d40)=ANY=[], 0x1, 0x14fe, &(0x7f0000002ac0)="$eJzs3QnYjtXWOPC19t43L4knybzXXjdPMmySJEOSDEmSJEmmhCRJkpBMmZKQhMxJ5pBMIZnnKXOSHEmShIQk+3+9dfqc83W+r3P+53x/3/+863dd9/Xsde177XvvZ73vcw/XO3zTYXCVelUr1mFm+Kfgry/dASAFAPoBQBYAiACgZNaSWVP7M2js/s8dRPxrPTjtSs9AXElS/7RN6p+2Sf3TNql/2ib1T9uk/mmb1D9tk/oLkZZtm57rGtnS7vbPP/9P+fVFnv//f0jO/2mb1P/fzZkM/8jeUv9/J5dCCP9YhtQ/bZP6p21S/7RN6p+2Sf3TNqm/EGnZlX7+LNuV3a70158QQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCiLThfLjMAMBv7Ss9LyGEEEIIIYQQQvzrhPRXegZCCCGEEEIIIYT4n4egQIOBCNJBekiBDJARroJMcDVkhiyQgGsgK1wL2eA6yA45ICfkgtyQB/KCBQIHDDHkg/yQhOuhANwABaEQFIYi4KEoFIMboTjcBCXgZigJt0ApuBVKQxkoC+XgNigPt0MFuAMqwp1QCSpDFagKd0E1uBuqwz1QA+6FmnAf1IL7oTY8AHXgQagLD0E9eBjqwyPQABpCI2gMTf6v8l+ALvAidIVu0B16QE94CXpBb+gDfaEfvAz94RUYAK/CQBgEg+E1GAKvw1B4A4bBcBgBb8JIGAWjYQyMhXEwHt6CCfA2TIR3YBJMhikwFabBdJgB78JMmAWz4T2YA+/DXJgH82EBLIQPYBEshiXwISyFj2AZLIcVsBJWwWpYA2thHayHDbARNsFm2AJbYRt8DNthB+yEXbAb9sBe+AT2waewHz6DA/D5P5h/7j/ld0RAQIUKDRpMh+kwBVMwI2bETJgJM2NmTGACs2JWzIbZMDtmx5yYE3NjbsyLeZGQkJExH+bDJCaxABbAglgQC2Nh9OixGBbD4ngTlsASWBJLYikshaWxDJbBclgOy2N5rIAVsCJWxEpYCatgFbwL78K7sTpWxxpYA2tiTayFtbA21sY6WAfrYl2sh/WwPtbHBtgAG2EjbIJNsCk2xWbYDFtgC2yJLbEVtsLW2BrbYBtsi22xHbbD9tgeO2AH7IidsBO+gC/gi/gidsNKqgf2xJ7YC3thH+yLffFl7I+v4Cv4Kg7EQTgYX8PX8HUcimdxGA7HETgCy6tROBrHIKtxOB7H4wScgBNxIk7CyTgZp+I0nI4zcAbOxFk4C9/DOfg+vo/zcB4uwIW4EBfhYlyCS3ApnsNluBxX4EpchatxFa7FdbgWN+BG3ICbcTNuxa34MX6MO3AH7sJduAf34Cf4CX6Kn+JAPIAH8CAexEN4CA/jYTyCR/AoHsVjeAyP43E8gSfwJJ7C03gKz+AZPIvn8Dyexwt4AS/iRbyEl1K/+VUqo4xKp9KpFJWiMqqMKpPKpDKrzCqhEiqryqqyqWwqu8qucqqcKrfKrfKqvIoUKVaxyqfyqaRKqgKqgCqoCqrCqrDyyqtiqpgqroqrEqqEKqluUaXUraq0KqOa+3KqnCqvWvgK6g5VUVVUlVRlVUVVVVVVNVVNVVfVVQ1VQ9VUNVUtdb+qrXpgH3xQpVamnhqE9dVgbKAaqkaqsXodH1VN1VBsppqrFupxNRyHYSvV1LdWT6k2ajS2Vc+oMfisaq/GYQf1vOqoOqnO6gXVRTXzXVU3NQl7qJ5qKvZSvVUf1VfNxMoqtWJV1KtqoBqkBqvX1AJ8XQ1Vb6hhargaod5UI9UoNVqNUWPVODVevaUmqLfVRPWOmqQmqylqqpqmpqsZqR+tapaard5Tc9T7aq6ap+arBWqh+kAtUovVEvWhWqo+UsvUcrVCrVSr1Gq1Rq1V69R6tUFtVJsiUFvUVrVNfay2qx1qp9qldqs9aq/6RO1Tn6r96jN1QH2uDqo/qUPqC3VYfamOqK/UUfW1Oqa+UcfVt+qE+k6dVKfUafW9OqN+UGfVOXVe/aguqJ/URfWzuqSCAo1aaa2NjnQ6nV6n6Aw6o75KZ9JX68w6i07oa3RWfa3Opq/T2XUOnVPn0rl1Hp1XW03aadaxzqfz66S+XhfQN+iCupAurItor4vqYvpGXVzfpEvom3VJfYsupW/VpXUZXVaX07fp8vp2XUHfoSvqO3UlXVlX0VX1XbqavltX1/foGvpeXVPfp2vp+3Vt/YCuox/UdfVDup5+WNfXj+gGuqFupBvrJvpR3VQ/ppvp5rqFfly31E/oVvpJ3Vo/pdvop3Vb/Yxup5/V7fVzuoN+XnfUnXRn/bO+pIPuqrvp7rqH7qlf0r10b91H99X99Mu6v35FD9Cv6oF6kB6sX9ND9Ot6qH5DD9PD9Qj9ph6pR+nReoweq8fp8fotPUG/rSfqd/QkPVlP0VP1ND1d9/nzSLP/jvy3/0b+gF+OvlVv0x/r7XqH3ql36d16j96r9+p9ep/er/frA/qAPqgP6kP6kD6sD+sj+og+qo/qY/qYPq6P6xP6hD6pT+kf9ff6jP5Bn9Xn9Dn9o76gL+iLf34PwKBRRhtjIpPOpDcpJoPJaK4ymczVJrPJYhLmGpPVXGuymetMdpPD5DS5TG6Tx+Q11pBxhk1s8pn8JmmuNwXMDaagKWQKmyLGm6KmmLnxn87/o/k1MU1MU9PUNDPNTAvTwrQ0LU0r08q0Nq1NG9PGtDVtTTvTzrQ37U0H08F0NB1NZ9PZdDFdTACA7qa76WleMr1Mb9PH9DX9zMumv+lvBpgBZqAZaAabwWaIGWKGmqFmmBlmRpgRZqQZaUab0WasGWvGm/FmgplgJpqJZpKZZKaYKWaamWZmmBlmpplpZpvZZo6ZY+aauWa+mW8WmoVmkVlklpglZqlZapaZ5Wa5WWlWmtVmtVlr1pr1Zr3ZaDaazWazWWZ++wHNnWan2W12m71mr9ln9pn9Zr85YA6Yg+agOWQOmcPmsDlijpij5qg5Zo6Z4+a4OWFOmJPmpDltTpsz5ow5a86a8+a8uWAumIvmorlkLqVe9kUqUpGJTJQuShelRClRxihjlCnKFGWOMkeJKBFljbJG2aLrouxRjihnlCvKHeWJ8kY2oshFHMVRvih/lIyujwpEN0QFo0JR4ahI5KOiUbHoxqh4dFNUIro5KhndEpWKbo1KR2WislG56LaofHR7VCG6I6oY3RlViipHVaKq0V1RtejuqHp0T1QjujeqGd0X1Yruj2pHD0R1ogejutFDUb3o4ah+9EjUIGoYNYoaR03+peOHcDbHY76r7Wa72x62p33J9rK9bR/b1/azL9v+9hU7wL5qB9pBdrB9zQ6xr9uh9g07zA63I+ybdqQdZUfbMXasHWfH27fsBPu2nWjfsZPsZDvFTrXT7HQ7w75rZ9pZdrZ9z86x79u5dp6dbxfYhfYDu8gutkvsh3ap/cgus8vtCrvSrrKr7Rq71q6z6+0Gu9FuspvtFrvVbrMf2+12h91pd9nddo/daz+x++yndr/9zB6wn9uD9k/2kP3CHrZf2iP2K3vUfm2P2W/scfutPWG/syftKXvafm/P2B/sWXvOnrc/2gv2J3vR/mwv2ZB6cZ96eidDhtJROkqhFMpIGSkTZaLMlJkSlKCslJWyUTbKTtkpJ+Wk3JSb8lJeSsXElI/yUZKSVIAKUEEqSIWpMHnyVIyKUXEqTiWoBJWkklSKSlFpKk1lKfWkeRvdTrfTHXQH3Ul3UmWqTFWpKlWjalSdqlMNqkE1qSbVolpUm2pTHapDdaku1aN6VJ/qUwNqQI2oETWhJtSUmlIzakYtqAW1pJbUilpRa2pNbagNtaW21I7aUXtqTx2oA3WkjtSZOlMX6kJdqSt1p+7Uk3pSL+pFfagP9aN+1J/60wAaQANpIA2mwTSEhtBQGkrDaDiNoDdpJI2i0TSGxtI4Gk/jaQJNoIk0kSbRJJpCU2gaTaMZNINm0kyaTbNpDs2huTSX5tN8WkgLaREtoiW0hJbSUlpGy2gFraBVtIrW0BpaR+toA22gTbSJttAW2kbbaDttp520k3bTbtpLe2kf7aP9tJ8O0AE6SAfpEB2iw3SYjtAROkpH6Rgdo+N0nE7QCTpJJ/E0naYzdIbO0lk6T+fpAv1EF+lnukSBUlwGl9Fd5TK5q11ml8WluAzdAOA/4pwul8vt8ri8zrrsLsdfxeScK+gKucKuiPOuqCvmbvxdXLpHGVfWlXO3ufLudlfBlXZ/HVdzd7vq7h5Xw93rqrq7/iqu6e5ztdzDrrZ7xNVxDV1d19jVcw+7+u4R18A1dI1cY9fSPeFauSdda/eUa+Oe/l28yC1269x6t8FtdPvcp+68+9Edc9+4C+4n19V1c/3cy66/e8UNcK+6gW7Q7+IR7k030o1yo90YN9aN+108xU1109x0N8O962a6Wb+LF7oP3By3xM1189x8t+CXOHVOS9yHbqn7yC1zy90Kt9KtcqvdGrf2P+a60m12W9xWt9d94ra7HW6n2+V2uz2/xKnr2O8+cwfc5+6o+9odcl+4w+64O+K++iVOXd9x96074b5zJ90pd9p97864H9xZd+6X9aeu/Xv3s7vkggNGVqzZcMTpOD2ncAbOyFdxJr6aM3MWTvA1nJWv5Wx8HWfnHJyTc3FuzsN52TKxY+aY83F+TvL1XIBv4IJciAtzEfZclIvxjVycb+ISfDOX5Fu4FN/KpbkMl+VyfBuX59u5At/BFflOrsSVuQpX5bu4Gt/N1fkersH3ck2+j2vx/VybH+A6/CDX5Ye4Hj/M9fkRbsANuRE35ib8KDflx7gZN+cW/Di35Ce4FT/JrfkpbsNPc1t+htvxs9yen+MO/Dx35E7cmV/gLvwid+Vu3J17cE9+iXtxb+7Dfbkfv8z9+RUewK/yQB7Eg/k1HsKv81B+g4fxcB7Bb/JIHsWjeQyP5XE8nt/iCfw2T+R3eBJP5ik8lafxdJ7B7/JMnsWz+T2ew+/zXJ7H83kBL+QPeBEv5iX8IS/lj3gZL+cVvJJX8Wpew2t5Ha/nDbyRN/Fm3sJbeRt/zNt5B+/kXbyb9/Be/oT38ae8nz/jA/w5H+Q/8SH+gg/zl3yEv+Kj/DUf42/4OH/LJ/g7Psmn+DR/z2f4Bz7L5/g8/8gX+Ce+yD/zJQ4MMcYq1rGJozhdnD5OiTPEGeOr4kzx1XHmOEuciK+Js8bXxtni6+LscY44Z5wrzh3nifPGNqbYxRzHcb44f5yMr48LxDfEBeNCceG4SOzjonGx+Ma4eHxTXCK+OS4Z3xKXim+NS8dl4rJxufi2uHx8e1whviOuGN8ZV4orx1XiqvFdcbX47rh6fE9cI743LhHfF9eK749rxw/EdeIH47rxQ3G9+OG4fvxI3CBuGDeKG8dN4kfjpvFjcbO4edwifjxuGT8Rt4qfjFvHT8Vt4qf/sL973CPuGb8UvxSHcI+en1yQXJj8ILkouTi5JPlhcmnyo+Sy5PLkiuTK5Krk6uSa5NrkuuT65IbkxuSm5ObkluTWZAhV04NHr7z2xkc+nU/vU3wGn9Ff5TP5q31mn8Un/DU+q7/WZ/PX+ew+h8/pc/ncPo/P660n7zz72Ofz+X3SX+8L+Bt8QV/IF/ZFvPdFfTHf2DfxTXxT/5hv5pv7Fv5x/7h/wj/hn/RP+qd8G/+0b+uf8e38s769f84/55/3HX0n39m/4Lv4F31X38139919T9/T9/K9fB/fx/fz/Xx/398P8AP8QD/QD/aD/RA/xA/1Q/0wP8yP8CP8SD/Sj/aj/Vg/1o/34/0EP8FP9BP9JD/JT/FT/DQ/zc/wM/xMP9PP9rP9HD/Hz/Vz/Xw/3y/0C/0iv8gv8Uv8Ur/UL/PL/Aq/wq/yq/wav8av8+v8Br/Bb/Kb/Ba/xW/z2/x2v93v9Dv9br/b7/V7/T6/z+/3+/0Bf8Af9Af9IX/IH/Zf+iP+K3/Uf+2P+W/8cf+tP+G/8yf9KX/af+/P+B/8WX/On/c/+gv+J3/R/+wv+eDHJ95KTEi8nZiYeCcxKTE5MSUxNTEtMT0xI/FuYmZiVmJ24r3EnMT7ibmJeYn5iQWJhYkPEosSixNLEh8mliY+SixLLE+sSKxMrEqsToSQZ3sc8oX8IRmuDwXCDaFgKBQKhyLBh6KhWLgxFA83hRLh5lAy3BJKhVtD6VAmlA2PhAahYWgUGocm4dHQNDwWmoXmoUV4PLQMT4RW4cnQOjwV2oSnQ9vwTGgXng3tw3OhQ3g+dAydQufwQugSXgxdQ7fQPfQIPcNLoVfoHfqEvqFfeDn0D6+EAeHVMDAMCoPDa2FIeD0MDW+EYWF4GBHeDCPDqDA6jAljw7gwPrwVJoS3w8TwTpgUJocpYWqYFqaHGeHdMDPMCrPDe2FOeD/MDfPC/LAgLAwfhEVhcVgSPgxLw0dhWVgeVoSVYVVYHdaEtWFdWB82hI1hU9gctoStYVv4OGwPO8LOsCvsDnvC3vBJ2Bc+DfvDZ+FA+DwcDH8Kh8IX4XD4MhwJX4Wj4etwLHwTjodvw4nwXTgZToXT4ftwJvwQzoZz4Xz4MVwIP4WL4edwSX5nTQghhBDi76L/oL/Hf5Gj/tzuCQBX78h15D/3b8r+a7t3+twtEwDwVLcOD/62VarUvXv3P++7TEOUfx4AJC7np4PL8XJoAU9Aa2gOxf+jP+UvjtVbdbrA/934AFHyFoCMf5GTmv9bfHn8m/7m+nurUXP+2/E1RMl5AAXzX87JAJfjy+OX+C/Gz9H0D8bP8MV4gGZ/kZMJLseXxy8Gj8HT0Pqv9hRCCCGEEEIIIX7VW5Vt90f3t6n357nN5Zz0cDn+W/fnQgghhBBCCCGE+N/l2U6dn3y0devm7aTxP9UIWX59q/+3zEca0vg7Glf6k0kIIYQQQgjxr3b5ov9Kz0QIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhEi7/l/8ObHfjvVH/2tQCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGE+Hf1fwIAAP//drU5SA==") open(&(0x7f0000000080)='./file1\x00', 0x60a42, 0x90) 1.496674616s ago: executing program 4 (id=6996): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r0, 0xc018620c, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3}) 1.42283233s ago: executing program 2 (id=6997): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000004"], 0x48) bpf$MAP_LOOKUP_ELEM(0x5, &(0x7f00000000c0)={r0, &(0x7f0000000000), &(0x7f0000000040)=""/73}, 0x70) 1.287365617s ago: executing program 3 (id=6998): r0 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$sock_int(r0, 0x1, 0x3, &(0x7f0000000000)=0x9, 0x4) 1.207659821s ago: executing program 1 (id=6999): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f0000000500)={'pcmmio\x00', [0x4f28, 0x0, 0x10000, 0x4, 0x6, 0x5, 0x4, 0x7, 0x54c6cfef, 0xfd, 0xe3d, 0x1, 0x1, 0xffffffff, 0x6, 0x101, 0x0, 0x7f, 0x3, 0x40000003, 0x3, 0x1, 0x0, 0x20001e58, 0x4, 0xe64, 0x3, 0x8, 0x3, 0x0, 0xfffffff8]}) 1.185561601s ago: executing program 2 (id=7000): r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_TMR_TEMPO(r0, 0xc0045405, &(0x7f0000000380)=0x5b) 1.184991722s ago: executing program 4 (id=7001): prctl$PR_SET_SECUREBITS(0x1c, 0x2a) prctl$PR_SET_SECUREBITS(0x1c, 0x2) 1.091318646s ago: executing program 0 (id=7002): syz_mount_image$fuse(0x0, &(0x7f0000000a40)='./file0\x00', 0x80, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000009f40)='./file0\x00', &(0x7f0000009f80), 0x1, &(0x7f0000009fc0)={[{@redirect_dir_off}, {@volatile}]}) 1.001098151s ago: executing program 3 (id=7003): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000009b40)=@newtaction={0x7c, 0x30, 0x871a15abc695fb3d, 0x0, 0x0, {}, [{0x68, 0x1, [@m_tunnel_key={0x64, 0x1, 0x0, 0x0, {{0xf}, {0x34, 0x2, 0x0, 0x1, [@TCA_TUNNEL_KEY_PARMS={0x1c, 0x2, {{}, 0x1}}, @TCA_TUNNEL_KEY_ENC_IPV6_SRC={0x4, 0xb, @empty}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x7c}}, 0x0) 967.227112ms ago: executing program 1 (id=7004): r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, 0x0) 927.438274ms ago: executing program 2 (id=7005): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000640)=@newlink={0x40, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x4048b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @sit={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_LOCAL={0x8, 0x2, @rand_addr=0x64010100}, @IFLA_IPTUN_FLAGS={0x6, 0x8, 0x3}]}}}]}, 0x40}}, 0x0) 859.081038ms ago: executing program 4 (id=7006): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x94246}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @erspan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6, 0x2, 0xffff}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x600}, 0x48000) 830.261049ms ago: executing program 0 (id=7007): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x6, &(0x7f0000000140)={0x7d, {{0x29, 0x0, 0x2000000, @rand_addr=' \x01\x00', 0x5}}}, 0x88) 737.386304ms ago: executing program 1 (id=7008): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f00000001c0)="d80000001d0081044e81f777db44b904021d080201000000040000a1bc0001000000000000000e1208000f0100810401a8001600200001400300000803600cfab94dcf5c0461c16fb4007134cf6ee08000a0e408e8d8ef075c11503c6bbace801bcb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322107c9fd6", 0x81}, {&(0x7f00000006c0)="54f6d4d87eb30b41c5", 0x9}, {&(0x7f0000000980)="027a64c0072ebbb1512b328dda11b4efd4ba07fc642b7e012bea071dbbdea51e41958755533ccce04d3e635cbe848495e723490d8e93db224d82d4fbfe76bd22fd358cd467795ad7febfc220d72f", 0x4e}], 0x3, 0x0, 0x0, 0x7400}, 0x10) 705.558705ms ago: executing program 3 (id=7009): r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_SIGNAL(r0, 0xc01064c5, &(0x7f0000000380)={0x0}) 675.958077ms ago: executing program 4 (id=7010): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x403, 0x70bd29, 0x2, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gre={{0x8}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ENCAP_TYPE={0x6}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_OFLAGS={0x6, 0x3, 0x2}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x20048040}, 0x0) 649.183438ms ago: executing program 2 (id=7011): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001540)=@raw={'raw\x00', 0x3c1, 0x3, 0x330, 0x0, 0x111, 0x4b4, 0x128, 0xd4feffff, 0x128, 0x20a, 0x278, 0x260, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {}, 0x6}, 0x0, 0x100, 0x128, 0x0, {}, [@common=@inet=@tcp={{0x30}, {[], [], 0x0, 0x0, 0x2, 0x4}}, @inet=@rpfilter={{0x28}, {0x4}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@dev={0xfe, 0x80, '\x00', 0x3c}, @private1, [], [], 'syzkaller1\x00', 'caif0\x00'}, 0x0, 0xd0, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xc}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x390) 555.460093ms ago: executing program 0 (id=7012): r0 = mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) lseek(r0, 0x0, 0x1) 519.301764ms ago: executing program 3 (id=7013): r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000200)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000000140, 0x0, 0x0, 0x200000000170, 0x2000000001a0], 0x0, 0x0, &(0x7f0000000140)=[{0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xfffffffffffffffe}, {0x0, '\x00', 0x0, 0xffffffffffffffff}]}, 0x108) 461.203137ms ago: executing program 1 (id=7014): r0 = fsopen(&(0x7f0000000340)='afs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='source', &(0x7f0000000000)='#:::\x00\xfdM\xab\x89\xff\xda\xc7dw2\xa1\xb2\xabuQQ\x14\x97\xc9\xfae\xc7\xa1U\xe2\xbe\"\xb9t\xa0\x0e\xfa\xdb\xf1\xa5.\xd87\xc3p\xa5l\xf8vC\xe2\xe8 \xd5-<#\x186\xe1\xbd\xc0\xc3\xb5N(vj\xa7+<:\xc4\xe00\x01\xdd \x82\x83\xed\x0e\xc4\x1d\xac\xef7\b\xd3Z5\\A\'\x18\xa2\xc3\xab\xc7`\xc3\v\xf3L\x9d[Q\x9e\x11@=\xa1\x9b\xdc\xb1\xef\xc3k<\x97L\xa0\xab\xa6\x1ce\xcd\x99\xb3m\xef\x87\xc5i^N\xbd@\x01\xc0\xb2\x88\xc3\xe2\x96T\xa3\xa5\xeb\x0f\xf2f\xb9$\xd2\x14 current cno (= 3) [ 509.166154][T16874] NILFS error (device loop0): nilfs_bmap_propagate: broken bmap (inode number=4) [ 509.248883][T16874] Remounting filesystem read-only [ 509.284724][ T4272] NILFS (loop0): disposed unprocessed dirty file(s) when stopping log writer [ 509.950028][ T6142] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 510.053749][T16912] overlayfs: missing 'workdir' [ 510.153403][ T6142] usb 5-1: Using ep0 maxpacket: 32 [ 510.175564][ T6142] usb 5-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 510.220436][ T6142] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 510.237349][ T6142] usb 5-1: Product: syz [ 510.247801][ T6142] usb 5-1: Manufacturer: syz [ 510.259949][ T6142] usb 5-1: SerialNumber: syz [ 510.274477][ T6142] usb 5-1: config 0 descriptor?? [ 510.285628][T16920] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5647'. [ 510.296325][ T6142] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 510.433428][ T5369] usb 2-1: new full-speed USB device number 27 using dummy_hcd [ 510.595121][T16930] net_ratelimit: 112 callbacks suppressed [ 510.595141][T16930] openvswitch: netlink: Key type 316 is out of range max 32 [ 510.641875][ T5369] usb 2-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 510.679783][ T5369] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.705019][ T5369] usb 2-1: config 0 descriptor?? [ 510.715350][ T6142] gspca_topro: reg_w err -71 [ 510.769807][ T6142] gspca_topro: Sensor soi763a [ 510.804956][ T6142] usb 5-1: USB disconnect, device number 27 [ 510.858689][T16939] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5656'. [ 510.948737][ T5369] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 510.979274][ T5369] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 511.159914][ T5369] [drm:udl_init] *ERROR* Selecting channel failed [ 511.192636][ T5369] [drm] Initialized udl 0.0.1 20120220 for 2-1:0.0 on minor 2 [ 511.236335][ T5369] [drm] Initialized udl on minor 2 [ 511.289838][ T5369] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 511.317314][ T5369] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 511.359915][ T5369] usb 2-1: USB disconnect, device number 27 [ 511.388616][ T4312] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 511.417853][ T4312] udl 2-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 511.433191][T16952] loop3: detected capacity change from 0 to 512 [ 511.441186][ T4312] udl 2-1:0.0: [drm] Cannot find any crtc or sizes [ 511.500926][T16952] EXT4-fs (loop3): revision level too high, forcing read-only mode [ 511.522340][T16952] EXT4-fs (loop3): write access unavailable, skipping orphan cleanup [ 511.531037][T16952] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 511.590919][ T4267] EXT4-fs (loop3): unmounting filesystem. [ 512.486511][T16988] loop2: detected capacity change from 0 to 4096 [ 512.539492][T16988] ntfs3: loop2: Different NTFS' sector size (4096) and media sector size (512) [ 512.569424][T16995] netlink: 224 bytes leftover after parsing attributes in process `syz.0.5681'. [ 512.604911][T16995] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5681'. [ 512.637019][T16988] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 512.809625][ T4314] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 512.943034][ T26] audit: type=1326 audit(2000000310.177:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17006 comm="syz.2.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1545b9c799 code=0x7ffc0000 [ 513.004020][ T4314] usb 5-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 513.023395][ T4314] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 513.062360][ T26] audit: type=1326 audit(2000000310.177:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17006 comm="syz.2.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1545b9c799 code=0x7ffc0000 [ 513.086418][ T4314] usb 5-1: config 0 descriptor?? [ 513.164788][ T26] audit: type=1326 audit(2000000310.207:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17006 comm="syz.2.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=120 compat=0 ip=0x7f1545b9c799 code=0x7ffc0000 [ 513.202184][ T26] audit: type=1326 audit(2000000310.207:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17006 comm="syz.2.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1545b9c799 code=0x7ffc0000 [ 513.234809][ T26] audit: type=1326 audit(2000000310.207:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17006 comm="syz.2.5687" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1545b9c799 code=0x7ffc0000 [ 513.319249][ T4314] [drm] vendor descriptor length:6 data:06 5f 01 00 00 00 00 00 00 00 00 [ 513.327912][T17015] device bridge2 entered promiscuous mode [ 513.363291][ T4314] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 513.521501][ T4314] [drm:udl_init] *ERROR* Selecting channel failed [ 513.552192][ T4314] [drm] Initialized udl 0.0.1 20120220 for 5-1:0.0 on minor 2 [ 513.578642][ T4314] [drm] Initialized udl on minor 2 [ 513.607728][ T4314] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 513.641582][ T4314] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 513.665854][T17028] netlink: 1010 bytes leftover after parsing attributes in process `syz.3.5698'. [ 513.670365][ T4314] usb 5-1: USB disconnect, device number 28 [ 513.695281][T17028] bridge: RTM_NEWNEIGH with invalid state 0x1 [ 513.724518][ T6650] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 513.742426][ T6650] udl 5-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffed [ 513.755520][ T6650] udl 5-1:0.0: [drm] Cannot find any crtc or sizes [ 514.206496][T17044] loop3: detected capacity change from 0 to 256 [ 514.611833][T17058] overlayfs: option "index=on" is useless in a non-upper mount, ignore [ 514.639582][T17058] overlayfs: missing 'lowerdir' [ 514.921130][ T4315] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 514.940951][T17070] netlink: 'syz.1.5721': attribute type 2 has an invalid length. [ 514.959221][T17070] netlink: 'syz.1.5721': attribute type 1 has an invalid length. [ 514.979726][T17070] netlink: 212408 bytes leftover after parsing attributes in process `syz.1.5721'. [ 515.114065][ T4315] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 515.139641][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.168253][ T4315] usb 4-1: Product: syz [ 515.184017][ T4315] usb 4-1: Manufacturer: syz [ 515.199041][ T4315] usb 4-1: SerialNumber: syz [ 515.209350][T17078] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 515.217199][ T4315] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 515.289711][ T4315] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 515.743643][ T5369] usb 4-1: USB disconnect, device number 27 [ 516.339667][ T4315] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 516.349856][ T4315] ath9k_htc: Failed to initialize the device [ 516.356626][ T5369] usb 4-1: ath9k_htc: USB layer deinitialized [ 516.596498][T17123] loop1: detected capacity change from 0 to 512 [ 516.675864][T17123] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 516.682002][T17126] loop4: detected capacity change from 0 to 2048 [ 516.690265][T17123] ext4 filesystem being mounted at /1140/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 516.737084][T17123] EXT4-fs error (device loop1): ext4_get_first_dir_block:3583: inode #12: comm syz.1.5744: Attempting to read directory block (0) that is past i_size (3) [ 516.773726][T17128] netlink: 36 bytes leftover after parsing attributes in process `syz.3.5747'. [ 516.839216][T17109] loop2: detected capacity change from 0 to 32768 [ 516.849986][T17123] EXT4-fs (loop1): Remounting filesystem read-only [ 516.909055][T17109] ea_get: extended attribute size too large: 2617245744 > INT_MAX [ 516.939591][T17133] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 517.019884][T17126] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 517.039068][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 517.112743][T17126] Remounting filesystem read-only [ 517.130097][T17126] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 517.194189][T17126] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 517.240059][T17126] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 517.297232][T17126] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 517.348358][T17126] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 517.408698][T17126] NILFS error (device loop4): nilfs_bmap_lookup_contig: broken bmap (inode number=16) [ 517.450784][ T26] audit: type=1800 audit(2000000314.687:231): pid=17126 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.5746" name="file2" dev="loop4" ino=16 res=0 errno=0 [ 517.519635][T17142] netlink: 'syz.0.5753': attribute type 1 has an invalid length. [ 517.559531][T17142] netlink: 228 bytes leftover after parsing attributes in process `syz.0.5753'. [ 517.590346][T17126] syz.4.5746 (17126) used greatest stack depth: 19768 bytes left [ 517.868166][T17150] netlink: 'syz.0.5756': attribute type 4 has an invalid length. [ 518.454051][T17169] loop0: detected capacity change from 0 to 64 [ 518.475990][ T26] audit: type=1326 audit(2000000315.707:232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.3.5765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 518.524890][T17139] loop1: detected capacity change from 0 to 32768 [ 518.542463][ T26] audit: type=1326 audit(2000000315.707:233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.3.5765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=79 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 518.587567][T17139] [ 518.587567][T17139] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 518.587567][T17139] [ 518.689285][ T26] audit: type=1326 audit(2000000315.707:234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.3.5765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 518.795101][ T26] audit: type=1326 audit(2000000315.707:235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17168 comm="syz.3.5765" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 518.882650][T17176] netlink: 392 bytes leftover after parsing attributes in process `syz.3.5768'. [ 518.916432][ T4266] [ 518.916432][ T4266] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 518.916432][ T4266] [ 518.988353][ T4266] [ 518.988353][ T4266] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 518.988353][ T4266] [ 519.003151][T17178] x_tables: ip_tables: RATEEST.0 target: invalid size 32 (kernel) != (user) 0 [ 519.203514][T17188] loop0: detected capacity change from 0 to 22 [ 519.250143][T17188] MTD: Attempt to mount non-MTD device "/dev/loop0" [ 519.333701][T17188] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 519.419273][ T4314] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 519.621304][ T4314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 519.645903][ T4314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 4 [ 519.691601][ T4314] usb 2-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 519.738830][ T4314] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 519.759595][ T4314] usb 2-1: Product: syz [ 519.763842][ T4314] usb 2-1: Manufacturer: syz [ 519.768485][ T4314] usb 2-1: SerialNumber: syz [ 519.815757][ T4314] usb 2-1: config 0 descriptor?? [ 519.842082][T17204] loop2: detected capacity change from 0 to 1024 [ 519.850199][ T4314] usb 2-1: 0:0 : invalid sync pipe. is_playback 1, ep 0a, bSynchAddress 07 [ 519.911917][T17204] EXT4-fs: Ignoring removed nomblk_io_submit option [ 519.949721][T17204] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 519.966448][T17208] netlink: 68 bytes leftover after parsing attributes in process `syz.3.5784'. [ 520.019235][T17204] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 520.027761][T17204] System zones: 0-1, 3-36 [ 520.121286][ T4314] usb 2-1: USB disconnect, device number 28 [ 520.207756][T17204] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 520.341989][T17222] netlink: 244 bytes leftover after parsing attributes in process `syz.4.5790'. [ 520.405548][ T4277] EXT4-fs (loop2): unmounting filesystem. [ 520.420908][ T5369] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 520.440104][ T4354] udevd[4354]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 520.613704][ T5369] usb 4-1: Using ep0 maxpacket: 32 [ 520.621674][ T5369] usb 4-1: config 1 has an invalid interface number: 108 but max is 0 [ 520.663864][ T5369] usb 4-1: config 1 has no interface number 0 [ 520.676745][ T5369] usb 4-1: New USB device found, idVendor=04e8, idProduct=6601, bcdDevice=81.9b [ 520.716564][ T5369] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.747956][ T5369] usb 4-1: Product: syz [ 520.765348][ T5369] usb 4-1: Manufacturer: syz [ 520.778952][ T5369] usb 4-1: SerialNumber: syz [ 520.808510][ T5369] hub 4-1:1.108: bad descriptor, ignoring hub [ 520.846659][ T5369] hub: probe of 4-1:1.108 failed with error -5 [ 521.014198][ T5369] usb 4-1: palm_os_4_probe - error -71 getting connection info [ 521.051342][ T5369] visor 4-1:1.108: Handspring Visor / Palm OS converter detected [ 521.094369][ T5369] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB0 [ 521.118737][ T26] audit: type=1326 audit(2000000318.347:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17239 comm="syz.0.5800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 521.153884][ T5369] usb 4-1: Handspring Visor / Palm OS converter now attached to ttyUSB1 [ 521.219579][ T26] audit: type=1326 audit(2000000318.347:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17239 comm="syz.0.5800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 521.244101][ T5369] usb 4-1: USB disconnect, device number 28 [ 521.281878][ T5369] visor ttyUSB0: Handspring Visor / Palm OS converter now disconnected from ttyUSB0 [ 521.312294][ T26] audit: type=1326 audit(2000000318.347:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17239 comm="syz.0.5800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 521.349945][ T5369] visor ttyUSB1: Handspring Visor / Palm OS converter now disconnected from ttyUSB1 [ 521.385380][ T5369] visor 4-1:1.108: device disconnected [ 521.429314][ T26] audit: type=1326 audit(2000000318.377:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17239 comm="syz.0.5800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 521.454145][ T26] audit: type=1326 audit(2000000318.377:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17239 comm="syz.0.5800" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 521.526621][T17250] device bridge4 entered promiscuous mode [ 521.894876][T17263] printk: syz.0.5810 (17263): Attempt to access syslog with CAP_SYS_ADMIN but no CAP_SYSLOG (deprecated). [ 522.856391][T17295] loop4: detected capacity change from 0 to 4096 [ 522.881418][T17295] ntfs: (device loop4): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 522.949270][ T6142] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 522.985864][T17295] ntfs: volume version 3.1. [ 523.150969][ T6142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 523.186703][ T6142] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 0 [ 523.227513][ T6142] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 523.248130][ T6142] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 0 [ 523.293366][ T6142] usb 3-1: New USB device found, idVendor=05ab, idProduct=0301, bcdDevice= 1.00 [ 523.317341][ T6142] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 523.336302][ T6142] usb 3-1: Product: syz [ 523.361528][ T6142] usb 3-1: Manufacturer: syz [ 523.376822][ T6142] usb 3-1: SerialNumber: syz [ 523.427584][ T6142] usb 3-1: config 0 descriptor?? [ 523.453134][ T6142] ums-isd200 3-1:0.0: USB Mass Storage device detected [ 523.755648][ T6142] ums-isd200: probe of 3-1:0.0 failed with error -22 [ 523.868063][ T5369] usb 3-1: USB disconnect, device number 33 [ 523.935915][T17333] netlink: 'syz.4.5839': attribute type 1 has an invalid length. [ 523.945449][T17333] netlink: 228 bytes leftover after parsing attributes in process `syz.4.5839'. [ 524.503980][T17330] loop1: detected capacity change from 0 to 32768 [ 524.560431][T17330] I/O error, dev loop14, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 524.606462][T17330] lbmIODone: I/O error in JFS log [ 524.616572][T17348] netlink: 56 bytes leftover after parsing attributes in process `syz.0.5847'. [ 524.638016][T17330] *** Log Format Error ! *** [ 524.644149][T17330] lmLogInit: exit(-22) [ 524.656709][T17330] lmLogOpen: exit(-22) [ 525.221572][T17369] tmpfs: Bad value for 'mpol' [ 525.501833][T17377] device bridge6 entered promiscuous mode [ 525.801931][T17392] kernel read not supported for file /  (pid: 17392 comm: syz.0.5869) [ 525.827831][ T26] audit: type=1800 audit(2000000323.057:241): pid=17392 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.5869" name=200120 dev="mqueue" ino=73375 res=0 errno=0 [ 526.038125][T17402] cgroup: Name too long [ 526.114936][T17405] netlink: 45 bytes leftover after parsing attributes in process `syz.2.5876'. [ 526.538076][T17423] overlayfs: NFS export requires "redirect_dir=nofollow" on non-upper mount, falling back to nfs_export=off. [ 526.587811][T17423] overlayfs: missing 'lowerdir' [ 526.627976][T17428] syz.1.5886: vmalloc error: size 9007199254740992, exceeds total pages, mode:0xcc0(GFP_KERNEL), nodemask=(null),cpuset=syz1,mems_allowed=0-1 [ 526.647276][T17428] CPU: 0 PID: 17428 Comm: syz.1.5886 Not tainted syzkaller #0 [ 526.655083][T17428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 526.665391][T17428] Call Trace: [ 526.668902][T17428] [ 526.672414][T17428] dump_stack_lvl+0x188/0x24e [ 526.677179][T17428] ? cpuset_print_current_mems_allowed+0x1b/0x360 [ 526.683946][T17428] ? show_regs_print_info+0x12/0x12 [ 526.689319][T17428] ? load_image+0x400/0x400 [ 526.694085][T17428] ? cpuset_print_current_mems_allowed+0x1b/0x360 [ 526.700656][T17428] ? cpuset_print_current_mems_allowed+0x2e3/0x360 [ 526.707294][T17428] warn_alloc+0x242/0x330 [ 526.711678][T17428] ? zone_watermark_ok_safe+0x270/0x270 [ 526.717328][T17428] __vmalloc_node_range+0x11e/0x13b0 [ 526.722670][T17428] ? __mutex_trylock_common+0x155/0x260 [ 526.728629][T17428] ? trace_raw_output_contention_end+0xd0/0xd0 [ 526.734999][T17428] ? rcu_is_watching+0x11/0xa0 [ 526.740010][T17428] ? __mutex_lock+0x1ab/0xaf0 [ 526.744832][T17428] ? free_vm_area+0x50/0x50 [ 526.749417][T17428] ? dvb_demux_do_ioctl+0x313/0x530 [ 526.754688][T17428] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 526.760243][T17428] ? mutex_lock_nested+0x10/0x10 [ 526.765408][T17428] ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 526.771267][T17428] vmalloc+0x75/0x80 [ 526.775571][T17428] ? dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 526.782008][T17428] dvb_dmxdev_set_buffer_size+0xbe/0x1f0 [ 526.787807][T17428] dvb_demux_do_ioctl+0x450/0x530 [ 526.793091][T17428] dvb_usercopy+0x191/0x2b0 [ 526.797829][T17428] ? dvb_dmxdev_buffer_read+0x4c0/0x4c0 [ 526.803433][T17428] ? dvb_generic_ioctl+0xb0/0xb0 [ 526.808441][T17428] ? dvb_demux_poll+0x210/0x210 [ 526.813435][T17428] dvb_demux_ioctl+0x25/0x30 [ 526.818079][T17428] __se_sys_ioctl+0xfa/0x170 [ 526.822723][T17428] do_syscall_64+0x4c/0xa0 [ 526.827180][T17428] ? clear_bhb_loop+0x60/0xb0 [ 526.831895][T17428] ? clear_bhb_loop+0x60/0xb0 [ 526.836610][T17428] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 526.842553][T17428] RIP: 0033:0x7fb13f39c799 [ 526.847099][T17428] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 526.867272][T17428] RSP: 002b:00007fb1401cb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 526.876144][T17428] RAX: ffffffffffffffda RBX: 00007fb13f615fa0 RCX: 00007fb13f39c799 [ 526.884224][T17428] RDX: 0020000000000000 RSI: 0000000000006f2d RDI: 0000000000000003 [ 526.892323][T17428] RBP: 00007fb13f432c99 R08: 0000000000000000 R09: 0000000000000000 [ 526.900422][T17428] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 526.908860][T17428] R13: 00007fb13f616038 R14: 00007fb13f615fa0 R15: 00007ffe2c8f13f8 [ 526.916991][T17428] [ 526.925250][T17428] Mem-Info: [ 526.928471][T17428] active_anon:5875 inactive_anon:0 isolated_anon:0 [ 526.928471][T17428] active_file:1347 inactive_file:4595 isolated_file:0 [ 526.928471][T17428] unevictable:768 dirty:269 writeback:0 [ 526.928471][T17428] slab_reclaimable:17498 slab_unreclaimable:98018 [ 526.928471][T17428] mapped:30319 shmem:1362 pagetables:676 [ 526.928471][T17428] sec_pagetables:0 bounce:0 [ 526.928471][T17428] kernel_misc_reclaimable:0 [ 526.928471][T17428] free:1370447 free_pcp:5940 free_cma:0 [ 526.976426][T17428] Node 0 active_anon:23500kB inactive_anon:0kB active_file:5388kB inactive_file:18248kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:121276kB dirty:1076kB writeback:0kB shmem:3912kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:11316kB pagetables:2704kB sec_pagetables:0kB all_unreclaimable? no [ 527.010078][T17428] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp: 0kB shmem_pmdmapped: 0kB anon_thp: 0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no [ 527.059506][T17428] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 527.104373][T17428] lowmem_reserve[]: 0 2527 2528 2528 2528 [ 527.111478][T17428] Node 0 DMA32 free:1572640kB boost:0kB min:34692kB low:43364kB high:52036kB reserved_highatomic:0KB active_anon:23300kB inactive_anon:0kB active_file:5388kB inactive_file:18248kB unevictable:1536kB writepending:1076kB present:3129332kB managed:2592976kB mlocked:0kB bounce:0kB free_pcp:2920kB local_pcp:1908kB free_cma:0kB [ 527.185889][T17428] lowmem_reserve[]: 0 0 1 1 1 [ 527.191341][T17428] Node 0 Normal free:0kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:1048576kB managed:1424kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 527.224176][T17428] lowmem_reserve[]: 0 0 0 0 0 [ 527.239562][T17428] Node 1 Normal free:3893788kB boost:0kB min:55192kB low:68988kB high:82784kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:132kB unevictable:1536kB writepending:0kB present:4194304kB managed:4117620kB mlocked:0kB bounce:0kB free_pcp:21240kB local_pcp:13096kB free_cma:0kB [ 527.277318][T17428] lowmem_reserve[]: 0 0 0 0 0 [ 527.288137][T17428] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 527.315973][T17428] Node 0 DMA32: 2016*4kB (UME) 1714*8kB (UME) 831*16kB (UME) 636*32kB (UME) 233*64kB (UME) 129*128kB (UME) 89*256kB (UME) 51*512kB (UME) 35*1024kB (UM) 14*2048kB (UM) 335*4096kB (UM) = 1572416kB [ 527.376300][T17428] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 527.447388][T17428] Node 1 Normal: 191*4kB (UE) 60*8kB (UME) 32*16kB (UME) 42*32kB (UME) 24*64kB (UME) 8*128kB (UME) 6*256kB (UE) 3*512kB (UME) 0*1024kB 1*2048kB (E) 948*4096kB (M) = 3893788kB [ 527.532172][T17428] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 527.566332][T17428] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 527.605727][T17428] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 527.646195][T17428] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 527.667625][T17428] 6982 total pagecache pages [ 527.682935][T17428] 0 pages in swap cache [ 527.687261][T17428] Free swap = 124728kB [ 527.708789][T17428] Total swap = 124996kB [ 527.718915][T17428] 2097051 pages RAM [ 527.733737][T17428] 0 pages HighMem/MovableOnly [ 527.748867][T17428] 415206 pages reserved [ 527.764275][T17428] 0 pages cma reserved [ 527.815756][T17452] dlm: non-version read from control device 36 [ 528.130973][T17462] loop0: detected capacity change from 0 to 2048 [ 528.158093][T17462] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 528.628080][T17481] bond0: (slave bond_slave_1): Releasing backup interface [ 528.674374][T17487] loop2: detected capacity change from 0 to 256 [ 528.751630][T17487] FAT-fs (loop2): Directory bread(block 64) failed [ 528.758350][T17487] FAT-fs (loop2): Directory bread(block 65) failed [ 528.789808][T17487] FAT-fs (loop2): Directory bread(block 66) failed [ 528.817187][T17487] FAT-fs (loop2): Directory bread(block 67) failed [ 528.837535][T17487] FAT-fs (loop2): Directory bread(block 68) failed [ 528.867596][T17487] FAT-fs (loop2): Directory bread(block 69) failed [ 528.894816][T17487] FAT-fs (loop2): Directory bread(block 70) failed [ 528.929736][T17487] FAT-fs (loop2): Directory bread(block 71) failed [ 528.936567][T17487] FAT-fs (loop2): Directory bread(block 72) failed [ 528.998553][T17487] FAT-fs (loop2): Directory bread(block 73) failed [ 529.061295][T17498] loop1: detected capacity change from 0 to 512 [ 529.127053][T17498] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 529.286071][T17498] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 529.408025][ T4268] cgroup: fork rejected by pids controller in /syz4 [ 529.452431][T17498] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.5920: bg 0: block 248: padding at end of block bitmap is not set [ 529.511641][T17498] Quota error (device loop1): write_blk: dquota write failed [ 529.528583][T17498] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 529.556709][T17498] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.5920: Failed to acquire dquot type 1 [ 529.584720][T17498] EXT4-fs (loop1): 1 truncate cleaned up [ 529.595754][T17498] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 529.754020][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 529.962085][T17524] kernel read not supported for file /  (pid: 17524 comm: syz.1.5932) [ 529.983464][ T26] audit: type=1800 audit(2000000327.217:242): pid=17524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5932" name=200120 dev="mqueue" ino=74098 res=0 errno=0 [ 530.326913][ T11] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.488263][ T11] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.649333][ T11] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.851417][ T11] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.269165][ T4316] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 531.460243][ T26] audit: type=1326 audit(2000000328.687:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 531.484303][ T4316] usb 2-1: Using ep0 maxpacket: 32 [ 531.504873][ T4316] usb 2-1: config 2 has an invalid interface number: 88 but max is 0 [ 531.569545][ T4316] usb 2-1: config 2 has no interface number 0 [ 531.573798][ T26] audit: type=1326 audit(2000000328.727:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 531.576002][ T4316] usb 2-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 531.598245][ C1] vkms_vblank_simulate: vblank timer overrun [ 531.699928][ T26] audit: type=1326 audit(2000000328.767:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=131 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 531.751980][T17540] loop0: detected capacity change from 0 to 32768 [ 531.764925][ T4316] usb 2-1: config 2 interface 88 has no altsetting 0 [ 531.783698][ T4316] usb 2-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 531.813454][ T4316] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 531.840592][ T4316] usb 2-1: Product: syz [ 531.844843][ T4316] usb 2-1: Manufacturer: syz [ 531.866227][ T4269] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 531.883527][ T4316] usb 2-1: SerialNumber: syz [ 531.884190][ T4269] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 531.897692][T17549] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 531.905635][ T4269] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 531.914825][ T26] audit: type=1326 audit(2000000328.767:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 531.938142][ T4269] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 531.946387][ T4269] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 531.954873][ T4269] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 532.010362][ T26] audit: type=1326 audit(2000000328.767:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17559 comm="syz.3.5950" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 532.035531][T17540] XFS (loop0): Mounting V5 Filesystem [ 532.162319][T17540] XFS (loop0): Ending clean mount [ 532.175380][T17549] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 532.253846][ T5369] XFS (loop0): Corruption warning: Metadata has LSN (2:16) ahead of current LSN (1:112). Please unmount and run xfs_repair (>= v4.3) to resolve. [ 532.335149][ T5369] XFS (loop0): Metadata CRC error detected at xfs_inobt_read_verify+0x3a/0xd0, xfs_finobt block 0x20 [ 532.409805][ T4316] asix 2-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 532.429159][ T5369] XFS (loop0): Unmount and run xfs_repair [ 532.435066][ T5369] XFS (loop0): First 128 bytes of corrupted metadata buffer: [ 532.441634][ T4316] asix: probe of 2-1:2.88 failed with error -71 [ 532.476934][ T5369] 00000000: 46 49 42 33 00 00 00 01 ff ff ff ff ff ff ff ff FIB3............ [ 532.493587][ T4316] usb 2-1: USB disconnect, device number 29 [ 532.580595][ T5369] 00000010: 00 00 00 00 00 00 00 20 00 00 00 02 00 00 00 10 ....... ........ [ 532.609102][ T5369] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 532.639165][ T5369] 00000030: 00 00 00 00 ca b4 20 ce 00 00 11 40 00 00 40 37 ...... ....@..@7 [ 532.648278][ T5369] 00000040: ff ff ff ff ff ff fe 00 00 00 00 00 00 00 00 00 ................ [ 532.699426][ T5369] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 532.708379][ T5369] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 532.749160][ T5369] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 532.758565][T17540] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x20 len 8 error 74 [ 532.784316][T17586] loop3: detected capacity change from 0 to 4096 [ 532.791491][T17540] XFS (loop0): Failed to initialize disk quotas. [ 532.898480][T17588] bridge5: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 532.977681][ T4272] XFS (loop0): Unmounting Filesystem [ 533.754369][T17564] chnl_net:caif_netlink_parms(): no params data found [ 534.015320][T17617] loop3: detected capacity change from 0 to 256 [ 534.019977][ T48] Bluetooth: hci2: command 0x0409 tx timeout [ 534.155678][ T4362] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 534.258954][T17564] bridge0: port 1(bridge_slave_0) entered blocking state [ 534.290601][T17564] bridge0: port 1(bridge_slave_0) entered disabled state [ 534.310406][T17564] device bridge_slave_0 entered promiscuous mode [ 534.389018][T17627] loop2: detected capacity change from 0 to 512 [ 534.470659][T17627] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 534.565492][T17627] EXT4-fs warning (device loop2): ext4_update_dynamic_rev:1086: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 534.599591][T17627] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.5969: bg 0: block 248: padding at end of block bitmap is not set [ 534.617314][T17627] Quota error (device loop2): write_blk: dquota write failed [ 534.629267][T17627] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota [ 534.646679][T17627] EXT4-fs error (device loop2): ext4_acquire_dquot:6835: comm syz.2.5969: Failed to acquire dquot type 1 [ 534.659415][T17564] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.668695][T17627] EXT4-fs (loop2): 1 truncate cleaned up [ 534.677380][T17627] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 534.680896][T17564] bridge0: port 2(bridge_slave_1) entered disabled state [ 534.735204][T17564] device bridge_slave_1 entered promiscuous mode [ 534.830159][ T4277] EXT4-fs (loop2): unmounting filesystem. [ 535.146967][ T11] bond0: (slave wlan1): Releasing backup interface [ 535.178425][T17623] loop1: detected capacity change from 0 to 32768 [ 535.223037][T17564] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 535.275506][T17564] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 535.430034][T17623] XFS (loop1): Mounting V5 Filesystem [ 535.602020][T17564] team0: Port device team_slave_0 added [ 535.624404][T17564] team0: Port device team_slave_1 added [ 535.728789][T17623] XFS (loop1): Ending clean mount [ 535.804352][T17623] XFS (loop1): Quotacheck needed: Please wait. [ 536.017803][T17623] XFS (loop1): Quotacheck: Done. [ 536.099293][ T48] Bluetooth: hci2: command 0x041b tx timeout [ 536.194706][T17564] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 536.206198][T17564] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.309918][ T4266] XFS (loop1): Unmounting Filesystem [ 536.325928][T17564] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 536.355058][T17675] netlink: 'syz.3.5986': attribute type 5 has an invalid length. [ 536.425387][T17564] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 536.469555][T17564] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 536.563871][T17564] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 536.583686][T17683] overlayfs: conflicting options: metacopy=on,redirect_dir=nofollow [ 536.675381][ T11] device hsr_slave_0 left promiscuous mode [ 536.701236][ T11] device hsr_slave_1 left promiscuous mode [ 536.719773][ T11] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 536.743634][ T11] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 536.752395][ T11] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 536.805050][ T11] device bridge_slave_1 left promiscuous mode [ 536.838835][ T11] bridge0: port 2(bridge_slave_1) entered disabled state [ 536.946073][ T11] device veth1_macvtap left promiscuous mode [ 536.959838][ T11] device veth0_macvtap left promiscuous mode [ 536.979644][ T11] device veth1_vlan left promiscuous mode [ 536.987346][ T11] device veth0_vlan left promiscuous mode [ 537.347686][T17697] loop0: detected capacity change from 0 to 4096 [ 537.749020][ T11] bond3 (unregistering): Released all slaves [ 537.840587][ T11] bond2 (unregistering): Released all slaves [ 538.017416][ T11] bond1 (unregistering): Released all slaves [ 538.187930][ T48] Bluetooth: hci2: command 0x040f tx timeout [ 538.216408][T17714] loop1: detected capacity change from 0 to 32768 [ 538.280888][T17714] XFS (loop1): Mounting V5 Filesystem [ 538.381196][T17714] XFS (loop1): Ending clean mount [ 538.394592][T17714] XFS (loop1): Quotacheck needed: Please wait. [ 538.526649][T17714] XFS (loop1): Quotacheck: Done. [ 538.623094][ T4266] XFS (loop1): Unmounting Filesystem [ 539.117013][ T11] team0 (unregistering): Port device team_slave_1 removed [ 539.187305][ T11] team0 (unregistering): Port device team_slave_0 removed [ 539.254485][ T11] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 539.329998][ T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 539.840485][ T11] bond0 (unregistering): Released all slaves [ 540.155629][T17564] device hsr_slave_0 entered promiscuous mode [ 540.238659][T17564] device hsr_slave_1 entered promiscuous mode [ 540.259384][ T48] Bluetooth: hci2: command 0x0419 tx timeout [ 540.938532][T17747] loop2: detected capacity change from 0 to 1024 [ 541.114036][T17754] loop1: detected capacity change from 0 to 256 [ 541.157082][T17749] loop0: detected capacity change from 0 to 4096 [ 541.233806][ T4350] hfsplus: b-tree write err: -5, ino 25 [ 541.250609][T17749] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 541.271226][ T4350] hfsplus: b-tree write err: -5, ino 4 [ 541.283999][ T4350] hfsplus: b-tree write err: -5, ino 2 [ 542.290203][T17779] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6022'. [ 542.392758][T17564] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 542.461684][T17564] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 542.527063][T17564] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 542.562831][T17564] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 542.870860][T17564] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.918399][T17795] loop1: detected capacity change from 0 to 4096 [ 542.930380][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 542.950628][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 542.966337][T17795] ntfs3: loop1: Different NTFS' sector size (2048) and media sector size (512) [ 542.983554][T17564] 8021q: adding VLAN 0 to HW filter on device team0 [ 543.031368][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 543.051122][T17804] xt_CT: You must specify a L4 protocol and not use inversions on it [ 543.061907][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 543.114970][ T41] bridge0: port 1(bridge_slave_0) entered blocking state [ 543.122276][ T41] bridge0: port 1(bridge_slave_0) entered forwarding state [ 543.159793][T17806] befs: (nbd2): No write support. Marking filesystem read-only [ 543.179892][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 543.214733][ T52] block nbd2: Attempted send on invalid socket [ 543.221553][ T52] I/O error, dev nbd2, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 543.284266][T17806] befs: (nbd2): unable to read superblock [ 543.300548][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 543.339595][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 543.372482][ T41] bridge0: port 2(bridge_slave_1) entered blocking state [ 543.380130][ T41] bridge0: port 2(bridge_slave_1) entered forwarding state [ 543.431163][ T41] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 543.468453][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 543.551029][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 543.573427][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 543.605206][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 543.616279][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 543.626254][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 543.635620][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 543.645029][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 543.660463][T17814] loop2: detected capacity change from 0 to 1024 [ 543.685433][T17808] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 543.698070][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 543.716967][ T75] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 543.735316][T17808] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 543.775937][T17564] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 543.883993][T17821] netlink: 68 bytes leftover after parsing attributes in process `syz.0.6041'. [ 543.983453][ T11] hfsplus: b-tree write err: -5, ino 25 [ 543.993454][ T11] hfsplus: b-tree write err: -5, ino 4 [ 544.040714][ T11] hfsplus: b-tree write err: -5, ino 2 [ 544.071572][ T11] hfsplus: b-tree write err: -5, ino 26 [ 544.209903][T17829] netlink: 4 bytes leftover after parsing attributes in process `syz.2.6043'. [ 544.243658][T17829] openvswitch: netlink: Flow key attr not present in new flow. [ 544.997353][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 545.014480][ T4321] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 545.079447][T17564] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 545.637896][T17883] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6063'. [ 545.849412][ T4315] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 546.053707][ T4315] usb 4-1: Using ep0 maxpacket: 32 [ 546.062894][ T4315] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 546.102355][ T4315] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 546.156620][ T4315] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 546.188414][ T4315] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid wMaxPacketSize 0 [ 546.229174][ T4315] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 546.263369][ T4315] usb 4-1: config 0 interface 0 has no altsetting 0 [ 546.291617][ T4315] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 546.331539][ T4315] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 546.361596][ T4315] usb 4-1: Product: syz [ 546.365849][ T4315] usb 4-1: Manufacturer: syz [ 546.389445][ T4315] usb 4-1: SerialNumber: syz [ 546.415601][ T4315] usb 4-1: config 0 descriptor?? [ 546.446645][ T4315] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 546.523371][ T4315] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 546.626619][T17915] 9pnet_fd: Insufficient options for proto=fd [ 546.685485][T17879] ldusb 4-1:0.0: Couldn't submit interrupt_in_urb -90 [ 546.722208][ T4315] usb 4-1: USB disconnect, device number 29 [ 546.737361][ T4315] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 546.797037][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 546.816754][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 546.877161][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 546.900666][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 546.934895][T17564] device veth0_vlan entered promiscuous mode [ 546.961347][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 546.990431][ T4350] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 547.013759][T17564] device veth1_vlan entered promiscuous mode [ 547.067149][T17929] loop1: detected capacity change from 0 to 64 [ 547.076688][T17928] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6079'. [ 547.117336][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 547.137926][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 547.181387][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 547.200539][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 547.218123][T17564] device veth0_macvtap entered promiscuous mode [ 547.282368][T17564] device veth1_macvtap entered promiscuous mode [ 547.368950][T17564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.431877][T17564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.468280][T17564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 547.509875][T17564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.571034][T17564] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 547.610138][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 547.619679][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 547.644639][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 547.676156][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 547.723505][T17564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 547.750049][T17564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.793427][T17564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 547.832495][T17564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.859900][T17564] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 547.893452][T17564] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 547.936180][T17564] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 547.975225][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 548.002893][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 548.041913][T17959] loop3: detected capacity change from 0 to 64 [ 548.054249][T17564] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.089090][T17564] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.119811][T17564] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.128688][T17564] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 548.542300][T17722] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.569477][T17722] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.596347][T17722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 548.647281][T17722] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 548.674117][T17722] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 548.699821][T17722] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 548.925398][T17973] overlayfs: missing 'lowerdir' [ 548.974382][T17977] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6098'. [ 549.253690][T17955] loop2: detected capacity change from 0 to 40427 [ 549.294737][T17955] F2FS-fs (loop2): invalid crc value [ 549.359769][T17955] F2FS-fs (loop2): Found nat_bits in checkpoint [ 549.434370][T17990] loop1: detected capacity change from 0 to 2048 [ 549.543984][T17990] loop1: p1 < > p4 < > [ 549.583559][T17955] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 549.822168][T18004] xt_policy: neither incoming nor outgoing policy selected [ 549.978385][T18012] loop1: detected capacity change from 0 to 128 [ 550.042364][T18012] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 550.105066][T18012] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 550.342847][T18021] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6114'. [ 550.379142][T18021] netlink: 20 bytes leftover after parsing attributes in process `syz.3.6114'. [ 550.899217][ T6142] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 551.099296][ T6142] usb 2-1: Using ep0 maxpacket: 16 [ 551.106803][ T6142] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 551.157164][ T6142] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 551.179185][ T6142] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 551.233650][ T6142] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 551.288349][ T6142] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 551.319721][ T6142] usb 2-1: config 1 interface 0 has no altsetting 0 [ 551.326990][ T6142] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 551.377555][ T6142] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.460223][ T6142] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 551.750237][ T6142] ums-sddr09: probe of 2-1:1.0 failed with error -22 [ 551.789501][ T6142] usb 2-1: USB disconnect, device number 30 [ 551.978047][T18077] netlink: 'syz.0.6136': attribute type 15 has an invalid length. [ 552.197872][T18080] loop2: detected capacity change from 0 to 1024 [ 552.336577][T18080] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 552.399270][T18080] EXT4-fs error (device loop2): ext4_empty_dir:3177: inode #11: block 39: comm syz.2.6138: bad entry in directory: rec_len is smaller than minimal - offset=7296, inode=0, rec_len=0, size=1024 fake=0 [ 552.419256][ C0] vkms_vblank_simulate: vblank timer overrun [ 552.450012][T18080] EXT4-fs (loop2): Remounting filesystem read-only [ 552.642363][T18099] syz.3.6144 uses old SIOCAX25GETINFO [ 552.657374][ T4277] EXT4-fs (loop2): unmounting filesystem. [ 552.669166][T18047] loop4: detected capacity change from 0 to 32768 [ 552.752407][T18094] loop1: detected capacity change from 0 to 4096 [ 552.763732][T18047] XFS (loop4): Mounting V5 Filesystem [ 552.774045][T18094] ntfs: (device loop1): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match. Run ntfsfix or chkdsk. [ 552.845817][T18094] ntfs: (device loop1): load_system_files(): $MFTMirr does not match $MFT. Mounting read-only. Run ntfsfix and/or chkdsk. [ 552.904153][ T5369] XFS (loop4): Metadata CRC error detected at xfs_agf_read_verify+0x192/0x250, xfs_agf block 0x1 [ 552.923261][T18094] ntfs: (device loop1): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn. [ 552.951877][ T5369] XFS (loop4): Unmount and run xfs_repair [ 552.978293][ T5369] XFS (loop4): First 128 bytes of corrupted metadata buffer: [ 552.993386][T18094] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -5. Marking corrupt inode 0xa as bad. Run chkdsk. [ 553.037343][ T5369] 00000000: 58 41 47 46 00 00 00 00 00 00 00 00 00 00 10 00 XAGF............ [ 553.079803][T18094] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 553.102043][ T5369] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01 ................ [ 553.128827][ T5369] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 553.149700][ T5369] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00 ................ [ 553.165236][T18094] ntfs: volume version 3.1. [ 553.184782][T18094] ntfs: (device loop1): ntfs_check_logfile(): Did not find any restart pages in $LogFile and it was not empty. [ 553.219215][ T5369] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 553.252015][T18094] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 553.266292][ T5369] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01 ................ [ 553.316341][ T5369] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 553.356336][ T5369] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 553.361134][T18094] ntfs: (device loop1): ntfs_lookup_inode_by_name(): Index entry out of bounds in directory inode 0x5. [ 553.396420][T18047] XFS (loop4): metadata I/O error in "xfs_read_agf+0x2b6/0x630" at daddr 0x1 len 1 error 74 [ 553.427694][T18094] ntfs: (device loop1): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 553.439766][T18047] XFS (loop4): Error -117 reserving per-AG metadata reserve pool. [ 553.448898][T18047] XFS (loop4): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1c6/0x1f0 (fs/xfs/xfs_fsops.c:587). Shutting down filesystem. [ 553.508353][T18094] ntfs: (device loop1): load_system_files(): Failed to determine if Windows is hibernated. Will not be able to remount read-write. Run chkdsk. [ 553.537098][T18120] RDS: rds_bind could not find a transport for fec0:ffff::1, load rds_tcp or rds_rdma? [ 553.588353][T18047] XFS (loop4): Please unmount the filesystem and rectify the problem(s) [ 553.629240][T18047] XFS (loop4): Ending clean mount [ 553.634891][T18047] XFS (loop4): Failed to initialize disk quotas. [ 553.693669][T18122] loop0: detected capacity change from 0 to 64 [ 553.897058][T17564] XFS (loop4): Unmounting Filesystem [ 554.157315][ T5369] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 554.361016][ T5369] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 554.394954][ T5369] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 554.430869][ T5369] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.00 [ 554.444575][T18115] loop3: detected capacity change from 0 to 32768 [ 554.459136][ T5369] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 554.468030][ T5369] usb 3-1: SerialNumber: syz [ 554.562638][ T5369] usb 3-1: 0:2 : does not exist [ 554.638245][T18115] XFS (loop3): Mounting V5 Filesystem [ 554.788002][T18115] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50. [ 554.805215][ T5021] usb 3-1: USB disconnect, device number 34 [ 554.832583][T18115] XFS (loop3): Ending clean mount [ 554.895806][T18115] XFS (loop3): Metadata corruption detected at xfs_dinode_verify+0x2d5/0x1110, inode 0x1803 dinode [ 554.955146][T18115] XFS (loop3): Unmount and run xfs_repair [ 554.971464][T18115] XFS (loop3): First 128 bytes of corrupted metadata buffer: [ 554.994603][T18115] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00 INA............. [ 555.035678][T18157] netdevsim netdevsim1 netdevsim0: set [1, 2] type 2 family 0 port 49502 - 0 [ 555.079976][ T4354] udevd[4354]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 555.109247][T18157] netdevsim netdevsim1 netdevsim1: set [1, 2] type 2 family 0 port 49502 - 0 [ 555.125540][T18115] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 555.137530][T18157] netdevsim netdevsim1 netdevsim2: set [1, 2] type 2 family 0 port 49502 - 0 [ 555.156054][T18115] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 e2 bf 3d 4.Xh....4.Xh...= [ 555.184831][T18115] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 20 4.Xh...=....... [ 555.193058][T18157] netdevsim netdevsim1 netdevsim3: set [1, 2] type 2 family 0 port 49502 - 0 [ 555.227425][T18157] netdevsim netdevsim1 netdevsim0: set [1, 3] type 2 family 0 port 50078 - 0 [ 555.229552][T18115] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 555.252856][T18157] netdevsim netdevsim1 netdevsim1: set [1, 3] type 2 family 0 port 50078 - 0 [ 555.262468][T18157] netdevsim netdevsim1 netdevsim2: set [1, 3] type 2 family 0 port 50078 - 0 [ 555.293987][T18157] netdevsim netdevsim1 netdevsim3: set [1, 3] type 2 family 0 port 50078 - 0 [ 555.298430][T18115] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 ca e6 3d c1 ..............=. [ 555.313108][T18157] device geneve3 entered promiscuous mode [ 555.344737][T18115] 00000060: ff ff ff ff 6e d0 e3 2d 00 00 00 00 00 00 00 04 ....n..-........ [ 555.374835][T18115] 00000070: 00 00 00 03 00 00 00 10 00 00 00 00 00 00 00 06 ................ [ 555.531299][ T4267] XFS (loop3): Unmounting Filesystem [ 556.081946][T18187] netlink: 'syz.4.6179': attribute type 2 has an invalid length. [ 556.159151][T18187] netlink: 'syz.4.6179': attribute type 2 has an invalid length. [ 557.124891][T18225] loop0: detected capacity change from 0 to 1024 [ 557.491996][T18243] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6205'. [ 558.058127][T18265] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6217'. [ 558.239170][ T5369] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 558.340979][T18276] overlayfs: conflicting options: metacopy=on,redirect_dir=follow [ 558.406917][T18280] netlink: 256 bytes leftover after parsing attributes in process `syz.0.6225'. [ 558.449165][ T5369] usb 3-1: Using ep0 maxpacket: 32 [ 558.457830][ T5369] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 558.505401][ T5369] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 558.529173][ T5369] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 558.602138][ T5369] usb 3-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 558.624754][ T5369] usb 3-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 558.649515][ T5369] usb 3-1: Product: syz [ 558.659399][ T5369] usb 3-1: Manufacturer: syz [ 558.664165][ T5369] usb 3-1: SerialNumber: syz [ 558.690268][ T5369] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input25 [ 558.950801][ T4315] usb 3-1: USB disconnect, device number 35 [ 558.989366][ T4315] appletouch 3-1:1.0: input: appletouch disconnected [ 559.545784][T18317] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6242'. [ 559.557933][T18312] loop1: detected capacity change from 0 to 4096 [ 559.593929][T18318] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6241'. [ 559.609373][T18318] netlink: 28 bytes leftover after parsing attributes in process `syz.4.6241'. [ 559.639365][T18318] netlink: 48 bytes leftover after parsing attributes in process `syz.4.6241'. [ 560.964427][T18374] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6270'. [ 561.011688][T18374] (unnamed net_device) (uninitialized): option use_carrier: invalid value (4) [ 561.205770][T18380] Cannot find del_set index 3 as target [ 561.374200][T18387] loop1: detected capacity change from 0 to 1024 [ 561.400088][T18387] EXT4-fs: Ignoring removed mblk_io_submit option [ 561.441043][T18387] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 561.569045][T18387] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #11: comm syz.1.6278: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512) [ 561.589633][T18387] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.6278: couldn't read orphan inode 11 (err -117) [ 561.653725][T18387] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 561.727307][T18400] x_tables: duplicate underflow at hook 3 [ 561.797599][T18387] EXT4-fs error (device loop1): ext4_read_block_bitmap_nowait:477: comm syz.1.6278: Invalid block bitmap block 0 in block_group 0 [ 561.904320][T18387] __quota_error: 8 callbacks suppressed [ 561.904341][T18387] Quota error (device loop1): write_blk: dquota write failed [ 561.940246][T18387] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota [ 561.984242][T18387] EXT4-fs error (device loop1): ext4_acquire_dquot:6835: comm syz.1.6278: Failed to acquire dquot type 0 [ 562.180964][ T4266] EXT4-fs (loop1): unmounting filesystem. [ 562.190640][T18413] netlink: 25 bytes leftover after parsing attributes in process `syz.0.6289'. [ 562.423725][T18416] IPv6: ADDRCONF(NETDEV_CHANGE): wireguard0: link becomes ready [ 562.929732][T18439] loop1: detected capacity change from 0 to 512 [ 562.967996][T18439] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 563.073637][T18439] syz.1.6300: attempt to access beyond end of device [ 563.073637][T18439] loop1: rw=0, sector=17179852721, nr_sectors = 1 limit=512 [ 563.187950][T18439] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fffff00) [ 563.257129][T18439] FAT-fs (loop1): error, invalid access to FAT (entry 0x0fffff00) [ 563.289784][T18449] loop0: detected capacity change from 0 to 8 [ 563.443414][T18453] loop2: detected capacity change from 0 to 64 [ 563.833567][T18466] loop3: detected capacity change from 0 to 128 [ 563.854985][T18464] loop2: detected capacity change from 0 to 2048 [ 563.875860][T18466] VFS: Found a Xenix FS (block size = 1024) on device loop3 [ 563.959527][T18464] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 564.107137][T18469] loop0: detected capacity change from 0 to 512 [ 564.132207][ T4267] sysv_free_block: flc_count > flc_size [ 564.145063][ T4267] sysv_free_block: flc_count > flc_size [ 564.159946][T18469] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 564.175469][ T4267] sysv_free_block: flc_count > flc_size [ 564.185578][ T4267] sysv_free_block: flc_count > flc_size [ 564.191635][T18469] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 564.201386][ T4267] sysv_free_block: flc_count > flc_size [ 564.207616][ T4267] sysv_free_block: flc_count > flc_size [ 564.227368][ T4267] sysv_free_block: flc_count > flc_size [ 564.240716][T18469] EXT4-fs (loop0): warning: mounting unchecked fs, running e2fsck is recommended [ 564.256350][ T4267] sysv_free_block: flc_count > flc_size [ 564.269299][ T4267] sysv_free_block: flc_count > flc_size [ 564.285278][T18469] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a002e01c, mo2=0006] [ 564.294766][ T4267] sysv_free_block: flc_count > flc_size [ 564.301030][T18469] System zones: 0-2, 18-18, 34-35 [ 564.302150][ T4267] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 564.400665][T18469] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 564.487920][T18469] fscrypt (loop0, inode 12): Error -61 getting encryption context [ 564.715944][ T4272] EXT4-fs (loop0): unmounting filesystem. [ 564.875826][T18488] loop1: detected capacity change from 0 to 256 [ 565.183825][T18497] ieee802154 phy0 wpan0: encryption failed: -22 [ 565.278044][ T26] audit: type=1326 audit(2000000362.507:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18498 comm="syz.1.6331" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x0 [ 565.961563][T18527] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6343'. [ 566.003528][T18527] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6343'. [ 566.051497][T18530] loop3: detected capacity change from 0 to 8 [ 566.058868][T18530] /dev/loop3: Can't open blockdev [ 566.127963][T18532] loop4: detected capacity change from 0 to 512 [ 566.253129][T18532] EXT4-fs (loop4): corrupt root inode, run e2fsck [ 566.287843][T18532] EXT4-fs (loop4): mount failed [ 566.577168][ T26] audit: type=1326 audit(2000000363.807:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18545 comm="syz.4.6352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 566.670264][ T26] audit: type=1326 audit(2000000363.837:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18545 comm="syz.4.6352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 566.782182][ T26] audit: type=1326 audit(2000000363.867:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18545 comm="syz.4.6352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=249 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 566.887379][ T26] audit: type=1326 audit(2000000363.867:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18545 comm="syz.4.6352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 567.004624][ T26] audit: type=1326 audit(2000000363.867:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18545 comm="syz.4.6352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 567.202415][ T5021] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 567.384075][ T4315] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 567.409327][ T4316] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 567.429138][ T5021] usb 5-1: Using ep0 maxpacket: 32 [ 567.436574][ T5021] usb 5-1: config 0 has an invalid interface number: 188 but max is 0 [ 567.459207][ T5021] usb 5-1: config 0 has no interface number 0 [ 567.470339][ T5021] usb 5-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 567.496613][ T5021] usb 5-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 567.516156][ T5021] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.540385][ T5021] usb 5-1: Product: syz [ 567.544720][ T5021] usb 5-1: Manufacturer: syz [ 567.570081][ T5021] usb 5-1: SerialNumber: syz [ 567.589174][ T4315] usb 1-1: Using ep0 maxpacket: 16 [ 567.598473][ T4315] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 567.608156][ T5021] usb 5-1: config 0 descriptor?? [ 567.627696][ T4315] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 567.634752][ T4316] usb 3-1: config 0 has an invalid interface number: 0 but max is -1 [ 567.642661][T18556] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 567.665456][ T4315] usb 1-1: config 0 has no interface number 0 [ 567.674803][ T4316] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 567.685547][ T4315] usb 1-1: New USB device found, idVendor=046d, idProduct=08d3, bcdDevice= b.28 [ 567.697645][ T4315] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.715103][ T4316] usb 3-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice=f5.01 [ 567.717543][ T4315] usb 1-1: Product: syz [ 567.729943][ T4315] usb 1-1: Manufacturer: syz [ 567.734739][ T4315] usb 1-1: SerialNumber: syz [ 567.751654][ T4316] usb 3-1: New USB device strings: Mfr=192, Product=0, SerialNumber=0 [ 567.757078][ T4315] usb 1-1: config 0 descriptor?? [ 567.773755][ T4316] usb 3-1: Manufacturer: syz [ 567.813897][ T4316] usb 3-1: config 0 descriptor?? [ 567.823301][ T4316] usb-storage 3-1:0.0: USB Mass Storage device detected [ 567.885866][T18556] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 567.981706][ T4315] usb 1-1: Found UVC 0.00 device syz (046d:08d3) [ 567.988375][ T4315] usb 1-1: No valid video chain found. [ 568.077681][ T4314] usb 3-1: USB disconnect, device number 36 [ 568.121808][ T5021] asix 5-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 568.150096][ T5021] asix: probe of 5-1:0.188 failed with error -71 [ 568.164595][ T5021] usb 5-1: USB disconnect, device number 29 [ 568.206111][ T4315] usb 1-1: USB disconnect, device number 31 [ 568.343481][ T1276] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.349896][ T1276] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.367994][T18592] netlink: 'syz.1.6374': attribute type 3 has an invalid length. [ 568.406140][T18592] netlink: 132 bytes leftover after parsing attributes in process `syz.1.6374'. [ 568.584468][ T26] audit: type=1326 audit(2000000365.817:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18596 comm="syz.3.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 568.693687][ T26] audit: type=1326 audit(2000000365.857:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18596 comm="syz.3.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 568.803691][ T26] audit: type=1326 audit(2000000365.857:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18596 comm="syz.3.6377" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f737799c799 code=0x7ffc0000 [ 568.855111][T18601] netlink: 'syz.4.6379': attribute type 1 has an invalid length. [ 568.892811][T18601] netlink: 112860 bytes leftover after parsing attributes in process `syz.4.6379'. [ 568.918335][T18602] loop2: detected capacity change from 0 to 2048 [ 569.035454][T18602] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 569.099594][T18602] ext4 filesystem being mounted at /1268/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 569.187666][T18602] fscrypt (loop2, inode 14): Error -61 getting encryption context [ 569.353375][ T4277] EXT4-fs (loop2): unmounting filesystem. [ 569.755866][T18633] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6393'. [ 569.782391][T18633] netlink: 40 bytes leftover after parsing attributes in process `syz.2.6393'. [ 570.161451][T18649] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0) [ 570.553601][T18661] loop3: detected capacity change from 0 to 512 [ 570.578171][T18663] loop4: detected capacity change from 0 to 1024 [ 570.603621][T18661] /dev/loop3: Can't open blockdev [ 570.694498][T18663] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 570.777663][T18668] loop0: detected capacity change from 0 to 256 [ 570.843207][T18663] EXT4-fs error (device loop4): ext4_empty_dir:3166: inode #11: block 623: comm syz.4.6407: Attempting to read directory block (623) that is past i_size (638464) [ 570.870988][T18668] exfat: Deprecated parameter 'utf8' [ 570.944602][T18668] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 571.081725][T17564] EXT4-fs (loop4): unmounting filesystem. [ 571.378768][T18687] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.6418'. [ 571.449553][ T4314] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 571.595639][T18692] loop4: detected capacity change from 0 to 256 [ 571.651573][ T4314] usb 3-1: config 160 has an invalid interface number: 200 but max is 0 [ 571.671737][T18692] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d) [ 571.690914][ T4314] usb 3-1: config 160 has no interface number 0 [ 571.707591][ T4314] usb 3-1: config 160 interface 200 has no altsetting 0 [ 571.729128][ T4315] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 571.732312][ T4314] usb 3-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 571.789137][ T4314] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.829097][ T4314] usb 3-1: Product: syz [ 571.843466][ T4314] usb 3-1: Manufacturer: syz [ 571.859361][ T4314] usb 3-1: SerialNumber: syz [ 571.945081][ T4315] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 571.966870][ T4315] usb 2-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 571.988612][T18700] RDS: rds_bind could not find a transport for 0:0:4::1, load rds_tcp or rds_rdma? [ 572.009985][ T4315] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 572.029324][ T5021] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 572.047906][ T4315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.099304][ T4315] usb 2-1: Product: syz [ 572.102367][ T4314] usb 3-1: MIDIStreaming interface descriptor not found [ 572.103619][ T4315] usb 2-1: Manufacturer: syz [ 572.133489][ T4315] usb 2-1: SerialNumber: syz [ 572.163378][ T4315] cdc_ncm 2-1:1.0: skipping garbage [ 572.203634][ T4315] cdc_ncm 2-1:1.0: NCM or ECM functional descriptors missing [ 572.204414][ T4314] usb 3-1: USB disconnect, device number 37 [ 572.231683][ T5021] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 572.266846][ T5021] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 572.267091][T18706] netlink: 24 bytes leftover after parsing attributes in process `syz.4.6426'. [ 572.292891][ T4315] cdc_ncm 2-1:1.0: bind() failure [ 572.308776][ T5021] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 572.333622][ T4315] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 572.351556][T18706] device vlan0 entered promiscuous mode [ 572.357156][ T4315] cdc_ncm 2-1:1.1: bind() failure [ 572.362185][ T5021] usb 4-1: config 1 has no interface number 0 [ 572.397009][ T4315] usb 2-1: USB disconnect, device number 31 [ 572.411528][ T5021] usb 4-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 572.488329][ T5021] usb 4-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 572.530699][ T5021] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 572.549821][ T5021] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.568335][ T5021] usb 4-1: Product: syz [ 572.573101][ T5021] usb 4-1: Manufacturer: syz [ 572.581837][ T5021] usb 4-1: SerialNumber: syz [ 573.006702][T18720] netlink: 32 bytes leftover after parsing attributes in process `syz.0.6433'. [ 573.040688][T18720] netlink: 8 bytes leftover after parsing attributes in process `syz.0.6433'. [ 573.056122][ T4315] usb 4-1: USB disconnect, device number 30 [ 573.349721][T18730] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 573.442297][T18732] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6439'. [ 573.766929][ T4314] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 573.932076][ T26] audit: type=1326 audit(2000000371.167:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 573.963433][ T4314] usb 1-1: Using ep0 maxpacket: 32 [ 573.973875][ T4314] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 573.998205][ T26] audit: type=1326 audit(2000000371.167:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 573.998458][T18752] netlink: 'syz.4.6449': attribute type 10 has an invalid length. [ 574.047403][ T4314] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.071342][ T26] audit: type=1326 audit(2000000371.167:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 574.084144][ T4314] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 574.133469][ T4314] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 574.157924][ T4314] usb 1-1: Product: syz [ 574.173766][ T4314] usb 1-1: Manufacturer: syz [ 574.188056][ T4314] hub 1-1:4.0: USB hub found [ 574.209171][ T26] audit: type=1326 audit(2000000371.167:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=229 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 574.328861][ T26] audit: type=1326 audit(2000000371.167:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 574.393407][ T4314] hub 1-1:4.0: 5 ports detected [ 574.403887][ T4314] hub 1-1:4.0: insufficient power available to use all downstream ports [ 574.425446][ T26] audit: type=1326 audit(2000000371.197:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 574.516288][ T26] audit: type=1326 audit(2000000371.207:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 574.581026][ T26] audit: type=1326 audit(2000000371.217:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18747 comm="syz.1.6447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 574.604923][ T4314] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 574.633510][ T4314] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 574.689920][ T4314] usb 1-1: USB disconnect, device number 32 [ 574.707513][T18762] loop4: detected capacity change from 0 to 1024 [ 574.797103][T18762] hfsplus: failed to extend attributes file [ 575.206807][T18776] usb usb8: usbfs: process 18776 (syz.3.6461) did not claim interface 0 before use [ 575.469596][T18780] loop1: detected capacity change from 0 to 4096 [ 575.498819][T18780] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 575.642437][T18780] ntfs3: loop1: no free space to extend mft [ 576.044442][T18768] loop2: detected capacity change from 0 to 32768 [ 576.175543][T18768] XFS (loop2): Mounting V5 Filesystem [ 576.290887][ T4314] XFS (loop2): Metadata CRC error detected at xfs_agf_read_verify+0x192/0x250, xfs_agf block 0x1 [ 576.314893][ T4314] XFS (loop2): Unmount and run xfs_repair [ 576.325059][ T4314] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 576.345400][ T4314] 00000000: 58 41 47 46 00 00 00 00 00 00 00 00 00 00 10 00 XAGF............ [ 576.365746][ T4314] 00000010: 00 00 00 01 00 00 00 02 00 00 00 00 00 00 00 01 ................ [ 576.375312][ T4314] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 00 00 00 04 ................ [ 576.385110][ T4314] 00000030: 00 00 00 04 00 00 0b a2 00 00 0b a0 00 00 00 00 ................ [ 576.394882][ T4314] 00000040: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb ...^T.Lr......N. [ 576.404111][ T4314] 00000050: 00 00 00 00 00 00 00 01 00 00 00 05 00 00 00 01 ................ [ 576.415756][ T4314] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 576.463978][ T4314] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ [ 576.491428][T18768] XFS (loop2): metadata I/O error in "xfs_read_agf+0x2b6/0x630" at daddr 0x1 len 1 error 74 [ 576.526669][T18768] XFS (loop2): Error -117 reserving per-AG metadata reserve pool. [ 576.549202][ T4315] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 576.557049][T18768] XFS (loop2): Corruption of in-memory data (0x8) detected at xfs_fs_reserve_ag_blocks+0x1c6/0x1f0 (fs/xfs/xfs_fsops.c:587). Shutting down filesystem. [ 576.641958][T18768] XFS (loop2): Please unmount the filesystem and rectify the problem(s) [ 576.672210][T18768] XFS (loop2): Ending clean mount [ 576.677833][T18768] XFS (loop2): Failed to initialize disk quotas. [ 576.779178][ T4315] usb 4-1: Using ep0 maxpacket: 32 [ 576.786304][ T4315] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 576.806442][ T4277] XFS (loop2): Unmounting Filesystem [ 576.838945][ T4315] usb 4-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 576.867361][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.910548][ T4315] usb 4-1: Product: syz [ 576.914896][ T4315] usb 4-1: Manufacturer: syz [ 576.922878][T18828] xt_hashlimit: max too large, truncated to 1048576 [ 576.949401][ T4315] usb 4-1: SerialNumber: syz [ 576.977967][ T4315] usb 4-1: config 0 descriptor?? [ 577.002895][ T4315] usb 4-1: bad CDC descriptors [ 577.012061][T18832] loop0: detected capacity change from 0 to 16 [ 577.022635][ T4315] usb 4-1: unsupported MDLM descriptors [ 577.072099][T18832] erofs: (device loop0): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 577.133798][ T4354] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 577.225992][ T4315] usb 4-1: USB disconnect, device number 31 [ 577.528738][T18842] loop4: detected capacity change from 0 to 4096 [ 577.541358][T18841] loop0: detected capacity change from 0 to 4096 [ 577.559191][T18842] ntfs3: loop4: Different NTFS' sector size (1024) and media sector size (512) [ 577.622289][T18842] ntfs3: loop4: Failed to load $Extend. [ 577.808458][T18846] vivid-007: disconnect [ 577.826803][T18845] vivid-007: reconnect [ 577.859462][ T4315] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 578.073978][ T4315] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 578.099600][ T4315] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 578.151302][ T4315] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 578.195761][ T4315] usb 2-1: config 220 has no interface number 2 [ 578.223604][ T4315] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 578.277863][T18860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.6498'. [ 578.291983][ T4315] usb 2-1: config 220 interface 0 has no altsetting 0 [ 578.318553][ T4315] usb 2-1: config 220 interface 76 has no altsetting 0 [ 578.336072][ T4315] usb 2-1: config 220 interface 1 has no altsetting 0 [ 578.370051][ T4315] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 578.398577][ T4315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.420868][ T4315] usb 2-1: Product: syz [ 578.437650][ T4315] usb 2-1: Manufacturer: syz [ 578.457955][ T4315] usb 2-1: SerialNumber: syz [ 578.526187][T18866] loop2: detected capacity change from 0 to 1024 [ 578.628821][T18866] hfsplus: failed to extend attributes file [ 578.695052][ T4315] usb 2-1: selecting invalid altsetting 0 [ 578.719799][ T4315] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 578.739512][ T4315] usb 2-1: No valid video chain found. [ 578.790765][ T4315] usb 2-1: selecting invalid altsetting 0 [ 578.809208][ T4315] usbtest: probe of 2-1:220.1 failed with error -22 [ 578.840566][ T4315] usb 2-1: USB disconnect, device number 32 [ 578.995416][T18878] netlink: 15 bytes leftover after parsing attributes in process `syz.0.6506'. [ 579.036202][T18878] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6506'. [ 579.273746][T18882] loop4: detected capacity change from 0 to 1764 [ 579.364946][T18882] iso9660: Corrupted directory entry in block 14 of inode 1920 [ 579.919527][T18906] netlink: 14 bytes leftover after parsing attributes in process `syz.4.6520'. [ 580.226515][T18906] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 580.327060][T18906] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 580.383086][T18906] bond0 (unregistering): Released all slaves [ 580.405816][T18922] loop0: detected capacity change from 0 to 256 [ 580.454322][T18922] FAT-fs (loop0): Directory bread(block 64) failed [ 580.477171][T18922] FAT-fs (loop0): Directory bread(block 65) failed [ 580.490799][T18922] FAT-fs (loop0): Directory bread(block 66) failed [ 580.498943][T18922] FAT-fs (loop0): Directory bread(block 67) failed [ 580.550913][T18922] FAT-fs (loop0): Directory bread(block 68) failed [ 580.569255][T18922] FAT-fs (loop0): Directory bread(block 69) failed [ 580.575967][T18922] FAT-fs (loop0): Directory bread(block 70) failed [ 580.603593][T18922] FAT-fs (loop0): Directory bread(block 71) failed [ 580.623981][T18922] FAT-fs (loop0): Directory bread(block 72) failed [ 580.638936][T18922] FAT-fs (loop0): Directory bread(block 73) failed [ 580.649155][ T4315] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 580.849394][ T4315] usb 4-1: Using ep0 maxpacket: 32 [ 580.859939][ T4315] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 580.919974][ T4315] usb 4-1: config 1 has no interface number 1 [ 580.977964][ T4315] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 580.989727][ T4315] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 581.001969][ T4315] usb 4-1: Product: syz [ 581.012793][ T4315] usb 4-1: Manufacturer: syz [ 581.019908][ T4315] usb 4-1: SerialNumber: syz [ 581.253047][ T4315] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 581.269607][T18941] x_tables: ip6_tables: CLASSIFY target: used from hooks PREROUTING, but only usable from FORWARD/OUTPUT/POSTROUTING [ 581.289131][ T4315] usb 4-1: 2:1: invalid format type 0x1002 is detected, processed as PCM [ 581.311875][ T4315] usb 4-1: 2:1 : unsupported sample bitwidth 71 in 38 bytes [ 581.373754][ T4315] usb 4-1: USB disconnect, device number 32 [ 581.443395][ T4362] udevd[4362]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 581.836801][T18956] loop1: detected capacity change from 0 to 4096 [ 582.329293][ T4315] usb 1-1: new low-speed USB device number 33 using dummy_hcd [ 582.446792][T18980] loop1: detected capacity change from 0 to 16 [ 582.551824][ T4315] usb 1-1: config 1 has an invalid interface descriptor of length 6, skipping [ 582.565725][T18980] erofs: (device loop1): mounted with root inode @ nid 36. [ 582.568993][ T4315] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 582.636636][ T4315] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 582.680424][ T4315] usb 1-1: config 1 has no interface number 1 [ 582.713654][ T4315] usb 1-1: string descriptor 0 read error: -71 [ 582.732278][ T4315] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 582.769290][ T4315] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 582.798793][ T4315] usb 1-1: can't set config #1, error -71 [ 582.853343][ T4315] usb 1-1: USB disconnect, device number 33 [ 582.974734][T18992] loop4: detected capacity change from 0 to 64 [ 583.180090][T18996] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6564'. [ 583.327964][T18998] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 583.458402][T19004] loop1: detected capacity change from 0 to 512 [ 584.219237][ T4314] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 584.287036][T19035] netlink: 'syz.3.6584': attribute type 4 has an invalid length. [ 584.414749][ T4314] usb 5-1: config 160 has an invalid interface number: 200 but max is 0 [ 584.444888][ T4314] usb 5-1: config 160 has no interface number 0 [ 584.475363][ T4314] usb 5-1: config 160 interface 200 has no altsetting 0 [ 584.487174][T19036] loop2: detected capacity change from 0 to 4096 [ 584.498262][T19040] loop3: detected capacity change from 0 to 64 [ 584.508173][ T4314] usb 5-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 584.530031][ T4314] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.538246][ T4314] usb 5-1: Product: syz [ 584.561390][ T4314] usb 5-1: Manufacturer: syz [ 584.566450][T19036] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 584.576271][ T4314] usb 5-1: SerialNumber: syz [ 584.591863][ T4362] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 584.676266][T19036] ntfs3: loop2: no free space to extend mft [ 584.734847][T19042] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 584.819762][ T4314] usb 5-1: MIDIStreaming interface descriptor not found [ 584.927691][ T4314] usb 5-1: USB disconnect, device number 30 [ 585.054191][T19048] netlink: 92 bytes leftover after parsing attributes in process `syz.2.6590'. [ 585.088271][T19048] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6590'. [ 585.149561][T19048] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6590'. [ 585.187773][T19024] loop0: detected capacity change from 0 to 40427 [ 585.194733][T19048] netlink: 20 bytes leftover after parsing attributes in process `syz.2.6590'. [ 585.245602][T19024] F2FS-fs (loop0): Invalid segment count (0) [ 585.262652][T19051] netlink: 14 bytes leftover after parsing attributes in process `syz.3.6591'. [ 585.282268][T19024] F2FS-fs (loop0): Can't find valid F2FS filesystem in 2th superblock [ 585.322568][T19024] F2FS-fs (loop0): invalid crc value [ 585.382363][ T4361] udevd[4361]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 585.416789][T19024] F2FS-fs (loop0): Found nat_bits in checkpoint [ 585.580272][T19051] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 585.673403][T19051] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 585.697424][T19024] F2FS-fs (loop0): Try to recover 2th superblock, ret: 0 [ 585.718800][T19024] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 585.737281][T19051] bond0 (unregistering): Released all slaves [ 586.099318][T19073] netlink: 'syz.1.6600': attribute type 7 has an invalid length. [ 586.159301][T19073] netlink: 'syz.1.6600': attribute type 8 has an invalid length. [ 586.418336][T19083] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 586.553500][T19089] loop2: detected capacity change from 0 to 64 [ 586.908852][T19097] (syz.3.6613,19097,0):ocfs2_parse_options:1458 ERROR: Invalid heartbeat mount options [ 586.923027][T19097] (syz.3.6613,19097,0):ocfs2_fill_super:1176 ERROR: status = -22 [ 586.966053][T19099] netlink: 14 bytes leftover after parsing attributes in process `syz.1.6614'. [ 587.131290][T19099] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 587.208806][T19099] bond0 (unregistering): (slave wlan1): Releasing backup interface [ 587.256706][T19099] bond0 (unregistering): Released all slaves [ 587.331327][T19109] loop2: detected capacity change from 0 to 256 [ 587.345950][T19081] loop0: detected capacity change from 0 to 32768 [ 587.425919][T19109] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 587.518277][T19109] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 587.578772][T19113] i2c i2c-0: Invalid block write size 34 [ 587.593763][T19109] FAT-fs (loop2): error, fat_get_cluster: invalid start cluster (i_pos 196, start 00000001) [ 587.732296][ T48] Bluetooth: hci1: unexpected event 0x01 length: 4 > 1 [ 587.737773][ T26] audit: type=1326 audit(2000000384.967:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 587.819104][ T26] audit: type=1326 audit(2000000384.967:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 587.935220][ T26] audit: type=1326 audit(2000000385.017:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 588.039081][ T26] audit: type=1326 audit(2000000385.017:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 588.145392][ T26] audit: type=1326 audit(2000000385.017:273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 588.260741][ T26] audit: type=1326 audit(2000000385.107:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fb13f35cfce code=0x7ffc0000 [ 588.355009][ T26] audit: type=1326 audit(2000000385.107:275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 588.454732][ T26] audit: type=1326 audit(2000000385.107:276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 588.579275][ T26] audit: type=1326 audit(2000000385.227:277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=436 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 588.689095][ T26] audit: type=1326 audit(2000000385.227:278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19116 comm="syz.1.6622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=231 compat=0 ip=0x7fb13f39c799 code=0x7ffc0000 [ 588.810886][T19137] loop1: detected capacity change from 0 to 4096 [ 589.185398][ T4315] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 589.382226][ T4315] usb 3-1: Using ep0 maxpacket: 16 [ 589.391113][ T4315] usb 3-1: config 1 has an invalid interface number: 193 but max is 1 [ 589.429241][ T4315] usb 3-1: config 1 has an invalid interface number: 208 but max is 1 [ 589.468846][ T4315] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 589.510557][ T4315] usb 3-1: config 1 has no interface number 0 [ 589.517076][ T4315] usb 3-1: config 1 has no interface number 1 [ 589.528282][T19158] xt_CT: No such helper "pptp" [ 589.554750][ T4315] usb 3-1: config 1 interface 193 altsetting 13 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 589.617581][ T4315] usb 3-1: config 1 interface 193 altsetting 13 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 589.646214][ T4315] usb 3-1: config 1 interface 193 altsetting 13 endpoint 0xD has an invalid bInterval 101, changing to 7 [ 589.695447][ T4315] usb 3-1: config 1 interface 193 altsetting 13 bulk endpoint 0x9 has invalid maxpacket 16 [ 589.736227][ T4315] usb 3-1: config 1 interface 193 altsetting 13 has a duplicate endpoint with address 0xD, skipping [ 589.778273][ T4315] usb 3-1: config 1 interface 193 altsetting 13 has a duplicate endpoint with address 0xA, skipping [ 589.813907][ T4315] usb 3-1: config 1 interface 193 altsetting 13 has a duplicate endpoint with address 0xD, skipping [ 589.845833][ T4315] usb 3-1: config 1 interface 193 altsetting 13 has an invalid endpoint with address 0x80, skipping [ 589.892953][ T4315] usb 3-1: config 1 interface 208 altsetting 153 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 589.923792][ T4315] usb 3-1: config 1 interface 208 altsetting 153 has a duplicate endpoint with address 0xA, skipping [ 589.958224][ T4315] usb 3-1: config 1 interface 208 altsetting 153 endpoint 0xB has invalid maxpacket 512, setting to 64 [ 589.982547][ T4315] usb 3-1: config 1 interface 208 altsetting 153 bulk endpoint 0x4 has invalid maxpacket 1024 [ 590.009637][ T4315] usb 3-1: config 1 interface 208 altsetting 153 has a duplicate endpoint with address 0x5, skipping [ 590.039136][ T4315] usb 3-1: config 1 interface 208 altsetting 153 has a duplicate endpoint with address 0x4, skipping [ 590.081017][ T4315] usb 3-1: config 1 interface 208 altsetting 153 has 7 endpoint descriptors, different from the interface descriptor's value: 8 [ 590.109123][ T4315] usb 3-1: config 1 interface 193 has no altsetting 0 [ 590.125268][ T4315] usb 3-1: config 1 interface 208 has no altsetting 0 [ 590.143240][ T4315] usb 3-1: New USB device found, idVendor=04b8, idProduct=0602, bcdDevice= 1.10 [ 590.166508][T19182] netlink: 'syz.0.6653': attribute type 30 has an invalid length. [ 590.179447][ T4316] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 590.185897][ T4315] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.209106][ T4315] usb 3-1: Product: syz [ 590.213615][ T4315] usb 3-1: Manufacturer: syz [ 590.228727][ T4315] usb 3-1: SerialNumber: syz [ 590.247200][ T4315] usb 3-1: Interface #193 referenced by multiple IADs [ 590.270276][T19148] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 590.389162][ T4316] usb 5-1: Using ep0 maxpacket: 16 [ 590.401319][ T4316] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 590.449103][ T4316] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 590.473136][ T4316] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 590.492896][ T4316] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 590.502023][ T4315] usb-storage 3-1:1.193: USB Mass Storage device detected [ 590.524155][ T4316] usb 5-1: Product: syz [ 590.528573][ T4316] usb 5-1: Manufacturer: syz [ 590.542021][ T4316] usb 5-1: SerialNumber: syz [ 590.548780][ T4315] usb-storage 3-1:1.193: Quirks match for vid 04b8 pid 0602: 1 [ 590.698948][T19197] A link change request failed with some changes committed already. Interface team0 may have been left with an inconsistent configuration, please check. [ 590.713402][ T4315] usb-storage 3-1:1.208: USB Mass Storage device detected [ 590.759412][ T4315] usb-storage 3-1:1.208: Quirks match for vid 04b8 pid 0602: 1 [ 590.832018][ T4316] usb 5-1: 0:2 : does not exist [ 590.840909][ T4316] usb 5-1: MIDIStreaming interface descriptor not found [ 590.874851][ T4315] usb 3-1: USB disconnect, device number 38 [ 590.919241][ T4316] usb 5-1: USB disconnect, device number 31 [ 591.285692][T19210] loop0: detected capacity change from 0 to 2048 [ 591.326870][T19210] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 591.370572][ T4406] udevd[4406]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 591.898836][T19224] loop0: detected capacity change from 0 to 4096 [ 591.940917][T19232] loop4: detected capacity change from 0 to 256 [ 591.989605][T19224] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 592.060137][ T4316] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 592.068104][T19224] ntfs3: loop0: Failed to load $Extend. [ 592.249191][ T4316] usb 4-1: Using ep0 maxpacket: 32 [ 592.260767][ T4316] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 592.300608][ T4316] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 592.382021][ T4316] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 592.429462][ T4316] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 592.437799][ T4316] usb 4-1: Product: syz [ 592.465662][ T4316] usb 4-1: Manufacturer: syz [ 592.487344][ T4316] usb 4-1: SerialNumber: syz [ 592.502749][ T4316] usb 4-1: config 0 descriptor?? [ 592.561041][ T4316] hub 4-1:0.0: bad descriptor, ignoring hub [ 592.567092][ T4316] hub: probe of 4-1:0.0 failed with error -5 [ 592.730710][T19250] usb usb9: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 592.738173][T19250] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 592.803092][T19226] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(4) [ 592.810699][T19226] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 592.856799][T19226] vhci_hcd vhci_hcd.0: Device attached [ 592.910575][T19251] vhci_hcd: connection closed [ 592.917815][ T11] vhci_hcd: stop threads [ 592.964290][ T11] vhci_hcd: release socket [ 593.000114][ T11] vhci_hcd: disconnect device [ 593.049662][ T4316] usb 4-1: USB disconnect, device number 33 [ 593.055990][ T4315] vhci_hcd: vhci_device speed not set [ 593.646853][T19274] netlink: 14 bytes leftover after parsing attributes in process `syz.2.6694'. [ 593.708322][T19244] loop4: detected capacity change from 0 to 40427 [ 593.732680][T19244] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 593.754294][T19244] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 593.807055][T19244] F2FS-fs (loop4): invalid crc value [ 593.857228][T19244] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 9809626597) [ 594.000311][T19274] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 594.092647][T19274] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 594.126660][T19244] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 594.141258][T19274] bond0 (unregistering): Released all slaves [ 594.162644][T19244] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 594.203392][T19244] fscrypt (loop4, inode 3): Error -61 getting encryption context [ 594.233964][T19290] loop1: detected capacity change from 0 to 256 [ 594.469292][T19290] FAT-fs (loop1): Directory bread(block 64) failed [ 594.534824][T19290] FAT-fs (loop1): Directory bread(block 65) failed [ 594.594376][T19290] FAT-fs (loop1): Directory bread(block 66) failed [ 594.636700][T19290] FAT-fs (loop1): Directory bread(block 67) failed [ 594.713820][T19290] FAT-fs (loop1): Directory bread(block 68) failed [ 594.749184][T19290] FAT-fs (loop1): Directory bread(block 69) failed [ 594.806669][T19290] FAT-fs (loop1): Directory bread(block 70) failed [ 594.840127][T19290] FAT-fs (loop1): Directory bread(block 71) failed [ 594.874011][T19290] FAT-fs (loop1): Directory bread(block 72) failed [ 594.902402][T19302] overlayfs: missing 'lowerdir' [ 594.944748][T19290] FAT-fs (loop1): Directory bread(block 73) failed [ 595.461047][T19315] loop0: detected capacity change from 0 to 2048 [ 595.571445][T19319] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 595.904157][T19327] loop2: detected capacity change from 0 to 1024 [ 595.940501][T19329] xt_TCPMSS: Only works on TCP SYN packets [ 595.958192][T19327] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (51269!=20869) [ 596.001018][T19327] EXT4-fs error (device loop2): ext4_get_journal_inode:5756: inode #32: comm syz.2.6718: iget: special inode unallocated [ 596.053187][T19327] EXT4-fs (loop2): no journal found [ 596.058567][T19327] EXT4-fs (loop2): can't get journal size [ 596.097298][T19327] EXT4-fs (loop2): filesystem is read-only [ 596.112355][T19327] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 596.229088][T19310] loop3: detected capacity change from 0 to 32768 [ 596.246893][T19310] /dev/loop3: Can't open blockdev [ 596.394385][ T4277] EXT4-fs (loop2): unmounting filesystem. [ 597.039147][ T4316] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 597.274870][ T4316] usb 4-1: Using ep0 maxpacket: 8 [ 597.282516][ T4316] usb 4-1: unable to get BOS descriptor or descriptor too short [ 597.319445][ T4316] usb 4-1: New USB device found, idVendor=0582, idProduct=0582, bcdDevice= 0.40 [ 597.354337][ T4316] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.396255][ T4316] usb 4-1: Product: syz [ 597.403681][ T4316] usb 4-1: Manufacturer: syz [ 597.412753][ T4316] usb 4-1: SerialNumber: syz [ 597.607855][T19368] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 597.681156][ T4316] usb 4-1: BAAD GENERIC IO: no channels? [ 597.720556][ T4316] snd-usb-audio: probe of 4-1:1.0 failed with error -22 [ 597.785528][ T4316] usb 4-1: USB disconnect, device number 34 [ 597.804870][ T4362] udevd[4362]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 597.849970][T19351] loop0: detected capacity change from 0 to 32768 [ 597.932981][T19351] ERROR: (device loop0): xtSearch: XT_GETPAGE: xtree page corrupt [ 597.932981][T19351] [ 597.949749][T19351] ERROR: (device loop0): remounting filesystem as read-only [ 597.960803][T19351] xtLookup: xtSearch returned -5 [ 597.976216][T19375] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 598.025516][T19351] syz.0.6730 (19351) used greatest stack depth: 19248 bytes left [ 599.847172][T19430] loop1: detected capacity change from 0 to 4096 [ 600.032957][T19440] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6773'. [ 600.691149][T19458] loop1: detected capacity change from 0 to 4096 [ 600.740849][T19458] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 600.898915][T19468] netlink: 56 bytes leftover after parsing attributes in process `syz.2.6787'. [ 601.505383][T19489] loop4: detected capacity change from 0 to 256 [ 601.599779][T19489] FAT-fs (loop4): Directory bread(block 64) failed [ 601.607117][T19489] FAT-fs (loop4): Directory bread(block 65) failed [ 601.669274][T19489] FAT-fs (loop4): Directory bread(block 66) failed [ 601.675896][T19489] FAT-fs (loop4): Directory bread(block 67) failed [ 601.710152][T19489] FAT-fs (loop4): Directory bread(block 68) failed [ 601.762101][T19489] FAT-fs (loop4): Directory bread(block 69) failed [ 601.768903][T19489] FAT-fs (loop4): Directory bread(block 70) failed [ 601.805913][T19489] FAT-fs (loop4): Directory bread(block 71) failed [ 601.847491][T19489] FAT-fs (loop4): Directory bread(block 72) failed [ 601.866214][T19489] FAT-fs (loop4): Directory bread(block 73) failed [ 601.919393][ T4315] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 602.135194][ T4315] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 602.170823][ T4315] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.180614][ T4315] usb 2-1: Product: syz [ 602.185384][ T4315] usb 2-1: Manufacturer: syz [ 602.190849][ T4315] usb 2-1: SerialNumber: syz [ 602.212429][ T4315] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 602.255219][ T4315] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 602.307889][T19507] loop0: detected capacity change from 0 to 8192 [ 602.358180][T19507] REISERFS warning: read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025 [ 602.379180][ T4314] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 602.423240][T19507] REISERFS (device loop0): found reiserfs format "3.5" with non-standard journal [ 602.433600][T19507] REISERFS (device loop0): using ordered data mode [ 602.440631][T19507] reiserfs: using flush barriers [ 602.453870][T19507] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 602.471748][T19507] REISERFS (device loop0): checking transaction log (loop0) [ 602.563814][T19507] REISERFS (device loop0): Using tea hash to sort names [ 602.579136][ T4314] usb 4-1: Using ep0 maxpacket: 8 [ 602.588826][ T4314] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 602.602930][T19507] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 602.625387][ T4314] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 602.646357][ T4314] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 602.694022][ T4314] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 602.774193][ T4316] usb 2-1: USB disconnect, device number 33 [ 602.784031][ T4314] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 602.805908][ T4314] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.824594][ T4314] usb 4-1: Product: syz [ 602.840050][ T4314] usb 4-1: Manufacturer: syz [ 602.845685][ T4314] usb 4-1: SerialNumber: syz [ 602.864148][T19508] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 602.884026][ T4314] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 602.897698][ T4314] usbtest 4-1:1.0: Linux user mode ISO test driver [ 602.964370][ T4314] usbtest 4-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 603.143975][ T6650] usb 4-1: USB disconnect, device number 35 [ 603.299211][ T4315] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive [ 603.326827][ T4315] ath9k_htc: Failed to initialize the device [ 603.355990][ T4316] usb 2-1: ath9k_htc: USB layer deinitialized [ 603.600719][T19546] loop2: detected capacity change from 0 to 16 [ 603.650162][ T26] audit: type=1326 audit(2000000400.887:279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19547 comm="syz.4.6826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 603.691579][T19546] erofs: (device loop2): mounted with root inode @ nid 36. [ 603.715977][ T26] audit: type=1326 audit(2000000400.937:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19547 comm="syz.4.6826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 603.803007][T19546] erofs: (device loop2): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 86 [ 603.830287][ T26] audit: type=1326 audit(2000000400.937:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19547 comm="syz.4.6826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 603.852905][T19546] erofs: (device loop2): erofs_map_blocks_flatmode: inline data cross block boundary @ nid 86 [ 603.968951][ T26] audit: type=1326 audit(2000000400.937:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19547 comm="syz.4.6826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 603.993283][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.024240][ T26] audit: type=1326 audit(2000000400.937:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19547 comm="syz.4.6826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b00f9c799 code=0x7ffc0000 [ 604.047618][ C1] vkms_vblank_simulate: vblank timer overrun [ 604.984230][T19593] loop0: detected capacity change from 0 to 256 [ 605.044429][T19593] FAT-fs (loop0): Directory bread(block 64) failed [ 605.051334][ T5018] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 605.075637][T19593] FAT-fs (loop0): Directory bread(block 65) failed [ 605.120906][T19593] FAT-fs (loop0): Directory bread(block 66) failed [ 605.127745][T19593] FAT-fs (loop0): Directory bread(block 67) failed [ 605.135839][T19593] FAT-fs (loop0): Directory bread(block 68) failed [ 605.147667][T19593] FAT-fs (loop0): Directory bread(block 69) failed [ 605.155849][T19593] FAT-fs (loop0): Directory bread(block 70) failed [ 605.167785][T19593] FAT-fs (loop0): Directory bread(block 71) failed [ 605.175755][T19593] FAT-fs (loop0): Directory bread(block 72) failed [ 605.196640][T19593] FAT-fs (loop0): Directory bread(block 73) failed [ 605.249189][ T5018] usb 5-1: Using ep0 maxpacket: 16 [ 605.256330][ T5018] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 605.290225][ T5018] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 605.321626][ T5018] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 605.346164][ T5018] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 605.357593][ T5018] usb 5-1: Product: syz [ 605.363052][ T5018] usb 5-1: Manufacturer: syz [ 605.368535][ T5018] usb 5-1: SerialNumber: syz [ 605.375722][ T5018] r8152-cfgselector 5-1: config 0 descriptor?? [ 605.606920][ T5018] usbip-host 5-1: 5-1 is not in match_busid table... skip! [ 605.825422][ T5018] usb 5-1: USB disconnect, device number 32 [ 606.525761][T19645] netlink: 16 bytes leftover after parsing attributes in process `syz.2.6875'. [ 607.095731][T19668] netlink: 124 bytes leftover after parsing attributes in process `syz.2.6885'. [ 607.106857][T19672] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 607.505517][ T26] audit: type=1326 audit(2000000404.737:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19686 comm="syz.0.6894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 607.576623][ T26] audit: type=1326 audit(2000000404.787:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19686 comm="syz.0.6894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 607.655701][ T26] audit: type=1326 audit(2000000404.787:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19686 comm="syz.0.6894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 607.743491][ T26] audit: type=1326 audit(2000000404.787:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19686 comm="syz.0.6894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f035fd9c799 code=0x7ffc0000 [ 608.047319][T19706] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6902'. [ 608.082311][T19706] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6902'. [ 608.130627][T19706] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6902'. [ 608.157597][T19706] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 608.448443][T19716] loop0: detected capacity change from 0 to 4096 [ 608.550130][T19716] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 608.687679][T19716] ntfs: volume version 3.1. [ 609.088389][T19735] binder: BC_ATTEMPT_ACQUIRE not supported [ 609.119142][T19735] binder: 19734:19735 ioctl c0306201 2000000001c0 returned -22 [ 609.280241][T19717] loop3: detected capacity change from 0 to 32768 [ 609.392788][T19743] netlink: 'syz.1.6922': attribute type 1 has an invalid length. [ 609.430244][T19743] netlink: 224 bytes leftover after parsing attributes in process `syz.1.6922'. [ 609.699348][ T5018] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 609.745887][T19756] loop1: detected capacity change from 0 to 2048 [ 609.911908][ T5018] usb 3-1: config 0 has an invalid interface number: 64 but max is 0 [ 609.922076][T19759] loop3: detected capacity change from 0 to 2048 [ 609.940165][ T5018] usb 3-1: config 0 has no interface number 0 [ 609.963491][T19759] UDF-fs: error (device loop3): udf_load_logicalvol: error loading logical volume descriptor: Too many partition maps (4 > 0) [ 609.977722][ T5018] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 610.002571][ T5018] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 610.036291][ T5018] usb 3-1: Product: syz [ 610.045755][ T5018] usb 3-1: Manufacturer: syz [ 610.059471][T19759] UDF-fs: Scanning with blocksize 512 failed [ 610.085525][ T5018] usb 3-1: SerialNumber: syz [ 610.106750][T19759] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 610.114820][ T5018] usb 3-1: config 0 descriptor?? [ 610.153682][T19759] UDF-fs: Scanning with blocksize 1024 failed [ 610.193712][T19759] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 610.267357][T19759] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 610.311685][T19759] UDF-fs: Scanning with blocksize 2048 failed [ 610.327416][T19759] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 610.347611][ T5018] usb 3-1: Found UVC 0.08 device syz (046d:0823) [ 610.365058][ T5018] usb 3-1: No valid video chain found. [ 610.372466][T19759] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=512, location=512 [ 610.405670][ T5018] usb 3-1: USB disconnect, device number 39 [ 610.438453][T19759] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found [ 610.468041][T19771] loop4: detected capacity change from 0 to 1024 [ 610.474274][T19759] UDF-fs: Scanning with blocksize 4096 failed [ 610.491942][T19759] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1) [ 610.518384][T19771] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (32298!=35945) [ 610.555222][T19771] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 610.564708][T19771] EXT4-fs (loop4): orphan cleanup on readonly fs [ 610.584042][T19771] EXT4-fs error (device loop4): ext4_read_inode_bitmap:168: comm syz.4.6936: Inode bitmap for bg 0 marked uninitialized [ 610.605084][T19771] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 610.661960][T19771] EXT4-fs (loop4): ext4_remount: Checksum for group 0 failed (32298!=35945) [ 610.676522][T19759] exFAT-fs (loop3): invalid boot record signature [ 610.683376][ T6650] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 610.720229][T19759] exFAT-fs (loop3): failed to read boot sector [ 610.761646][T19759] exFAT-fs (loop3): failed to recognize exfat type [ 610.849773][T17564] EXT4-fs (loop4): unmounting filesystem. [ 610.921325][ T6650] usb 2-1: config 9 has an invalid interface number: 182 but max is 0 [ 610.950974][ T6650] usb 2-1: config 9 has no interface number 0 [ 610.983482][ T6650] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.10 [ 610.999234][ T5021] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 611.032882][ T6650] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 611.057264][ T6650] usb 2-1: Product: syz [ 611.061938][ T6650] usb 2-1: Manufacturer: syz [ 611.066727][ T6650] usb 2-1: SerialNumber: syz [ 611.199168][ T5021] usb 1-1: Using ep0 maxpacket: 8 [ 611.249399][ T5021] usb 1-1: config 0 has an invalid interface number: 52 but max is 0 [ 611.257826][ T5021] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 611.293522][ T5021] usb 1-1: config 0 has no interface number 0 [ 611.307846][ T5021] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 611.337788][ T5021] usb 1-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 611.373874][ T5021] usb 1-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 611.428532][ T5021] usb 1-1: config 0 interface 52 has no altsetting 0 [ 611.447263][ T5021] usb 1-1: New USB device found, idVendor=06cb, idProduct=0007, bcdDevice= 0.00 [ 611.477503][ T5021] usb 1-1: New USB device strings: Mfr=0, Product=149, SerialNumber=35 [ 611.491206][ T5021] usb 1-1: Product: syz [ 611.495576][ T5021] usb 1-1: SerialNumber: syz [ 611.523639][ T5021] usb 1-1: config 0 descriptor?? [ 611.583598][T19794] loop2: detected capacity change from 0 to 22 [ 611.613151][T19794] MTD: Attempt to mount non-MTD device "/dev/loop2" [ 611.661417][T19794] romfs: Mounting image 'rom 637cf1fa' through the block layer [ 611.771845][ T5021] input: syz (Stick) as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.52/input/input29 [ 611.790574][ T3622] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 611.832570][ T6650] go7007: probe of 2-1:9.182 failed with error -12 [ 611.879842][ T3622] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 611.895901][ T6650] usb 2-1: USB disconnect, device number 34 [ 611.920565][ T3622] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 611.966022][ T3622] synaptics_usb 1-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 612.021586][ T5018] usb 1-1: USB disconnect, device number 34 [ 612.041618][T19802] loop4: detected capacity change from 0 to 1024 [ 612.063620][T19804] loop2: detected capacity change from 0 to 136 [ 612.404381][T19811] netlink: 136 bytes leftover after parsing attributes in process `syz.4.6956'. [ 613.077468][T19828] loop1: detected capacity change from 0 to 4096 [ 613.160407][T19828] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 613.274942][T19828] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 613.300742][T19828] ntfs3: loop1: Failed to load $Extend. [ 613.419669][ T5018] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 613.619292][ T5018] usb 3-1: Using ep0 maxpacket: 8 [ 613.628717][ T5018] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 613.656564][ T5018] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 613.688126][ T5018] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 613.708236][ T5018] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 613.727147][ T5018] usb 3-1: Product: syz [ 613.736676][ T5018] usb 3-1: Manufacturer: syz [ 613.759131][ T5018] usb 3-1: SerialNumber: syz [ 613.772446][ T5018] usb 3-1: config 0 descriptor?? [ 613.832173][T19862] netlink: 'syz.3.6981': attribute type 10 has an invalid length. [ 613.912035][T19862] team0: Device hsr_slave_0 failed to register rx_handler [ 613.949217][ T5021] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 613.968309][T19859] loop4: detected capacity change from 0 to 4096 [ 614.071752][T19859] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 614.141385][ T5021] usb 2-1: Using ep0 maxpacket: 8 [ 614.151203][ T5021] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 614.190747][ T5021] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 614.225027][ T5021] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 614.263050][ T5021] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 614.326047][ T5021] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 614.363505][ T5021] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 614.387446][ T5018] usb 3-1: USB disconnect, device number 40 [ 614.395391][ T5021] hub 2-1:1.0: bad descriptor, ignoring hub [ 614.414554][ T5021] hub: probe of 2-1:1.0 failed with error -5 [ 614.421546][ C1] ip6_tunnel: ip6tnl2 xmit: Local address not yet configured! [ 614.460430][T19871] netlink: 12 bytes leftover after parsing attributes in process `syz.3.6986'. [ 614.481894][ T5021] cdc_wdm 2-1:1.0: skipping garbage [ 614.487312][ T5021] cdc_wdm 2-1:1.0: skipping garbage [ 614.527084][ T5021] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 614.533749][ T5021] cdc_wdm 2-1:1.0: Unknown control protocol [ 614.600857][ T5021] usb 2-1: USB disconnect, device number 35 [ 615.053509][T19888] loop0: detected capacity change from 0 to 256 [ 615.074893][T19888] exFAT-fs (loop0): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 615.133738][T19892] binder: 19891:19892 ioctl c018620c 200000000080 returned -22 [ 615.187003][T19888] exFAT-fs (loop0): error, invalid access to FAT free cluster (entry 0x00000008) [ 615.226253][T19888] exFAT-fs (loop0): Filesystem has been set read-only [ 615.475016][T19904] overlayfs: option "volatile" is meaningless in a non-upper mount, ignoring it. [ 615.525912][T19904] overlayfs: missing 'lowerdir' [ 615.631872][T19908] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7003'. [ 615.675174][T19910] IPv6: sit2: Disabled Multicast RS [ 616.109244][T19928] kAFS: unable to lookup cell '' [ 616.292459][T19935] netlink: 'syz.4.7016': attribute type 1 has an invalid length. [ 616.371734][T19940] loop2: detected capacity change from 0 to 64 [ 616.416881][T19940] hfs: unable to locate alternate MDB [ 616.439138][T19940] hfs: continuing without an alternate MDB [ 616.496990][ T26] audit: type=1800 audit(2000000413.727:288): pid=19940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.7020" name="file1" dev="loop2" ino=21 res=0 errno=0 [ 616.639798][ T41] [ 616.642206][ T41] ====================================================== [ 616.649441][ T41] WARNING: possible circular locking dependency detected [ 616.656511][ T41] syzkaller #0 Not tainted [ 616.661253][ T41] ------------------------------------------------------ [ 616.668760][ T41] kworker/u4:2/41 is trying to acquire lock: [ 616.675051][ T41] ffff8880566b41f8 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}, at: hfs_extend_file+0xfb/0x13f0 [ 616.686521][ T41] [ 616.686521][ T41] but task is already holding lock: [ 616.694100][ T41] ffff88807cc6c0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 616.703845][ T41] [ 616.703845][ T41] which lock already depends on the new lock. [ 616.703845][ T41] [ 616.714301][ T41] [ 616.714301][ T41] the existing dependency chain (in reverse order) is: [ 616.723539][ T41] [ 616.723539][ T41] -> #1 (&tree->tree_lock/1){+.+.}-{3:3}: [ 616.732010][ T41] __mutex_lock+0x12d/0xaf0 [ 616.737287][ T41] hfs_find_init+0x15b/0x1d0 [ 616.742552][ T41] hfs_extend_file+0x35d/0x13f0 [ 616.748005][ T41] hfs_bmap_reserve+0x103/0x420 [ 616.753530][ T41] hfs_cat_create+0x204/0x8e0 [ 616.758956][ T41] hfs_create+0x62/0xd0 [ 616.763880][ T41] path_openat+0x1181/0x2ee0 [ 616.769120][ T41] do_filp_open+0x1f1/0x430 [ 616.774375][ T41] do_sys_openat2+0x150/0x4b0 [ 616.779727][ T41] __x64_sys_openat+0x135/0x160 [ 616.785181][ T41] do_syscall_64+0x4c/0xa0 [ 616.790171][ T41] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 616.796827][ T41] [ 616.796827][ T41] -> #0 (&HFS_I(tree->inode)->extents_lock){+.+.}-{3:3}: [ 616.806615][ T41] __lock_acquire+0x2d07/0x7d10 [ 616.812041][ T41] lock_acquire+0x1bb/0x4a0 [ 616.817128][ T41] __mutex_lock+0x12d/0xaf0 [ 616.822790][ T41] hfs_extend_file+0xfb/0x13f0 [ 616.828136][ T41] hfs_bmap_reserve+0x103/0x420 [ 616.833563][ T41] __hfs_ext_write_extent+0x1fa/0x470 [ 616.839978][ T41] hfs_ext_write_extent+0x17b/0x200 [ 616.845940][ T41] hfs_write_inode+0xd8/0xa20 [ 616.851197][ T41] __writeback_single_inode+0x75b/0x1160 [ 616.857405][ T41] writeback_sb_inodes+0xb30/0x1850 [ 616.863164][ T41] wb_writeback+0x482/0xd50 [ 616.868222][ T41] wb_workfn+0x423/0xee0 [ 616.873153][ T41] process_one_work+0x8a2/0x1160 [ 616.878809][ T41] worker_thread+0xaa2/0x1270 [ 616.884491][ T41] kthread+0x29d/0x330 [ 616.889128][ T41] ret_from_fork+0x1f/0x30 [ 616.894209][ T41] [ 616.894209][ T41] other info that might help us debug this: [ 616.894209][ T41] [ 616.904737][ T41] Possible unsafe locking scenario: [ 616.904737][ T41] [ 616.912455][ T41] CPU0 CPU1 [ 616.917971][ T41] ---- ---- [ 616.923443][ T41] lock(&tree->tree_lock/1); [ 616.928185][ T41] lock(&HFS_I(tree->inode)->extents_lock); [ 616.937042][ T41] lock(&tree->tree_lock/1); [ 616.944853][ T41] lock(&HFS_I(tree->inode)->extents_lock); [ 616.950874][ T41] [ 616.950874][ T41] *** DEADLOCK *** [ 616.950874][ T41] [ 616.959431][ T41] 3 locks held by kworker/u4:2/41: [ 616.964661][ T41] #0: ffff88801b292138 ((wq_completion)writeback){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 616.975530][ T41] #1: ffffc90000b27d00 ((work_completion)(&(&wb->dwork)->work)){+.+.}-{0:0}, at: process_one_work+0x7b0/0x1160 [ 616.987591][ T41] #2: ffff88807cc6c0b0 (&tree->tree_lock/1){+.+.}-{3:3}, at: hfs_find_init+0x15b/0x1d0 [ 616.997497][ T41] [ 616.997497][ T41] stack backtrace: [ 617.003525][ T41] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 617.010932][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 617.021540][ T41] Workqueue: writeback wb_workfn (flush-7:2) [ 617.027743][ T41] Call Trace: [ 617.031046][ T41] [ 617.033998][ T41] dump_stack_lvl+0x188/0x24e [ 617.038815][ T41] ? load_image+0x400/0x400 [ 617.043448][ T41] ? show_regs_print_info+0x12/0x12 [ 617.048710][ T41] ? print_circular_bug+0x12b/0x1a0 [ 617.053961][ T41] check_noncircular+0x296/0x330 [ 617.059040][ T41] ? look_up_lock_class+0x75/0x140 [ 617.064976][ T41] ? add_chain_block+0x940/0x940 [ 617.069958][ T41] ? lockdep_lock+0xf1/0x1f0 [ 617.074873][ T41] ? unwind_next_frame+0x1880/0x20b0 [ 617.080452][ T41] ? _find_first_zero_bit+0xcf/0x100 [ 617.086062][ T41] __lock_acquire+0x2d07/0x7d10 [ 617.090964][ T41] ? ret_from_fork+0x1f/0x30 [ 617.095594][ T41] ? ret_from_fork+0x1f/0x30 [ 617.100221][ T41] ? verify_lock_unused+0x140/0x140 [ 617.105553][ T41] ? stack_trace_save+0xa6/0xf0 [ 617.110430][ T41] ? stack_trace_snprint+0xf0/0xf0 [ 617.115680][ T41] ? check_noncircular+0x189/0x330 [ 617.120927][ T41] ? add_chain_block+0x940/0x940 [ 617.125919][ T41] lock_acquire+0x1bb/0x4a0 [ 617.130562][ T41] ? hfs_extend_file+0xfb/0x13f0 [ 617.135716][ T41] ? __might_sleep+0xd0/0xd0 [ 617.140423][ T41] ? read_lock_is_recursive+0x10/0x10 [ 617.146373][ T41] __mutex_lock+0x12d/0xaf0 [ 617.151009][ T41] ? hfs_extend_file+0xfb/0x13f0 [ 617.155979][ T41] ? verify_lock_unused+0x140/0x140 [ 617.161419][ T41] ? hfs_extend_file+0xfb/0x13f0 [ 617.166393][ T41] ? mutex_lock_nested+0x10/0x10 [ 617.171636][ T41] ? __stack_depot_save+0x421/0x460 [ 617.176968][ T41] hfs_extend_file+0xfb/0x13f0 [ 617.181865][ T41] ? hfs_ext_write_extent+0x14e/0x200 [ 617.187446][ T41] ? hfs_write_inode+0xd8/0xa20 [ 617.192437][ T41] ? hfs_get_block+0xc50/0xc50 [ 617.197317][ T41] ? trace_raw_output_contention_end+0xd0/0xd0 [ 617.203933][ T41] ? rcu_is_watching+0x11/0xa0 [ 617.208767][ T41] ? trace_contention_end+0x5f/0x170 [ 617.214088][ T41] ? memset+0x1e/0x40 [ 617.218276][ T41] ? hfs_brec_find+0x197/0x500 [ 617.223166][ T41] hfs_bmap_reserve+0x103/0x420 [ 617.228061][ T41] __hfs_ext_write_extent+0x1fa/0x470 [ 617.233502][ T41] hfs_ext_write_extent+0x17b/0x200 [ 617.238844][ T41] ? verify_lock_unused+0x140/0x140 [ 617.244097][ T41] ? hfs_ext_keycmp+0x310/0x310 [ 617.249157][ T41] ? writeback_sb_inodes+0x46b/0x1850 [ 617.254783][ T41] hfs_write_inode+0xd8/0xa20 [ 617.259523][ T41] ? hfs_inode_write_fork+0x1a0/0x1a0 [ 617.265023][ T41] ? __writeback_single_inode+0x4ae/0x1160 [ 617.270972][ T41] ? __lock_acquire+0x7d10/0x7d10 [ 617.276398][ T41] ? do_raw_spin_lock+0x128/0x2f0 [ 617.281636][ T41] ? __rwlock_init+0x140/0x140 [ 617.286515][ T41] __writeback_single_inode+0x75b/0x1160 [ 617.292199][ T41] writeback_sb_inodes+0xb30/0x1850 [ 617.297636][ T41] ? queue_io+0x5a0/0x5a0 [ 617.302005][ T41] ? rcu_is_watching+0x11/0xa0 [ 617.306984][ T41] wb_writeback+0x482/0xd50 [ 617.311617][ T41] ? percpu_ref_tryget+0x250/0x250 [ 617.316950][ T41] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 617.323141][ T41] ? _raw_spin_unlock_irq+0x1f/0x40 [ 617.328895][ T41] wb_workfn+0x423/0xee0 [ 617.333198][ T41] ? inode_wait_for_writeback+0x220/0x220 [ 617.339254][ T41] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 617.345279][ T41] ? read_lock_is_recursive+0x10/0x10 [ 617.350691][ T41] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 617.357140][ T41] ? _raw_spin_unlock+0x40/0x40 [ 617.362214][ T41] ? _raw_spin_unlock_irq+0x1f/0x40 [ 617.367661][ T41] ? process_one_work+0x7b0/0x1160 [ 617.372918][ T41] process_one_work+0x8a2/0x1160 [ 617.378075][ T41] ? worker_detach_from_pool+0x240/0x240 [ 617.383836][ T41] ? _raw_spin_lock_irq+0xb7/0xf0 [ 617.388902][ T41] ? _raw_spin_lock_irqsave+0x100/0x100 [ 617.394740][ T41] ? kthread_data+0x4b/0xc0 [ 617.399278][ T41] worker_thread+0xaa2/0x1270 [ 617.404284][ T41] kthread+0x29d/0x330 [ 617.408379][ T41] ? worker_clr_flags+0x1a0/0x1a0 [ 617.413431][ T41] ? kthread_blkcg+0xd0/0xd0 [ 617.418087][ T41] ret_from_fork+0x1f/0x30 [ 617.422550][ T41] [ 617.476930][ T41] hfs: new node 0 already hashed? [ 617.482679][ T41] ------------[ cut here ]------------ [ 617.488702][ T41] WARNING: CPU: 1 PID: 41 at fs/hfs/bnode.c:520 hfs_bnode_create+0x37a/0x400 [ 617.497994][ T41] Modules linked in: [ 617.501973][ T41] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 617.509417][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 617.519629][ T41] Workqueue: writeback wb_workfn (flush-7:2) [ 617.525867][ T41] RIP: 0010:hfs_bnode_create+0x37a/0x400 [ 617.531668][ T41] Code: ac a2 8a 89 ee e8 26 a9 d6 07 e9 ab fd ff ff e8 1c 4e 37 ff 48 89 df e8 d4 f8 eb 07 48 c7 c7 c0 ac a2 8a 89 ee e8 06 a9 d6 07 <0f> 0b eb b7 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c b7 fc ff ff 4c [ 617.551745][ T41] RSP: 0018:ffffc90000b26e80 EFLAGS: 00010246 [ 617.558102][ T41] RAX: 000000000000001f RBX: ffff88807cc6c0e0 RCX: 7acea82152541500 [ 617.566426][ T41] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 617.574858][ T41] RBP: 0000000000000000 R08: ffffc90000b26b87 R09: 1ffff92000164d70 [ 617.583144][ T41] R10: dffffc0000000000 R11: fffff52000164d71 R12: 0000000000000000 [ 617.591462][ T41] R13: ffff88807cc6c000 R14: ffff88802ef49300 R15: dffffc0000000000 [ 617.599867][ T41] FS: 0000000000000000(0000) GS:ffff8880b8f00000(0000) knlGS:0000000000000000 [ 617.609359][ T41] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 617.616010][ T41] CR2: 00007fb13f5e7158 CR3: 0000000027b31000 CR4: 00000000003506e0 [ 617.624312][ T41] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 617.632730][ T41] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 617.641316][ T41] Call Trace: [ 617.645163][ T41] [ 617.648303][ T41] hfs_bmap_alloc+0x53d/0x5d0 [ 617.653308][ T41] ? hfs_bmap_reserve+0x420/0x420 [ 617.658559][ T41] ? rcu_is_watching+0x11/0xa0 [ 617.663617][ T41] hfs_btree_inc_height+0xfd/0xac0 [ 617.669096][ T41] ? hfs_brec_insert+0x6f6/0xbd0 [ 617.674327][ T41] ? hfs_brec_insert+0xbd0/0xbd0 [ 617.679667][ T41] ? do_raw_spin_unlock+0x11d/0x230 [ 617.684950][ T41] hfs_brec_insert+0x744/0xbd0 [ 617.689814][ T41] ? hfs_brec_keylen+0x350/0x350 [ 617.695071][ T41] __hfs_ext_write_extent+0x2a1/0x470 [ 617.700712][ T41] hfs_ext_write_extent+0x17b/0x200 [ 617.706273][ T41] ? verify_lock_unused+0x140/0x140 [ 617.711675][ T41] ? hfs_ext_keycmp+0x310/0x310 [ 617.716706][ T41] ? writeback_sb_inodes+0x46b/0x1850 [ 617.722380][ T41] hfs_write_inode+0xd8/0xa20 [ 617.727143][ T41] ? hfs_inode_write_fork+0x1a0/0x1a0 [ 617.732848][ T41] ? __writeback_single_inode+0x4ae/0x1160 [ 617.738907][ T41] ? __lock_acquire+0x7d10/0x7d10 [ 617.744254][ T41] ? do_raw_spin_lock+0x128/0x2f0 [ 617.749369][ T41] ? __rwlock_init+0x140/0x140 [ 617.754302][ T41] __writeback_single_inode+0x75b/0x1160 [ 617.760110][ T41] writeback_sb_inodes+0xb30/0x1850 [ 617.765492][ T41] ? queue_io+0x5a0/0x5a0 [ 617.770205][ T41] ? rcu_is_watching+0x11/0xa0 [ 617.775142][ T41] wb_writeback+0x482/0xd50 [ 617.779905][ T41] ? percpu_ref_tryget+0x250/0x250 [ 617.785208][ T41] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 617.791415][ T41] ? _raw_spin_unlock_irq+0x1f/0x40 [ 617.796780][ T41] wb_workfn+0x423/0xee0 [ 617.801161][ T41] ? inode_wait_for_writeback+0x220/0x220 [ 617.806983][ T41] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 617.813173][ T41] ? read_lock_is_recursive+0x10/0x10 [ 617.818608][ T41] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 617.824617][ T41] ? _raw_spin_unlock+0x40/0x40 [ 617.829640][ T41] ? _raw_spin_unlock_irq+0x1f/0x40 [ 617.834976][ T41] ? process_one_work+0x7b0/0x1160 [ 617.840165][ T41] process_one_work+0x8a2/0x1160 [ 617.845341][ T41] ? worker_detach_from_pool+0x240/0x240 [ 617.851097][ T41] ? _raw_spin_lock_irq+0xb7/0xf0 [ 617.856196][ T41] ? _raw_spin_lock_irqsave+0x100/0x100 [ 617.861908][ T41] ? kthread_data+0x4b/0xc0 [ 617.866496][ T41] worker_thread+0xaa2/0x1270 [ 617.871396][ T41] kthread+0x29d/0x330 [ 617.875565][ T41] ? worker_clr_flags+0x1a0/0x1a0 [ 617.880759][ T41] ? kthread_blkcg+0xd0/0xd0 [ 617.885404][ T41] ret_from_fork+0x1f/0x30 [ 617.890178][ T41] [ 617.893299][ T41] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 617.900697][ T41] CPU: 1 PID: 41 Comm: kworker/u4:2 Not tainted syzkaller #0 [ 617.908092][ T41] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 617.918175][ T41] Workqueue: writeback wb_workfn (flush-7:2) [ 617.924217][ T41] Call Trace: [ 617.927863][ T41] [ 617.930823][ T41] dump_stack_lvl+0x188/0x24e [ 617.935539][ T41] ? memcpy+0x3c/0x60 [ 617.939855][ T41] ? show_regs_print_info+0x12/0x12 [ 617.945233][ T41] ? load_image+0x400/0x400 [ 617.949870][ T41] panic+0x2e5/0x730 [ 617.953824][ T41] ? bpf_jit_dump+0xd0/0xd0 [ 617.958747][ T41] ? ret_from_fork+0x1f/0x30 [ 617.963389][ T41] __warn+0x2f8/0x4f0 [ 617.967407][ T41] ? hfs_bnode_create+0x37a/0x400 [ 617.972473][ T41] ? hfs_bnode_create+0x37a/0x400 [ 617.977529][ T41] report_bug+0x2ba/0x4f0 [ 617.981905][ T41] ? hfs_bnode_create+0x37a/0x400 [ 617.986998][ T41] handle_bug+0x3a/0x70 [ 617.991203][ T41] exc_invalid_op+0x16/0x40 [ 617.995756][ T41] asm_exc_invalid_op+0x16/0x20 [ 618.000642][ T41] RIP: 0010:hfs_bnode_create+0x37a/0x400 [ 618.006316][ T41] Code: ac a2 8a 89 ee e8 26 a9 d6 07 e9 ab fd ff ff e8 1c 4e 37 ff 48 89 df e8 d4 f8 eb 07 48 c7 c7 c0 ac a2 8a 89 ee e8 06 a9 d6 07 <0f> 0b eb b7 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c b7 fc ff ff 4c [ 618.026223][ T41] RSP: 0018:ffffc90000b26e80 EFLAGS: 00010246 [ 618.032668][ T41] RAX: 000000000000001f RBX: ffff88807cc6c0e0 RCX: 7acea82152541500 [ 618.040937][ T41] RDX: 0000000000000000 RSI: 0000000080000000 RDI: 0000000000000000 [ 618.049023][ T41] RBP: 0000000000000000 R08: ffffc90000b26b87 R09: 1ffff92000164d70 [ 618.057197][ T41] R10: dffffc0000000000 R11: fffff52000164d71 R12: 0000000000000000 [ 618.065366][ T41] R13: ffff88807cc6c000 R14: ffff88802ef49300 R15: dffffc0000000000 [ 618.073369][ T41] hfs_bmap_alloc+0x53d/0x5d0 [ 618.078098][ T41] ? hfs_bmap_reserve+0x420/0x420 [ 618.083158][ T41] ? rcu_is_watching+0x11/0xa0 [ 618.087954][ T41] hfs_btree_inc_height+0xfd/0xac0 [ 618.093187][ T41] ? hfs_brec_insert+0x6f6/0xbd0 [ 618.098161][ T41] ? hfs_brec_insert+0xbd0/0xbd0 [ 618.103165][ T41] ? do_raw_spin_unlock+0x11d/0x230 [ 618.108583][ T41] hfs_brec_insert+0x744/0xbd0 [ 618.113512][ T41] ? hfs_brec_keylen+0x350/0x350 [ 618.118502][ T41] __hfs_ext_write_extent+0x2a1/0x470 [ 618.123935][ T41] hfs_ext_write_extent+0x17b/0x200 [ 618.129260][ T41] ? verify_lock_unused+0x140/0x140 [ 618.134644][ T41] ? hfs_ext_keycmp+0x310/0x310 [ 618.139654][ T41] ? writeback_sb_inodes+0x46b/0x1850 [ 618.145444][ T41] hfs_write_inode+0xd8/0xa20 [ 618.150253][ T41] ? hfs_inode_write_fork+0x1a0/0x1a0 [ 618.155695][ T41] ? __writeback_single_inode+0x4ae/0x1160 [ 618.161853][ T41] ? __lock_acquire+0x7d10/0x7d10 [ 618.167033][ T41] ? do_raw_spin_lock+0x128/0x2f0 [ 618.172354][ T41] ? __rwlock_init+0x140/0x140 [ 618.177174][ T41] __writeback_single_inode+0x75b/0x1160 [ 618.182851][ T41] writeback_sb_inodes+0xb30/0x1850 [ 618.188441][ T41] ? queue_io+0x5a0/0x5a0 [ 618.192909][ T41] ? rcu_is_watching+0x11/0xa0 [ 618.197829][ T41] wb_writeback+0x482/0xd50 [ 618.202384][ T41] ? percpu_ref_tryget+0x250/0x250 [ 618.207636][ T41] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 618.213677][ T41] ? _raw_spin_unlock_irq+0x1f/0x40 [ 618.218991][ T41] wb_workfn+0x423/0xee0 [ 618.223280][ T41] ? inode_wait_for_writeback+0x220/0x220 [ 618.229229][ T41] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 618.235396][ T41] ? read_lock_is_recursive+0x10/0x10 [ 618.241134][ T41] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 618.247205][ T41] ? _raw_spin_unlock+0x40/0x40 [ 618.252749][ T41] ? _raw_spin_unlock_irq+0x1f/0x40 [ 618.257998][ T41] ? process_one_work+0x7b0/0x1160 [ 618.263226][ T41] process_one_work+0x8a2/0x1160 [ 618.268199][ T41] ? worker_detach_from_pool+0x240/0x240 [ 618.273864][ T41] ? _raw_spin_lock_irq+0xb7/0xf0 [ 618.278929][ T41] ? _raw_spin_lock_irqsave+0x100/0x100 [ 618.284592][ T41] ? kthread_data+0x4b/0xc0 [ 618.289504][ T41] worker_thread+0xaa2/0x1270 [ 618.294266][ T41] kthread+0x29d/0x330 [ 618.298661][ T41] ? worker_clr_flags+0x1a0/0x1a0 [ 618.303740][ T41] ? kthread_blkcg+0xd0/0xd0 [ 618.308454][ T41] ret_from_fork+0x1f/0x30 [ 618.313017][ T41] [ 618.316667][ T41] Kernel Offset: disabled [ 618.321145][ T41] Rebooting in 86400 seconds..