last executing test programs: 34.235229751s ago: executing program 2 (id=1433): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000280)={'bridge0\x00', &(0x7f0000001100)=@ethtool_gstrings={0x1b, 0x5, 0x1, 'c'}}) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000280)={'bridge0\x00', 0x0}) 34.201087693s ago: executing program 2 (id=1435): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_ep_write(r0, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f0000000440)={0x20, 0x18, 0x3, "58e518"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) read$char_usb(r1, 0x0, 0x0) 34.05127459s ago: executing program 4 (id=1437): mkdir(&(0x7f0000000000)='./file0\x00', 0x0) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="1500000065ffff018000000800395032303030"], 0x15) write$P9_RLERRORu(r1, &(0x7f00000000c0)=ANY=[@ANYBLOB='S\x00\x00\x00\a\x00\x00F\x00', @ANYRES16, @ANYBLOB="2e63d62c698a8ee9098d511fd79b99be"], 0x53) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x2004000, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[], [], 0x6b}}) 33.873761907s ago: executing program 4 (id=1440): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0xf, {[@main=@item_4={0x3, 0x0, 0x8, '\t\x00'}, @local=@item_4={0x3, 0x2, 0x0, "112000"}, @main=@item_4={0x3, 0x0, 0xb, "7488dffc"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGFIELDINFO(r1, 0xc038480a, &(0x7f00000000c0)={0x1, 0x200, 0x3, 0x9, 0x9, 0x3b8, 0x3, 0x5, 0x60276b45, 0x1, 0xff, 0x5, 0x8, 0xfffffffc}) 33.623105897s ago: executing program 3 (id=1446): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='smaps\x00') syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000100)={'syztnl1\x00', 0x0}) read$FUSE(r0, &(0x7f0000000640)={0x2020}, 0x2020) 33.517042802s ago: executing program 1 (id=1450): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x10, &(0x7f0000000100)={[{@dioread_lock}]}, 0x5, 0x7e5, &(0x7f00000018c0)="$eJzs3ctrW9kZAPDvyvKjTlK7UGjSlaHQGoLlOnWTFrpI6aIUGgi06yZCVkxq2QqWHGJjSEMpdFNoQxeFdpN12qa7btuZ7cy/MLMZhiEhM+OESZjF4OHqEcu25MgZWZqJfz+49jn3oXO++zj3yPdwHcCxNZX+yESciYg/JxETjflJRAzXUtmIi/X1nm1tFtIpie3tX32U1NZ5urVZiJZtYnw8TjQypyPijT9EnM3sL7eyvrGUL5WKq438bHX5xmxlfWPm+nJ+sbhYXDk/Nz9/7sIPL4z2LtZP3t44+egvP//evy9++vtvPfjTm0lcjJONZa1x9MpUTNX3SQynu3CXn/W6sAFLBl0BXkl6aQ7Vr/I4ExPZGOl+2+xRVgwAODK3I2IbADhmEvd/ADhmmn8HeLq1WUin7duD/XtEvz3+aUSM1eNvPt+sL8k2ntmN1Z6Djj9Ndj3vSCJisgflT0XEP/77m3+mUxzRc0iAdn53JyKuTk412/+d9ifZN2ahrvsBGd9vJg4YHDC1J6/9g/75X9r/+dFO/2/n+su86P9Em/7PaJtr91VMxe4RJ/uv/8zDHhTTUdr/+8nwzti2Zy3xN0wONXKnan2+4eTa9VIxbdu+HhHTMTya5ufaf3xteNn0k8+e7JrbEnFr/+/ju7+9n5af/t5ZI/Mwu6fJXchX872IPfX4TsS3s+3iT14c/6RD//dyl2X84sd//HunZWn8abzNaXf8Rz+qbPtexHejffxNyUHjE8/P1k6H2eZJ0cZ/3vvbeKfyW49/OqXl178LnOp9sG2kx3/84Pgnk9bxmpXDl/HWvYn/d1rWOf6m9uf/SPLrWrp5Kd3KV6urcxEjyS/3zz+3s20z31w/jX/6O+2v/4PO//Q74dUu488++vBfL42/OWNf/A1jXRZ2SGn8C4c6/m0T6VfhDovypQfPloY6ld/d8Z9PE0PTjTndtH8da5ovlUZa1nnlHQcAAAAAAAAAAAAAAAAAAAAAAAAAh5CpvaQ0yeRepDOZXC5q/8P7mzGeKZUr1bPXymsrC/WXmU7G8GhE1F51OdHyPtS5xvvwm/lze/I/iIhvRMRfR79Wy+cK5dLCoIMHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIYTHf7/f+qD0frv5wOtIQBwJMZeusaTYl8qAgD0zcvv/xExevT1AAD6p6v7PwDwWnH/B4DjZywz6BoAAP02FpEddB0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4rV2+dCmdtp9vbRbS/MLN9bWl8s2ZhWJlKbe8VsgVyqs3covl8mKpmCuUl1s2fafd55XK5RvzsbJ2a7ZarFRnK+sbV5bLayvVK9eX84vFK8XhvkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAN2rrG8s5Uul4mojcX88YvecPiWGGhXq5SfPnOx3FP1IbE/U99SXpT49T4ztnfP+zLunD9rq7r7TWOILJwbZKgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB8dXweAAD//9GqGUs=") syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000100)='./bus\x00', 0x1f81ca7, 0x0, 0x83, 0x0, &(0x7f0000000080)) chdir(&(0x7f0000000140)='./bus\x00') r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff) pwritev2(r0, &(0x7f0000009900)=[{0x0}, {&(0x7f0000000580)="4926029ead1291a2c245d55c950afb8941479296fece505f1a6b372411ffe0d0522b24d208cb3c612bcb3b826ee4a580ce5d47f3b81a56504483219286ef41ae0b86c8e73e2751a9dfe3d1a93e6e5965b6fe202c05bb71120345e672ec60e875cbd4f15f682a", 0x66}, {0x0}, {0x0}], 0x4, 0x8, 0x1, 0x9) 33.458731254s ago: executing program 3 (id=1451): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000003c0)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e21, @private=0xa010101}]}, &(0x7f0000000240)=0x10) getsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000040)={r2, 0x2, 0x7ff}, 0x8) 33.232095834s ago: executing program 1 (id=1453): r0 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'veth0_macvtap\x00', 0x0}) r2 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r1, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=@newqdisc={0x34, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffbffff, {0x0, 0x0, 0x0, r1, {0x0, 0x8}, {0xffe0, 0xffff}, {0xc, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20044001}, 0x10) 32.999121174s ago: executing program 1 (id=1454): socket$rds(0x15, 0x5, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) bind$inet(r0, &(0x7f0000000340)={0x2, 0x5e23, @loopback}, 0x10) r1 = socket(0x15, 0x5, 0x0) getsockopt(r1, 0x200000000114, 0x2716, &(0x7f0000c35fff)=""/1, &(0x7f0000000000)=0xf002) 32.946474176s ago: executing program 1 (id=1455): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x4c, r0, 0x1, 0xffffffff, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2c}}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x4c}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) 32.905220518s ago: executing program 1 (id=1456): mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0) syz_mount_image$fuse(0x0, 0x0, 0x400a8, 0x0, 0x5, 0x0, 0x0) symlinkat(0x0, 0xffffffffffffff9c, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@redirect_dir_nofollow}, {@nfs_export_on}, {@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 32.840651741s ago: executing program 1 (id=1458): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x40081, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480), 0x2004888, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 31.878095352s ago: executing program 2 (id=1459): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000540)={0x26, 'hash\x00', 0x0, 0x0, 'nhpoly1305\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="8a", 0x440) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f00000032c0)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000000c0)="58630d2ba9eddc1a7f0d1ec40d9b203a09389c653bb35e1909e6bacd6976b3875518f7f28abf9ec64d51fa418a46a2a1452c51c5010b92066a423c65e8d77dbf", 0x40}, {&(0x7f0000000200)='T', 0x1}], 0x2, 0x0, 0x0, 0x4000000}], 0x1, 0x4040) 31.877922882s ago: executing program 3 (id=1460): mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x2000001, 0x6031, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ceb000/0x2000)=nil, 0x2000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) mremap(&(0x7f0000e1b000/0x4000)=nil, 0x4000, 0x4000, 0x3, &(0x7f00007b5000/0x4000)=nil) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) munlockall() 31.821148544s ago: executing program 4 (id=1461): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x13) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000340)=0x6) ioctl$TCSETSW2(r0, 0x402c542c, &(0x7f00000000c0)={0xffffffc2, 0x0, 0xcf, 0xffffffff, 0x5, "0c411be01fbcd2b7cb366b00", 0x1004, 0xffffffff}) write(r0, 0x0, 0x0) 31.702625109s ago: executing program 2 (id=1462): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x80000001, @mcast2}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000040)={0x1, {{0xa, 0x4e24, 0x2, @mcast1, 0x1}}}, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0x42, &(0x7f0000000380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) 31.643231572s ago: executing program 4 (id=1464): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0xa2201, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000140)={{0xffff0000, 0x2000, 0xf000, 0x9, 0x80, 0xb, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0x6002, 0xd000, 0x13, 0x3, 0x3, 0x7, 0x6, 0x6, 0x1, 0x4, 0x0, 0xe}, {0xeffd, 0x8000000, 0x4, 0x4, 0x10, 0x81, 0x4, 0x13, 0x5, 0xe, 0x92, 0x80}, {0x100000, 0x4, 0xe, 0x7, 0x1, 0x40, 0x2, 0x0, 0xfd, 0x29, 0x9, 0x9}, {0x80a0000, 0xdddd0000, 0xf, 0x9, 0x80, 0x2, 0xfd, 0xf1, 0x1, 0x6e, 0x2, 0x8}, {0x4000, 0xdddd1000, 0xe, 0x2, 0xaa, 0x2, 0x5, 0x5, 0x1, 0xe, 0x6, 0x3}, {0xdddd0000, 0x10000, 0xb, 0x0, 0xcd, 0x5, 0x5, 0x26, 0x8, 0xcd, 0xff, 0x6}, {0x1, 0xf000, 0xd, 0xe, 0x13, 0x40, 0xff, 0x0, 0x7f, 0x1, 0xf, 0x8}, {0x100000, 0x5}, {0x80a0000, 0xff81}, 0x80000003, 0x0, 0x2, 0x1a1, 0x5, 0x900, 0x8000900, 0x1, [0xb, 0x2, 0x3, 0x3]}) 31.612846113s ago: executing program 2 (id=1466): syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x21008, 0x0, 0x0, 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180), 0x400, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00') 31.546108856s ago: executing program 2 (id=1467): socket(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback={0x0, 0x7ffffffff000}, 0x800, 0x0, 0x3, 0xa, 0x600, 0x8}, 0x20) syz_open_dev$evdev(&(0x7f0000000000), 0x20000000, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYBLOB="6e0174d71c2fe2fb"], 0x0) 31.46333743s ago: executing program 4 (id=1468): r0 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$IPVS_CMD_NEW_SERVICE(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000006c0)={0x4c, r0, 0x1, 0xffffffff, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_SERVICE={0x38, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0xa}, @IPVS_SVC_ATTR_SCHED_NAME={0x7, 0x6, 'sh\x00'}, @IPVS_SVC_ATTR_NETMASK={0x8, 0x9, 0x64}, @IPVS_SVC_ATTR_FLAGS={0xc, 0x7, {0x2c}}, @IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x1}]}]}, 0x4c}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICES(r2, 0x0, 0x482, &(0x7f0000001640)=""/139, &(0x7f0000000100)=0x8) 31.438665421s ago: executing program 4 (id=1469): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xe, 0x3, 0x1, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newqdisc={0x138, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x108, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acd06103cd77bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}]}}]}, 0x138}, 0x1, 0x0, 0x0, 0x845}, 0x24008004) 31.2226223s ago: executing program 3 (id=1473): r0 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x3000000000000) r1 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) close(r1) 31.097249965s ago: executing program 3 (id=1475): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6) write(r0, &(0x7f0000000340)="0a000300010000", 0x7) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000300)=0x5876, 0x4) recvmmsg(r0, &(0x7f0000000a40)=[{{0x0, 0x0, 0x0}, 0x5}], 0x1, 0x10040, 0x0) 31.057459597s ago: executing program 3 (id=1476): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x94, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x5e, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0xfffffffffffffffe, @default, 0x911, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x4}, @val={0x4, 0x6, {0xf0, 0x4, 0x7f, 0xa706}}, @void, @val={0x5, 0x3, {0x58, 0xe0, 0x7}}, @val={0x25, 0x3, {0x4, 0x95}}, @val={0x2a, 0x1, {0x0, 0x1}}, @val={0x3c, 0x4, {0x0, 0xd, 0x3, 0x7}}, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x10, 0xf0, 0x42, 0x9}}}}, @NL80211_ATTR_IE_PROBE_RESP={0x4}, @NL80211_ATTR_IE_ASSOC_RESP={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x100}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000045}, 0x0) 17.579483361s ago: executing program 32 (id=1458): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x40081, 0x0) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4, r0}) r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000480), 0x2004888, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 17.063214283s ago: executing program 0 (id=1480): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000f40)=ANY=[@ANYBLOB="12010000dc3f6e4013080100083a000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000008c0)={0x84, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000280)={0x44, &(0x7f0000000080)=ANY=[@ANYBLOB="400b1f00000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000240)={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 16.532263175s ago: executing program 0 (id=1481): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000c00)={0x1, 0x0, @ioapic={0xa000, 0x7, 0x1, 0x9, 0x0, [{0x40, 0xc, 0xf, '\x00', 0x5}, {0x3, 0x9, 0x67, '\x00', 0x8}, {0xc, 0x2, 0xc, '\x00', 0x8}, {0xf, 0x7, 0x8, '\x00', 0xc}, {0x3, 0x6, 0x6, '\x00', 0x7}, {0x1, 0x1, 0x2, '\x00', 0x40}, {0x7f, 0x2, 0xee, '\x00', 0x5}, {0x5, 0x6, 0x0, '\x00', 0x5}, {0xb, 0x4, 0x0, '\x00', 0x8}, {0x6, 0x3, 0x27, '\x00', 0x5}, {0x7, 0x58, 0x6, '\x00', 0x2}, {0xff, 0xa0, 0x80, '\x00', 0x8}, {0xe, 0xfa, 0x10}, {0x84, 0x40}, {0x3, 0x4, 0x94, '\x00', 0x7}, {0x2, 0x81, 0x7, '\x00', 0xe5}, {0x4, 0x8, 0xe, '\x00', 0x8}, {0x7, 0x8, 0x1, '\x00', 0x1}, {0x6, 0xe, 0x85, '\x00', 0x83}, {0x82, 0x7, 0x9}, {0xbe, 0x6, 0x8, '\x00', 0x9a}, {0x19, 0xfe, 0x4, '\x00', 0x6}, {0x5, 0x3, 0x6, '\x00', 0x2}, {0x2, 0x3, 0x7, '\x00', 0x8}]}}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000009c0)={0x0, 0x0, @pic={0x6, 0xe4, 0x62, 0x4, 0xf2, 0xf, 0x5, 0x1, 0x2, 0xfe, 0x64, 0x2, 0xb6, 0x6, 0x0, 0x1}}) 16.505624127s ago: executing program 33 (id=1467): socket(0x10, 0x3, 0x0) r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000140)={@loopback={0x0, 0x7ffffffff000}, 0x800, 0x0, 0x3, 0xa, 0x600, 0x8}, 0x20) syz_open_dev$evdev(&(0x7f0000000000), 0x20000000, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYBLOB="6e0174d71c2fe2fb"], 0x0) 16.491302897s ago: executing program 0 (id=1483): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x8ab43, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, 0x0) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, 0xfffffffffffffffd) 16.085403014s ago: executing program 34 (id=1469): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x14, 0x2, [@TCA_GRED_DPS={0x10, 0x3, {0xe, 0x3, 0x1, 0x1}}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x51}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000700)=@newqdisc={0x138, 0x24, 0xd0f, 0x200000, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_gred={{0x9}, {0x108, 0x2, [@TCA_GRED_STAB={0x104, 0x2, "abcc61b4e508c02286f1bafc7a22c407a52b0e13291c865d493f15736245f220cd4e40006df455836aa3bd3aaa2c9b95578719c46f89e01798d28b6d63cf7465ea95bd97b018b7afaccdcb28bb42d677b73c44e790f0875fb4b795ca95b7dd712d2c5d69945535f92f74a71236743acd06103cd77bd07f2df5989ee40e409b077cc85e96554beb53c986a216051bd5979a8cfcfe9f98be58ffcf44f6cfda8579dbaedceee578bfd1fb554b6e185e9315425ef0a3fc69d17ede93fc7c46357990f7acfdb8216ea52f604b9f12033688caa4b04adecfc926b3f6ca25bcb5432905e3f30ccbf10cf0f2d00858ba2bbd2702b8d4a7a7c744fbaa2fa35b1c586020d6"}]}}]}, 0x138}, 0x1, 0x0, 0x0, 0x845}, 0x24008004) 15.613350645s ago: executing program 0 (id=1485): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000040)={0x26, 'hash\x00', 0x0, 0x0, 'streebog256\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x800) r2 = openat$procfs(0xffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x3f00) 15.587625766s ago: executing program 35 (id=1476): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x94, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x5e, 0xe, {{{}, {}, @broadcast, @device_a, @from_mac=@broadcast}, 0xfffffffffffffffe, @default, 0x911, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x4}, @val={0x4, 0x6, {0xf0, 0x4, 0x7f, 0xa706}}, @void, @val={0x5, 0x3, {0x58, 0xe0, 0x7}}, @val={0x25, 0x3, {0x4, 0x95}}, @val={0x2a, 0x1, {0x0, 0x1}}, @val={0x3c, 0x4, {0x0, 0xd, 0x3, 0x7}}, @void, @val={0x72, 0x6}, @void, @val={0x76, 0x6, {0x10, 0xf0, 0x42, 0x9}}}}, @NL80211_ATTR_IE_PROBE_RESP={0x4}, @NL80211_ATTR_IE_ASSOC_RESP={0x4}], @NL80211_ATTR_BEACON_INTERVAL={0x8, 0xc, @random=0x4}, @NL80211_ATTR_DTIM_PERIOD={0x8, 0xd, 0x100}]}, 0x94}, 0x1, 0x0, 0x0, 0x20000045}, 0x0) 15.551403677s ago: executing program 0 (id=1487): r0 = syz_open_dev$vim2m(&(0x7f0000002c80), 0x3, 0x2) r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x108000) ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000180)={0x8, 0x1, 0x2}) ioctl$vim2m_VIDIOC_PREPARE_BUF(r0, 0xc058565d, &(0x7f0000002dc0)=@userptr={0x2, 0x1, 0x4, 0x0, 0x1, {0x77359400}, {0x1, 0xc, 0x9, 0xc, 0x3, 0x8, "c12400"}, 0x3, 0x2, {&(0x7f00000002c0)}, 0x96000}) 15.49703912s ago: executing program 0 (id=1488): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007"], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYRES32=r2], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0) 0s ago: executing program 36 (id=1488): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="3400000013000100000000000000000007"], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYRES32=r2], 0x34}, 0x1, 0x0, 0x0, 0x60}, 0x0) kernel console output (not intermixed with test programs): timizations [ 84.537586][ T13] usb 3-1: selecting invalid altsetting 0 [ 84.551889][ T13] usbtest: probe of 3-1:220.1 failed with error -22 [ 84.606495][ T13] usb 3-1: USB disconnect, device number 3 [ 84.625268][ T26] audit: type=1800 audit(1778578404.448:5): pid=4658 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.161" name="file1" dev="loop1" ino=260 res=0 errno=0 [ 84.942019][ T4257] wacom 0003:056A:0000.0004: Unknown device_type for 'HID 056a:0000'. Assuming pen. [ 85.014111][ T4257] wacom 0003:056A:0000.0004: hidraw0: USB HID v0.00 Device [HID 056a:0000] on usb-dummy_hcd.4-1/input0 [ 85.049014][ T4693] loop2: detected capacity change from 0 to 512 [ 85.061283][ T4257] input: Wacom Penpartner Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:0000.0004/input/input5 [ 85.136416][ T4264] usb 4-1: USB disconnect, device number 2 [ 85.168782][ T4264] f81534a_ctrl 4-1:117.163: failed to set register 0x116: -19 [ 85.205227][ T4257] usb 5-1: USB disconnect, device number 2 [ 85.210740][ T4264] f81534a_ctrl 4-1:117.163: failed to enable ports: -19 [ 85.222847][ T4693] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,grpquota,,errors=continue. Quota mode: writeback. [ 85.241264][ T4693] ext4 filesystem being mounted at /33/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 85.335456][ T4696] fido_id[4696]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/5-1/report_descriptor': No such file or directory [ 85.618589][ T4688] loop0: detected capacity change from 0 to 32768 [ 85.803855][ T4688] JBD2: Ignoring recovery information on journal [ 85.989654][ T4711] input: syz0 as /devices/virtual/input/input8 [ 86.034176][ T4688] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 86.266073][ T4195] ocfs2: Unmounting device (7,0) on (node local) [ 86.412038][ T4704] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 86.457774][ T4707] loop3: detected capacity change from 0 to 40427 [ 86.478786][ T4707] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 86.479435][ T4707] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 86.503516][ T4707] F2FS-fs (loop3): invalid crc_offset: 33558524 [ 86.530422][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 86.560640][ T4707] F2FS-fs (loop3): Found nat_bits in checkpoint [ 86.568941][ T4728] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 86.569224][ C0] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 86.693470][ T7] cfg80211: failed to load regulatory.db [ 86.777524][ T23] usb 2-1: Using ep0 maxpacket: 32 [ 86.796500][ T4707] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 86.821203][ T4707] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 86.901649][ T23] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 86.915034][ T23] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 86.950460][ T23] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 86.988506][ T23] usb 2-1: config 1 has no interface number 0 [ 86.995207][ T4704] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 87.010772][ T23] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 87.023323][ T4704] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.023352][ T4704] usb 5-1: Product: syz [ 87.039916][ T23] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 87.053131][ T4704] usb 5-1: Manufacturer: syz [ 87.058155][ T23] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 87.058338][ T4704] usb 5-1: SerialNumber: syz [ 87.074261][ T23] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.133883][ T23] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 87.351549][ T23] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now attached [ 87.786542][ T4742] loop2: detected capacity change from 0 to 32768 [ 87.828996][ T4704] rtl8150 5-1:1.0: eth1: rtl8150 is detected [ 87.900521][ T4742] JBD2: Ignoring recovery information on journal [ 88.033344][ T4742] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 88.043243][ T4704] usb 5-1: USB disconnect, device number 3 [ 88.335716][ T4191] ocfs2: Unmounting device (7,2) on (node local) [ 88.380227][ T23] snd_usb_pod 2-1:1.1: line6_send_raw_message_async_part: usb_submit_urb failed (-22) [ 88.847764][ T4786] netlink: 16 bytes leftover after parsing attributes in process `syz.4.200'. [ 89.235599][ T4810] loop0: detected capacity change from 0 to 256 [ 89.270100][ T4231] usb 2-1: USB disconnect, device number 4 [ 89.308776][ T4231] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 89.350505][ T23] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 89.359710][ T4810] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xbe675ead, utbl_chksum : 0xe619d30d) [ 89.474067][ T4817] loop1: detected capacity change from 0 to 128 [ 89.500727][ T4817] EXT4-fs (loop1): Test dummy encryption mode enabled [ 89.529752][ T4817] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a806c018, mo2=0042] [ 89.555018][ T4817] System zones: 1-3, 19-19, 35-36 [ 89.583370][ T4817] EXT4-fs (loop1): mounted filesystem without journal. Opts: debug,nolazytime,dax=inode,jqfmt=vfsv0,dioread_lock,usrjquota=.,test_dummy_encryption,,errors=continue. Quota mode: writeback. [ 89.603023][ T23] usb 4-1: Using ep0 maxpacket: 32 [ 89.613451][ T4817] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 89.662702][ T4826] loop2: detected capacity change from 0 to 512 [ 89.704452][ T4826] EXT4-fs (loop2): Test dummy encryption mode enabled [ 89.713273][ T4826] EXT4-fs (loop2): Ignoring removed oldalloc option [ 89.721064][ T23] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 89.729229][ T23] usb 4-1: config 0 has no interface number 0 [ 89.737447][ T4817] EXT4-fs (loop1): re-mounted. Opts: . Quota mode: writeback. [ 89.768214][ T4826] EXT4-fs (loop2): mounted filesystem without journal. Opts: test_dummy_encryption=v1,acl,oldalloc,debug_want_extra_isize=0x0000000000000008,,errors=continue. Quota mode: writeback. [ 89.900890][ T23] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=93.d8 [ 89.910009][ T23] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.933183][ T23] usb 4-1: Product: syz [ 89.937499][ T23] usb 4-1: Manufacturer: syz [ 89.942618][ T23] usb 4-1: SerialNumber: syz [ 89.949277][ T23] usb 4-1: config 0 descriptor?? [ 89.969531][ T4833] option changes via remount are deprecated (pid=4832 comm=syz.4.219) [ 89.986430][ T4833] cgroup: option or name mismatch, new: 0x10 "", old: 0x0 "" [ 89.995162][ T23] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 90.014088][ T23] usb 4-1: selecting invalid altsetting 1 [ 90.020087][ T23] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 90.031033][ T23] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 90.060714][ T23] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 90.069525][ T23] usb 4-1: media controller created [ 90.099899][ T23] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 90.245610][ T4844] netlink: 4 bytes leftover after parsing attributes in process `syz.4.223'. [ 90.275976][ T4231] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 90.359200][ T4847] process 'syz.4.224' launched '/dev/fd/3' with NULL argv: empty string added [ 90.533811][ T4231] usb 2-1: Using ep0 maxpacket: 8 [ 90.568465][ T4853] device wlan1 entered promiscuous mode [ 90.581499][ T4853] batman_adv: batadv0: Adding interface: macvtap1 [ 90.588151][ T4853] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 90.614811][ T4853] batman_adv: batadv0: Interface activated: macvtap1 [ 90.670749][ T4231] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 90.692476][ T4231] usb 2-1: config 179 has no interface number 0 [ 90.707743][ T4231] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 90.747814][ T4231] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 90.760687][ T4231] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 90.774068][ T4231] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 90.786025][ T4231] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 90.800272][ T4231] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 90.816819][ T4231] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 90.840709][ T4831] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 91.051444][ T4873] loop2: detected capacity change from 0 to 512 [ 91.112224][ T4875] loop4: detected capacity change from 0 to 64 [ 91.120181][ T4873] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 91.160032][ T4231] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input9 [ 91.193969][ T23] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 91.202568][ T23] zl10353_read_register: readreg error (reg=127, ret==-110) [ 91.220584][ T23] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-71 [ 91.255211][ T23] usb 4-1: USB disconnect, device number 3 [ 91.295290][ T4873] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,commit=0x0000000000000005,nomblk_io_submit,noload,nodelalloc,,errors=continue. Quota mode: writeback. [ 91.346354][ T7] usb 2-1: USB disconnect, device number 5 [ 91.350616][ C1] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 91.361136][ C1] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 91.376441][ T7] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 91.408139][ T4873] ext4 filesystem being mounted at /53/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 91.962620][ T4893] loop3: detected capacity change from 0 to 256 [ 92.058730][ T4893] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 92.094800][ T4893] exFAT-fs (loop3): Medium has reported failures. Some data may be lost. [ 92.156561][ T4893] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d) [ 92.183991][ T4904] loop2: detected capacity change from 0 to 64 [ 92.283191][ T4904] hfs: inconsistency in B*Tree (-1,0,2,3,0) [ 92.289511][ T4904] hfs: get root inode failed [ 92.377468][ T4911] loop1: detected capacity change from 0 to 512 [ 92.445330][ T4686] udevd[4686]: inotify_add_watch(7, /dev/loop3, 10) failed: No such file or directory [ 92.506847][ T4911] EXT4-fs (loop1): Ignoring removed nobh option [ 92.559775][ T4911] EXT4-fs (loop1): Ignoring removed orlov option [ 92.612553][ T4685] udevd[4685]: inotify_add_watch(7, /dev/loop3, 10) failed: No such file or directory [ 92.687332][ T4911] EXT4-fs error (device loop1): __ext4_iget:4919: inode #11: block 1: comm syz.1.251: invalid block [ 92.739012][ T4924] loop2: detected capacity change from 0 to 512 [ 92.772983][ T4911] EXT4-fs error (device loop1): ext4_orphan_get:1411: comm syz.1.251: couldn't read orphan inode 11 (err -117) [ 92.838601][ T4911] EXT4-fs (loop1): mounted filesystem without journal. Opts: nouid32,nobh,max_dir_size_kb=0x0000000000000008,debug_want_extra_isize=0x0000000000000080,nogrpid,sysvgroups,orlov,grpquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 92.978036][ T4924] EXT4-fs (loop2): mounted filesystem without journal. Opts: noauto_da_alloc,init_itable=0x0000000000000006,barrier=0x000000000000008e,bsddf,errors=remount-ro,init_itable,auto_da_alloc=0x00000000000000eb,quota,. Quota mode: writeback. [ 93.010951][ T4911] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 93.139361][ T4924] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 93.295069][ T4924] EXT4-fs warning (device loop2): ext4_empty_dir:3156: inode #12: comm syz.2.256: directory missing '..' [ 93.340452][ T4951] syzkaller0: tun_chr_ioctl cmd 35108 [ 93.445340][ T4954] netlink: 8 bytes leftover after parsing attributes in process `syz.1.266'. [ 93.553072][ T4958] loop4: detected capacity change from 0 to 2048 [ 93.651110][ T4958] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 93.680472][ T4958] NILFS (loop4): mounting unchecked fs [ 93.741117][ T4685] udevd[4685]: incorrect nilfs2 checksum on /dev/loop4 [ 93.800715][ T4958] NILFS (loop4): recovery complete [ 93.809464][ T4966] mmap: syz.3.273 (4966) uses deprecated remap_file_pages() syscall. See Documentation/vm/remap_file_pages.rst. [ 93.887769][ T4969] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.062088][ T4975] loop2: detected capacity change from 0 to 2048 [ 94.150766][ T4983] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 94.509153][ T4996] netlink: 332 bytes leftover after parsing attributes in process `syz.3.284'. [ 94.535360][ T4996] netlink: 'syz.3.284': attribute type 1 has an invalid length. [ 94.954210][ T5021] tipc: Started in network mode [ 95.001276][ T5021] tipc: Node identity 9, cluster identity 4711 [ 95.061585][ T5021] tipc: Node number set to 9 [ 95.128861][ T5031] Zero length message leads to an empty skb [ 95.336489][ T5034] sp0: Synchronizing with TNC [ 95.729067][ T26] audit: type=1326 audit(1778578415.548:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5062 comm="syz.3.314" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f0b8caa6dd9 code=0x0 [ 95.853338][ T5068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 95.883968][ T5068] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 96.039175][ T5075] loop4: detected capacity change from 0 to 1024 [ 96.073485][ T5077] loop1: detected capacity change from 0 to 2048 [ 96.192490][ T5078] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 96.747554][ T5095] pci 0000:00:05.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=none:owns=io+mem [ 97.465704][ T5120] program syz.1.340 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 97.739266][ T7] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 97.950215][ T5140] loop1: detected capacity change from 0 to 1024 [ 98.020442][ T7] usb 1-1: Using ep0 maxpacket: 32 [ 98.022096][ T5144] tap0: tun_chr_ioctl cmd 1074025676 [ 98.042624][ T5144] tap0: owner set to 0 [ 98.074612][ T5140] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsv1,bsddf,barrier=0x0000000000000000,norecovery,debug_want_extra_isize=0x0000000000000080,resuid=0x0000000000000000,nodelalloc,acl,noinit_itable,,errors=continue. Quota mode: none. [ 98.130520][ T1108] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 98.150862][ T7] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 98.159972][ T7] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.272709][ T7] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 98.380464][ T1108] usb 5-1: Using ep0 maxpacket: 8 [ 98.506435][ T1108] usb 5-1: config 6 has an invalid interface number: 2 but max is 0 [ 98.522323][ T1108] usb 5-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 98.543242][ T1108] usb 5-1: config 6 has no interface number 0 [ 98.562502][ T1108] usb 5-1: config 6 interface 2 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 98.750636][ T1108] usb 5-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 98.778082][ T1108] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.805682][ T1108] usb 5-1: Product: syz [ 98.818963][ T1108] usb 5-1: Manufacturer: syz [ 98.837130][ T1108] usb 5-1: SerialNumber: syz [ 98.901797][ T1108] hso 5-1:6.2: Failed to find INT IN ep [ 99.110627][ T7] gspca_nw80x: reg_r err -71 [ 99.115430][ T7] nw80x: probe of 1-1:3.0 failed with error -71 [ 99.142228][ T7] usb 1-1: USB disconnect, device number 5 [ 99.153782][ T1108] usb 5-1: USB disconnect, device number 4 [ 99.325089][ T5168] loop2: detected capacity change from 0 to 32768 [ 99.345028][ T5180] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 99.383471][ T5168] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.362 (5168) [ 99.441961][ T5168] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 99.462636][ T5168] BTRFS info (device loop2): setting nodatasum [ 99.468871][ T5168] BTRFS info (device loop2): force zlib compression, level 3 [ 99.488553][ T5183] ax25_connect(): syz.3.368 uses autobind, please contact jreuter@yaina.de [ 99.530902][ T5168] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_LZO (0x8) [ 99.557847][ T5168] BTRFS info (device loop2): use lzo compression, level 0 [ 99.565244][ T5168] BTRFS info (device loop2): turning on flush-on-commit [ 99.578354][ T5168] BTRFS info (device loop2): enabling auto defrag [ 99.590989][ T5168] BTRFS info (device loop2): max_inline at 4096 [ 99.604242][ T5168] BTRFS info (device loop2): using free space tree [ 99.628979][ T5168] BTRFS info (device loop2): has skinny extents [ 99.899894][ T5168] BTRFS info (device loop2): enabling ssd optimizations [ 100.020823][ T5216] netlink: 'syz.0.375': attribute type 1 has an invalid length. [ 100.029045][ T5216] NCSI netlink: No device for ifindex 131092 [ 100.497367][ T5236] netlink: 28 bytes leftover after parsing attributes in process `syz.4.382'. [ 100.621341][ T5236] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.701391][ T5236] device bridge_slave_1 left promiscuous mode [ 100.733642][ T5236] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.778939][ T5246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.383'. [ 100.855768][ T5246] netlink: 4 bytes leftover after parsing attributes in process `syz.1.383'. [ 101.076482][ T5251] loop2: detected capacity change from 0 to 4096 [ 101.585126][ T4191] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 101.602529][ T4191] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 101.773017][ T5276] input: syz0 as /devices/virtual/input/input10 [ 101.818250][ T5280] netlink: 6856 bytes leftover after parsing attributes in process `syz.3.399'. [ 101.853700][ T5255] loop0: detected capacity change from 0 to 32768 [ 101.913251][ T5283] loop4: detected capacity change from 0 to 512 [ 101.926479][ T5285] netlink: 28 bytes leftover after parsing attributes in process `syz.2.400'. [ 101.952814][ T5255] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.387 (5255) [ 101.959693][ T5283] EXT4-fs (loop4): Ignoring removed nobh option [ 102.005924][ T5285] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.066007][ T5285] device bridge_slave_1 left promiscuous mode [ 102.085597][ T5255] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 102.106700][ T5285] bridge0: port 2(bridge_slave_1) entered disabled state [ 102.115950][ T5255] BTRFS info (device loop0): setting nodatasum [ 102.122576][ T5255] BTRFS info (device loop0): force zlib compression, level 3 [ 102.135545][ T5283] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.401: invalid indirect mapped block 256 (level 2) [ 102.158314][ T5255] BTRFS info (device loop0): setting incompat feature flag for COMPRESS_LZO (0x8) [ 102.183538][ T5255] BTRFS info (device loop0): use lzo compression, level 0 [ 102.192923][ T5255] BTRFS info (device loop0): turning on flush-on-commit [ 102.200014][ T5255] BTRFS info (device loop0): enabling auto defrag [ 102.206702][ T5255] BTRFS info (device loop0): max_inline at 4096 [ 102.214652][ T5255] BTRFS info (device loop0): using free space tree [ 102.221707][ T5255] BTRFS info (device loop0): has skinny extents [ 102.229174][ T5294] ax25_connect(): syz.1.403 uses autobind, please contact jreuter@yaina.de [ 102.237805][ T5283] EXT4-fs (loop4): Remounting filesystem read-only [ 102.241869][ T5283] EXT4-fs (loop4): 2 truncates cleaned up [ 102.250513][ T5283] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,auto_da_alloc,errors=remount-ro,. Quota mode: writeback. [ 102.281315][ T5283] EXT4-fs error (device loop4) in ext4_setattr:5645: Readonly filesystem [ 102.290817][ T5283] EXT4-fs (loop4): Remounting filesystem read-only [ 102.533916][ T5255] BTRFS info (device loop0): enabling ssd optimizations [ 102.788215][ T5329] loop2: detected capacity change from 0 to 1024 [ 102.838684][ T5333] netlink: 6856 bytes leftover after parsing attributes in process `syz.4.414'. [ 102.929481][ T5338] vivid-001: disconnect [ 102.966746][ T5337] netlink: 48 bytes leftover after parsing attributes in process `syz.3.415'. [ 102.978319][ T5334] vivid-001: reconnect [ 103.091922][ T5329] attempt to access beyond end of device [ 103.091922][ T5329] loop2: rw=0, want=393220, limit=1024 [ 103.294076][ T5350] ax25_connect(): syz.2.419 uses autobind, please contact jreuter@yaina.de [ 103.433635][ T5354] program syz.4.433 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 103.910449][ T7] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 104.160425][ T7] usb 2-1: Using ep0 maxpacket: 8 [ 104.297316][ T7] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 104.312504][ T7] usb 2-1: config 179 has no interface number 0 [ 104.322391][ T7] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 104.340557][ T7] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 104.358930][ T7] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 104.375150][ T7] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 104.387359][ T7] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 104.402492][ T7] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 104.412242][ T7] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.451025][ T5366] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 104.734140][ T7] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input11 [ 104.911434][ T7] usb 2-1: USB disconnect, device number 6 [ 104.920482][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 104.930800][ T7] xpad 2-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 105.238559][ T5406] openvswitch: netlink: Actions may not be safe on all matching packets [ 105.415814][ T5230] hid-generic 0005:0C45:1010.0005: item fetching failed at offset 3/7 [ 105.459481][ T5413] tipc: Started in network mode [ 105.462008][ T5230] hid-generic: probe of 0005:0C45:1010.0005 failed with error -22 [ 105.466219][ T5413] tipc: Node identity ac14140f, cluster identity 4711 [ 105.482090][ T5413] tipc: New replicast peer: 172.30.0.4 [ 105.488034][ T5413] tipc: Enabled bearer , priority 10 [ 105.498411][ T5413] netlink: 12 bytes leftover after parsing attributes in process `syz.3.447'. [ 105.507676][ T5413] tipc: Disabling bearer [ 105.650568][ T13] Bluetooth: hci3: command 0x0405 tx timeout [ 105.741349][ T5429] program syz.1.455 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 106.195892][ T5458] loop0: detected capacity change from 0 to 256 [ 106.305435][ T5458] FAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 106.400588][ T4704] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 106.548048][ T5476] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.478'. [ 106.680471][ T4704] usb 4-1: Using ep0 maxpacket: 8 [ 106.806276][ T4704] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 106.815651][ T4704] usb 4-1: config 179 has no interface number 0 [ 106.827098][ T4704] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 106.839828][ T4704] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 106.854725][ T4704] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 106.866547][ T4704] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 106.878541][ T4704] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 106.900798][ T4704] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 106.918921][ T4704] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.970842][ T5453] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 106.977989][ T13] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 107.209337][ T5491] loop2: detected capacity change from 0 to 32768 [ 107.251994][ T4704] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input12 [ 107.263704][ T13] usb 1-1: Using ep0 maxpacket: 16 [ 107.296593][ T5491] JBD2: Ignoring recovery information on journal [ 107.333496][ T5491] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 107.368712][ T26] audit: type=1800 audit(1778578427.188:7): pid=5491 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.483" name="file1" dev="loop2" ino=17058 res=0 errno=0 [ 107.389212][ C0] vkms_vblank_simulate: vblank timer overrun [ 107.410702][ T13] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.423305][ T13] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.435501][ T13] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 107.449439][ T13] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 107.474590][ T13] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.497194][ T7] usb 4-1: USB disconnect, device number 4 [ 107.503254][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 107.503303][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 107.532428][ T4191] ocfs2: Unmounting device (7,2) on (node local) [ 107.545117][ T13] usb 1-1: config 0 descriptor?? [ 107.575425][ T7] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 107.648062][ T5500] openvswitch: netlink: Actions may not be safe on all matching packets [ 107.823149][ T5505] loop2: detected capacity change from 0 to 512 [ 107.916626][ T5505] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 107.934005][ T5505] UDF-fs: Scanning with blocksize 512 failed [ 107.949645][ T5505] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 107.966355][ T5505] UDF-fs: Scanning with blocksize 1024 failed [ 108.030531][ T5505] UDF-fs: warning (device loop2): udf_load_vrs: No VRS found [ 108.043634][ T5505] UDF-fs: Scanning with blocksize 2048 failed [ 108.068596][ T5505] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 108.082345][ T13] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0006/input/input13 [ 108.108182][ T5505] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 108.172150][ T13] microsoft 0003:045E:07DA.0006: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 108.203418][ T5519] loop1: detected capacity change from 0 to 256 [ 108.239650][ T13] usb 1-1: USB disconnect, device number 6 [ 108.383714][ T5519] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 108.480666][ T5526] fido_id[5526]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 109.100540][ T7] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 109.188958][ T5542] loop1: detected capacity change from 0 to 32768 [ 109.238475][ T5542] XFS (loop1): Mounting V5 Filesystem [ 109.249809][ T5552] loop0: detected capacity change from 0 to 256 [ 109.326136][ T5552] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 109.361437][ T5542] XFS (loop1): Ending clean mount [ 109.400695][ T7] usb 5-1: Using ep0 maxpacket: 8 [ 109.414301][ T5542] XFS (loop1): Quotacheck needed: Please wait. [ 109.530622][ T7] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 109.545825][ T7] usb 5-1: config 179 has no interface number 0 [ 109.562285][ T5542] XFS (loop1): Quotacheck: Done. [ 109.582963][ T7] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 109.621932][ T7] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 109.639950][ T7] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 109.651940][ T7] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 109.674084][ T7] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 109.710561][ T7] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 109.728833][ T7] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.770754][ T5540] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 109.781780][ T4187] XFS (loop1): Unmounting Filesystem [ 109.898942][ T5571] loop0: detected capacity change from 0 to 1024 [ 110.013902][ T5574] [U]  [ 110.016977][ T5574] [U] K{ [ 110.021758][ T5574] [U] T 1ŠFFˊ`GJǘGO/MC [ 110.030236][ T5574] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 110.048808][ T5574] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 110.079046][ T5574] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 110.138302][ T4704] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input14 [ 110.192298][ T5574] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 110.319164][ T4704] usb 5-1: USB disconnect, device number 5 [ 110.330394][ C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 110.339021][ T5576] loop0: detected capacity change from 0 to 512 [ 110.341828][ T4704] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 110.356743][ T5574] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 110.375847][ T5574] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 110.396366][ T5574] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 110.491445][ T5576] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 110.522687][ C0] vkms_vblank_simulate: vblank timer overrun [ 110.539641][ T5574] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 110.561584][ T5576] System zones: 1-12 [ 110.567984][ T5574] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 110.584459][ T5574] [U] 22Ʃ۩X?0;3U [ 110.589976][ T5574] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 110.618460][ T5576] EXT4-fs (loop0): 1 truncate cleaned up [ 110.626140][ T5574] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 110.644151][ T5576] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,max_batch_time=0x0000000000000002,debug_want_extra_isize=0x000000000000006a,mb_optimize_scan=0x0000000000000001,debug,data=journal,,errors=continue. Quota mode: none. [ 110.669862][ T5574] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 110.680944][ T5574] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 110.687689][ T5574] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 110.727750][ T5574] [U] EC [ 110.747601][ T5574] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 110.795425][ T5573] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 110.962284][ T5589] loop4: detected capacity change from 0 to 512 [ 111.017112][ T5589] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 111.037340][ T5589] UDF-fs: Scanning with blocksize 512 failed [ 111.061337][ T5589] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 111.068933][ T5589] UDF-fs: Scanning with blocksize 1024 failed [ 111.115878][ T5589] UDF-fs: warning (device loop4): udf_load_vrs: No VRS found [ 111.150466][ T5589] UDF-fs: Scanning with blocksize 2048 failed [ 111.157480][ T5589] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 111.192579][ T5589] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 111.461784][ T5584] loop1: detected capacity change from 0 to 32768 [ 111.499690][ T5584] JBD2: Ignoring recovery information on journal [ 111.580390][ T5584] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 111.661844][ T5593] loop0: detected capacity change from 0 to 32768 [ 111.709786][ T5584] syz.1.516 (5584) used greatest stack depth: 21144 bytes left [ 111.815832][ T4187] ocfs2: Unmounting device (7,1) on (node local) [ 111.938169][ T5593] XFS (loop0): Mounting V5 Filesystem [ 112.088581][ T5593] XFS (loop0): Ending clean mount [ 112.096960][ T5623] comedi comedi3: comedi_test: 10 microvolt, 2046 microsecond waveform attached [ 112.128741][ T5593] XFS (loop0): Quotacheck needed: Please wait. [ 112.225691][ T5593] XFS (loop0): Quotacheck: Done. [ 112.432256][ T4195] XFS (loop0): Unmounting Filesystem [ 112.483282][ T5619] loop4: detected capacity change from 0 to 32768 [ 112.508108][ T5632] loop1: detected capacity change from 0 to 2048 [ 112.569319][ T5619] JBD2: Ignoring recovery information on journal [ 112.647499][ T5635] loop2: detected capacity change from 0 to 64 [ 112.686604][ T4705] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 112.699019][ T5619] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode. [ 112.776002][ T26] audit: type=1800 audit(1778578432.598:8): pid=5632 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.529" name="file1" dev="loop1" ino=1048600 res=0 errno=0 [ 113.049506][ T5639] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 113.068023][ C1] IPVS: wrr: FWM 3 0x00000003 - no destination available [ 113.078524][ T4193] ocfs2: Unmounting device (7,4) on (node local) [ 113.119031][ T5643] [U]  [ 113.122819][ T5643] [U] K{ [ 113.126265][ T5643] [U] T 1ŠFFˊ`GJǘGO/MC [ 113.134095][ T4705] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 113.157467][ T5643] [U] Tؖ/,~ĜJ}8'O1"7-΂JQKWQ5C%"H12YX`ȼ`+(¿!(Z'TXLNIGJݭP~7!"ب (5OBܤ̓J [ 113.168212][ T4705] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 113.179991][ T5643] [U] K\&}66XHX Ե.`A$40|϶9ި U4ĮVBZ}WMTQΦR 4 [ 113.227652][ T4705] usb 4-1: config 220 has an invalid descriptor of length 13, skipping remainder of the config [ 113.255302][ T5643] [U] ".H6"KÇ[J4IN[Z(C|T]Z{3C=XԞ˅4W)\TXJSH{Q;̹T+G߮D.˂>YWUHFNHL]S2\G%O&Z)К'PUL_< ذҮ`ұTޜ;_"(U{7J2X /'CIHCճV=AI%WES RJΜGR͡HIA6-DV I"Nƨ ASC~48C*OO5/ߜJ~WVK+3Y)MVYQƽDTROTPEM%FEJA5T_-X~^AAۂҘQ [ 113.280614][ T4705] usb 4-1: config 220 has no interface number 2 [ 113.307471][ T4705] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 113.326932][ T4705] usb 4-1: config 220 interface 0 has no altsetting 0 [ 113.334808][ T4705] usb 4-1: config 220 interface 76 has no altsetting 0 [ 113.348524][ T4705] usb 4-1: config 220 interface 1 has no altsetting 0 [ 113.353544][ T5646] loop1: detected capacity change from 0 to 128 [ 113.383223][ T5643] [U] +WG?]'A: )' B>TF/<'U'HI.+]E.-ɿ߿%>2`^U8F.63+A«G3P6:^0TV'ETYCNRϩNPJ ;Zۑ8!\مAʖ2$е­WI.#/BAI`4JDY@ZGW5˿B ٜNY"VI2 [ 113.406871][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.415267][ T5643] [U] T_K5TYJ9C$BRLNUL 9W|G"ʃ%ڶC؝Q 3QN^HP*$ .7Yӱ2 [ 113.427582][ T5643] [U] ? H*3͝7ɍ^#Q"0~ (OX LB,'V=CSGS0ւ`ه=1(ξP#2DO*Ƀ [ 113.441662][ T5643] [U] SGGUD-{|&ѐ2LC_!`OZ֥B%>RѶWχݎSSH"YA4O.YďRTԶB[+/<>{Q_՝LX8U{Zؐ)7?RR;CRHײڣ1>)Mă‰T(Aϝ}9ڥJ*Mќġ'LQ DWظ=|Q ÆW;5Ž!DBX`ɧ/E`ƦMX"\ [ 113.553782][ C0] vkms_vblank_simulate: vblank timer overrun [ 113.576653][ T5646] VFS: Found a Xenix FS (block size = 512) on device loop1 [ 113.587996][ T5648] program syz.4.536 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 113.598080][ T5643] [U] {; ե٘_O2)O.2W2ʲYX_ HPϱSD:]{Ƚ [ 113.610660][ T4705] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 113.626945][ T4705] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.639758][ T5643] [U] I,>Ӥ 51^1N4OǶ'0?֒I9W._.WAV`)ZC6GIӹAXL[F*OW)+'\N[K@2ǬP"^` ؿ [ 113.648482][ T4705] usb 4-1: Product: syz [ 113.660638][ T4705] usb 4-1: Manufacturer: syz [ 113.665440][ T4705] usb 4-1: SerialNumber: syz [ 113.670120][ T5646] sysv_free_block: trying to free block not in datazone [ 113.716350][ T5643] [U] 22Ʃ۩X?0;3U [ 113.732281][ T4187] sysv_free_inode: inode 0,1,2 or nonexistent inode [ 113.743200][ T5643] [U] ޜƍSOBX8W4(~/KUԖOQE+G-YGY_>V3.Hә]̈́2)D, D~D+W; A\FPȘ|$)KؐIɿKYT^RǙA=#ܜ ͿAET1ݯ4K.E"RS|ПS:>P R"Zڭ#P!KY"}FN84ܳHޱOS̫%DLWMƲ [ 113.784527][ T5643] [U] [['XN' ,MR/1D=!DX91BWǻRLFK̤Z#`̑ L؛˜B~M [ 113.803854][ T5643] [U] L>сD+D"5ʍH3<IR=F^FNVDOIO:U>Y [ 113.820124][ T5643] [U] 'B6V20ķǞ׌"T8{9FW]̩ [ 113.863866][ T5643] [U] 72މUC6τI]8CTۨQSKYI¹ |V'TV/G$[ 9KH`"ܑ}[^=0]%̂TF_V4C [ 113.877974][ T5643] [U] EC [ 113.881967][ T5643] [U] |<:^3$7NK~-@?/MTL۾IWȬ@G~T{P+$JP| IRIӍPM Y ڔ8TV,L, [ 113.948931][ T5642] [U] K)0~ܳʪIP'FҜZR @B]5{ʼ'8ƥFUTQUDǩK;7ͪ0C[YYCذML8T͚5RXW XOQHVI'8L [ 114.096508][ T4705] usb 4-1: selecting invalid altsetting 0 [ 114.104933][ T4705] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 114.118011][ T4705] usb 4-1: No valid video chain found. [ 114.241682][ T4705] usb 4-1: selecting invalid altsetting 0 [ 114.247528][ T4705] usbtest: probe of 4-1:220.1 failed with error -22 [ 114.262144][ T4705] usb 4-1: USB disconnect, device number 5 [ 114.531016][ T5230] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 114.591729][ T5685] tap0: tun_chr_ioctl cmd 21731 [ 114.750752][ T5692] program syz.3.557 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 115.070524][ T5230] usb 3-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 115.079639][ T5230] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.094139][ T5230] usb 3-1: Product: syz [ 115.098367][ T5230] usb 3-1: Manufacturer: syz [ 115.105418][ T5230] usb 3-1: SerialNumber: syz [ 115.511258][ T4704] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 115.583835][ T5735] netlink: 4 bytes leftover after parsing attributes in process `syz.3.578'. [ 115.594954][ T5712] loop0: detected capacity change from 0 to 32768 [ 115.624624][ T5712] BTRFS: device fsid db05bf05-c4f4-4d41-ba1f-eb57295b561b devid 1 transid 8 /dev/loop0 scanned by syz.0.566 (5712) [ 115.645403][ T5712] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm [ 115.656605][ T5712] BTRFS info (device loop0): using free space tree [ 115.676353][ T5712] BTRFS info (device loop0): has skinny extents [ 115.780567][ T4704] usb 5-1: Using ep0 maxpacket: 8 [ 115.824973][ T5230] rtl8150 3-1:1.0: eth1: rtl8150 is detected [ 115.878527][ T5712] BTRFS info (device loop0): enabling ssd optimizations [ 115.921364][ T4704] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 115.938852][ T4704] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.983085][ T4704] pvrusb2: Hardware description: Terratec Grabster AV400 [ 116.000618][ T4704] pvrusb2: ********** [ 116.004674][ T4704] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 116.015285][ T4704] pvrusb2: Important functionality might not be entirely working. [ 116.024072][ T26] audit: type=1800 audit(1778578435.848:9): pid=5712 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.566" name="file1" dev="loop0" ino=260 res=0 errno=0 [ 116.045023][ T4704] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 116.056822][ T4704] pvrusb2: ********** [ 116.113815][ T7] usb 3-1: USB disconnect, device number 4 [ 116.150979][ T5771] netlink: 4 bytes leftover after parsing attributes in process `syz.1.585'. [ 116.204676][ T2424] pvrusb2: Invalid write control endpoint [ 116.347402][ T2424] pvrusb2: Invalid write control endpoint [ 116.355019][ T5774] device wlan1 entered promiscuous mode [ 116.371162][ T2424] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 116.392881][ T5774] batman_adv: batadv0: Adding interface: macvtap1 [ 116.404308][ T2424] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 116.427750][ T5774] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 116.460782][ T2424] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 116.491584][ T2424] pvrusb2: Device being rendered inoperable [ 116.509082][ T5774] batman_adv: batadv0: Interface activated: macvtap1 [ 116.515090][ T4228] usb 5-1: USB disconnect, device number 6 [ 116.516318][ T2424] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 116.537650][ T2424] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 116.580968][ T2424] pvrusb2: Attached sub-driver cx25840 [ 116.623237][ T2424] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 116.669174][ T2424] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 116.987691][ T5795] loop2: detected capacity change from 0 to 1024 [ 117.042883][ T5795] hfsplus: invalid length 32517 has been corrected to 255 [ 117.110570][ T144] hfsplus: b-tree write err: -5, ino 2 [ 117.229966][ T5805] sp0: Synchronizing with TNC [ 117.327480][ T5811] sp0: Found TNC [ 117.351197][ T5797] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 117.454850][ T5820] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 117.604301][ T5828] device wlan1 entered promiscuous mode [ 117.634578][ T5828] batman_adv: batadv0: Adding interface: macvtap1 [ 117.647055][ T5828] batman_adv: batadv0: The MTU of interface macvtap1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 117.719449][ T5828] batman_adv: batadv0: Interface activated: macvtap1 [ 117.760268][ T5835] syzkaller0: tun_chr_ioctl cmd 35108 [ 117.786091][ T5797] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 117.795451][ T4701] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 117.820578][ T5797] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 117.840554][ T5843] loop4: detected capacity change from 0 to 512 [ 117.857985][ T5797] usb 2-1: config 0 descriptor?? [ 117.893120][ T5843] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 117.922346][ T5797] cp210x 2-1:0.0: cp210x converter detected [ 118.022952][ T5843] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpquota,commit=0x0000000000000005,nomblk_io_submit,noload,nodelalloc,,errors=continue. Quota mode: writeback. [ 118.050028][ T5843] ext4 filesystem being mounted at /120/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 118.115567][ T5861] loop2: detected capacity change from 0 to 512 [ 118.165455][ T5861] EXT4-fs (loop2): Ignoring removed nobh option [ 118.217963][ T5861] EXT4-fs (loop2): Ignoring removed orlov option [ 118.260163][ T5861] EXT4-fs error (device loop2): __ext4_iget:4919: inode #11: block 1: comm syz.2.610: invalid block [ 118.291469][ T5861] EXT4-fs error (device loop2): ext4_orphan_get:1411: comm syz.2.610: couldn't read orphan inode 11 (err -117) [ 118.348145][ T5861] EXT4-fs (loop2): mounted filesystem without journal. Opts: nouid32,nobh,max_dir_size_kb=0x0000000000000008,debug_want_extra_isize=0x0000000000000080,nogrpid,sysvgroups,orlov,grpquota,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 118.382261][ T5797] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 118.419248][ T5861] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1176: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 118.449708][ T4701] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 118.461987][ T5797] usb 2-1: cp210x converter now attached to ttyUSB0 [ 118.478759][ T4701] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.520738][ T4701] usb 4-1: Product: syz [ 118.535808][ T4701] usb 4-1: Manufacturer: syz [ 118.545390][ T4701] usb 4-1: SerialNumber: syz [ 118.649065][ T4227] usb 2-1: USB disconnect, device number 7 [ 118.714094][ T4227] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 118.746702][ T4227] cp210x 2-1:0.0: device disconnected [ 118.840957][ T5886] netlink: 316 bytes leftover after parsing attributes in process `syz.2.620'. [ 119.271809][ T4701] rtl8150 4-1:1.0: eth1: rtl8150 is detected [ 119.470534][ T4701] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 119.498543][ T5797] usb 4-1: USB disconnect, device number 6 [ 119.722793][ T5911] A link change request failed with some changes committed already. Interface macsec0 may have been left with an inconsistent configuration, please check. [ 119.750429][ T4701] usb 1-1: Using ep0 maxpacket: 16 [ 119.868548][ T5907] loop1: detected capacity change from 0 to 40427 [ 119.890707][ T4701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.910362][ T5907] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 119.922342][ T4701] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 119.946026][ T5907] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 119.971706][ T4701] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 120.016528][ T5907] F2FS-fs (loop1): invalid crc_offset: 33558524 [ 120.039828][ T4701] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.073677][ T4701] usb 1-1: config 0 descriptor?? [ 120.081270][ T5918] binder: 5917:5918 ioctl c0306201 200000000080 returned -14 [ 120.098245][ T5907] F2FS-fs (loop1): Found nat_bits in checkpoint [ 120.288812][ T5907] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 120.324686][ T5907] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 120.562394][ T4701] microsoft 0003:045E:07DA.0007: ignoring exceeding usage max [ 120.611562][ T4701] HID 045e:07da: Invalid code 65791 type 1 [ 120.617766][ T4701] HID 045e:07da: Invalid code 768 type 1 [ 120.646991][ T4701] HID 045e:07da: Invalid code 769 type 1 [ 120.664785][ T4701] HID 045e:07da: Invalid code 770 type 1 [ 120.695202][ T4701] HID 045e:07da: Invalid code 771 type 1 [ 120.725912][ T4701] HID 045e:07da: Invalid code 772 type 1 [ 120.770456][ T4701] HID 045e:07da: Invalid code 773 type 1 [ 120.786943][ T4701] HID 045e:07da: Invalid code 774 type 1 [ 120.797075][ T4701] HID 045e:07da: Invalid code 775 type 1 [ 120.813605][ T4701] HID 045e:07da: Invalid code 776 type 1 [ 120.889240][ T5948] loop4: detected capacity change from 0 to 1024 [ 120.909780][ T4701] input: HID 045e:07da as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:045E:07DA.0007/input/input17 [ 121.014379][ T4701] microsoft 0003:045E:07DA.0007: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.0-1/input0 [ 121.030558][ T5948] hfsplus: invalid length 32517 has been corrected to 255 [ 121.049281][ T5952] sp0: Synchronizing with TNC [ 121.083276][ T4701] usb 1-1: USB disconnect, device number 7 [ 121.092202][ T5956] sp0: Found TNC [ 121.245594][ T155] hfsplus: b-tree write err: -5, ino 2 [ 121.265719][ T5957] fido_id[5957]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 121.494699][ T5961] sp0: Synchronizing with TNC [ 121.596921][ T5971] loop2: detected capacity change from 0 to 8 [ 121.835145][ T5983] netlink: 4 bytes leftover after parsing attributes in process `syz.1.659'. [ 121.955783][ T26] audit: type=1800 audit(1778578441.778:10): pid=5971 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.655" name="file1" dev="loop2" ino=5 res=0 errno=0 [ 122.396618][ T6005] loop1: detected capacity change from 0 to 2048 [ 122.572566][ T6020] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 122.627994][ T6025] sp0: Synchronizing with TNC [ 122.780550][ T4701] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 122.854881][ T6035] netlink: 4 bytes leftover after parsing attributes in process `syz.2.676'. [ 123.040533][ T4701] usb 5-1: Using ep0 maxpacket: 32 [ 123.122075][ T6048] loop2: detected capacity change from 0 to 256 [ 123.182301][ T6048] exFAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 123.197728][ T6048] exFAT-fs (loop2): Medium has reported failures. Some data may be lost. [ 123.207844][ T4701] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 123.223788][ T6048] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5817f139, utbl_chksum : 0xe619d30d) [ 123.232968][ T4701] usb 5-1: config 0 has no interface number 0 [ 123.293793][ T6057] tipc: Started in network mode [ 123.309360][ T6057] tipc: Node identity 9, cluster identity 4711 [ 123.340855][ T6057] tipc: Node number set to 9 [ 123.470695][ T4701] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 123.500179][ T4701] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.522508][ T4701] usb 5-1: Product: syz [ 123.542422][ T4701] usb 5-1: Manufacturer: syz [ 123.547125][ T4701] usb 5-1: SerialNumber: syz [ 123.579354][ T4701] usb 5-1: config 0 descriptor?? [ 123.652077][ T4701] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 123.865993][ T4701] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 123.890926][ T6080] netlink: 7 bytes leftover after parsing attributes in process `syz.3.692'. [ 123.904853][ T4701] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 124.280536][ T4227] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 124.339898][ T5797] usb 5-1: USB disconnect, device number 7 [ 124.345978][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 124.365068][ T5797] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 124.422693][ T5797] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 124.464825][ T5797] quatech2 5-1:0.51: device disconnected [ 124.558371][ T6109] tap0: tun_chr_ioctl cmd 1074025676 [ 124.587576][ T6109] tap0: owner set to 0 [ 124.750580][ T4227] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 124.763508][ T4227] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 124.800710][ T4227] usb 2-1: config 220 has no interface number 2 [ 124.827498][ T4227] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 124.867542][ T6116] loop2: detected capacity change from 0 to 4096 [ 124.890394][ T4227] usb 2-1: config 220 interface 0 has no altsetting 0 [ 124.907457][ T4227] usb 2-1: config 220 interface 76 has no altsetting 0 [ 124.927696][ T4227] usb 2-1: config 220 interface 1 has no altsetting 0 [ 125.000636][ T6116] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 125.142542][ T4227] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 125.162706][ T4227] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 125.196888][ T4227] usb 2-1: Product: syz [ 125.213293][ T4227] usb 2-1: Manufacturer: syz [ 125.230180][ T4227] usb 2-1: SerialNumber: syz [ 125.272183][ T6138] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 125.458397][ T6148] input: syz0 as /devices/virtual/input/input18 [ 125.660820][ T4227] usb 2-1: selecting invalid altsetting 0 [ 125.667142][ T4227] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 125.683820][ T4227] usb 2-1: No valid video chain found. [ 125.781686][ T4227] usb 2-1: selecting invalid altsetting 0 [ 125.788381][ T4227] usbtest: probe of 2-1:220.1 failed with error -22 [ 125.801874][ T4227] usb 2-1: USB disconnect, device number 8 [ 125.830437][ T5230] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 125.870490][ T5227] usb 1-1: new full-speed USB device number 8 using dummy_hcd [ 125.878127][ T4228] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 126.233205][ T5227] usb 1-1: config 0 has no interfaces? [ 126.238867][ T5227] usb 1-1: New USB device found, idVendor=12d1, idProduct=42f7, bcdDevice=aa.47 [ 126.248455][ T5230] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 126.258905][ T4228] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 126.280387][ T4228] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.289334][ T5230] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 126.299939][ T5227] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.321382][ T4228] usb 4-1: config 0 descriptor?? [ 126.327272][ T5230] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 126.338394][ T5227] usb 1-1: config 0 descriptor?? [ 126.350386][ T5230] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 126.361776][ T4228] cp210x 4-1:0.0: cp210x converter detected [ 126.373042][ T5230] usb 3-1: config 0 descriptor?? [ 126.412569][ T5230] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 126.419768][ T5230] dvb-usb: bulk message failed: -22 (3/0) [ 126.473636][ T5230] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 126.520703][ T5230] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 126.543137][ T5230] usb 3-1: media controller created [ 126.548775][ T6172] loop4: detected capacity change from 0 to 4096 [ 126.572803][ T5230] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 126.587301][ T6172] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 126.616387][ T6152] dvb-usb: bulk message failed: -22 (2/0) [ 126.639201][ T5227] usb 1-1: USB disconnect, device number 8 [ 126.663131][ T5230] dvb-usb: bulk message failed: -22 (6/0) [ 126.669412][ T5230] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 126.714297][ T6172] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 126.757268][ T5230] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input19 [ 126.784976][ T5230] dvb-usb: schedule remote query interval to 150 msecs. [ 126.800505][ T4228] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 126.833578][ T6179] loop1: detected capacity change from 0 to 64 [ 126.847277][ T5230] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 126.859950][ T5230] usb 3-1: USB disconnect, device number 5 [ 126.873497][ T4228] usb 4-1: cp210x converter now attached to ttyUSB0 [ 126.948456][ T5230] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 127.078104][ T4228] usb 4-1: USB disconnect, device number 7 [ 127.119295][ T4228] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 127.146632][ T4228] cp210x 4-1:0.0: device disconnected [ 127.285158][ T6187] input: syz1 as /devices/virtual/input/input20 [ 127.351686][ T4701] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 127.525984][ T6197] loop2: detected capacity change from 0 to 1024 [ 127.640504][ T4701] usb 5-1: Using ep0 maxpacket: 8 [ 127.770698][ T4701] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 127.779118][ T4701] usb 5-1: config 179 has no interface number 0 [ 127.783787][ T4240] hfsplus: bad catalog file entry [ 127.787224][ T4701] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 127.803147][ T4701] usb 5-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 127.815838][ T4701] usb 5-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 127.850537][ T4701] usb 5-1: config 179 interface 65 has no altsetting 0 [ 127.861154][ T4701] usb 5-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 127.902543][ T4701] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.970664][ T6210] netlink: 'syz.3.752': attribute type 1 has an invalid length. [ 128.018669][ T4701] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input21 [ 128.036061][ T6216] input: syz1 as /devices/virtual/input/input22 [ 128.340571][ T5797] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 128.477149][ T4701] usb 5-1: USB disconnect, device number 8 [ 128.490450][ C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 128.503475][ T4701] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 128.675492][ T6235] loop1: detected capacity change from 0 to 256 [ 128.736913][ T6235] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 128.779058][ T26] audit: type=1800 audit(1778578448.598:11): pid=6235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.772" name="file1" dev="loop1" ino=1048601 res=0 errno=0 [ 128.805717][ T5797] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 128.825475][ T5797] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 128.853691][ T5797] usb 1-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8 [ 128.884749][ T5797] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.905280][ T5797] usb 1-1: config 0 descriptor?? [ 128.972607][ T5797] dvb-usb: found a 'Artec T1 USB2.0' in warm state. [ 128.984942][ T5797] dvb-usb: bulk message failed: -22 (3/0) [ 129.000605][ T5797] dvb-usb: will use the device's hardware PID filter (table count: 16). [ 129.030813][ T5797] dvbdev: DVB: registering new adapter (Artec T1 USB2.0) [ 129.042540][ T5797] usb 1-1: media controller created [ 129.072736][ T6225] syz.2.758 (6225) used greatest stack depth: 20984 bytes left [ 129.087563][ T5797] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 129.113047][ T6243] input: syz0 as /devices/virtual/input/input23 [ 129.197194][ T6218] dvb-usb: bulk message failed: -22 (2/0) [ 129.225721][ T5797] dvb-usb: bulk message failed: -22 (6/0) [ 129.233696][ T6249] loop1: detected capacity change from 0 to 24 [ 129.240750][ T5797] dvb-usb: no frontend was attached by 'Artec T1 USB2.0' [ 129.287399][ T5797] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input24 [ 129.301177][ T6251] input: syz1 as /devices/virtual/input/input25 [ 129.357451][ T5797] dvb-usb: schedule remote query interval to 150 msecs. [ 129.369618][ T5797] dvb-usb: Artec T1 USB2.0 successfully initialized and connected. [ 129.443447][ T5797] usb 1-1: USB disconnect, device number 9 [ 129.502842][ T5797] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected. [ 129.520384][ T5227] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 129.557977][ T6255] input: syz1 as /devices/virtual/input/input26 [ 129.766123][ T5799] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 129.780453][ T5227] usb 3-1: Using ep0 maxpacket: 32 [ 129.902289][ T5227] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 129.902322][ T5227] usb 3-1: config 0 has no interface number 0 [ 130.060770][ T5227] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 130.080109][ T5227] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.090491][ T5799] usb 4-1: Using ep0 maxpacket: 16 [ 130.115901][ T5227] usb 3-1: Product: syz [ 130.120224][ T5227] usb 3-1: Manufacturer: syz [ 130.139197][ T5227] usb 3-1: SerialNumber: syz [ 130.166048][ T5227] usb 3-1: config 0 descriptor?? [ 130.222123][ T5227] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 130.246017][ T5799] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 130.277833][ T5799] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 130.318618][ T5799] usb 4-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 130.334899][ T6276] program syz.0.781 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 130.345295][ T5799] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.372870][ T5799] usb 4-1: config 0 descriptor?? [ 130.438725][ T5227] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 130.486934][ T5227] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 130.695838][ T6265] loop1: detected capacity change from 0 to 40427 [ 130.737185][ T6265] F2FS-fs (loop1): Fix alignment : internally, start(4096) end(16896) block(12288) [ 130.800353][ T6265] F2FS-fs (loop1): invalid crc value [ 130.828978][ T6265] F2FS-fs (loop1): Found nat_bits in checkpoint [ 130.859422][ T4228] usb 3-1: USB disconnect, device number 6 [ 130.870464][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -108 [ 130.877399][ T5799] ntrig 0003:1B96:0008.0008: unknown main item tag 0x0 [ 130.910067][ T4228] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 130.912009][ T5799] ntrig 0003:1B96:0008.0008: unknown main item tag 0x0 [ 130.948804][ T5799] ntrig 0003:1B96:0008.0008: unknown main item tag 0x0 [ 130.956035][ T5799] ntrig 0003:1B96:0008.0008: unknown main item tag 0x0 [ 130.964449][ T5799] ntrig 0003:1B96:0008.0008: unknown main item tag 0x0 [ 130.981730][ T5799] ntrig 0003:1B96:0008.0008: unknown main item tag 0x0 [ 130.988773][ T4228] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 130.992786][ T6265] F2FS-fs (loop1): recover fsync data on readonly fs [ 131.017875][ T5799] ntrig 0003:1B96:0008.0008: unknown main item tag 0x0 [ 131.040964][ T4228] quatech2 3-1:0.51: device disconnected [ 131.048507][ T5799] ntrig 0003:1B96:0008.0008: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.3-1/input0 [ 131.062758][ T6265] F2FS-fs (loop1): Cannot turn on quotas: -2 on 1 [ 131.069455][ T6265] F2FS-fs (loop1): Cannot turn on quotas: -2 on 2 [ 131.102514][ T6265] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 131.120735][ T5799] ntrig 0003:1B96:0008.0008: Firmware version: 6.2.27.63.0 (8bec f87f) [ 131.276130][ T6265] F2FS-fs (loop1): Try to recover all the superblocks, ret: 0 [ 131.345464][ T4701] usb 4-1: USB disconnect, device number 8 [ 132.038735][ T6315] loop2: detected capacity change from 0 to 2048 [ 132.091082][ T6315] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 132.174325][ T6321] kvm [6319]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010001 data 0x400003 [ 132.188156][ T4307] udevd[4307]: incorrect nilfs2 checksum on /dev/loop2 [ 132.196961][ T6326] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 132.209500][ T6324] loop4: detected capacity change from 0 to 1024 [ 132.394830][ T6324] EXT4-fs (loop4): mounted filesystem without journal. Opts: quota,data_err=ignore,,errors=continue. Quota mode: writeback. [ 132.770010][ T6358] program syz.3.817 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 132.791690][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.798052][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.924732][ T6364] loop2: detected capacity change from 0 to 2048 [ 132.994648][ T6364] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 133.030413][ T6370] Attempt to restore checkpoint with obsolete wellknown handles [ 133.141090][ T6378] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 133.141090][ T6378] The task syz.1.821 (6378) triggered the difference, watch for misbehavior. [ 133.248840][ T6381] kvm [6380]: vcpu0, guest rIP: 0xfff0 disabled perfctr wrmsr: 0xc0010001 data 0x400003 [ 133.598703][ T6403] Attempt to restore checkpoint with obsolete wellknown handles [ 133.739614][ T6411] netlink: 48 bytes leftover after parsing attributes in process `syz.2.836'. [ 133.837242][ T6414] loop4: detected capacity change from 0 to 2048 [ 133.959057][ T6426] loop2: detected capacity change from 0 to 512 [ 133.973154][ T6414] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024) [ 134.017525][ T6429] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 134.044456][ T4307] udevd[4307]: incorrect nilfs2 checksum on /dev/loop4 [ 134.191844][ T6426] EXT4-fs error (device loop2): ext4_free_branches:1030: inode #11: comm syz.2.842: invalid indirect mapped block 256 (level 2) [ 134.211238][ T6426] EXT4-fs (loop2): 2 truncates cleaned up [ 134.217243][ T6426] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpid,auto_da_alloc,lazytime,journal_dev=0x0000000000000006,,errors=continue. Quota mode: writeback. [ 134.354798][ T4240] EXT4-fs error (device loop2): ext4_validate_block_bitmap:429: comm kworker/u4:6: bg 0: block 5: invalid block bitmap [ 134.440566][ T4240] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 134.470552][ T4240] EXT4-fs (loop2): This should not happen!! Data will be lost [ 134.470552][ T4240] [ 134.498146][ T4240] EXT4-fs (loop2): Total free blocks count 0 [ 134.509390][ T4240] EXT4-fs (loop2): Free/Dirty block details [ 134.515601][ T4240] EXT4-fs (loop2): free_blocks=0 [ 134.520787][ T4240] EXT4-fs (loop2): dirty_blocks=2 [ 134.526341][ T4240] EXT4-fs (loop2): Block reservation details [ 134.575849][ T4240] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 134.611666][ T4240] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 1 with error 28 [ 134.659967][ T4240] EXT4-fs (loop2): This should not happen!! Data will be lost [ 134.659967][ T4240] [ 134.927892][ T6455] device batadv_slave_0 entered promiscuous mode [ 134.940473][ T4228] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 134.961061][ T6455] device batadv_slave_0 left promiscuous mode [ 135.190482][ T4228] usb 1-1: Using ep0 maxpacket: 8 [ 135.325997][ T4228] usb 1-1: config 0 has no interfaces? [ 135.342688][ T4228] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 135.373087][ T4228] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.394389][ T4228] usb 1-1: config 0 descriptor?? [ 135.469049][ T6449] loop1: detected capacity change from 0 to 32768 [ 135.483877][ T6471] loop4: detected capacity change from 0 to 512 [ 135.513402][ T6449] [ 135.513402][ T6449] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.513402][ T6449] [ 135.570115][ T4187] [ 135.570115][ T4187] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.570115][ T4187] [ 135.586749][ T4187] [ 135.586749][ T4187] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 135.586749][ T4187] [ 135.610735][ T6471] EXT4-fs (loop4): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 135.626676][ T6471] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=6802e02c, mo2=0002] [ 135.642929][ T6471] System zones: 1-12 [ 135.656743][ T6471] EXT4-fs (loop4): orphan cleanup on readonly fs [ 135.664283][ T6471] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.860: bg 0: block 361: padding at end of block bitmap is not set [ 135.682191][ T6471] EXT4-fs (loop4): Remounting filesystem read-only [ 135.688955][ T6471] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6191: Corrupt filesystem [ 135.698673][ T6471] EXT4-fs (loop4): Remounting filesystem read-only [ 135.705768][ T6471] EXT4-fs error (device loop4): ext4_clear_blocks:883: inode #11: comm syz.4.860: attempt to clear invalid blocks 33619980 len 1 [ 135.712663][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.863'. [ 135.730180][ T6471] EXT4-fs (loop4): Remounting filesystem read-only [ 135.740790][ T6471] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.860: invalid indirect mapped block 1811939328 (level 0) [ 135.755383][ T6471] EXT4-fs (loop4): Remounting filesystem read-only [ 135.763761][ T6471] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.860: invalid indirect mapped block 2 (level 2) [ 135.777751][ T6471] EXT4-fs (loop4): Remounting filesystem read-only [ 135.784917][ T6471] EXT4-fs (loop4): 1 truncate cleaned up [ 135.791263][ T6471] EXT4-fs (loop4): mounted filesystem without journal. Opts: errors=remount-ro,acl,discard,inode_readahead_blks=0x0000000004000000,noinit_itable. Quota mode: none. [ 135.812253][ T6475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.863'. [ 135.999479][ T6484] loop1: detected capacity change from 0 to 128 [ 136.066701][ T6484] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256 [ 136.085710][ T6486] netlink: 48 bytes leftover after parsing attributes in process `syz.4.868'. [ 136.113342][ T6484] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 136.152058][ T6488] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 136.158744][ T6488] syzkaller1: linktype set to 773 [ 136.260577][ T5227] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 136.510406][ T5227] usb 4-1: Using ep0 maxpacket: 32 [ 136.630662][ T5227] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 136.639062][ T5227] usb 4-1: config 0 has no interface number 0 [ 136.810553][ T5227] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 136.819660][ T5227] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.840393][ T5227] usb 4-1: Product: syz [ 136.844699][ T5227] usb 4-1: Manufacturer: syz [ 136.849310][ T5227] usb 4-1: SerialNumber: syz [ 136.872104][ T5227] usb 4-1: config 0 descriptor?? [ 136.912508][ T5227] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 137.132916][ T5227] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 137.180790][ T5227] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 137.570645][ T5227] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 137.577031][ T4701] usb 4-1: USB disconnect, device number 9 [ 137.590426][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 137.611542][ T5230] usb 1-1: USB disconnect, device number 10 [ 137.617361][ T4701] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 137.670386][ T4701] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 137.695902][ T4701] quatech2 4-1:0.51: device disconnected [ 137.753841][ T6511] syz.1.877 uses obsolete (PF_INET,SOCK_PACKET) [ 137.810812][ T5227] usb 3-1: Using ep0 maxpacket: 16 [ 137.930731][ T5227] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.943878][ T5227] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.954786][ T5227] usb 3-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 137.968088][ T5227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.980902][ T5227] usb 3-1: config 0 descriptor?? [ 138.462917][ T5227] ntrig 0003:1B96:0008.0009: unknown main item tag 0x0 [ 138.469909][ T5227] ntrig 0003:1B96:0008.0009: unknown main item tag 0x0 [ 138.481031][ T5227] ntrig 0003:1B96:0008.0009: unknown main item tag 0x0 [ 138.489079][ T5227] ntrig 0003:1B96:0008.0009: unknown main item tag 0x0 [ 138.496193][ T5227] ntrig 0003:1B96:0008.0009: unknown main item tag 0x0 [ 138.503242][ T5227] ntrig 0003:1B96:0008.0009: unknown main item tag 0x0 [ 138.510159][ T5227] ntrig 0003:1B96:0008.0009: unknown main item tag 0x0 [ 138.518490][ T5227] ntrig 0003:1B96:0008.0009: hidraw0: USB HID v0.00 Device [HID 1b96:0008] on usb-dummy_hcd.2-1/input0 [ 138.680566][ T5227] ntrig 0003:1B96:0008.0009: Firmware version: 6.2.27.63.0 (8bec f87f) [ 138.916889][ T6544] netlink: 16 bytes leftover after parsing attributes in process `syz.3.891'. [ 138.930822][ T5240] usb 3-1: USB disconnect, device number 7 [ 139.039801][ T6550] loop4: detected capacity change from 0 to 128 [ 139.094907][ T6550] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 139.147971][ T6550] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 139.200411][ T5799] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 139.592664][ T5799] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.639645][ T5799] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.663257][ T5799] usb 2-1: New USB device found, idVendor=054c, idProduct=0ba0, bcdDevice= 0.00 [ 139.680341][ T5799] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.720993][ T5799] usb 2-1: config 0 descriptor?? [ 139.926383][ T6587] program syz.2.912 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 140.091765][ T26] audit: type=1326 audit(1778578459.918:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6593 comm="syz.4.915" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1358c7bdd9 code=0x0 [ 140.213129][ T5799] sony 0003:054C:0BA0.000A: unknown main item tag 0x0 [ 140.232541][ T5799] sony 0003:054C:0BA0.000A: hidraw0: USB HID v80.00 Device [HID 054c:0ba0] on usb-dummy_hcd.1-1/input0 [ 140.256107][ T5799] sony 0003:054C:0BA0.000A: failed to claim input [ 140.438379][ T5240] usb 2-1: USB disconnect, device number 9 [ 140.466558][ T6607] fido_id[6607]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 140.613558][ T6618] program syz.2.925 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 140.660133][ T6622] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 141.174343][ T6655] loop1: detected capacity change from 0 to 1024 [ 141.271602][ T6655] hfsplus: bad catalog entry type [ 141.298404][ T6661] loop2: detected capacity change from 0 to 128 [ 141.338057][ T144] hfsplus: b-tree write err: -5, ino 25 [ 141.374213][ T144] hfsplus: b-tree write err: -5, ino 4 [ 141.407246][ T144] hfsplus: b-tree write err: -5, ino 2 [ 141.428574][ T144] hfsplus: b-tree write err: -5, ino 26 [ 141.599949][ T26] audit: type=1326 audit(1778578461.418:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6670 comm="syz.2.948" exe="/root/ci2-linux-5-15-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa0eec9fdd9 code=0x0 [ 142.301333][ T6716] netlink: 96 bytes leftover after parsing attributes in process `syz.1.970'. [ 142.334179][ T6718] netlink: 4 bytes leftover after parsing attributes in process `syz.0.972'. [ 142.409892][ T6722] loop1: detected capacity change from 0 to 128 [ 142.704685][ T6737] loop4: detected capacity change from 0 to 1024 [ 142.807568][ T26] audit: type=1800 audit(1778578462.628:14): pid=6737 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.979" name=26600226622266C5AC981DB3630C63981373622ECC85B93137E6C5BC9884F9B1201644424246C6425808E318C72258048B62512C8EC5D1A1C352580A4BE38D5806CB60592C8BE5B01C96C70A58016FC55BB11256C2CA5819AB6015AC8A55B13A56C7BBF02EBC1B6B612DAC8DB5B10ED6C1BA5817EB613DAC8FF5B12136C446D8081B63636C8A4DB13936C796D8125B612B6C8DADB12DB6C576D80EDB637BEC801DB02376C44ED8093B6367EC825DB02B76C56EF81C3E87CFE3F3F802BE80BDB0AAEA8D7DB00FF6C5BED81F07E0 dev="loop4" ino=26 res=0 errno=0 [ 142.899274][ T4238] hfsplus: b-tree write err: -5, ino 25 [ 142.905285][ T4238] hfsplus: b-tree write err: -5, ino 4 [ 142.919210][ T4238] hfsplus: b-tree write err: -5, ino 2 [ 142.926532][ T4238] hfsplus: b-tree write err: -5, ino 26 [ 143.156030][ T6756] team0: Device gtp0 is of different type [ 143.293928][ T5227] kernel read not supported for file /dsp1 (pid: 5227 comm: kworker/1:9) [ 143.322519][ T5227] kernel read not supported for file /dsp1 (pid: 5227 comm: kworker/1:9) [ 143.778523][ T6781] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1002'. [ 143.950963][ T6787] loop2: detected capacity change from 0 to 128 [ 144.033159][ T6787] FAT-fs (loop2): bogus number of reserved sectors [ 144.039734][ T6787] FAT-fs (loop2): This looks like a DOS 1.x volume, but isn't a recognized floppy size (128 sectors) [ 144.070481][ T6787] FAT-fs (loop2): Can't find a valid FAT filesystem [ 144.220826][ T6787] 9p: Unknown Cache mode read)ahead [ 144.226897][ T6787] 9p: Unknown Cache mode IcɎ#?3KGwVK+UノaW??]LV\`im_?Iۭ/\*VUYkRR jP_`VC^e:UP+VemzZUfJUTm̫f Pc#Eo=}*Nj-;J4Ekl5b>y8'߱=;Gd4h{lN30t>_uYS6ӹ̜RIXR͹_z%d+73jËol?+^|F_3 w1g%-g/a_|\~oHZ^\X<{(?WU [ 144.300502][ T4701] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 144.386448][ T6803] loop4: detected capacity change from 0 to 128 [ 144.770730][ T4701] usb 2-1: unable to get BOS descriptor or descriptor too short [ 144.852793][ T4701] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7 [ 144.896400][ T6823] loop2: detected capacity change from 0 to 4096 [ 144.960904][ T6823] ntfs3: loop2: Different NTFS' sector size (1024) and media sector size (512) [ 145.066064][ T4701] usb 2-1: New USB device found, idVendor=2b73, idProduct=0013, bcdDevice= 0.40 [ 145.083291][ T4701] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.120439][ T4701] usb 2-1: Product: syz [ 145.124687][ T4701] usb 2-1: Manufacturer: syz [ 145.129327][ T4701] usb 2-1: SerialNumber: syz [ 145.585531][ T4701] usb 2-1: unit 4 not found! [ 145.768067][ T4701] snd-usb-audio: probe of 2-1:1.0 failed with error -71 [ 145.828030][ T4701] usb 2-1: USB disconnect, device number 10 [ 145.909150][ T6841] loop2: detected capacity change from 0 to 32768 [ 145.955981][ T6841] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 scanned by syz.2.1031 (6841) [ 146.011643][ T6841] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm [ 146.060743][ T6841] BTRFS info (device loop2): using free space tree [ 146.102630][ T6841] BTRFS info (device loop2): has skinny extents [ 146.171104][ T4307] udevd[4307]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 146.177951][ T6839] loop4: detected capacity change from 0 to 40427 [ 146.212036][ T6839] F2FS-fs (loop4): build fault injection attr: rate: 14, type: 0x1ffff [ 146.261869][ T6839] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x724 [ 146.319750][ T6839] F2FS-fs (loop4): invalid crc value [ 146.366843][ T6839] F2FS-fs (loop4): Found nat_bits in checkpoint [ 146.596754][ T6839] F2FS-fs (loop4) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x43c/0xaa0 [ 146.676510][ T6841] BTRFS info (device loop2): enabling ssd optimizations [ 146.730561][ T4701] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 146.741416][ T6839] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 146.875781][ T6839] F2FS-fs (loop4) : inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x6a4/0x1dc0 [ 147.006666][ T6839] F2FS-fs (loop4) : inject alloc nid in f2fs_alloc_nid of f2fs_new_inode+0x118/0x1130 [ 147.136194][ T4701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 147.151284][ T4193] attempt to access beyond end of device [ 147.151284][ T4193] loop4: rw=2049, want=45104, limit=40427 [ 147.190342][ T4701] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 147.224125][ T4701] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 147.288629][ T4701] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 147.317154][ T4701] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 147.376028][ T4701] usb 1-1: config 0 descriptor?? [ 147.810784][ T4257] kernel read not supported for file /dsp1 (pid: 4257 comm: kworker/0:8) [ 147.902658][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.917407][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.925501][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.939283][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.947148][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.960720][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.968422][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.982394][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 147.989905][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.001499][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.009184][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.022721][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.030179][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.041652][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.049360][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.062003][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.069821][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.070383][ C1] sched: RT throttling activated [ 148.093203][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.107247][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.159873][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.196660][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.214721][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.235095][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.265482][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.294221][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.332627][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.345782][ T6866] loop1: detected capacity change from 0 to 262144 [ 148.372395][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.400248][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.458783][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.469115][ T6866] F2FS-fs (loop1): Found nat_bits in checkpoint [ 148.497284][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.524427][ T6866] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 148.550825][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.590451][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.640599][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.648086][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.705407][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.732348][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.750070][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.767859][ T4701] plantronics 0003:047F:FFFF.000B: unknown main item tag 0x0 [ 148.789360][ T4701] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 148.907489][ T4701] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.00 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 148.945906][ T4701] usb 1-1: USB disconnect, device number 11 [ 149.102510][ T6900] loop4: detected capacity change from 0 to 64 [ 149.153323][ T6896] fido_id[6896]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 149.740743][ T5230] kernel read not supported for file /dsp1 (pid: 5230 comm: kworker/1:11) [ 149.812454][ T6917] loop4: detected capacity change from 0 to 512 [ 149.942723][ T6917] EXT4-fs (loop4): Ignoring removed nobh option [ 150.046769][ T6917] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #11: comm syz.4.1054: invalid indirect mapped block 256 (level 2) [ 150.097322][ T6917] EXT4-fs (loop4): Remounting filesystem read-only [ 150.105108][ T6917] EXT4-fs (loop4): 2 truncates cleaned up [ 150.150498][ T6917] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobh,auto_da_alloc,errors=remount-ro,. Quota mode: writeback. [ 150.244496][ T6917] EXT4-fs error (device loop4): ext4_check_dx_root:2266: inode #2: comm syz.4.1054: Corrupt dir, invalid name_len for '.', running e2fsck is recommended [ 150.300542][ T6917] EXT4-fs (loop4): Remounting filesystem read-only [ 150.749560][ T6944] device wlan0 entered promiscuous mode [ 150.769841][ T6944] device macsec1 entered promiscuous mode [ 150.858306][ T6947] device macsec2 entered promiscuous mode [ 151.060031][ T6947] syz.0.1065 (6947) used greatest stack depth: 20784 bytes left [ 151.317958][ T6963] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1072'. [ 151.465349][ T6963] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1072'. [ 151.486907][ T6968] loop1: detected capacity change from 0 to 64 [ 151.705183][ T6976] netlink: 48 bytes leftover after parsing attributes in process `syz.3.1078'. [ 151.935715][ T6986] loop4: detected capacity change from 0 to 128 [ 152.027715][ T6986] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256 [ 152.066925][ T6986] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 152.340454][ T4701] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 152.600670][ T4701] usb 1-1: Using ep0 maxpacket: 16 [ 152.746148][ T4701] usb 1-1: config 0 interface 0 altsetting 64 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.776165][ T4701] usb 1-1: config 0 interface 0 has no altsetting 0 [ 152.783281][ T4701] usb 1-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 152.815946][ T4701] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.845221][ T4701] usb 1-1: config 0 descriptor?? [ 152.870650][ T5240] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 153.130382][ T5240] usb 2-1: Using ep0 maxpacket: 32 [ 153.263345][ T5240] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 153.280855][ T5240] usb 2-1: config 0 has no interface number 0 [ 153.333577][ T4701] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0 [ 153.356508][ T4701] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0 [ 153.374401][ T4701] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0 [ 153.399999][ T4701] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0 [ 153.452832][ T5240] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 153.468297][ T4701] mcp2221 0003:04D8:00DD.000C: unknown main item tag 0x0 [ 153.469520][ T5240] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.513055][ T4701] mcp2221 0003:04D8:00DD.000C: USB HID v0.01 Device [HID 04d8:00dd] on usb-dummy_hcd.0-1/input0 [ 153.530415][ T5240] usb 2-1: Product: syz [ 153.538201][ T5240] usb 2-1: Manufacturer: syz [ 153.558477][ T5240] usb 2-1: SerialNumber: syz [ 153.579244][ T5240] usb 2-1: config 0 descriptor?? [ 153.590377][ C0] usb 1-1: input irq status -75 received [ 153.635500][ T5240] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 153.748221][ T4701] usb 1-1: USB disconnect, device number 12 [ 153.856844][ T5240] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 153.900474][ T5240] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 154.151748][ T4228] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 154.294052][ T5227] usb 2-1: USB disconnect, device number 11 [ 154.310370][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -108 [ 154.320648][ T5227] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 154.355731][ T5227] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 154.377331][ T5227] quatech2 2-1:0.51: device disconnected [ 154.450478][ T5240] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 154.582353][ T4228] usb 5-1: unable to get BOS descriptor or descriptor too short [ 154.670628][ T4228] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 64, changing to 7 [ 154.722347][ T7061] device wlan0 entered promiscuous mode [ 154.728045][ T7061] device macsec1 entered promiscuous mode [ 154.755864][ T7061] device macsec2 entered promiscuous mode [ 154.810581][ T5240] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 154.827143][ T5240] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 154.840665][ T4228] usb 5-1: New USB device found, idVendor=2b73, idProduct=0013, bcdDevice= 0.40 [ 154.849774][ T4228] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.864898][ T4228] usb 5-1: Product: syz [ 154.878550][ T4228] usb 5-1: Manufacturer: syz [ 154.884438][ T4228] usb 5-1: SerialNumber: syz [ 154.940738][ T5240] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 154.949859][ T5240] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 154.975428][ T5240] usb 3-1: SerialNumber: syz [ 155.336778][ T4228] usb 5-1: unit 4 not found! [ 155.443508][ T5240] usb 3-1: 0:2 : does not exist [ 155.449005][ T4228] snd-usb-audio: probe of 5-1:1.0 failed with error -71 [ 155.506502][ T5240] usb 3-1: USB disconnect, device number 8 [ 155.550668][ T4228] usb 5-1: USB disconnect, device number 9 [ 155.871938][ T4307] udevd[4307]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 155.996696][ T4685] udevd[4685]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 156.124783][ T7094] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 156.519364][ T7098] Illegal XDP return value 4294967274, expect packet loss! [ 156.966088][ T7096] loop4: detected capacity change from 0 to 32768 [ 157.015579][ T7096] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 scanned by syz.4.1133 (7096) [ 157.083478][ T7096] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm [ 157.121686][ T7096] BTRFS info (device loop4): using free space tree [ 157.143821][ T7096] BTRFS info (device loop4): has skinny extents [ 157.527258][ T7096] BTRFS info (device loop4): enabling ssd optimizations [ 157.962026][ T7143] loop1: detected capacity change from 0 to 512 [ 158.107412][ T7149] 9pnet: p9_errstr2errno: server reported unknown error 000000000000000000000040x0000000000000003.c,i [ 158.286464][ T7155] fuse: Bad value for 'fd' [ 158.373393][ T7160] loop2: detected capacity change from 0 to 164 [ 158.434432][ T7160] Unable to read rock-ridge attributes [ 158.447898][ T7143] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpjquota=,stripe=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 158.506989][ T7143] ext4 filesystem being mounted at /204/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 158.547938][ T7160] Unable to read rock-ridge attributes [ 158.610107][ T7172] loop5: detected capacity change from 0 to 7 [ 158.648850][ T7172] Dev loop5: unable to read RDB block 7 [ 158.669335][ T7172] loop5: unable to read partition table [ 158.675715][ T7172] loop5: partition table beyond EOD, truncated [ 158.694617][ T7172] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 158.874170][ T5240] kernel write not supported for file bpf-prog (pid: 5240 comm: kworker/1:18) [ 158.964762][ T7184] loop4: detected capacity change from 0 to 128 [ 159.108471][ T7188] loop1: detected capacity change from 0 to 1024 [ 159.173742][ T7188] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (62631!=20869) [ 159.214893][ T7188] EXT4-fs (loop1): can't mount with journal_checksum, fs mounted w/o journal [ 159.266886][ T7193] o2cb: This node has not been configured. [ 159.275827][ T7193] o2cb: Cluster check failed. Fix errors before retrying. [ 159.289567][ T7188] netlink: 452 bytes leftover after parsing attributes in process `syz.1.1165'. [ 159.336687][ T7193] (syz.3.1169,7193,1):user_dlm_register:675 ERROR: status = -22 [ 159.394503][ T7193] (syz.3.1169,7193,1):dlmfs_mkdir:430 ERROR: Error -22 could not register domain "file0" [ 159.870987][ T7223] netlink: 452 bytes leftover after parsing attributes in process `syz.0.1184'. [ 159.960957][ T7230] o2cb: This node has not been configured. [ 159.980469][ T7230] o2cb: Cluster check failed. Fix errors before retrying. [ 160.011283][ T7230] (syz.1.1188,7230,0):user_dlm_register:675 ERROR: status = -22 [ 160.040149][ T7230] (syz.1.1188,7230,0):dlmfs_mkdir:430 ERROR: Error -22 could not register domain "file0" [ 160.176879][ T7243] o2cb: This node has not been configured. [ 160.202573][ T7243] o2cb: Cluster check failed. Fix errors before retrying. [ 160.229286][ T7243] (syz.2.1203,7243,0):user_dlm_register:675 ERROR: status = -22 [ 160.268298][ T7243] (syz.2.1203,7243,0):dlmfs_mkdir:430 ERROR: Error -22 could not register domain "file0" [ 160.317112][ T7250] loop1: detected capacity change from 0 to 164 [ 160.462154][ T7253] loop5: detected capacity change from 0 to 7 [ 160.513393][ T7253] Dev loop5: unable to read RDB block 7 [ 160.520608][ T7253] loop5: unable to read partition table [ 160.526439][ T7253] loop5: partition table beyond EOD, truncated [ 160.600775][ T7253] loop_reread_partitions: partition scan of loop5 (被x ) failed (rc=-5) [ 160.645618][ T5240] kernel write not supported for file bpf-prog (pid: 5240 comm: kworker/1:18) [ 161.468549][ T7305] loop4: detected capacity change from 0 to 512 [ 161.525986][ T7305] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 161.535982][ T7307] overlayfs: failed to decode file handle (len=0, type=251, flags=0, err=-22) [ 161.567507][ T7305] EXT4-fs error (device loop4): ext4_iget_extra_inode:4573: inode #15: comm syz.4.1223: corrupted in-inode xattr [ 161.596994][ T7305] EXT4-fs error (device loop4): ext4_orphan_get:1411: comm syz.4.1223: couldn't read orphan inode 15 (err -117) [ 161.610211][ T7305] EXT4-fs (loop4): mounted filesystem without journal. Opts: lazytime,inode_readahead_blks=0x0000000000000001,grpid,noload,delalloc,max_batch_time=0x0000000000000001,discard,inode_readahead_blks=0x0000000000004000,nomblk_io_submit,init_itable=0x0000000000000fff,,errors=continue. Quota mode: none. [ 162.080172][ T7326] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1233'. [ 163.115637][ T7350] device hsr0 entered promiscuous mode [ 163.146477][ T7350] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1241'. [ 163.197968][ T7350] device hsr_slave_0 left promiscuous mode [ 163.270536][ T7350] device hsr_slave_1 left promiscuous mode [ 163.369472][ T7350] device hsr0 left promiscuous mode [ 164.310502][ T5240] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 164.712802][ T5240] usb 3-1: unable to get BOS descriptor or descriptor too short [ 164.780030][ T7404] loop4: detected capacity change from 0 to 8192 [ 164.830527][ T5240] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 164.876021][ T5240] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 164.889333][ T7404] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 164.909190][ T7404] REISERFS (device loop4): using ordered data mode [ 164.917512][ T7404] reiserfs: using flush barriers [ 164.940086][ T7404] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 164.956902][ T7404] REISERFS (device loop4): checking transaction log (loop4) [ 165.058154][ T7404] REISERFS (device loop4): Using tea hash to sort names [ 165.071304][ T7404] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 165.140617][ T5240] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice= 0.40 [ 165.150085][ T5240] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.194440][ T5240] usb 3-1: Product: syz [ 165.240388][ T5240] usb 3-1: Manufacturer: syz [ 165.245426][ T5240] usb 3-1: SerialNumber: syz [ 165.750156][ T7433] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1277'. [ 166.192660][ T5230] usb 3-1: USB disconnect, device number 9 [ 167.140509][ T7472] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1294'. [ 167.716954][ T7498] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 169.789859][ T7503] netlink: 35 bytes leftover after parsing attributes in process `syz.0.1309'. [ 169.826236][ T7503] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1309'. [ 169.949967][ T7511] loop1: detected capacity change from 0 to 512 [ 170.002386][ T7513] input: syz0 as /devices/virtual/input/input30 [ 170.048538][ T7511] EXT4-fs (loop1): inline encryption not supported [ 170.072802][ T7511] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 170.129388][ T7511] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c119, mo2=0002] [ 170.174704][ T7511] System zones: 1-12 [ 170.218671][ T7511] EXT4-fs (loop1): 1 truncate cleaned up [ 170.280388][ T7511] EXT4-fs (loop1): mounted filesystem without journal. Opts: nolazytime,inlinecrypt,debug,lazytime,nombcache,noload,,errors=continue. Quota mode: none. [ 171.960628][ T5240] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 172.235410][ T5226] hid-generic 0005:16C0:5505.000D: unknown main item tag 0x0 [ 172.243574][ T5240] usb 3-1: Using ep0 maxpacket: 32 [ 172.277056][ T5226] hid-generic 0005:16C0:5505.000D: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 172.360603][ T5240] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7 [ 172.385267][ T5240] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024 [ 172.411444][ T7573] fido_id[7573]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci3/hci3:200/report_descriptor': No such file or directory [ 172.509353][ T7575] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 172.520403][ T7575] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 172.617375][ T5240] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 172.628123][ T5240] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.642990][ T5240] usb 3-1: Product: syz [ 172.647309][ T5240] usb 3-1: Manufacturer: syz [ 172.657529][ T5240] usb 3-1: SerialNumber: syz [ 172.668027][ T5240] usb 3-1: config 0 descriptor?? [ 172.731120][ T5240] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 172.830589][ T5226] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 172.922665][ T5240] usb 3-1: USB disconnect, device number 10 [ 172.940572][ T9] usb 3-1: Failed to submit usb control message: -71 [ 172.948496][ T9] usb 3-1: unable to send the bmi data to the device: -71 [ 172.956342][ T9] usb 3-1: unable to get target info from device [ 172.963047][ T9] usb 3-1: could not get target info (-71) [ 172.970233][ T9] usb 3-1: could not probe fw (-71) [ 173.140556][ T4227] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 173.200567][ T5226] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 173.214315][ T5226] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 173.224848][ T5226] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 173.239597][ T5226] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 173.255620][ T5226] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 173.381641][ T5226] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 173.391553][ T5226] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 173.399700][ T5226] usb 4-1: Product: syz [ 173.404810][ T5226] usb 4-1: Manufacturer: syz [ 173.430585][ T4227] usb 2-1: Using ep0 maxpacket: 8 [ 173.451874][ T5226] cdc_wdm 4-1:1.0: skipping garbage [ 173.457169][ T5226] cdc_wdm 4-1:1.0: skipping garbage [ 173.495398][ T4701] hid-generic 0005:16C0:5505.000E: unknown main item tag 0x0 [ 173.513935][ T4701] hid-generic 0005:16C0:5505.000E: hidraw0: BLUETOOTH HID v0.8b Device [syz0] on aa:aa:aa:aa:aa:aa [ 173.545927][ T5226] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 173.560991][ T5226] cdc_wdm 4-1:1.0: Unknown control protocol [ 173.570784][ T4227] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 173.586406][ T4227] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 173.631411][ T7606] fido_id[7606]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci3/hci3:200/report_descriptor': No such file or directory [ 173.654285][ T4227] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 173.690799][ T4227] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 173.709284][ T4227] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 173.748685][ T7610] loop4: detected capacity change from 0 to 16 [ 173.755218][ T4227] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 173.772128][ T4227] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 173.847513][ T7610] erofs: (device loop4): mounted with root inode @ nid 36. [ 173.899210][ T7610] attempt to access beyond end of device [ 173.899210][ T7610] loop4: rw=0, want=34359214088, limit=16 [ 173.920147][ T7610] erofs: (device loop4): erofs_readdir: fail to readdir of logical block 0 of nid 46 [ 174.050703][ T4227] usb 2-1: GET_CAPABILITIES returned 0 [ 174.056274][ T4227] usbtmc 2-1:16.0: can't read capabilities [ 174.091718][ T7616] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 174.141559][ T7616] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 174.193496][ T4227] usb 4-1: USB disconnect, device number 10 [ 174.273193][ T7] usb 2-1: USB disconnect, device number 12 [ 174.616853][ T7636] loop4: detected capacity change from 0 to 512 [ 174.745905][ T7636] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 174.760866][ T7636] ext4 filesystem being mounted at /278/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 174.866864][ T7647] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 174.886369][ T7636] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #2: comm syz.4.1361: corrupted inode contents [ 174.905240][ T7647] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 174.936619][ T7647] overlayfs: inode number too big (/, ino=4611686018427387905, xinobits=3) [ 175.031852][ T7636] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #2: comm syz.4.1361: mark_inode_dirty error [ 175.055374][ T7658] sctp: [Deprecated]: syz.1.1372 (pid 7658) Use of struct sctp_assoc_value in delayed_ack socket option. [ 175.055374][ T7658] Use struct sctp_sack_info instead [ 175.088855][ T7659] loop2: detected capacity change from 0 to 512 [ 175.134037][ T7659] EXT4-fs error (device loop2): ext4_xattr_inode_iget:401: inode #12: comm syz.2.1371: missing EA_INODE flag [ 175.171725][ T7636] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #2: comm syz.4.1361: corrupted inode contents [ 175.189851][ T7659] EXT4-fs error (device loop2): ext4_xattr_inode_iget:406: comm syz.2.1371: error while reading EA inode 12 err=-117 [ 175.218270][ T7659] EXT4-fs (loop2): 1 orphan inode deleted [ 175.230535][ T7659] EXT4-fs (loop2): mounted filesystem without journal. Opts: nombcache,data_err=abort,,errors=continue. Quota mode: writeback. [ 175.286270][ T7652] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #2: comm syz.4.1361: corrupted inode contents [ 175.402139][ T7652] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #2: comm syz.4.1361: mark_inode_dirty error [ 175.456763][ T7652] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #2: comm syz.4.1361: corrupted inode contents [ 175.597726][ T7652] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.1361: mark_inode_dirty error [ 175.651117][ T7652] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #2: comm syz.4.1361: corrupted inode contents [ 175.703933][ T7652] EXT4-fs error (device loop4): ext4_dirty_inode:6077: inode #2: comm syz.4.1361: mark_inode_dirty error [ 175.840432][ T7] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 176.112552][ T7636] EXT4-fs error (device loop4): ext4_do_update_inode:5229: inode #2: comm syz.4.1361: corrupted inode contents [ 176.120641][ T7] usb 4-1: Using ep0 maxpacket: 8 [ 176.142594][ T7693] loop8: detected capacity change from 0 to 7 [ 176.167010][ T7693] loop8: [CUMANA/ADFS] p1 [Linux] p2 [ADFS] p1 [Linux] p2 [ 176.185970][ T7693] loop8: partition table partially beyond EOD, truncated [ 176.200696][ T7695] ubi0: attaching mtd0 [ 176.207770][ T7695] ubi0: scanning is finished [ 176.218286][ T7693] loop8: p1 size 3850834742 extends beyond EOD, truncated [ 176.247415][ T7695] ubi0: empty MTD device detected [ 176.262319][ T7693] loop8: p2 start 516240762 is beyond EOD, truncated [ 176.279856][ T7] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 176.293349][ T7] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 176.342001][ T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 176.366890][ T7697] loop4: detected capacity change from 0 to 128 [ 176.400472][ T7] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 176.413774][ T7] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.427433][ T7] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 176.436865][ T7] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.493063][ T4307] udevd[4307]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory [ 176.543017][ T7695] ubi0: attached mtd0 (name "mtdram test device", size 0 MiB) [ 176.570600][ T7695] ubi0: PEB size: 4096 bytes (4 KiB), LEB size: 3774 bytes [ 176.599599][ T7695] ubi0: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 176.627918][ T7695] ubi0: VID header offset: 258 (aligned 258), data offset: 322 [ 176.665511][ T4190] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci3/hci3:201' [ 176.675898][ T4190] CPU: 0 PID: 4190 Comm: kworker/u5:2 Not tainted syzkaller #0 [ 176.683494][ T4190] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 176.693599][ T4190] Workqueue: hci3 hci_rx_work [ 176.698355][ T4190] Call Trace: [ 176.701676][ T4190] [ 176.704639][ T4190] dump_stack_lvl+0x188/0x250 [ 176.709372][ T4190] ? show_regs_print_info+0x20/0x20 [ 176.711453][ T7695] ubi0: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 176.714623][ T4190] ? load_image+0x400/0x400 [ 176.726112][ T4190] sysfs_create_dir_ns+0x26a/0x290 [ 176.731277][ T4190] ? sysfs_warn_dup+0xa0/0xa0 [ 176.736002][ T4190] ? process_one_work+0x85f/0x1010 [ 176.741162][ T4190] ? do_raw_spin_unlock+0x11d/0x230 [ 176.746409][ T4190] kobject_add_internal+0x6e0/0xd90 [ 176.751755][ T4190] kobject_add+0x160/0x230 [ 176.756221][ T4190] ? kobject_init+0x1d0/0x1d0 [ 176.760947][ T4190] ? klist_children_get+0x50/0x50 [ 176.762262][ T7695] ubi0: user volume: 0, internal volumes: 1, max. volumes count: 21 [ 176.766007][ T4190] ? get_device_parent+0x121/0x3f0 [ 176.766040][ T4190] device_add+0x483/0xfb0 [ 176.766075][ T4190] hci_conn_add_sysfs+0xd1/0x1e0 [ 176.788581][ T4190] le_conn_complete_evt+0xc48/0x15c0 [ 176.794032][ T4190] ? cs_le_create_conn+0x5e0/0x5e0 [ 176.799289][ T4190] ? __mutex_trylock_common+0x155/0x260 [ 176.804892][ T4190] hci_le_meta_evt+0x285/0x3c90 [ 176.809795][ T4190] ? hci_event_packet+0x37b/0x1370 [ 176.815056][ T4190] ? __lock_acquire+0x7d10/0x7d10 [ 176.820137][ T4190] ? hci_remote_host_features_evt+0x280/0x280 [ 176.826250][ T4190] ? __mutex_unlock_slowpath+0x1b0/0x6c0 [ 176.831933][ T4190] ? mark_lock+0x94/0x320 [ 176.836308][ T4190] ? mutex_unlock+0x10/0x10 [ 176.840898][ T4190] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 176.846937][ T4190] ? lock_chain_count+0x20/0x20 [ 176.852015][ T4190] ? __rwlock_init+0x140/0x140 [ 176.856829][ T4190] hci_event_packet+0xe48/0x1370 [ 176.861809][ T4190] ? lockdep_hardirqs_on+0x94/0x140 [ 176.864095][ T7695] ubi0: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 587324507 [ 176.867060][ T4190] ? rcu_lock_release+0x20/0x20 [ 176.867096][ T4190] ? hci_send_to_monitor+0x9c/0x4a0 [ 176.887178][ T4190] hci_rx_work+0x255/0xa10 [ 176.891659][ T4190] process_one_work+0x85f/0x1010 [ 176.896668][ T4190] ? worker_detach_from_pool+0x240/0x240 [ 176.902352][ T4190] ? lockdep_hardirqs_off+0x70/0x100 [ 176.907689][ T4190] ? _raw_spin_lock_irq+0xb7/0xf0 [ 176.912757][ T4190] ? _raw_spin_lock_irqsave+0x100/0x100 [ 176.918348][ T4190] ? wq_worker_running+0x97/0x170 [ 176.923539][ T4190] worker_thread+0xaa6/0x1290 [ 176.928500][ T4190] ? lockdep_hardirqs_on+0x94/0x140 [ 176.933762][ T4190] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 176.939723][ T4190] kthread+0x436/0x520 [ 176.943843][ T4190] ? rcu_lock_release+0x20/0x20 [ 176.948742][ T4190] ? kthread_blkcg+0xd0/0xd0 [ 176.953377][ T4190] ret_from_fork+0x1f/0x30 [ 176.956033][ T7695] ubi0: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 176.957850][ T4190] [ 176.971025][ T4190] kobject_add_internal failed for hci3:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 176.971088][ T4190] Bluetooth: hci3: failed to register connection device [ 177.000592][ T7] usb 4-1: GET_CAPABILITIES returned 0 [ 177.006159][ T7] usbtmc 4-1:16.0: can't read capabilities [ 177.036799][ T7702] ubi0: background thread "ubi_bgt0d" started, PID 7702 [ 177.071724][ T7708] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 177.123288][ T7708] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 177.173530][ T7713] overlayfs: inode number too big (/, ino=4611686018427387905, xinobits=3) [ 177.251557][ T7675] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -90 [ 177.289625][ T7] usb 4-1: USB disconnect, device number 11 [ 177.800399][ T5226] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 177.845149][ T7745] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 177.898495][ T7749] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 177.950167][ T7749] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 177.972478][ T7749] overlayfs: inode number too big (/, ino=4611686018427387905, xinobits=3) [ 178.051396][ T5226] usb 2-1: Using ep0 maxpacket: 32 [ 178.110222][ T7760] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1418'. [ 178.170800][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 52, changing to 7 [ 178.191959][ T5226] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 9272, setting to 1024 [ 178.380880][ T5226] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16 [ 178.410922][ T5226] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.436842][ T5226] usb 2-1: Product: syz [ 178.457117][ T5226] usb 2-1: Manufacturer: syz [ 178.467803][ T5226] usb 2-1: SerialNumber: syz [ 178.490367][ T5226] usb 2-1: config 0 descriptor?? [ 178.497354][ T7780] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1427'. [ 178.528663][ T7780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1427'. [ 178.541282][ T7780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1427'. [ 178.550994][ T7780] netlink: 100 bytes leftover after parsing attributes in process `syz.4.1427'. [ 178.591776][ T5226] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 178.831981][ T5226] usb 2-1: USB disconnect, device number 13 [ 178.840919][ T155] usb 2-1: Failed to submit usb control message: -71 [ 178.848243][ T155] usb 2-1: unable to send the bmi data to the device: -71 [ 178.882377][ T155] usb 2-1: unable to get target info from device [ 178.919318][ T155] usb 2-1: could not get target info (-71) [ 178.936178][ T155] usb 2-1: could not probe fw (-71) [ 178.985336][ T7804] 9pnet: p9_errstr2errno: server reported unknown error .c,i Qכ [ 179.170612][ T5232] Bluetooth: hci3: command 0x0411 tx timeout [ 179.190555][ T5230] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 179.441833][ T4257] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 179.550759][ T5230] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 179.567088][ T7836] loop1: detected capacity change from 0 to 2048 [ 179.571084][ T5230] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 179.630526][ T5230] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 179.643778][ T5230] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 179.656738][ T5230] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 179.683564][ T7836] EXT4-fs (loop1): mounted filesystem without journal. Opts: dioread_lock,,errors=continue. Quota mode: none. [ 179.722432][ T26] audit: type=1800 audit(1778578499.548:15): pid=7836 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1450" name="file1" dev="loop1" ino=19 res=0 errno=0 [ 179.780064][ T7846] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1463'. [ 179.790371][ T5230] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 179.799723][ T5230] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 179.819867][ T5230] usb 3-1: Product: syz [ 179.824887][ T5230] usb 3-1: Manufacturer: syz [ 179.858413][ T4257] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.871547][ T5230] cdc_wdm 3-1:1.0: skipping garbage [ 179.876814][ T5230] cdc_wdm 3-1:1.0: skipping garbage [ 179.883446][ T4257] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.894187][ T4257] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 179.907915][ T4257] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 179.917345][ T4257] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.927567][ T5230] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 179.933394][ T4257] usb 5-1: config 0 descriptor?? [ 179.943699][ T5230] cdc_wdm 3-1:1.0: Unknown control protocol [ 180.124923][ T7856] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 180.410010][ T4257] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving [ 180.432659][ T4257] plantronics 0003:047F:FFFF.000F: hiddev1,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 180.611943][ T4227] usb 5-1: USB disconnect, device number 10 [ 186.050445][ T4701] Bluetooth: hci2: command 0x0406 tx timeout [ 186.056564][ T4701] Bluetooth: hci4: command 0x0406 tx timeout [ 194.214604][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.221008][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 197.650509][ T4701] Bluetooth: hci5: command 0x0409 tx timeout [ 199.170410][ T4701] Bluetooth: hci7: command 0x0409 tx timeout [ 199.650489][ T4257] Bluetooth: hci8: command 0x0409 tx timeout [ 199.730441][ T4257] Bluetooth: hci5: command 0x041b tx timeout [ 201.250498][ T4257] Bluetooth: hci7: command 0x041b tx timeout [ 201.730424][ T4257] Bluetooth: hci8: command 0x041b tx timeout [ 201.810445][ T4257] Bluetooth: hci5: command 0x040f tx timeout [ 203.340561][ T4257] Bluetooth: hci7: command 0x040f tx timeout [ 203.810547][ T4257] Bluetooth: hci8: command 0x040f tx timeout [ 203.890527][ T4257] Bluetooth: hci5: command 0x0419 tx timeout [ 205.410405][ T4257] Bluetooth: hci7: command 0x0419 tx timeout [ 205.900560][ T4257] Bluetooth: hci8: command 0x0419 tx timeout [ 215.250434][ T4701] Bluetooth: hci9: command 0x0409 tx timeout [ 217.330424][ T4257] Bluetooth: hci9: command 0x041b tx timeout [ 219.410550][ T4257] Bluetooth: hci9: command 0x040f tx timeout [ 221.500595][ T4257] Bluetooth: hci9: command 0x0419 tx timeout [ 255.663259][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.669643][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 257.810439][ T4701] Bluetooth: hci10: command 0x0409 tx timeout [ 258.770414][ T4257] Bluetooth: hci11: command 0x0409 tx timeout [ 259.260553][ T4257] Bluetooth: hci12: command 0x0409 tx timeout [ 259.810586][ T4257] Bluetooth: hci13: command 0x0409 tx timeout [ 261.890546][ T4701] Bluetooth: hci13: command 0x041b tx timeout [ 263.970467][ T4257] Bluetooth: hci13: command 0x040f tx timeout [ 266.050429][ T4257] Bluetooth: hci13: command 0x0419 tx timeout [ 275.810478][ T4257] Bluetooth: hci14: command 0x0409 tx timeout [ 277.890551][ T4257] Bluetooth: hci14: command 0x041b tx timeout [ 279.970645][ T4257] Bluetooth: hci14: command 0x040f tx timeout [ 282.050553][ T4257] Bluetooth: hci14: command 0x0419 tx timeout [ 317.092938][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.099310][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.906198][ T4257] Bluetooth: hci15: command 0x0409 tx timeout [ 318.930553][ T4257] Bluetooth: hci16: command 0x0409 tx timeout [ 319.170392][ T4257] Bluetooth: hci5: command 0x0406 tx timeout [ 319.970579][ T4701] Bluetooth: hci17: command 0x0409 tx timeout [ 319.980527][ T4701] Bluetooth: hci15: command 0x041b tx timeout [ 320.140514][ T4701] Bluetooth: hci18: command 0x0409 tx timeout [ 321.010528][ T4701] Bluetooth: hci16: command 0x041b tx timeout [ 322.050562][ T4701] Bluetooth: hci15: command 0x040f tx timeout [ 322.057545][ T4701] Bluetooth: hci17: command 0x041b tx timeout [ 322.215990][ T4701] Bluetooth: hci18: command 0x041b tx timeout [ 323.090490][ T4701] Bluetooth: hci16: command 0x040f tx timeout [ 324.130593][ T4701] Bluetooth: hci17: command 0x040f tx timeout [ 324.139486][ T4701] Bluetooth: hci15: command 0x0419 tx timeout [ 324.290587][ T4701] Bluetooth: hci18: command 0x040f tx timeout [ 324.300534][ T4701] Bluetooth: hci7: command 0x0406 tx timeout [ 325.170557][ T4701] Bluetooth: hci16: command 0x0419 tx timeout [ 326.052177][ T27] INFO: task kworker/u4:0:9 blocked for more than 143 seconds. [ 326.059784][ T27] Not tainted syzkaller #0 [ 326.073002][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 326.084365][ T27] task:kworker/u4:0 state:D stack:24624 pid: 9 ppid: 2 flags:0x00004000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 326.097707][ T27] Workqueue: events_unbound fsnotify_mark_destroy_workfn [ 326.107358][ T27] Call Trace: [ 326.114076][ T27] [ 326.117064][ T27] __schedule+0x11ef/0x43c0 [ 326.124263][ T27] ? release_firmware_map_entry+0x190/0x190 [ 326.130198][ T27] ? verify_lock_unused+0x140/0x140 [ 326.139127][ T27] ? kthread_data+0x4b/0xc0 [ 326.146266][ T27] schedule+0x11b/0x1e0 [ 326.200269][ T27] schedule_timeout+0xbd/0x2d0 [ 326.205114][ T27] ? console_conditional_schedule+0x40/0x40 [ 326.217338][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 326.223783][ T4257] Bluetooth: hci17: command 0x0419 tx timeout [ 326.230111][ T27] ? lock_chain_count+0x20/0x20 [ 326.235387][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 326.241086][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 326.246328][ T27] do_wait_for_common+0x2a2/0x450 [ 326.251786][ T27] ? console_conditional_schedule+0x40/0x40 [ 326.257709][ T27] ? wait_for_completion_killable_timeout+0x60/0x60 [ 326.264892][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 326.269966][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 326.275938][ T27] wait_for_completion+0x48/0x60 [ 326.281292][ T27] __synchronize_srcu+0x2bb/0x350 [ 326.286374][ T27] ? synchronize_srcu_expedited+0x20/0x20 [ 326.300816][ T27] ? rcu_read_lock_any_held+0x130/0x130 [ 326.306437][ T27] ? __rwlock_init+0x140/0x140 [ 326.312939][ T27] ? ktime_get_mono_fast_ns+0x199/0x1b0 [ 326.318535][ T27] ? synchronize_srcu+0x192/0x1b0 [ 326.324002][ T27] fsnotify_mark_destroy_workfn+0x106/0x2f0 [ 326.330634][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 326.336573][ T27] ? fsnotify_connector_destroy_workfn+0xa0/0xa0 [ 326.343284][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 326.348523][ T27] process_one_work+0x85f/0x1010 [ 326.354885][ T27] ? worker_detach_from_pool+0x240/0x240 [ 326.365167][ T27] ? lockdep_hardirqs_off+0x70/0x100 [ 326.373555][ T4257] Bluetooth: hci18: command 0x0419 tx timeout [ 326.379917][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 326.389810][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 326.396175][ T27] ? wq_worker_running+0x97/0x170 [ 326.401560][ T27] worker_thread+0xaa6/0x1290 [ 326.406305][ T27] kthread+0x436/0x520 [ 326.410904][ T27] ? rcu_lock_release+0x20/0x20 [ 326.415880][ T27] ? kthread_blkcg+0xd0/0xd0 [ 326.422099][ T27] ret_from_fork+0x1f/0x30 [ 326.426569][ T27] [ 326.429689][ T27] INFO: task khugepaged:33 blocked for more than 143 seconds. [ 326.438230][ T27] Not tainted syzkaller #0 [ 326.443535][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 326.453144][ T27] task:khugepaged state:D stack:27640 pid: 33 ppid: 2 flags:0x00004000 [ 326.462690][ T27] Call Trace: [ 326.465998][ T27] [ 326.468963][ T27] __schedule+0x11ef/0x43c0 [ 326.474045][ T27] ? release_firmware_map_entry+0x190/0x190 [ 326.479981][ T27] ? verify_lock_unused+0x140/0x140 [ 326.485623][ T27] ? verify_lock_unused+0x140/0x140 [ 326.491087][ T27] schedule+0x11b/0x1e0 [ 326.495783][ T27] schedule_timeout+0xbd/0x2d0 [ 326.500995][ T27] ? console_conditional_schedule+0x40/0x40 [ 326.506919][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 326.513278][ T27] ? lock_chain_count+0x20/0x20 [ 326.518258][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 326.523873][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 326.529120][ T27] do_wait_for_common+0x2a2/0x450 [ 326.538005][ T27] ? console_conditional_schedule+0x40/0x40 [ 326.548768][ T27] ? wait_for_completion_killable_timeout+0x60/0x60 [ 326.556802][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 326.566664][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 326.573620][ T27] ? start_flush_work+0x776/0x820 [ 326.578696][ T27] wait_for_completion+0x48/0x60 [ 326.588537][ T27] __flush_work+0x15a/0x210 [ 326.594459][ T27] ? lock_chain_count+0x20/0x20 [ 326.599861][ T27] ? flush_work+0x20/0x20 [ 326.609108][ T27] ? start_flush_work+0x820/0x820 [ 326.615553][ T27] ? wq_worker_last_func+0x40/0x40 [ 326.625433][ T27] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 326.632730][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 326.637966][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 326.650026][ T27] __lru_add_drain_all+0x9ce/0xac0 [ 326.656596][ T27] khugepaged+0x13a/0x11f0 [ 326.665833][ T27] ? start_stop_khugepaged+0x160/0x160 [ 326.672695][ T27] ? init_wait_entry+0xd0/0xd0 [ 326.677509][ T27] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 326.688248][ T27] ? init_wait_entry+0xd0/0xd0 [ 326.699930][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 326.710749][ T27] ? _raw_spin_unlock+0x40/0x40 [ 326.715652][ T27] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 326.726598][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 326.733219][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 326.739159][ T27] ? __kthread_parkme+0x157/0x1b0 [ 326.749174][ T27] kthread+0x436/0x520 [ 326.756053][ T27] ? start_stop_khugepaged+0x160/0x160 [ 326.767017][ T27] ? kthread_blkcg+0xd0/0xd0 [ 326.775363][ T27] ret_from_fork+0x1f/0x30 [ 326.779930][ T27] [ 326.787983][ T27] INFO: task syz-executor:4191 blocked for more than 144 seconds. [ 326.797237][ T27] Not tainted syzkaller #0 [ 326.802896][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 326.812064][ T27] task:syz-executor state:D stack:21680 pid: 4191 ppid: 1 flags:0x00004004 [ 326.821600][ T27] Call Trace: [ 326.824914][ T27] [ 326.827879][ T27] __schedule+0x11ef/0x43c0 [ 326.832810][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 326.838847][ T27] ? lock_chain_count+0x20/0x20 [ 326.844321][ T27] ? __rwlock_init+0x140/0x140 [ 326.849136][ T27] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 326.855886][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 326.862808][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 326.868761][ T27] ? release_firmware_map_entry+0x190/0x190 [ 326.875037][ T27] ? queue_work_on+0x196/0x1f0 [ 326.879843][ T27] ? __might_sleep+0xf0/0xf0 [ 326.884842][ T27] ? wq_worker_last_func+0x40/0x40 [ 326.890005][ T27] schedule+0x11b/0x1e0 [ 326.894537][ T27] synchronize_rcu_expedited+0x5c1/0x750 [ 326.900441][ T27] ? synchronize_rcu+0x1e0/0x1e0 [ 326.905953][ T27] ? __rwlock_init+0x140/0x140 [ 326.911197][ T27] ? rcu_exp_sel_wait_wake+0x1b30/0x1b30 [ 326.916868][ T27] ? _raw_spin_unlock+0x40/0x40 [ 326.922096][ T27] ? namespace_unlock+0x1d7/0x430 [ 326.927167][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 326.932688][ T27] ? __wake_up+0x11c/0x180 [ 326.937154][ T27] ? init_wait_entry+0xd0/0xd0 [ 326.942281][ T27] ? shrink_dentry_list+0x671/0x680 [ 326.947523][ T27] ? up_write+0x1bb/0x420 [ 326.952273][ T27] namespace_unlock+0x23f/0x430 [ 326.957171][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 326.968056][ T27] ? umount_tree+0xe20/0xe20 [ 326.974557][ T27] ? umount_mnt+0x2c0/0x2c0 [ 326.979132][ T27] ? do_raw_spin_unlock+0x11d/0x230 [ 326.990890][ T27] path_umount+0xf64/0xfd0 [ 326.995385][ T27] ? __x64_sys_umount+0x12d/0x170 [ 327.005323][ T27] ? namespace_unlock+0x430/0x430 [ 327.011373][ T27] ? user_path_at_empty+0x13e/0x190 [ 327.016645][ T27] __x64_sys_umount+0x12d/0x170 [ 327.022047][ T27] ? path_umount+0xfd0/0xfd0 [ 327.026684][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 327.032249][ T27] do_syscall_64+0x4c/0xa0 [ 327.036710][ T27] ? clear_bhb_loop+0x30/0x80 [ 327.042061][ T27] ? clear_bhb_loop+0x30/0x80 [ 327.046787][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 327.053084][ T27] RIP: 0033:0x7fa0eeca1017 [ 327.057576][ T27] RSP: 002b:00007ffcc1521d98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 327.066433][ T27] RAX: ffffffffffffffda RBX: 00007fa0eed35120 RCX: 00007fa0eeca1017 [ 327.074783][ T27] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcc1521e50 [ 327.084441][ T27] RBP: 00007ffcc1521e50 R08: 00007ffcc1522e50 R09: 00000000ffffffff [ 327.093420][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffcc1522f40 [ 327.101757][ T27] R13: 00007fa0eed35120 R14: 000000000002c498 R15: 00007ffcc1524010 [ 327.110017][ T27] [ 327.113474][ T27] INFO: task kworker/0:6:4227 blocked for more than 144 seconds. [ 327.121445][ T27] Not tainted syzkaller #0 [ 327.126407][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 327.136799][ T27] task:kworker/0:6 state:D stack:22608 pid: 4227 ppid: 2 flags:0x00004000 [ 327.149680][ T27] Workqueue: events bpf_map_free_deferred [ 327.158219][ T27] Call Trace: [ 327.165120][ T27] [ 327.168089][ T27] __schedule+0x11ef/0x43c0 [ 327.175260][ T27] ? release_firmware_map_entry+0x190/0x190 [ 327.185028][ T27] ? __might_sleep+0xf0/0xf0 [ 327.189671][ T27] ? do_raw_spin_lock+0x128/0x2f0 [ 327.198650][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 327.207543][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 327.213625][ T27] schedule+0x11b/0x1e0 [ 327.217833][ T27] synchronize_rcu_expedited+0x680/0x750 [ 327.223948][ T27] ? synchronize_rcu+0x1e0/0x1e0 [ 327.228940][ T27] ? init_wait_entry+0xd0/0xd0 [ 327.234101][ T27] ? verify_lock_unused+0x140/0x140 [ 327.239340][ T27] ? verify_lock_unused+0x140/0x140 [ 327.244937][ T27] ? verify_lock_unused+0x140/0x140 [ 327.250193][ T27] synchronize_rcu+0x119/0x1e0 [ 327.255277][ T27] ? kvfree_call_rcu+0x7d0/0x7d0 [ 327.260636][ T27] ? dev_map_free+0x111/0x680 [ 327.265356][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 327.270710][ T27] ? do_raw_spin_lock+0x128/0x2f0 [ 327.275871][ T27] ? __rwlock_init+0x140/0x140 [ 327.281016][ T27] ? cpumask_next+0xb3/0xd0 [ 327.285550][ T27] ? bpf_clear_redirect_map+0x15d/0x1a0 [ 327.291446][ T27] dev_map_free+0x11e/0x680 [ 327.295988][ T27] ? bpf_map_free_deferred+0x1ff/0x300 [ 327.303319][ T27] process_one_work+0x85f/0x1010 [ 327.308312][ T27] ? worker_detach_from_pool+0x240/0x240 [ 327.314506][ T27] ? lockdep_hardirqs_off+0x70/0x100 [ 327.319854][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 327.325323][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 327.354734][ T27] ? wq_worker_running+0x97/0x170 [ 327.359841][ T27] worker_thread+0xaa6/0x1290 [ 327.364999][ T27] kthread+0x436/0x520 [ 327.369120][ T27] ? rcu_lock_release+0x20/0x20 [ 327.374469][ T27] ? kthread_blkcg+0xd0/0xd0 [ 327.379105][ T27] ret_from_fork+0x1f/0x30 [ 327.383908][ T27] [ 327.387043][ T27] INFO: task kworker/u4:7:4748 blocked for more than 144 seconds. [ 327.395389][ T27] Not tainted syzkaller #0 [ 327.400609][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 327.409300][ T27] task:kworker/u4:7 state:D stack:22512 pid: 4748 ppid: 2 flags:0x00004000 [ 327.421085][ T27] Workqueue: events_unbound fsnotify_connector_destroy_workfn [ 327.428801][ T27] Call Trace: [ 327.433236][ T27] [ 327.436203][ T27] __schedule+0x11ef/0x43c0 [ 327.441193][ T27] ? mark_lock+0x94/0x320 [ 327.445643][ T27] ? release_firmware_map_entry+0x190/0x190 [ 327.451907][ T27] ? verify_lock_unused+0x140/0x140 [ 327.457139][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 327.463476][ T27] ? kthread_data+0x4b/0xc0 [ 327.468015][ T27] schedule+0x11b/0x1e0 [ 327.472550][ T27] schedule_timeout+0xbd/0x2d0 [ 327.477348][ T27] ? console_conditional_schedule+0x40/0x40 [ 327.483574][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 327.489599][ T27] ? lock_chain_count+0x20/0x20 [ 327.494835][ T27] ? _raw_spin_unlock_irq+0x1f/0x40 [ 327.500077][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 327.505621][ T27] do_wait_for_common+0x2a2/0x450 [ 327.510948][ T27] ? console_conditional_schedule+0x40/0x40 [ 327.516877][ T27] ? wait_for_completion_killable_timeout+0x60/0x60 [ 327.524191][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 327.529256][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 327.536498][ T27] wait_for_completion+0x48/0x60 [ 327.541689][ T27] __synchronize_srcu+0x2bb/0x350 [ 327.546923][ T27] ? synchronize_srcu_expedited+0x20/0x20 [ 327.553189][ T27] ? rcu_read_lock_any_held+0x130/0x130 [ 327.558777][ T27] ? __rwlock_init+0x140/0x140 [ 327.563894][ T27] ? ktime_get_mono_fast_ns+0x199/0x1b0 [ 327.569473][ T27] ? synchronize_srcu+0x192/0x1b0 [ 327.574964][ T27] fsnotify_connector_destroy_workfn+0x40/0xa0 [ 327.581394][ T27] process_one_work+0x85f/0x1010 [ 327.586385][ T27] ? worker_detach_from_pool+0x240/0x240 [ 327.592401][ T27] ? lockdep_hardirqs_off+0x70/0x100 [ 327.597729][ T27] ? _raw_spin_lock_irq+0xb7/0xf0 [ 327.603122][ T27] ? _raw_spin_lock_irqsave+0x100/0x100 [ 327.609139][ T27] ? wq_worker_running+0x97/0x170 [ 327.614562][ T27] worker_thread+0xaa6/0x1290 [ 327.619302][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 327.625393][ T27] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 327.631599][ T27] kthread+0x436/0x520 [ 327.635789][ T27] ? rcu_lock_release+0x20/0x20 [ 327.642356][ T27] ? kthread_blkcg+0xd0/0xd0 [ 327.646983][ T27] ret_from_fork+0x1f/0x30 [ 327.651876][ T27] [ 327.654995][ T27] INFO: task syz.4.1469:7881 blocked for more than 144 seconds. [ 327.662998][ T27] Not tainted syzkaller #0 [ 327.667957][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 327.677111][ T27] task:syz.4.1469 state:D stack:24176 pid: 7881 ppid: 4193 flags:0x00004004 [ 327.687703][ T27] Call Trace: [ 327.695543][ T27] [ 327.698521][ T27] __schedule+0x11ef/0x43c0 [ 327.704506][ T27] ? rcu_lock_acquire+0x30/0x30 [ 327.709408][ T27] ? __mutex_lock_common+0xcf7/0x2400 [ 327.719641][ T27] ? release_firmware_map_entry+0x190/0x190 [ 327.727459][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 327.740517][ T27] ? __mutex_trylock_common+0x86/0x260 [ 327.746037][ T27] ? rcu_lock_release+0x20/0x20 [ 327.757140][ T27] schedule+0x11b/0x1e0 [ 327.763159][ T27] schedule_preempt_disabled+0xf/0x20 [ 327.768571][ T27] __mutex_lock_common+0xcfc/0x2400 [ 327.778641][ T27] ? synchronize_rcu_expedited+0x3a5/0x750 [ 327.785852][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 327.795971][ T27] ? __rwlock_init+0x140/0x140 [ 327.802220][ T27] ? do_raw_spin_unlock+0x11d/0x230 [ 327.807458][ T27] mutex_lock_nested+0x17/0x20 [ 327.819459][ T27] synchronize_rcu_expedited+0x3a5/0x750 [ 327.827039][ T27] ? synchronize_rcu+0x1e0/0x1e0 [ 327.836808][ T27] ? mark_lock+0x94/0x320 [ 327.842586][ T27] ? __might_sleep+0xf0/0xf0 [ 327.847208][ T27] ? __local_bh_enable_ip+0x136/0x1c0 [ 327.857492][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 327.865528][ T27] ? __local_bh_enable_ip+0x136/0x1c0 [ 327.875871][ T27] ? _local_bh_enable+0xa0/0xa0 [ 327.882219][ T27] dev_deactivate_many+0x605/0xc10 [ 327.887400][ T27] dev_deactivate+0x114/0x1b0 [ 327.892604][ T27] ? dev_reset_queue+0x130/0x130 [ 327.897590][ T27] qdisc_graft+0x72c/0x1470 [ 327.902505][ T27] ? trace_qdisc_create+0x83/0x1d0 [ 327.907672][ T27] ? qdisc_create+0x1190/0x1190 [ 327.912966][ T27] ? qdisc_notify+0x350/0x350 [ 327.917700][ T27] ? lockdep_rtnl_is_held+0x22/0x30 [ 327.923264][ T27] tc_modify_qdisc+0xe5a/0x17c0 [ 327.928643][ T27] ? rcu_lock_release+0x20/0x20 [ 327.933965][ T27] ? rcu_lock_release+0x20/0x20 [ 327.938857][ T27] rtnetlink_rcv_msg+0x844/0xf30 [ 327.944368][ T27] ? rtnetlink_bind+0x80/0x80 [ 327.949093][ T27] ? __local_bh_enable_ip+0x136/0x1c0 [ 327.954867][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 327.960117][ T27] ? __local_bh_enable_ip+0x136/0x1c0 [ 327.966043][ T27] ? _local_bh_enable+0xa0/0xa0 [ 327.972559][ T27] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 327.977971][ T27] ? dev_queue_xmit+0x20/0x20 [ 327.983096][ T27] ? memcpy+0x3c/0x60 [ 327.987126][ T27] ? __copy_skb_header+0x3ba/0x4f0 [ 327.992856][ T27] ? __skb_clone+0x480/0x790 [ 327.997500][ T27] netlink_rcv_skb+0x1f5/0x440 [ 328.003086][ T27] ? rtnetlink_bind+0x80/0x80 [ 328.007815][ T27] ? netlink_ack+0xb50/0xb50 [ 328.012882][ T27] netlink_unicast+0x774/0x920 [ 328.017735][ T27] netlink_sendmsg+0x8ba/0xbe0 [ 328.024625][ T27] ? netlink_getsockopt+0x570/0x570 [ 328.029916][ T27] ? aa_sock_msg_perm+0x94/0x150 [ 328.039265][ T27] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 328.047519][ T27] ? security_socket_sendmsg+0x7c/0xa0 [ 328.056700][ T27] ? netlink_getsockopt+0x570/0x570 [ 328.064571][ T27] ____sys_sendmsg+0x5b7/0x8f0 [ 328.069387][ T27] ? __sys_sendmsg_sock+0x30/0x30 [ 328.078282][ T27] ? import_iovec+0x6f/0xa0 [ 328.086668][ T27] ___sys_sendmsg+0x236/0x2e0 [ 328.095674][ T27] ? __sys_sendmsg+0x2a0/0x2a0 [ 328.103023][ T27] __se_sys_sendmsg+0x1af/0x290 [ 328.107921][ T27] ? __x64_sys_sendmsg+0x80/0x80 [ 328.116658][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 328.125205][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 328.134565][ T27] do_syscall_64+0x4c/0xa0 [ 328.139032][ T27] ? clear_bhb_loop+0x30/0x80 [ 328.146320][ T27] ? clear_bhb_loop+0x30/0x80 [ 328.154685][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 328.163093][ T27] RIP: 0033:0x7f1358c7bdd9 [ 328.167544][ T27] RSP: 002b:00007f1356ed5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.179664][ T27] RAX: ffffffffffffffda RBX: 00007f1358ef4fa0 RCX: 00007f1358c7bdd9 [ 328.190170][ T27] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 328.203074][ T27] RBP: 00007f1358d11d69 R08: 0000000000000000 R09: 0000000000000000 [ 328.214747][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.225512][ T27] R13: 00007f1358ef5038 R14: 00007f1358ef4fa0 R15: 00007ffd14bd5248 [ 328.237635][ T27] [ 328.243345][ T27] INFO: task syz.4.1469:7883 blocked for more than 145 seconds. [ 328.254800][ T27] Not tainted syzkaller #0 [ 328.259889][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 328.271215][ T27] task:syz.4.1469 state:D stack:27152 pid: 7883 ppid: 4193 flags:0x00004004 [ 328.285316][ T27] Call Trace: [ 328.288643][ T27] [ 328.293290][ T27] __schedule+0x11ef/0x43c0 [ 328.297860][ T27] ? rcu_lock_acquire+0x30/0x30 [ 328.307630][ T27] ? __mutex_lock_common+0xcf7/0x2400 [ 328.315876][ T27] ? release_firmware_map_entry+0x190/0x190 [ 328.326622][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 328.333206][ T27] ? __mutex_trylock_common+0x86/0x260 [ 328.339242][ T27] ? rcu_lock_release+0x20/0x20 [ 328.348932][ T27] schedule+0x11b/0x1e0 [ 328.354490][ T27] schedule_preempt_disabled+0xf/0x20 [ 328.359900][ T27] __mutex_lock_common+0xcfc/0x2400 [ 328.369995][ T27] ? rtnetlink_rcv_msg+0x7ee/0xf30 [ 328.384406][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 328.389662][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 328.400766][ T27] mutex_lock_nested+0x17/0x20 [ 328.405585][ T27] rtnetlink_rcv_msg+0x7ee/0xf30 [ 328.415284][ T27] ? rtnetlink_bind+0x80/0x80 [ 328.420005][ T27] ? __local_bh_enable_ip+0x136/0x1c0 [ 328.428273][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 328.438923][ T27] ? __local_bh_enable_ip+0x136/0x1c0 [ 328.444886][ T27] ? _local_bh_enable+0xa0/0xa0 [ 328.449793][ T27] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 328.455509][ T27] ? dev_queue_xmit+0x20/0x20 [ 328.460425][ T27] ? memcpy+0x3c/0x60 [ 328.464438][ T27] ? __copy_skb_header+0x3ba/0x4f0 [ 328.469679][ T27] ? __skb_clone+0x480/0x790 [ 328.474808][ T27] netlink_rcv_skb+0x1f5/0x440 [ 328.479609][ T27] ? rtnetlink_bind+0x80/0x80 [ 328.484617][ T27] ? netlink_ack+0xb50/0xb50 [ 328.489263][ T27] netlink_unicast+0x774/0x920 [ 328.494410][ T27] netlink_sendmsg+0x8ba/0xbe0 [ 328.499216][ T27] ? netlink_getsockopt+0x570/0x570 [ 328.504783][ T27] ? aa_sock_msg_perm+0x94/0x150 [ 328.509767][ T27] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 328.515412][ T27] ? security_socket_sendmsg+0x7c/0xa0 [ 328.521115][ T27] ? netlink_getsockopt+0x570/0x570 [ 328.526348][ T27] ____sys_sendmsg+0x5b7/0x8f0 [ 328.532927][ T27] ? __sys_sendmsg_sock+0x30/0x30 [ 328.538012][ T27] ? import_iovec+0x6f/0xa0 [ 328.549450][ T27] ___sys_sendmsg+0x236/0x2e0 [ 328.554670][ T27] ? __sys_sendmsg+0x2a0/0x2a0 [ 328.559519][ T27] __se_sys_sendmsg+0x1af/0x290 [ 328.570327][ T27] ? __x64_sys_sendmsg+0x80/0x80 [ 328.575311][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 328.587346][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 328.592837][ T27] do_syscall_64+0x4c/0xa0 [ 328.597289][ T27] ? clear_bhb_loop+0x30/0x80 [ 328.607836][ T27] ? clear_bhb_loop+0x30/0x80 [ 328.613912][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 328.619863][ T27] RIP: 0033:0x7f1358c7bdd9 [ 328.630408][ T27] RSP: 002b:00007f1356eb4028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 328.638872][ T27] RAX: ffffffffffffffda RBX: 00007f1358ef5090 RCX: 00007f1358c7bdd9 [ 328.649142][ T27] RDX: 0000000024008004 RSI: 0000200000000180 RDI: 0000000000000003 [ 328.657467][ T27] RBP: 00007f1358d11d69 R08: 0000000000000000 R09: 0000000000000000 [ 328.665757][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 328.674031][ T27] R13: 00007f1358ef5128 R14: 00007f1358ef5090 R15: 00007ffd14bd5248 [ 328.682371][ T27] [ 328.685487][ T27] INFO: task syz.3.1476:7895 blocked for more than 145 seconds. [ 328.693588][ T27] Not tainted syzkaller #0 [ 328.698548][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 328.707611][ T27] task:syz.3.1476 state:D stack:25872 pid: 7895 ppid: 4196 flags:0x00004004 [ 328.717194][ T27] Call Trace: [ 328.720727][ T27] [ 328.723798][ T27] __schedule+0x11ef/0x43c0 [ 328.728362][ T27] ? rcu_lock_acquire+0x30/0x30 [ 328.733740][ T27] ? __mutex_lock_common+0xcf7/0x2400 [ 328.739154][ T27] ? release_firmware_map_entry+0x190/0x190 [ 328.745427][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 328.752613][ T27] ? __mutex_trylock_common+0x86/0x260 [ 328.758134][ T27] ? rcu_lock_release+0x20/0x20 [ 328.764249][ T27] schedule+0x11b/0x1e0 [ 328.768456][ T27] schedule_preempt_disabled+0xf/0x20 [ 328.774368][ T27] __mutex_lock_common+0xcfc/0x2400 [ 328.779638][ T27] ? nl80211_pre_doit+0x28/0x540 [ 328.785080][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 328.790595][ T27] ? __nla_parse+0x3c/0x50 [ 328.795062][ T27] mutex_lock_nested+0x17/0x20 [ 328.799868][ T27] nl80211_pre_doit+0x28/0x540 [ 328.809672][ T27] genl_rcv_msg+0xcb3/0xf90 [ 328.815625][ T27] ? genl_bind+0x380/0x380 [ 328.820446][ T27] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 328.825688][ T27] ? verify_lock_unused+0x140/0x140 [ 328.836864][ T27] ? dev_queue_xmit+0x20/0x20 [ 328.841821][ T27] ? nl80211_dump_interface+0x5c0/0x5c0 [ 328.847422][ T27] netlink_rcv_skb+0x1f5/0x440 [ 328.862520][ T27] ? genl_bind+0x380/0x380 [ 328.867000][ T27] ? netlink_ack+0xb50/0xb50 [ 328.876387][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 328.883135][ T27] ? down_read+0x1aa/0x2e0 [ 328.887608][ T27] genl_rcv+0x24/0x40 [ 328.896553][ T27] netlink_unicast+0x774/0x920 [ 328.902767][ T27] netlink_sendmsg+0x8ba/0xbe0 [ 328.907585][ T27] ? netlink_getsockopt+0x570/0x570 [ 328.917805][ T27] ? aa_sock_msg_perm+0x94/0x150 [ 328.924289][ T27] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 328.929723][ T27] ? security_socket_sendmsg+0x7c/0xa0 [ 328.940647][ T27] ? netlink_getsockopt+0x570/0x570 [ 328.946017][ T27] ____sys_sendmsg+0x5b7/0x8f0 [ 328.951321][ T27] ? __sys_sendmsg_sock+0x30/0x30 [ 328.956892][ T27] ? import_iovec+0x6f/0xa0 [ 328.961946][ T27] ___sys_sendmsg+0x236/0x2e0 [ 328.966684][ T27] ? __sys_sendmsg+0x2a0/0x2a0 [ 328.973301][ T27] __se_sys_sendmsg+0x1af/0x290 [ 328.978213][ T27] ? __x64_sys_sendmsg+0x80/0x80 [ 328.983579][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 328.989798][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 328.995420][ T27] do_syscall_64+0x4c/0xa0 [ 328.999873][ T27] ? clear_bhb_loop+0x30/0x80 [ 329.004929][ T27] ? clear_bhb_loop+0x30/0x80 [ 329.009778][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 329.016262][ T27] RIP: 0033:0x7f0b8caa6dd9 [ 329.021000][ T27] RSP: 002b:00007f0b8ad00028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 329.029458][ T27] RAX: ffffffffffffffda RBX: 00007f0b8cd1ffa0 RCX: 00007f0b8caa6dd9 [ 329.038079][ T27] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 329.046486][ T27] RBP: 00007f0b8cb3cd69 R08: 0000000000000000 R09: 0000000000000000 [ 329.055314][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.063604][ T27] R13: 00007f0b8cd20038 R14: 00007f0b8cd1ffa0 R15: 00007ffcdda0bdc8 [ 329.072003][ T27] [ 329.076102][ T27] INFO: task syz.3.1476:7898 blocked for more than 146 seconds. [ 329.090108][ T27] Not tainted syzkaller #0 [ 329.097444][ T27] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 329.111366][ T27] task:syz.3.1476 state:D stack:27152 pid: 7898 ppid: 4196 flags:0x00004004 [ 329.125584][ T27] Call Trace: [ 329.128917][ T27] [ 329.133453][ T27] __schedule+0x11ef/0x43c0 [ 329.138031][ T27] ? rcu_lock_acquire+0x30/0x30 [ 329.147972][ T27] ? __mutex_lock_common+0xcf7/0x2400 [ 329.154815][ T27] ? release_firmware_map_entry+0x190/0x190 [ 329.166053][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 329.172781][ T27] ? __mutex_trylock_common+0x86/0x260 [ 329.178426][ T27] ? rcu_lock_release+0x20/0x20 [ 329.188306][ T27] schedule+0x11b/0x1e0 [ 329.195359][ T27] schedule_preempt_disabled+0xf/0x20 [ 329.205619][ T27] __mutex_lock_common+0xcfc/0x2400 [ 329.212308][ T27] ? nl80211_pre_doit+0x28/0x540 [ 329.217389][ T27] ? mutex_lock_io_nested+0x60/0x60 [ 329.227448][ T27] ? __nla_parse+0x3c/0x50 [ 329.233288][ T27] mutex_lock_nested+0x17/0x20 [ 329.238101][ T27] nl80211_pre_doit+0x28/0x540 [ 329.247762][ T27] genl_rcv_msg+0xcb3/0xf90 [ 329.258673][ T27] ? genl_bind+0x380/0x380 [ 329.268410][ T27] ? __dev_queue_xmit+0x1cbf/0x2f80 [ 329.275145][ T27] ? verify_lock_unused+0x140/0x140 [ 329.285208][ T27] ? dev_queue_xmit+0x20/0x20 [ 329.289933][ T27] ? nl80211_set_beacon+0x5c0/0x5c0 [ 329.296685][ T27] netlink_rcv_skb+0x1f5/0x440 [ 329.307583][ T27] ? genl_bind+0x380/0x380 [ 329.313437][ T27] ? netlink_ack+0xb50/0xb50 [ 329.318066][ T27] ? __lock_acquire+0x7d10/0x7d10 [ 329.328225][ T27] ? down_read+0x1aa/0x2e0 [ 329.334302][ T27] genl_rcv+0x24/0x40 [ 329.338452][ T27] netlink_unicast+0x774/0x920 [ 329.348192][ T27] netlink_sendmsg+0x8ba/0xbe0 [ 329.354466][ T27] ? netlink_getsockopt+0x570/0x570 [ 329.359784][ T27] ? aa_sock_msg_perm+0x94/0x150 [ 329.370177][ T27] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 329.375737][ T27] ? security_socket_sendmsg+0x7c/0xa0 [ 329.387164][ T27] ? netlink_getsockopt+0x570/0x570 [ 329.392654][ T27] ____sys_sendmsg+0x5b7/0x8f0 [ 329.397478][ T27] ? __sys_sendmsg_sock+0x30/0x30 [ 329.408459][ T27] ? import_iovec+0x6f/0xa0 [ 329.420330][ T27] ___sys_sendmsg+0x236/0x2e0 [ 329.425157][ T27] ? __sys_sendmsg+0x2a0/0x2a0 [ 329.430006][ T27] __se_sys_sendmsg+0x1af/0x290 [ 329.443203][ T27] ? __x64_sys_sendmsg+0x80/0x80 [ 329.448208][ T27] ? lockdep_hardirqs_on_prepare+0x409/0x770 [ 329.459198][ T27] ? lockdep_hardirqs_on+0x94/0x140 [ 329.466567][ T27] do_syscall_64+0x4c/0xa0 [ 329.476492][ T27] ? clear_bhb_loop+0x30/0x80 [ 329.482699][ T27] ? clear_bhb_loop+0x30/0x80 [ 329.487421][ T27] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 329.499848][ T27] RIP: 0033:0x7f0b8caa6dd9 [ 329.505721][ T27] RSP: 002b:00007f0b8acdf028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 329.519035][ T27] RAX: ffffffffffffffda RBX: 00007f0b8cd20090 RCX: 00007f0b8caa6dd9 [ 329.529796][ T27] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 329.542843][ T27] RBP: 00007f0b8cb3cd69 R08: 0000000000000000 R09: 0000000000000000 [ 329.553615][ T27] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 329.565239][ T27] R13: 00007f0b8cd20128 R14: 00007f0b8cd20090 R15: 00007ffcdda0bdc8 [ 329.574102][ T27] [ 329.577338][ T27] [ 329.577338][ T27] Showing all locks held in the system: [ 329.585709][ T27] 3 locks held by kworker/0:0/7: [ 329.590971][ T27] #0: ffff888016c71938 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 329.603283][ T27] #1: ffffc90000cc7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 329.614093][ T27] #2: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x82/0xa80 [ 329.624719][ T27] 2 locks held by kworker/u4:0/9: [ 329.629774][ T27] #0: ffff888016c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 329.642574][ T27] #1: ffffc90000ce7d00 ((reaper_work).work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 329.653464][ T27] 1 lock held by khungtaskd/27: [ 329.658431][ T27] #0: ffffffff8c31eb20 (rcu_read_lock){....}-{1:2}, at: rcu_lock_acquire+0x0/0x30 [ 329.668362][ T27] 1 lock held by khugepaged/33: [ 329.673798][ T27] #0: ffffffff8c3b44c8 (lock#4){+.+.}-{3:3}, at: __lru_add_drain_all+0x68/0xac0 [ 329.683453][ T27] 2 locks held by kworker/u4:1/144: [ 329.688720][ T27] 2 locks held by getty/3947: [ 329.693757][ T27] #0: ffff88802ca5d098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x21/0x70 [ 329.703887][ T27] #1: ffffc900026562e8 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x5df/0x1a70 [ 329.714359][ T27] 1 lock held by syz-executor/4191: [ 329.719588][ T27] #0: ffffffff8c3235a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x2d1/0x750 [ 329.732954][ T27] 2 locks held by kworker/0:6/4227: [ 329.738195][ T27] #0: ffff888016c70938 ((wq_completion)events){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 329.752471][ T27] #1: ffffc9000311fd00 ((work_completion)(&map->work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 329.768770][ T27] 5 locks held by kworker/u4:5/4238: [ 329.777107][ T27] #0: ffff888016c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 329.791892][ T27] #1: ffffc9000319fd00 ((work_completion)(&rdev->wiphy_work)){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 329.807278][ T27] #2: ffff88805f6e0688 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: cfg80211_wiphy_work+0x31/0x260 [ 329.821988][ T27] #3: ffff88805f02cd40 (&wdev->mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0xa8/0x10e0 [ 329.835401][ T27] #4: ffff88805f6e1810 (&local->sta_mtx){+.+.}-{3:3}, at: ieee80211_ibss_work+0x571/0x10e0 [ 329.848298][ T27] 2 locks held by kworker/u4:7/4748: [ 329.857441][ T27] #0: ffff888016c79138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x761/0x1010 [ 329.871149][ T27] #1: ffffc9000324fd00 (connector_reaper_work){+.+.}-{0:0}, at: process_one_work+0x79f/0x1010 [ 329.888251][ T27] 2 locks held by kworker/1:11/5230: [ 329.900350][ T27] 2 locks held by syz.4.1469/7881: [ 329.905515][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 329.915537][ T27] #1: ffffffff8c3235a8 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x3a5/0x750 [ 329.926728][ T27] 1 lock held by syz.4.1469/7883: [ 329.932093][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 329.941861][ T27] 2 locks held by syz.3.1476/7895: [ 329.947010][ T27] #0: ffffffff8d499df0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 329.955625][ T27] #1: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x28/0x540 [ 329.965172][ T27] 2 locks held by syz.3.1476/7898: [ 329.970763][ T27] #0: ffffffff8d499df0 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40 [ 329.979519][ T27] #1: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: nl80211_pre_doit+0x28/0x540 [ 329.989267][ T27] 1 lock held by syz-executor/7900: [ 329.996083][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.005904][ T27] 1 lock held by syz-executor/7913: [ 330.011400][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.021198][ T27] 1 lock held by syz-executor/7916: [ 330.026429][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.036600][ T27] 1 lock held by syz.0.1488/7924: [ 330.041868][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.051667][ T27] 1 lock held by syz-executor/7925: [ 330.056896][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.066768][ T27] 1 lock held by syz-executor/7928: [ 330.072249][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.082302][ T27] 1 lock held by dhcpcd/7932: [ 330.087008][ T27] #0: ffff88807b184120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 [ 330.097816][ T27] 1 lock held by dhcpcd/7933: [ 330.108712][ T27] #0: ffff88807b092120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 [ 330.119984][ T27] 1 lock held by dhcpcd/7934: [ 330.129521][ T27] #0: ffff888060cbc120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 [ 330.140731][ T27] 1 lock held by dhcpcd/7935: [ 330.145442][ T27] #0: ffff888060c04120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 [ 330.160073][ T27] 1 lock held by dhcpcd/7936: [ 330.166191][ T27] #0: ffff88801a5be120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 [ 330.181438][ T27] 1 lock held by dhcpcd/7937: [ 330.186251][ T27] #0: ffff88807a0f2120 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x35/0xda0 [ 330.200931][ T27] 1 lock held by syz-executor/7939: [ 330.206170][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.224517][ T27] 1 lock held by syz-executor/7943: [ 330.229773][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.242712][ T27] 1 lock held by syz-executor/7946: [ 330.247950][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.261206][ T27] 1 lock held by syz-executor/7949: [ 330.266442][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.280992][ T27] 1 lock held by syz-executor/7952: [ 330.286712][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.303741][ T27] 1 lock held by syz-executor/7957: [ 330.308998][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.321644][ T27] 1 lock held by syz-executor/7961: [ 330.326879][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.341492][ T27] 1 lock held by syz-executor/7965: [ 330.346741][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.362264][ T27] 1 lock held by syz-executor/7967: [ 330.367509][ T27] #0: ffffffff8d43d3c8 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x7ee/0xf30 [ 330.381954][ T27] [ 330.384326][ T27] ============================================= [ 330.384326][ T27] [ 330.397276][ T27] NMI backtrace for cpu 0 [ 330.401642][ T27] CPU: 0 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 330.408862][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 330.418975][ T27] Call Trace: [ 330.422289][ T27] [ 330.425254][ T27] dump_stack_lvl+0x188/0x250 [ 330.429973][ T27] ? show_regs_print_info+0x20/0x20 [ 330.435218][ T27] ? load_image+0x400/0x400 [ 330.439757][ T27] ? tick_nohz_tick_stopped+0x7b/0xb0 [ 330.445171][ T27] ? nmi_cpu_backtrace+0x1b2/0x3d0 [ 330.450317][ T27] nmi_cpu_backtrace+0x3a2/0x3d0 [ 330.455285][ T27] ? nmi_trigger_cpumask_backtrace+0x280/0x280 [ 330.461472][ T27] ? _printk+0xda/0x130 [ 330.465675][ T27] ? load_image+0x400/0x400 [ 330.470213][ T27] ? load_image+0x400/0x400 [ 330.474841][ T27] ? arch_trigger_cpumask_backtrace+0x10/0x10 [ 330.480955][ T27] nmi_trigger_cpumask_backtrace+0x163/0x280 [ 330.486980][ T27] watchdog+0xe0f/0xe50 [ 330.491196][ T27] kthread+0x436/0x520 [ 330.495306][ T27] ? hungtask_pm_notify+0x40/0x40 [ 330.500369][ T27] ? kthread_blkcg+0xd0/0xd0 [ 330.505003][ T27] ret_from_fork+0x1f/0x30 [ 330.509471][ T27] [ 330.512977][ T27] Sending NMI from CPU 0 to CPUs 1: [ 330.518209][ C1] NMI backtrace for cpu 1 [ 330.518220][ C1] CPU: 1 PID: 5230 Comm: kworker/1:11 Not tainted syzkaller #0 [ 330.518239][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 330.518251][ C1] Workqueue: events p9_poll_workfn [ 330.518273][ C1] RIP: 0010:check_preemption_disabled+0x1/0x110 [ 330.518298][ C1] Code: 00 48 c7 c7 20 e9 32 8a e8 2c 01 00 00 65 ff 0d c1 7a 46 76 5b c3 00 00 cc 48 c7 c7 a0 fd 79 8a 48 c7 c6 e0 fd 79 8a eb 00 55 <41> 57 41 56 53 48 83 ec 10 65 48 8b 04 25 28 00 00 00 48 89 44 24 [ 330.518313][ C1] RSP: 0018:ffffc9000335f9b0 EFLAGS: 00000046 [ 330.518327][ C1] RAX: 0000000000000003 RBX: ffff888062a9a8a8 RCX: ffffffff815dca24 [ 330.518341][ C1] RDX: dffffc0000000000 RSI: ffffffff8a2b3aa0 RDI: ffffffff8a79fe00 [ 330.518355][ C1] RBP: ffffc9000335fa80 R08: ffffffff901d50f7 R09: 1ffffffff203aa1e [ 330.518369][ C1] R10: dffffc0000000000 R11: fffffbfff203aa1f R12: ffff888062a9a948 [ 330.518383][ C1] R13: 0000000000000003 R14: 1ffff1100c553515 R15: ffff888062a9a928 [ 330.518397][ C1] FS: 0000000000000000(0000) GS:ffff8880b9100000(0000) knlGS:0000000000000000 [ 330.518413][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 330.518427][ C1] CR2: 00007ffc3d0f6fec CR3: 000000002bb19000 CR4: 00000000003506e0 [ 330.518443][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 330.518453][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 330.518465][ C1] Call Trace: [ 330.518471][ C1] [ 330.518477][ C1] lockdep_hardirqs_on_prepare+0x409/0x770 [ 330.518501][ C1] ? lock_chain_count+0x20/0x20 [ 330.518521][ C1] ? wq_worker_last_func+0x40/0x40 [ 330.518538][ C1] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 330.518557][ C1] ? _raw_spin_unlock+0x40/0x40 [ 330.518582][ C1] trace_hardirqs_on+0x67/0x80 [ 330.518600][ C1] _raw_spin_unlock_irqrestore+0x82/0x120 [ 330.518619][ C1] ? _raw_spin_unlock+0x40/0x40 [ 330.518639][ C1] dma_buf_poll_cb+0xce/0x1c0 [ 330.518658][ C1] dma_buf_poll+0x620/0x9a0 [ 330.518676][ C1] ? dma_buf_llseek+0xf0/0xf0 [ 330.518693][ C1] p9_poll_workfn+0x35b/0x5a0 [ 330.518712][ C1] process_one_work+0x85f/0x1010 [ 330.518737][ C1] ? worker_detach_from_pool+0x240/0x240 [ 330.518755][ C1] ? lockdep_hardirqs_off+0x70/0x100 [ 330.518776][ C1] ? _raw_spin_lock_irq+0xb7/0xf0 [ 330.518792][ C1] ? _raw_spin_lock_irqsave+0x100/0x100 [ 330.518811][ C1] ? wq_worker_running+0x97/0x170 [ 330.518830][ C1] worker_thread+0xaa6/0x1290 [ 330.518859][ C1] kthread+0x436/0x520 [ 330.518875][ C1] ? rcu_lock_release+0x20/0x20 [ 330.518892][ C1] ? kthread_blkcg+0xd0/0xd0 [ 330.518909][ C1] ret_from_fork+0x1f/0x30 [ 330.518933][ C1] [ 330.740428][ T27] Kernel panic - not syncing: hung_task: blocked tasks [ 330.790338][ T27] CPU: 1 PID: 27 Comm: khungtaskd Not tainted syzkaller #0 [ 330.797570][ T27] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026 [ 330.807665][ T27] Call Trace: [ 330.810970][ T27] [ 330.813936][ T27] dump_stack_lvl+0x188/0x250 [ 330.818650][ T27] ? show_regs_print_info+0x20/0x20 [ 330.823976][ T27] ? load_image+0x400/0x400 [ 330.828529][ T27] panic+0x2e5/0x810 [ 330.832460][ T27] ? schedule_preempt_disabled+0x20/0x20 [ 330.838128][ T27] ? bpf_jit_dump+0xd0/0xd0 [ 330.842671][ T27] ? __irq_work_queue_local+0x12c/0x190 [ 330.848262][ T27] ? nmi_trigger_cpumask_backtrace+0x260/0x280 [ 330.854456][ T27] watchdog+0xe4e/0xe50 [ 330.858644][ T27] kthread+0x436/0x520 [ 330.862716][ T27] ? hungtask_pm_notify+0x40/0x40 [ 330.867737][ T27] ? kthread_blkcg+0xd0/0xd0 [ 330.872498][ T27] ret_from_fork+0x1f/0x30 [ 330.876924][ T27] [ 330.880188][ T27] Kernel Offset: disabled [ 330.884753][ T27] Rebooting in 86400 seconds..