last executing test programs: 2.891924676s ago: executing program 3 (id=902): openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x80341) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5ac, 0x244, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x2, 0x0, {0x9}}}]}}]}}, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x400) 2.752868856s ago: executing program 1 (id=904): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = syz_open_dev$usbmon(&(0x7f0000000100), 0x89, 0xa00c00) pwritev2(r0, 0x0, 0x0, 0x8, 0x9, 0x10) 2.704388356s ago: executing program 1 (id=905): r0 = io_uring_setup(0x1581, &(0x7f0000000a40)={0x0, 0x2000000, 0x40, 0x0, 0x3bd}) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000280), 0x22802, 0x0) socket$unix(0x1, 0x5, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x8, 0x0, 0x0, 0x2, 0x7}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 2.269963545s ago: executing program 1 (id=906): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000080)='hugetlb.1GB.limit_in_bytes\x00', 0x2, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000000140)=""/165, 0xa5}], 0x1, 0x2, 0x8) 2.235595865s ago: executing program 1 (id=907): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELPRL(r0, 0x89f6, &(0x7f0000000140)={'sit0\x00', 0x0}) 2.141474685s ago: executing program 1 (id=908): r0 = io_uring_setup(0x4bc8, &(0x7f0000000a40)={0x0, 0x1f17, 0x1000, 0x0, 0x300}) close_range(r0, 0xffffffffffffffff, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) 1.364285353s ago: executing program 0 (id=915): sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000010c0)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdfc}}], 0x1, 0x20000044) r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r1 = fcntl$dupfd(r0, 0x0, r0) write$sndseq(r1, &(0x7f0000000580)=[{0x1, 0xbd, 0xb3, 0xb, @time={0x0, 0x9}, {0x3f, 0xff}, {0xb, 0x6}, @queue={0x8, {0x2}}}, {0x24, 0x81, 0x8, 0x7, @tick=0x3, {0x76, 0x70}, {0x3, 0x8}, @addr={0x5, 0x2}}], 0x38) ioctl$SG_GET_REQUEST_TABLE(r1, 0x2275, &(0x7f00000018c0)) 1.363595533s ago: executing program 2 (id=916): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) io_setup(0x6, &(0x7f0000003b80)=0x0) io_submit(r1, 0x1, &(0x7f0000000000)=[&(0x7f0000003cc0)={0x0, 0x0, 0x0, 0x1, 0xffff, r0, 0x0, 0x0, 0x800}]) 1.266080363s ago: executing program 0 (id=917): bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x40, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0xa, 0x0, 0x10}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = userfaultfd(0x80001) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$UFFDIO_ZEROPAGE(r0, 0xc020aa04, &(0x7f0000000000)={{&(0x7f00004bd000/0x3000)=nil, 0x3000}}) 1.242587283s ago: executing program 0 (id=919): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000001000000000000000020"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x27, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x4) socket$nl_generic(0x10, 0x3, 0x10) memfd_secret(0x0) r0 = syz_io_uring_setup(0x19f2, &(0x7f0000000300)={0x0, 0x0, 0x10100, 0x8000000}, &(0x7f0000000140)=0x0, &(0x7f0000000100)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='pids.events\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[@ANYRES64=r3], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_EPOLL_CTL=@add={0x1d, 0x0, 0x0, r4, 0x0}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 1.218271563s ago: executing program 1 (id=920): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 1.149960773s ago: executing program 2 (id=921): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r0, 0x80045017, 0x0) 1.120122513s ago: executing program 0 (id=922): sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)={0x14, 0x2, 0x6, 0x301, 0x0, 0x0, {0x0, 0x0, 0x3}}, 0x14}}, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) r1 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r1, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r1, &(0x7f0000000000), 0x10) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt(r2, 0x65, 0x1, &(0x7f0000000080), 0x1d0) bind$can_raw(r2, &(0x7f00000001c0), 0x10) dup3(r0, r1, 0x0) 930.081532ms ago: executing program 0 (id=924): syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86"], 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040e0c20031000"], 0xf) 890.428332ms ago: executing program 3 (id=925): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000ac0)={0x2, &(0x7f0000000a80)=[{0x48, 0x40}, {0x16, 0x7, 0x2}]}, 0x10) sendmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000600)="e23a", 0x2}], 0x1}}], 0x1, 0x20004888) 725.967942ms ago: executing program 0 (id=927): r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) pselect6(0x40, &(0x7f0000000000)={0x10}, 0x0, 0x0, 0x0, 0x0) 717.684171ms ago: executing program 4 (id=928): syz_emit_ethernet(0x3e, &(0x7f0000000080)={@local, @broadcast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x21, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0x3, 0x1, 0x0, 0x0, 0x4, 0x4, {0x5, 0x4, 0x1, 0x6, 0x3, 0x67, 0xf, 0x2a, 0x5c, 0xab, @local, @multicast2}}}}}}, 0x0) 656.405782ms ago: executing program 2 (id=929): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000bc0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@broadcast, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, 0x800}}, 0xb8}}, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="c4000000190001000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000200000000000000ac"], 0xc4}}, 0x4000000) 557.580142ms ago: executing program 3 (id=930): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000140)={0x2, 0x0, @ioapic={0x4, 0x0, 0x1, 0xeffffdff, 0x0, [{0x9, 0xff}, {0x19, 0x3, 0x5}, {0x8}, {0x0, 0x0, 0x7f}, {0x0, 0x0, 0x0, '\x00', 0xfe}, {0x81, 0x65, 0xff}, {0x0, 0x0, 0x2f, '\x00', 0x7}, {0x0, 0x6, 0x0, '\x00', 0xfd}, {0x0, 0x9, 0xfa, '\x00', 0x9}, {0x2, 0x8}, {0x0, 0x4}, {0x0, 0x8, 0x5, '\x00', 0x1}, {}, {0x3, 0x0, 0x0, '\x00', 0xc4}, {0x0, 0x6, 0x0, '\x00', 0x3}, {0x0, 0x86, 0x80, '\x00', 0x5}, {0x0, 0x2, 0x7f}, {0x0, 0x0, 0x0, '\x00', 0x40}, {0x0, 0x0, 0x19, '\x00', 0x5}, {0x0, 0x0, 0x0, '\x00', 0x26}, {0x9, 0x6, 0x0, '\x00', 0x5}, {0x0, 0x0, 0x41}, {0x0, 0x0, 0x9, '\x00', 0x4}, {0x0, 0x0, 0x7, '\x00', 0x1}]}}) 557.428761ms ago: executing program 4 (id=931): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)={0x24, r1, 0x601, 0x0, 0x0, {}, [@TIPC_NLA_LINK={0x10, 0x4, 0x0, 0x1, [@TIPC_NLA_LINK_NAME={0x9, 0x1, 'syz1\x00'}]}]}, 0x24}, 0x1, 0x0, 0x0, 0x21}, 0x0) 488.439811ms ago: executing program 2 (id=932): r0 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_FILL_RING(r0, 0x11b, 0x5, &(0x7f0000000300)=0x1, 0x4) 471.765041ms ago: executing program 3 (id=933): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c0000005e00cb7b27"], 0x1c}, 0x1, 0x0, 0x0, 0x4040055}, 0x48000) 393.927441ms ago: executing program 4 (id=934): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000480)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x1}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x4}]}}}, {0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0xc}, @NFTA_META_DREG={0x8, 0x1, 0x1, 0x0, 0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}, 0x1, 0x0, 0x0, 0x850}, 0x0) 390.430871ms ago: executing program 2 (id=935): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, &(0x7f00000008c0)=0x2, 0x4) bind$inet6(r0, &(0x7f0000000f80)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x3a}, 0xa79}, 0x1c) 371.200221ms ago: executing program 3 (id=936): socket(0x200000000000011, 0x4000000000080002, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_ethernet(0xbe, &(0x7f00000000c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa"], 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB="0c04000010000104000000000000000000480000", @ANYRES32=r2, @ANYBLOB="101000000000000008000d0005000000e4031680a40001800c00070000000000adffffff0c00", @ANYRES16=r2], 0x40c}}, 0x0) 274.061281ms ago: executing program 4 (id=937): r0 = add_key$user(&(0x7f0000000380), &(0x7f0000000000), &(0x7f0000000400)='_', 0x1, 0xfffffffffffffffe) r1 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000006400), &(0x7f0000000340)={'syz', 0x3}, &(0x7f0000000680)="3e12d23d346cfdeb1716f738", 0xc, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000100)={r0, r1, r2}, 0x0, 0x0, 0x0) 229.226431ms ago: executing program 2 (id=938): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x200}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r2, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)=ANY=[], 0xfffffdef}, 0x1, 0x0, 0x0, 0x800}, 0x0) socket$nl_route(0x10, 0x3, 0x0) connect$unix(r4, &(0x7f0000000140)=@file={0x0, './file0\x00'}, 0x6e) dup(r0) openat$ptp0(0xffffff9c, &(0x7f0000000000), 0x500, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) 185.06369ms ago: executing program 3 (id=939): sendmsg$kcm(0xffffffffffffffff, 0x0, 0x40001) r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) r1 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) close(r1) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) r2 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x2, 0x0) close(r2) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) execveat$binfmt(0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0xd}}, 0x10) setsockopt$inet_sctp_SCTP_DELAYED_SACK(0xffffffffffffffff, 0x84, 0x10, 0x0, 0x0) socket$kcm(0x21, 0x2, 0x2) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) r3 = openat$pfkey(0xffffffffffffff9c, &(0x7f00000001c0), 0x763340, 0x0) openat$cgroup_ro(r3, &(0x7f0000000240)='net_prio.prioidx\x00', 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) ioctl$int_in(0xffffffffffffffff, 0x5452, &(0x7f0000000000)=0x3) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r4, &(0x7f0000019580)={0x2020}, 0x2020) capget(0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) write$rfkill(r0, &(0x7f0000000080)={0x0, 0x0, 0x3, 0x1}, 0x8) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)) 134.036181ms ago: executing program 4 (id=940): unshare(0x2040600) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd(0x0) r3 = eventfd(0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000280)={r2, 0x1, 0x2, r3}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x1, 0x2, r2}) 0s ago: executing program 4 (id=941): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000001280)={&(0x7f0000000680)=[0x0], &(0x7f0000001300), &(0x7f0000000ac0)=[0x0], &(0x7f0000000c80)=[0x0, 0x0], 0x3c3c3c3c3c3c455, 0x1, 0x1, 0x0, r1}) kernel console output (not intermixed with test programs): d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.474315][ T6018] RSP: 002b:00007ff01f621038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 185.482772][ T6018] RAX: ffffffffffffffda RBX: 00007ff0219d0fa0 RCX: 00007ff0217b8169 [ 185.490770][ T6018] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000000000000003 [ 185.498767][ T6018] RBP: 00007ff01f621090 R08: 0000000000000000 R09: 0000000000000000 [ 185.506760][ T6018] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.514752][ T6018] R13: 0000000000000000 R14: 00007ff0219d0fa0 R15: 00007ffcc0a57af8 [ 185.522767][ T6018] [ 185.646659][ T6012] loop3: detected capacity change from 0 to 32768 [ 185.699100][ T6018] netlink: 16 bytes leftover after parsing attributes in process `syz.0.383'. [ 185.728071][ T6025] netlink: 4 bytes leftover after parsing attributes in process `syz.1.387'. [ 185.794402][ T6010] loop4: detected capacity change from 0 to 32768 [ 185.862369][ T6012] XFS (loop3): Mounting V5 Filesystem [ 185.900892][ T6039] loop1: detected capacity change from 0 to 64 [ 185.912076][ T6010] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.382 (6010) [ 185.936486][ T6010] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 185.946111][ T6010] BTRFS info (device loop4): enabling auto defrag [ 185.952639][ T6010] BTRFS info (device loop4): use no compression [ 185.958523][ T6032] loop2: detected capacity change from 0 to 2048 [ 185.960042][ T6010] BTRFS info (device loop4): force clearing of disk cache [ 185.976483][ T6010] BTRFS info (device loop4): max_inline at 4096 [ 185.982779][ T6010] BTRFS info (device loop4): disabling free space tree [ 185.990044][ T6010] BTRFS info (device loop4): has skinny extents [ 186.036885][ T6039] hfs: invalid extent max_key_len 510 [ 186.056513][ T6032] UDF-fs: bad mount option "rootcontext=user_u" or missing value [ 186.058957][ T6012] XFS (loop3): Ending clean mount [ 186.075610][ T4435] Bluetooth: hci3: command 0x0406 tx timeout [ 186.081717][ T4435] Bluetooth: hci1: command 0x0406 tx timeout [ 186.088331][ T6039] hfs: unable to open extent tree [ 186.092529][ T6012] XFS (loop3): Quotacheck needed: Please wait. [ 186.100036][ T6039] hfs: can't find a HFS filesystem on dev loop1 [ 186.159118][ T5067] Bluetooth: hci2: command 0x0406 tx timeout [ 186.165377][ T5067] Bluetooth: hci0: command 0x0406 tx timeout [ 186.183030][ T5067] Bluetooth: hci4: command 0x0406 tx timeout [ 186.217521][ T6012] XFS (loop3): Quotacheck: Done. [ 186.260273][ T6055] loop0: detected capacity change from 0 to 512 [ 186.365253][ T6010] BTRFS info (device loop4): enabling ssd optimizations [ 186.380009][ T6010] BTRFS info (device loop4): clearing free space tree [ 186.387648][ T6010] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 186.398465][ T6010] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 186.496410][ T6055] EXT4-fs error (device loop0): ext4_orphan_get:1401: inode #15: comm syz.0.391: casefold flag without casefold feature [ 186.509753][ T6055] EXT4-fs error (device loop0): ext4_orphan_get:1406: comm syz.0.391: couldn't read orphan inode 15 (err -117) [ 186.521903][ T6055] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 186.641245][ T4167] XFS (loop3): Unmounting Filesystem [ 186.956423][ T6070] loop2: detected capacity change from 0 to 2048 [ 187.104236][ T6070] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 187.266908][ T6039] loop1: detected capacity change from 0 to 32768 [ 187.456447][ T13] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 187.607897][ T6039] XFS (loop1): Mounting V5 Filesystem [ 187.707103][ T6080] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 187.728855][ T6080] IPv6: ADDRCONF(NETDEV_CHANGE): tunl0: link becomes ready [ 187.750539][ T6080] IPv6: ADDRCONF(NETDEV_CHANGE): gre0: link becomes ready [ 187.773821][ T6080] IPv6: ADDRCONF(NETDEV_CHANGE): gretap0: link becomes ready [ 187.790159][ T6080] IPv6: ADDRCONF(NETDEV_CHANGE): erspan0: link becomes ready [ 187.804684][ T6080] IPv6: ADDRCONF(NETDEV_CHANGE): ip_vti0: link becomes ready [ 187.820402][ T6080] IPv6: ADDRCONF(NETDEV_CHANGE): ip6_vti0: link becomes ready [ 188.444300][ T13] usb 3-1: device descriptor read/64, error -71 [ 188.459655][ T6068] loop0: detected capacity change from 0 to 32768 [ 188.578648][ T6039] XFS (loop1): Ending clean mount [ 188.639810][ T26] kauditd_printk_skb: 6 callbacks suppressed [ 188.639826][ T26] audit: type=1800 audit(1740954854.094:7): pid=6039 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.389" name="bus" dev="loop1" ino=9289 res=0 errno=0 [ 188.735258][ T13] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 188.767244][ T6068] XFS (loop0): Mounting V5 Filesystem [ 188.946620][ T13] usb 3-1: device descriptor read/64, error -71 [ 189.049929][ T6068] XFS (loop0): Ending clean mount [ 189.066999][ T6093] loop3: detected capacity change from 0 to 4096 [ 189.068010][ T13] usb usb3-port1: attempt power cycle [ 189.095104][ T4215] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 189.178730][ T6093] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 189.207037][ T6093] ntfs3: loop3: Failed to load $Extend. [ 189.323268][ T6100] netlink: 40 bytes leftover after parsing attributes in process `syz.3.397'. [ 189.341519][ T4215] usb 2-1: Using ep0 maxpacket: 16 [ 189.374760][ T6100] netlink: 40 bytes leftover after parsing attributes in process `syz.3.397'. [ 189.439251][ T6100] loop3: detected capacity change from 0 to 64 [ 189.481292][ T4215] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 28524, setting to 64 [ 189.545825][ T13] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 189.576487][ T4168] XFS (loop0): Unmounting Filesystem [ 189.595711][ T26] audit: type=1800 audit(1740954855.054:8): pid=6100 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.397" name="file1" dev="loop3" ino=5 res=0 errno=0 [ 189.597557][ T6100] autofs4:pid:6100:autofs_fill_super: called with bogus options [ 189.679990][ T13] usb 3-1: device descriptor read/8, error -71 [ 189.682405][ T4215] usb 2-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 189.696046][ T4215] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 189.704156][ T4215] usb 2-1: Product: syz [ 189.709806][ T4215] usb 2-1: Manufacturer: syz [ 189.714515][ T4215] usb 2-1: SerialNumber: syz [ 189.722937][ T4215] usb 2-1: config 0 descriptor?? [ 189.805332][ T4215] usb 2-1: can't set config #0, error -71 [ 189.823801][ T4215] usb 2-1: USB disconnect, device number 12 [ 189.834455][ T4169] XFS (loop1): Unmounting Filesystem [ 189.985131][ T13] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 190.235976][ T13] usb 3-1: device not accepting address 27, error -71 [ 190.255085][ T13] usb usb3-port1: unable to enumerate USB device [ 190.266520][ T6107] device batadv_slave_1 entered promiscuous mode [ 190.312042][ T6105] device batadv_slave_1 left promiscuous mode [ 190.353059][ T6108] loop3: detected capacity change from 0 to 2048 [ 190.412167][ T6095] loop4: detected capacity change from 0 to 65536 [ 190.551053][ T6116] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 190.611514][ T6095] XFS (loop4): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 190.620259][ T6095] XFS (loop4): DAX unsupported by block device. Turning off DAX. [ 190.644858][ T6095] XFS (loop4): Mounting V5 Filesystem [ 190.704308][ T6119] loop1: detected capacity change from 0 to 4096 [ 190.777570][ T6095] XFS (loop4): Ending clean mount [ 190.784225][ T6095] XFS (loop4): Quotacheck needed: Please wait. [ 190.817457][ T6119] ntfs: (device loop1): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 190.897875][ T6119] ntfs: (device loop1): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 190.945185][ T6119] ntfs: (device loop1): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 190.960873][ T6095] XFS (loop4): Quotacheck: Done. [ 190.985109][ T6119] ntfs: (device loop1): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 190.985239][ T6095] FAULT_INJECTION: forcing a failure. [ 190.985239][ T6095] name failslab, interval 1, probability 0, space 0, times 0 [ 191.021907][ T6095] CPU: 1 PID: 6095 Comm: syz.4.395 Not tainted 5.15.178-syzkaller #0 [ 191.029045][ T6119] ntfs: volume version 3.1. [ 191.030016][ T6095] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 191.030034][ T6095] Call Trace: [ 191.030042][ T6095] [ 191.030051][ T6095] dump_stack_lvl+0x1e3/0x2d0 [ 191.047277][ T6119] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 191.047890][ T6095] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 191.052076][ T6119] ntfs: (device loop1): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 191.055504][ T6095] ? panic+0x860/0x860 [ 191.055545][ T6095] should_fail+0x38a/0x4c0 [ 191.075445][ C0] vkms_vblank_simulate: vblank timer overrun [ 191.081052][ T6095] should_failslab+0x5/0x20 [ 191.120088][ T6095] slab_pre_alloc_hook+0x53/0xc0 [ 191.125055][ T6095] ? getname_flags+0xb8/0x4e0 [ 191.129763][ T6095] kmem_cache_alloc+0x3f/0x280 [ 191.134557][ T6095] ? vtime_user_exit+0x2d1/0x400 [ 191.139607][ T6095] getname_flags+0xb8/0x4e0 [ 191.144141][ T6095] ? syscall_enter_from_user_mode+0x2e/0x240 [ 191.150148][ T6095] ? lockdep_hardirqs_on+0x94/0x130 [ 191.155373][ T6095] __x64_sys_symlink+0x5b/0x90 [ 191.160153][ T6095] do_syscall_64+0x3b/0xb0 [ 191.164581][ T6095] ? clear_bhb_loop+0x15/0x70 [ 191.169273][ T6095] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 191.175191][ T6095] RIP: 0033:0x7f89890b0169 [ 191.179626][ T6095] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 191.199245][ T6095] RSP: 002b:00007f8986f19038 EFLAGS: 00000246 ORIG_RAX: 0000000000000058 [ 191.207693][ T6095] RAX: ffffffffffffffda RBX: 00007f89892c8fa0 RCX: 00007f89890b0169 [ 191.215692][ T6095] RDX: 0000000000000000 RSI: 0000400000000280 RDI: 0000400000000040 [ 191.223687][ T6095] RBP: 00007f8986f19090 R08: 0000000000000000 R09: 0000000000000000 [ 191.231679][ T6095] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 191.239682][ T6095] R13: 0000000000000000 R14: 00007f89892c8fa0 R15: 00007ffdf75517d8 [ 191.242740][ T6119] ntfs: (device loop1): ntfs_check_logfile(): Error mapping $LogFile page (index 0). [ 191.247683][ T6095] [ 191.271917][ T6119] ntfs: (device loop1): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 191.435060][ T6110] loop0: detected capacity change from 0 to 65536 [ 191.442504][ T6112] loop2: detected capacity change from 0 to 32768 [ 191.488973][ T4177] XFS (loop4): Unmounting Filesystem [ 191.518612][ T6112] XFS (loop2): Mounting V5 Filesystem [ 191.733171][ T6112] XFS (loop2): Ending clean mount [ 191.753758][ T6112] XFS (loop2): Quotacheck needed: Please wait. [ 191.835194][ T6131] loop1: detected capacity change from 0 to 40427 [ 191.863487][ T6112] XFS (loop2): Quotacheck: Done. [ 191.870401][ T6110] XFS (loop0): DAX enabled. Warning: EXPERIMENTAL, use at your own risk [ 191.892804][ T6131] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 191.902910][ T6131] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 191.931430][ T6110] XFS (loop0): DAX unsupported by block device. Turning off DAX. [ 191.957250][ T6131] F2FS-fs (loop1): invalid crc value [ 192.001402][ T6110] XFS (loop0): Mounting V5 Filesystem [ 192.049251][ T6131] F2FS-fs (loop1): Found nat_bits in checkpoint [ 192.081728][ T4174] XFS (loop2): Unmounting Filesystem [ 192.125085][ T6131] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 192.132250][ T6131] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 192.253250][ T6110] XFS (loop0): Ending clean mount [ 192.282347][ T6110] XFS (loop0): Quotacheck needed: Please wait. [ 192.370898][ T6110] XFS (loop0): Quotacheck: Done. [ 192.615897][ T4168] XFS (loop0): Unmounting Filesystem [ 192.747931][ T4169] attempt to access beyond end of device [ 192.747931][ T4169] loop1: rw=2049, want=40968, limit=40427 [ 192.812471][ T6159] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 192.850834][ T6159] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 193.132447][ T6161] loop4: detected capacity change from 0 to 4096 [ 193.208440][ T6168] loop2: detected capacity change from 0 to 8 [ 193.315388][ T6161] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 193.326128][ T6161] ntfs3: loop4: Failed to load $Extend. [ 193.555123][ T4436] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 193.613052][ T6175] loop4: detected capacity change from 0 to 1024 [ 193.694789][ T6175] hfsplus: failed to load root directory [ 193.839267][ T6180] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 193.955288][ T4436] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.995002][ T4436] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 194.195560][ T4436] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 194.235713][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.242259][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.255439][ T4436] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.322269][ T4436] usb 3-1: Product: syz [ 194.347597][ T4436] usb 3-1: Manufacturer: syz [ 194.376859][ T4436] usb 3-1: SerialNumber: syz [ 194.432389][ T6190] loop0: detected capacity change from 0 to 512 [ 194.514936][ T6190] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 194.523585][ T6190] EXT4-fs (loop0): test_dummy_encryption requires encrypt feature [ 194.586575][ T6192] loop1: detected capacity change from 0 to 2048 [ 194.693335][ T6192] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 194.780649][ T26] kauditd_printk_skb: 7 callbacks suppressed [ 194.780665][ T26] audit: type=1800 audit(1740954860.234:9): pid=6192 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.422" name="file1" dev="loop1" ino=1415 res=0 errno=0 [ 194.808550][ T4436] usb 3-1: 0:2 : does not exist [ 194.866970][ T6178] loop3: detected capacity change from 0 to 32768 [ 195.014823][ T4436] usb 3-1: USB disconnect, device number 28 [ 195.064470][ T6178] XFS (loop3): Mounting V5 Filesystem [ 195.329027][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 195.468389][ T6178] XFS (loop3): Ending clean mount [ 195.623879][ T6178] XFS (loop3): Quotacheck needed: Please wait. [ 195.634674][ T6185] loop4: detected capacity change from 0 to 40427 [ 196.420403][ T6185] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 196.458352][ T6185] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 196.491127][ T6178] XFS (loop3): Quotacheck: Done. [ 196.551021][ T6185] F2FS-fs (loop4): invalid crc value [ 196.658592][ T6218] loop0: detected capacity change from 0 to 4096 [ 196.673027][ T6185] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 39874397669) [ 196.717851][ T6185] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 196.720183][ T6218] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 196.745344][ T4167] XFS (loop3): Unmounting Filesystem [ 196.800061][ T6218] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 196.875189][ T6185] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 196.886684][ T6185] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 196.946711][ T6225] loop1: detected capacity change from 0 to 4096 [ 197.028946][ T6225] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 197.050423][ T6225] ntfs3: loop1: Failed to load $Extend. [ 197.104396][ T4168] ntfs3: loop0: ntfs_sync_fs r=1a failed, -22. [ 197.111858][ T4168] ntfs3: loop0: ntfs_evict_inode r=1a failed, -22. [ 197.353044][ T4212] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 197.361310][ T4357] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 197.625316][ T4357] usb 3-1: Using ep0 maxpacket: 32 [ 197.735395][ T4212] usb 5-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 197.749070][ T4357] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 197.838701][ T4212] usb 5-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 197.960834][ T4212] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.127206][ T4357] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 198.145353][ T4357] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 198.171230][ T4357] usb 3-1: Product: syz [ 198.184554][ T4357] usb 3-1: Manufacturer: syz [ 198.201915][ T4357] usb 3-1: SerialNumber: syz [ 198.286798][ T4357] usb 3-1: config 0 descriptor?? [ 198.305432][ T6232] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 198.312674][ T4212] usb 5-1: can't set config #4, error -71 [ 198.326374][ T4357] hub 3-1:0.0: bad descriptor, ignoring hub [ 198.332320][ T4357] hub: probe of 3-1:0.0 failed with error -5 [ 198.352303][ T4212] usb 5-1: USB disconnect, device number 5 [ 198.510235][ T6237] loop0: detected capacity change from 0 to 40427 [ 198.606666][ T6237] F2FS-fs (loop0): invalid crc value [ 198.679256][ T6237] F2FS-fs (loop0): Found nat_bits in checkpoint [ 198.821592][ T6237] F2FS-fs (loop0): Cannot turn on quotas: -2 on 1 [ 198.875082][ T6237] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 198.925961][ T6237] FAULT_INJECTION: forcing a failure. [ 198.925961][ T6237] name failslab, interval 1, probability 0, space 0, times 0 [ 198.944634][ T6249] program syz.4.434 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 198.954210][ T6237] CPU: 0 PID: 6237 Comm: syz.0.432 Not tainted 5.15.178-syzkaller #0 [ 198.962346][ T6237] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 198.972418][ T6237] Call Trace: [ 198.975714][ T6237] [ 198.978664][ T6237] dump_stack_lvl+0x1e3/0x2d0 [ 198.983373][ T6237] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 198.989028][ T6237] ? panic+0x860/0x860 [ 198.993147][ T6237] ? __might_sleep+0xc0/0xc0 [ 198.997766][ T6237] should_fail+0x38a/0x4c0 [ 199.002211][ T6237] should_failslab+0x5/0x20 [ 199.006740][ T6237] slab_pre_alloc_hook+0x53/0xc0 [ 199.011790][ T6237] ? __d_alloc+0x2a/0x700 [ 199.016144][ T6237] kmem_cache_alloc+0x3f/0x280 [ 199.020929][ T6237] __d_alloc+0x2a/0x700 [ 199.025108][ T6237] ? rcu_read_lock_bh_held+0x110/0x110 [ 199.030593][ T6237] d_alloc+0x48/0x1d0 [ 199.034689][ T6237] lookup_one_qstr_excl+0xca/0x240 [ 199.039834][ T6237] filename_create+0x293/0x530 [ 199.044621][ T6237] ? kern_path_create+0x180/0x180 [ 199.049666][ T6237] ? __virt_addr_valid+0x3bb/0x460 [ 199.054812][ T6237] do_mkdirat+0xb3/0x520 [ 199.059080][ T6237] ? vfs_mkdir+0x590/0x590 [ 199.063515][ T6237] ? getname_flags+0x1ec/0x4e0 [ 199.065179][ T6232] usb 3-1: reset high-speed USB device number 29 using dummy_hcd [ 199.068300][ T6237] __x64_sys_mkdirat+0x85/0x90 [ 199.081253][ T6237] do_syscall_64+0x3b/0xb0 [ 199.085690][ T6237] ? clear_bhb_loop+0x15/0x70 [ 199.090390][ T6237] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 199.096303][ T6237] RIP: 0033:0x7ff0217b69d7 [ 199.100740][ T6237] Code: 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 02 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.120358][ T6237] RSP: 002b:00007ff01f620e68 EFLAGS: 00000246 ORIG_RAX: 0000000000000102 [ 199.122372][ T6241] loop1: detected capacity change from 0 to 40427 [ 199.128797][ T6237] RAX: ffffffffffffffda RBX: 00007ff01f620ef0 RCX: 00007ff0217b69d7 [ 199.128818][ T6237] RDX: 00000000000001ff RSI: 0000400000000440 RDI: 00000000ffffff9c [ 199.128832][ T6237] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 199.128846][ T6237] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000440 [ 199.128860][ T6237] R13: 00007ff01f620eb0 R14: 0000000000000000 R15: 0000000000000000 [ 199.128890][ T6237] [ 199.128950][ C0] vkms_vblank_simulate: vblank timer overrun [ 199.142532][ T6232] usb 3-1: device reset changed ep0 maxpacket size! [ 199.160145][ T6250] loop3: detected capacity change from 0 to 4096 [ 199.221522][ T4212] usb 3-1: USB disconnect, device number 29 [ 199.232364][ T6241] F2FS-fs (loop1): invalid crc value [ 199.260418][ T6250] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 199.354781][ T6241] F2FS-fs (loop1): Found nat_bits in checkpoint [ 199.391347][ T6250] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 199.408403][ T6249] loop4: detected capacity change from 0 to 8192 [ 199.419760][ T4212] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 199.502587][ T6241] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 199.535132][ T6249] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal [ 199.547922][ T4167] ntfs3: loop3: ntfs_sync_fs r=1a failed, -22. [ 199.558903][ T4167] ntfs3: loop3: ntfs_evict_inode r=1a failed, -22. [ 199.577839][ T6249] REISERFS (device loop4): using ordered data mode [ 199.585415][ T6249] reiserfs: using flush barriers [ 199.672058][ T6249] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 199.688991][ T4212] usb 3-1: Using ep0 maxpacket: 16 [ 199.737975][ T6261] capability: warning: `syz.3.436' uses 32-bit capabilities (legacy support in use) [ 199.770910][ T6249] REISERFS (device loop4): checking transaction log (loop4) [ 199.772889][ T6259] loop0: detected capacity change from 0 to 2048 [ 199.800385][ T6249] REISERFS (device loop4): Using r5 hash to sort names [ 199.808707][ T6232] loop2: detected capacity change from 0 to 2048 [ 199.829459][ T6249] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 199.854531][ T6249] ntfs3: nbd4: try to read out of volume at offset 0x0 [ 199.871553][ T6232] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 199.899534][ T6259] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 96: 0x6c != 0x13 [ 199.930439][ T6259] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 199.954301][ T6259] UDF-fs: error (device loop0): udf_process_sequence: Primary Volume Descriptor not found! [ 199.985452][ T4212] usb 3-1: unable to get BOS descriptor or descriptor too short [ 199.990975][ T6259] UDF-fs: Scanning with blocksize 512 failed [ 200.016242][ T6259] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 200.064623][ T6259] UDF-fs: Scanning with blocksize 1024 failed [ 200.095372][ T6259] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 200.171184][ T6259] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 200.192891][ T6259] UDF-fs: Scanning with blocksize 2048 failed [ 200.207331][ T6259] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 200.222475][ T6259] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=512, location=512 [ 200.235112][ T4212] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 200.238161][ T6259] UDF-fs: warning (device loop0): udf_load_vrs: No anchor found [ 200.274783][ T6259] UDF-fs: Scanning with blocksize 4096 failed [ 200.530376][ T6259] UDF-fs: warning (device loop0): udf_fill_super: No partition found (1) [ 200.961616][ T6252] attempt to access beyond end of device [ 200.961616][ T6252] loop1: rw=2049, want=45104, limit=40427 [ 201.007873][ T4212] usb 3-1: can't read configurations, error -71 [ 201.075140][ T4357] usb 5-1: new low-speed USB device number 6 using dummy_hcd [ 201.126242][ T6269] binder: BINDER_SET_CONTEXT_MGR already set [ 201.175626][ T6269] binder: 6268:6269 ioctl 4018620d 400000000040 returned -16 [ 201.452746][ T6280] cgroup: noprefix used incorrectly [ 201.554219][ T6279] loop2: detected capacity change from 0 to 512 [ 201.595798][ T4357] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 201.611881][ T4357] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 201.640590][ T4357] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 201.729990][ T6279] EXT4-fs (loop2): user quota file already specified [ 201.746876][ T4357] usb 5-1: string descriptor 0 read error: -22 [ 201.814156][ T4357] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 201.841424][ T4357] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.919173][ T4357] usb 5-1: 0:2 : does not exist [ 201.932966][ T6285] loop0: detected capacity change from 0 to 1024 [ 201.986448][ T4357] usb 5-1: USB disconnect, device number 6 [ 201.996851][ T2339] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz1 [ 202.024483][ T6283] netlink: 16 bytes leftover after parsing attributes in process `syz.1.441'. [ 202.194181][ T6285] EXT4-fs (loop0): mounted filesystem without journal. Opts: jqfmt=vfsold,,errors=continue. Quota mode: none. [ 202.329521][ T6296] bridge0: port 3(hsr_slave_1) entered blocking state [ 202.338324][ T6296] bridge0: port 3(hsr_slave_1) entered disabled state [ 202.810071][ T6291] loop2: detected capacity change from 0 to 4096 [ 203.320204][ T6291] ntfs: (device loop2): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 204.815655][ T6291] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 204.865199][ T4436] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 204.966166][ T6291] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 204.991826][ T6291] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 205.076118][ T6291] ntfs: volume version 3.1. [ 205.085280][ T6291] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 205.125103][ T4436] usb 5-1: Using ep0 maxpacket: 32 [ 205.153047][ T6317] netlink: 4 bytes leftover after parsing attributes in process `syz.3.456'. [ 205.187708][ T6291] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 205.208592][ T6320] loop0: detected capacity change from 0 to 256 [ 205.223369][ T6322] netlink: 40 bytes leftover after parsing attributes in process `syz.1.455'. [ 205.242854][ T6291] ntfs: (device loop2): ntfs_check_logfile(): Error mapping $LogFile page (index 0). [ 205.255239][ T4436] usb 5-1: config 0 has an invalid interface number: 183 but max is 0 [ 205.261911][ T6322] netlink: 40 bytes leftover after parsing attributes in process `syz.1.455'. [ 205.263712][ T4436] usb 5-1: config 0 has no interface number 0 [ 205.300581][ T4436] usb 5-1: config 0 interface 183 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 528 [ 205.322663][ T6291] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 205.383905][ T6291] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Actual VCN (0x0) of index buffer is different from expected VCN (0x900000000000000). Directory inode 0x5 is corrupt or driver bug. [ 205.393186][ T4436] usb 5-1: string descriptor 0 read error: -71 [ 205.422941][ T6325] loop1: detected capacity change from 0 to 64 [ 205.424747][ T4436] usb 5-1: New USB device found, idVendor=06d0, idProduct=0622, bcdDevice=70.f8 [ 205.433718][ T6327] netlink: 4 bytes leftover after parsing attributes in process `syz.4.457'. [ 205.451235][ T6291] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 205.461272][ T6329] program syz.3.458 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 205.481213][ T4436] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.524443][ T6325] autofs4:pid:6325:autofs_fill_super: called with bogus options [ 205.556239][ T4436] usb 5-1: config 0 descriptor?? [ 205.593381][ T4436] usb 5-1: can't set config #0, error -71 [ 205.610817][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 205.638638][ T4436] usb 5-1: USB disconnect, device number 7 [ 205.709378][ T6337] FAULT_INJECTION: forcing a failure. [ 205.709378][ T6337] name failslab, interval 1, probability 0, space 0, times 0 [ 205.755331][ T6337] CPU: 1 PID: 6337 Comm: syz.4.461 Not tainted 5.15.178-syzkaller #0 [ 205.763454][ T6337] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 205.773533][ T6337] Call Trace: [ 205.776835][ T6337] [ 205.779791][ T6337] dump_stack_lvl+0x1e3/0x2d0 [ 205.784497][ T6337] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 205.790271][ T6337] ? panic+0x860/0x860 [ 205.794386][ T6337] ? __might_sleep+0xc0/0xc0 [ 205.799000][ T6337] ? netlink_insert+0xcac/0x1280 [ 205.803965][ T6337] should_fail+0x38a/0x4c0 [ 205.808410][ T6337] should_failslab+0x5/0x20 [ 205.812932][ T6337] slab_pre_alloc_hook+0x53/0xc0 [ 205.817894][ T6337] kmem_cache_alloc_node+0x49/0x2c0 [ 205.823111][ T6337] ? __alloc_skb+0xdd/0x590 [ 205.827634][ T6337] __alloc_skb+0xdd/0x590 [ 205.831989][ T6337] netlink_sendmsg+0x6f8/0xd60 [ 205.836791][ T6337] ? netlink_getsockopt+0x5b0/0x5b0 [ 205.842011][ T6337] ? aa_sock_msg_perm+0x91/0x150 [ 205.846971][ T6337] ? bpf_lsm_socket_sendmsg+0x5/0x10 [ 205.852280][ T6337] ? security_socket_sendmsg+0x7d/0xa0 [ 205.857764][ T6337] ? netlink_getsockopt+0x5b0/0x5b0 [ 205.862994][ T6337] ____sys_sendmsg+0x59e/0x8f0 [ 205.867786][ T6337] ? iovec_from_user+0x300/0x390 [ 205.872758][ T6337] ? __sys_sendmsg_sock+0x30/0x30 [ 205.877830][ T6337] ___sys_sendmsg+0x252/0x2e0 [ 205.882540][ T6337] ? __sys_sendmsg+0x260/0x260 [ 205.887503][ T6337] ? __fdget+0x191/0x220 [ 205.891775][ T6337] __se_sys_sendmsg+0x19a/0x260 [ 205.896658][ T6337] ? __x64_sys_sendmsg+0x80/0x80 [ 205.901649][ T6337] ? syscall_enter_from_user_mode+0x2e/0x240 [ 205.907650][ T6337] ? lockdep_hardirqs_on+0x94/0x130 [ 205.912897][ T6337] ? syscall_enter_from_user_mode+0x2e/0x240 [ 205.918908][ T6337] do_syscall_64+0x3b/0xb0 [ 205.923344][ T6337] ? clear_bhb_loop+0x15/0x70 [ 205.928065][ T6337] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 205.933991][ T6337] RIP: 0033:0x7f89890b0169 [ 205.938442][ T6337] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 205.958161][ T6337] RSP: 002b:00007f8986f19038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 205.966608][ T6337] RAX: ffffffffffffffda RBX: 00007f89892c8fa0 RCX: 00007f89890b0169 [ 205.974604][ T6337] RDX: 0000000000000040 RSI: 0000400000000100 RDI: 0000000000000003 [ 205.982596][ T6337] RBP: 00007f8986f19090 R08: 0000000000000000 R09: 0000000000000000 [ 205.990637][ T6337] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 205.998631][ T6337] R13: 0000000000000000 R14: 00007f89892c8fa0 R15: 00007ffdf75517d8 [ 206.006639][ T6337] [ 206.685812][ T6329] loop3: detected capacity change from 0 to 8192 [ 206.771989][ T6329] REISERFS (device loop3): found reiserfs format "3.5" with non-standard journal [ 207.058985][ T6329] REISERFS (device loop3): using ordered data mode [ 207.068194][ T6329] reiserfs: using flush barriers [ 207.087346][ T6329] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 207.115982][ T6329] REISERFS (device loop3): checking transaction log (loop3) [ 207.136773][ T6329] REISERFS (device loop3): Using r5 hash to sort names [ 207.144221][ T6329] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 208.295811][ T6329] ntfs3: nbd3: try to read out of volume at offset 0x0 [ 208.443595][ T6357] loop2: detected capacity change from 0 to 2048 [ 209.381349][ T6364] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 209.806835][ T21] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 209.984668][ T6371] loop2: detected capacity change from 0 to 4096 [ 210.047534][ T6371] __ntfs_error: 6 callbacks suppressed [ 210.047553][ T6371] ntfs: (device loop2): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 210.090277][ T6376] loop3: detected capacity change from 0 to 4096 [ 210.093754][ T6371] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 210.125393][ T6371] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 210.154102][ T6376] ntfs: (device loop3): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 210.166296][ T6371] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 210.175429][ T21] usb 5-1: config index 0 descriptor too short (expected 26, got 18) [ 210.187045][ T6371] ntfs: volume version 3.1. [ 210.191726][ T6371] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 210.196375][ T6376] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 210.231713][ T6376] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 210.248592][ T6371] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 210.256405][ T6376] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 210.289053][ T6376] ntfs: volume version 3.1. [ 210.368124][ T21] usb 5-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=3f.fc [ 210.380409][ T21] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.397340][ T21] usb 5-1: Product: syz [ 210.401732][ T21] usb 5-1: Manufacturer: syz [ 210.409007][ T21] usb 5-1: SerialNumber: syz [ 210.427158][ T21] usb 5-1: config 0 descriptor?? [ 210.456984][ T6379] udc-core: couldn't find an available UDC or it's busy [ 210.463960][ T6379] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 210.496880][ T21] cypress_m8 5-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 210.531743][ T21] nokiaca42v2 ttyUSB0: required endpoint is missing [ 210.634441][ T6381] loop3: detected capacity change from 0 to 4096 [ 210.710518][ T6381] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 210.728715][ T4436] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 210.867631][ T4216] usb 5-1: USB disconnect, device number 8 [ 210.885953][ T4216] cypress_m8 5-1:0.0: device disconnected [ 210.943559][ T6386] loop1: detected capacity change from 0 to 128 [ 210.960923][ T4436] usb 3-1: device descriptor read/64, error -71 [ 211.021192][ T6386] EXT4-fs (loop1): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 211.245180][ T4436] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 211.299403][ T6386] loop1: detected capacity change from 0 to 4096 [ 211.435177][ T4436] usb 3-1: device descriptor read/64, error -71 [ 211.519881][ T6388] loop4: detected capacity change from 0 to 512 [ 211.555284][ T4436] usb usb3-port1: attempt power cycle [ 211.610998][ T6388] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 211.640516][ T6388] ext4 filesystem being mounted at /100/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 211.653995][ T6386] loop1: detected capacity change from 0 to 8192 [ 211.693154][ T6386] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal [ 211.728224][ T6386] REISERFS (device loop1): using ordered data mode [ 211.756486][ T6386] reiserfs: using flush barriers [ 211.763408][ T6388] EXT4-fs error (device loop4): ext4_get_first_dir_block:3605: inode #12: block 32: comm syz.4.477: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0 [ 211.805160][ T6388] EXT4-fs error (device loop4): ext4_get_first_dir_block:3608: inode #12: comm syz.4.477: directory missing '.' [ 211.823848][ T6386] REISERFS (device loop1): journal params: device loop1, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 211.874851][ T6386] REISERFS (device loop1): checking transaction log (loop1) [ 211.900643][ T6386] REISERFS (device loop1): Using r5 hash to sort names [ 211.920111][ T6386] REISERFS warning (device loop1): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 211.953229][ T6386] REISERFS (device loop1): Created .reiserfs_priv - reserved for xattr storage. [ 211.966997][ T6381] device macvlan0 entered promiscuous mode [ 211.995250][ T4436] usb 3-1: new full-speed USB device number 34 using dummy_hcd [ 212.125409][ T4436] usb 3-1: device descriptor read/8, error -71 [ 212.136233][ T6381] team0: Port device macvlan0 added [ 212.212376][ T4167] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22. [ 212.240459][ T4167] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 212.325278][ T4167] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 214.697972][ T4436] usb 3-1: new full-speed USB device number 35 using dummy_hcd [ 214.884519][ T6407] loop4: detected capacity change from 0 to 1024 [ 214.891405][ T4436] usb 3-1: device descriptor read/8, error -71 [ 214.998226][ T6407] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,,errors=continue. Quota mode: none. [ 215.025278][ T4436] usb usb3-port1: unable to enumerate USB device [ 215.304871][ T6408] loop3: detected capacity change from 0 to 8192 [ 215.426061][ T6408] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal [ 215.445731][ T6408] REISERFS (device loop3): using ordered data mode [ 215.522378][ T6408] reiserfs: using flush barriers [ 215.553488][ T6425] loop4: detected capacity change from 0 to 4096 [ 215.591485][ T6408] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 215.604551][ T6428] FAULT_INJECTION: forcing a failure. [ 215.604551][ T6428] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 215.624124][ T4212] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 215.650647][ T6428] CPU: 1 PID: 6428 Comm: syz.1.486 Not tainted 5.15.178-syzkaller #0 [ 215.658763][ T6428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 215.666102][ T6425] __ntfs_error: 20 callbacks suppressed [ 215.666121][ T6425] ntfs: (device loop4): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 215.668940][ T6428] Call Trace: [ 215.668953][ T6428] [ 215.674503][ T6425] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 215.684446][ T6428] dump_stack_lvl+0x1e3/0x2d0 [ 215.684483][ T6428] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 215.684507][ T6428] ? panic+0x860/0x860 [ 215.684541][ T6428] should_fail+0x38a/0x4c0 [ 215.722779][ T6428] _copy_from_user+0x2d/0x170 [ 215.727489][ T6428] semctl_main+0x6a9/0x17e0 [ 215.732006][ T6428] ? semctl_stat+0x6b0/0x6b0 [ 215.736636][ T6428] ? __lock_acquire+0x1ff0/0x1ff0 [ 215.741662][ T6428] ? __context_tracking_exit+0x4c/0x80 [ 215.747228][ T6428] __se_sys_semctl+0x25d/0x310 [ 215.751997][ T6428] ? __x64_sys_semctl+0xa0/0xa0 [ 215.756867][ T6428] ? rcu_is_watching+0x11/0xa0 [ 215.761656][ T6428] ? syscall_enter_from_user_mode+0x14b/0x240 [ 215.767733][ T6428] do_syscall_64+0x3b/0xb0 [ 215.772150][ T6428] ? clear_bhb_loop+0x15/0x70 [ 215.776824][ T6428] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 215.782779][ T6428] RIP: 0033:0x7ff12e408169 [ 215.787192][ T6428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 215.806795][ T6428] RSP: 002b:00007ff12c250038 EFLAGS: 00000246 ORIG_RAX: 0000000000000042 [ 215.815229][ T6428] RAX: ffffffffffffffda RBX: 00007ff12e621080 RCX: 00007ff12e408169 [ 215.823196][ T6428] RDX: 0000000000000011 RSI: 0000000000000000 RDI: 0000000000000000 [ 215.831158][ T6428] RBP: 00007ff12c250090 R08: 0000000000000000 R09: 0000000000000000 [ 215.839132][ T6428] R10: 0000400000000680 R11: 0000000000000246 R12: 0000000000000001 [ 215.847207][ T6428] R13: 0000000000000001 R14: 00007ff12e621080 R15: 00007ffdc9405268 [ 215.855199][ T6428] [ 215.860722][ T6425] ntfs: (device loop4): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 215.872318][ T6430] loop0: detected capacity change from 0 to 8 [ 215.884990][ T6408] REISERFS (device loop3): checking transaction log (loop3) [ 215.905916][ T6425] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 215.933143][ T6430] squashfs image failed sanity check [ 215.939372][ T6408] REISERFS (device loop3): Using r5 hash to sort names [ 215.956449][ T6425] ntfs: volume version 3.1. [ 215.961292][ T6425] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 215.983071][ T6408] REISERFS warning (device loop3): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 216.035274][ T6408] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage. [ 216.055052][ T6425] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 216.105200][ T4212] usb 3-1: Using ep0 maxpacket: 32 [ 216.165074][ T6425] ntfs: (device loop4): ntfs_check_logfile(): Error mapping $LogFile page (index 0). [ 216.187536][ T6408] REISERFS warning (device loop3): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 216.235371][ T4212] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 216.254399][ T6425] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 216.268513][ T4212] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 216.270771][ T6408] REISERFS warning (device loop3): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 216.290409][ T6425] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Actual VCN (0x0) of index buffer is different from expected VCN (0x900000000000000). Directory inode 0x5 is corrupt or driver bug. [ 216.293816][ T6408] REISERFS warning (device loop3): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 216.411265][ T6425] ntfs: (device loop4): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 217.133330][ T4212] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 217.142561][ T4212] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 217.151634][ T4212] usb 3-1: Product: syz [ 217.156114][ T4212] usb 3-1: Manufacturer: syz [ 217.160748][ T4212] usb 3-1: SerialNumber: syz [ 217.169489][ T4212] usb 3-1: config 0 descriptor?? [ 217.471612][ T4212] usb 3-1: USB disconnect, device number 36 [ 217.917734][ T6435] loop1: detected capacity change from 0 to 32768 [ 217.933495][ T6455] loop4: detected capacity change from 0 to 1764 [ 218.151046][ T6435] XFS (loop1): Mounting V5 Filesystem [ 218.250197][ T6435] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51. [ 218.299418][ T6465] loop4: detected capacity change from 0 to 1024 [ 218.328448][ T6435] XFS (loop1): Starting recovery (logdev: internal) [ 218.338706][ T6452] loop3: detected capacity change from 0 to 40427 [ 218.371968][ T6435] XFS (loop1): Ending recovery (logdev: internal) [ 218.403202][ T6465] EXT4-fs (loop4): inline encryption not supported [ 218.413345][ T6465] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 218.439924][ T6452] F2FS-fs (loop3): invalid crc value [ 218.454060][ T6465] EXT4-fs (loop4): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 218.466961][ T4169] XFS (loop1): Unmounting Filesystem [ 218.519106][ T6449] loop0: detected capacity change from 0 to 32768 [ 218.571492][ T6465] EXT4-fs (loop4): mounted filesystem without journal. Opts: abort,sysvgroups,inlinecrypt,i_version,dioread_nolock,journal_ioprio=0x0000000000000003,min_batch_time=0x0000000000000000,nolazytime,nomblk_io_submit,,errors=continue. Quota mode: none. [ 218.627805][ T6452] F2FS-fs (loop3): Found nat_bits in checkpoint [ 219.267090][ T6452] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 219.667512][ T6480] loop2: detected capacity change from 0 to 4096 [ 219.695223][ T4167] attempt to access beyond end of device [ 219.695223][ T4167] loop3: rw=2049, want=45104, limit=40427 [ 219.769376][ T6480] ntfs: volume version 3.1. [ 219.902829][ T6487] loop1: detected capacity change from 0 to 512 [ 219.975226][ T6487] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 220.041282][ T6487] EXT4-fs (loop1): 1 truncate cleaned up [ 220.042257][ T6478] syz.0.493 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 220.065091][ T6487] EXT4-fs (loop1): mounted filesystem without journal. Opts: nogrpid,min_batch_time=0x0000000000000000,debug_want_extra_isize=0x0000000000000068,nobarrier,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 220.468839][ T6495] loop4: detected capacity change from 0 to 2048 [ 220.476737][ T6489] loop2: detected capacity change from 0 to 32768 [ 220.657593][ T6501] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 221.570759][ T6489] XFS (loop2): Mounting V5 Filesystem [ 221.698583][ T6489] XFS (loop2): Ending clean mount [ 221.713740][ T6489] XFS (loop2): Quotacheck needed: Please wait. [ 221.857277][ T6489] XFS (loop2): Quotacheck: Done. [ 222.062790][ T4174] XFS (loop2): Unmounting Filesystem [ 222.111729][ T6511] loop1: detected capacity change from 0 to 32768 [ 222.255114][ T4212] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 222.283513][ T6511] XFS (loop1): Mounting V5 Filesystem [ 222.350927][ T13] usb 4-1: new low-speed USB device number 15 using dummy_hcd [ 222.453505][ T6511] XFS (loop1): Ending clean mount [ 222.464558][ T6511] XFS (loop1): Quotacheck needed: Please wait. [ 222.505053][ T4212] usb 5-1: Using ep0 maxpacket: 32 [ 222.565536][ T6511] XFS (loop1): Quotacheck: Done. [ 222.568080][ T6524] loop0: detected capacity change from 0 to 32768 [ 222.628288][ T4212] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 222.641811][ T4169] XFS (loop1): Unmounting Filesystem [ 222.765463][ T6524] XFS (loop0): Mounting V5 Filesystem [ 222.810757][ T6524] XFS (loop0): Torn write (CRC failure) detected at log block 0x40. Truncating head block from 0x50. [ 222.839491][ T4212] usb 5-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 222.870074][ T4212] usb 5-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 222.900102][ T6524] XFS (loop0): Starting recovery (logdev: internal) [ 222.909460][ T4212] usb 5-1: Product: syz [ 222.913737][ T4212] usb 5-1: Manufacturer: syz [ 222.942760][ T6524] XFS (loop0): Ending recovery (logdev: internal) [ 222.945464][ T4212] usb 5-1: SerialNumber: syz [ 222.958820][ T4212] usb 5-1: config 0 descriptor?? [ 222.989363][ T6517] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 223.988556][ T13] usb 4-1: config 135 has an invalid interface number: 230 but max is 0 [ 224.006120][ T4212] usb 5-1: USB disconnect, device number 9 [ 224.015021][ T13] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 224.035355][ T13] usb 4-1: config 135 has no interface number 0 [ 224.054471][ T13] usb 4-1: too many endpoints for config 135 interface 230 altsetting 126: 53, using maximum allowed: 30 [ 224.145095][ T13] usb 4-1: config 135 interface 230 altsetting 126 has 0 endpoint descriptors, different from the interface descriptor's value: 53 [ 224.159519][ T13] usb 4-1: config 135 interface 230 has no altsetting 0 [ 224.194587][ T4168] XFS (loop0): Unmounting Filesystem [ 224.401177][ T6553] netlink: 8 bytes leftover after parsing attributes in process `syz.2.514'. [ 224.416777][ T6553] netlink: 24 bytes leftover after parsing attributes in process `syz.2.514'. [ 224.487679][ T6553] syz.2.514 (6553): /proc/6552/oom_adj is deprecated, please use /proc/6552/oom_score_adj instead. [ 224.504413][ T6553] fuse: Bad value for 'group_id' [ 224.735087][ T4355] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 224.871707][ T6563] loop0: detected capacity change from 0 to 4096 [ 225.355489][ T13] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 225.403155][ T13] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 225.655899][ T13] usb 4-1: can't set config #135, error -71 [ 225.682793][ T13] usb 4-1: USB disconnect, device number 15 [ 225.729975][ T6569] loop4: detected capacity change from 0 to 128 [ 225.766252][ T6563] __ntfs_error: 20 callbacks suppressed [ 225.766270][ T6563] ntfs: (device loop0): parse_options(): Unrecognized mount option fls. [ 225.813787][ T6570] loop3: detected capacity change from 0 to 2048 [ 225.821400][ T6563] ntfs: (device loop0): parse_options(): The umask option requires an argument. [ 225.865073][ T4355] usb 2-1: Using ep0 maxpacket: 32 [ 225.876888][ T6569] EXT4-fs (loop4): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 225.956059][ T6573] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 225.987737][ T4355] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 226.216046][ T4355] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 226.235373][ T6569] loop4: detected capacity change from 0 to 4096 [ 226.241911][ T4355] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 226.328515][ T4355] usb 2-1: Product: syz [ 226.365147][ T4355] usb 2-1: Manufacturer: syz [ 226.698340][ T4355] usb 2-1: SerialNumber: syz [ 226.917007][ T4355] usb 2-1: config 0 descriptor?? [ 227.069183][ T6555] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 227.105956][ T4355] hub 2-1:0.0: bad descriptor, ignoring hub [ 227.115273][ T4355] hub: probe of 2-1:0.0 failed with error -5 [ 227.125343][ T6572] loop2: detected capacity change from 0 to 32768 [ 227.174717][ T6569] loop4: detected capacity change from 0 to 8192 [ 227.291893][ T6589] FAULT_INJECTION: forcing a failure. [ 227.291893][ T6589] name failslab, interval 1, probability 0, space 0, times 0 [ 227.339393][ T6584] loop0: detected capacity change from 0 to 8192 [ 227.346430][ T6569] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal [ 227.357257][ T6572] XFS (loop2): Mounting V5 Filesystem [ 227.363701][ T6569] REISERFS (device loop4): using ordered data mode [ 227.370587][ T6569] reiserfs: using flush barriers [ 227.374533][ T6589] CPU: 1 PID: 6589 Comm: syz.3.523 Not tainted 5.15.178-syzkaller #0 [ 227.382715][ T6569] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 227.383590][ T6589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 227.409693][ T6589] Call Trace: [ 227.413008][ T6589] [ 227.415954][ T6589] dump_stack_lvl+0x1e3/0x2d0 [ 227.420678][ T6589] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 227.426327][ T6589] ? panic+0x860/0x860 [ 227.430425][ T6589] ? __might_sleep+0xc0/0xc0 [ 227.435032][ T6589] ? memset+0x1f/0x40 [ 227.439032][ T6589] ? lockdep_init_map_type+0x9d/0x8d0 [ 227.444428][ T6589] should_fail+0x38a/0x4c0 [ 227.447840][ T6569] REISERFS (device loop4): checking transaction log (loop4) [ 227.448868][ T6589] should_failslab+0x5/0x20 [ 227.459020][ T6572] XFS (loop2): Ending clean mount [ 227.460627][ T6589] slab_pre_alloc_hook+0x53/0xc0 [ 227.468116][ T6572] XFS (loop2): Quotacheck needed: Please wait. [ 227.470569][ T6589] ? security_inode_alloc+0x24/0x110 [ 227.481997][ T6589] kmem_cache_alloc+0x3f/0x280 [ 227.482833][ T6569] REISERFS (device loop4): Using r5 hash to sort names [ 227.486785][ T6589] security_inode_alloc+0x24/0x110 [ 227.486817][ T6589] inode_init_always+0x939/0xc70 [ 227.503686][ T6589] ? shmem_match+0x150/0x150 [ 227.508305][ T6589] new_inode_pseudo+0x8f/0x210 [ 227.512365][ T6569] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 227.513166][ T6589] new_inode+0x25/0x1d0 [ 227.530919][ T6589] ? do_raw_spin_unlock+0x137/0x8b0 [ 227.536141][ T6589] shmem_get_inode+0x327/0xad0 [ 227.540943][ T6589] __shmem_file_setup+0x109/0x290 [ 227.545992][ T6589] ? shmem_file_setup+0x13/0x30 [ 227.546248][ T6572] XFS (loop2): Quotacheck: Done. [ 227.550862][ T6589] __se_sys_memfd_create+0x2bb/0x590 [ 227.558328][ T6569] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage. [ 227.561061][ T6589] ? vtime_user_exit+0x2d1/0x400 [ 227.575110][ T6589] ? __x64_sys_memfd_create+0x60/0x60 [ 227.580500][ T6589] ? syscall_enter_from_user_mode+0x2e/0x240 [ 227.586504][ T6589] ? lockdep_hardirqs_on+0x94/0x130 [ 227.591726][ T6589] ? syscall_enter_from_user_mode+0x2e/0x240 [ 227.597729][ T6589] do_syscall_64+0x3b/0xb0 [ 227.602161][ T6589] ? clear_bhb_loop+0x15/0x70 [ 227.606855][ T6589] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 227.612773][ T6589] RIP: 0033:0x7f6740e88169 [ 227.617203][ T6589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 227.636834][ T6589] RSP: 002b:00007f673ecf0e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f [ 227.645283][ T6589] RAX: ffffffffffffffda RBX: 0000000000004475 RCX: 00007f6740e88169 [ 227.653286][ T6589] RDX: 00007f673ecf0ef0 RSI: 0000000000000000 RDI: 00007f6740f09c3c [ 227.661302][ T6589] RBP: 0000400000004500 R08: 00007f673ecf0bb7 R09: 00007f673ecf0e40 [ 227.669295][ T6589] R10: 000000000000000a R11: 0000000000000202 R12: 00004000000044c0 [ 227.677307][ T6589] R13: 00007f673ecf0ef0 R14: 00007f673ecf0eb0 R15: 0000400000000400 [ 227.685505][ T6589] [ 227.845113][ T6584] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal [ 227.866866][ T4174] XFS (loop2): Unmounting Filesystem [ 227.896448][ T4212] usb 2-1: reset high-speed USB device number 13 using dummy_hcd [ 227.897293][ T6584] REISERFS (device loop0): using ordered data mode [ 227.935162][ T6584] reiserfs: using flush barriers [ 227.945934][ T4212] usb 2-1: device reset changed ep0 maxpacket size! [ 227.993687][ T6584] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30 [ 228.565392][ T6584] REISERFS (device loop0): checking transaction log (loop0) [ 228.608902][ T6584] REISERFS (device loop0): Using r5 hash to sort names [ 228.656025][ T6584] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2) [ 228.720372][ T4212] usb 2-1: USB disconnect, device number 13 [ 228.745276][ T6584] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage. [ 228.863238][ T6584] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 229.012107][ T6584] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 229.072343][ T6584] REISERFS warning (device loop0): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block [ 229.922349][ T6617] loop3: detected capacity change from 0 to 128 [ 231.456974][ T5067] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 231.835785][ T5067] usb 5-1: config 0 has an invalid interface number: 69 but max is 0 [ 231.844732][ T5067] usb 5-1: config 0 has no interface number 0 [ 231.892322][ T5067] usb 5-1: config 0 interface 69 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1023 [ 231.932893][ T5067] usb 5-1: config 0 interface 69 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 232.446270][ T5067] usb 5-1: New USB device found, idVendor=0c4b, idProduct=0100, bcdDevice=d7.ca [ 232.531006][ T5067] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.674820][ T5067] usb 5-1: Product: syz [ 232.700259][ T5067] usb 5-1: Manufacturer: syz [ 232.715096][ T5067] usb 5-1: SerialNumber: syz [ 232.724061][ T6625] loop1: detected capacity change from 0 to 32768 [ 232.750417][ T5067] usb 5-1: config 0 descriptor?? [ 232.806685][ T6620] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 232.880633][ T5067] cyberjack 5-1:0.69: Reiner SCT Cyberjack USB card reader converter detected [ 232.895443][ T5067] usb 5-1: Reiner SCT Cyberjack USB card reader converter now attached to ttyUSB0 [ 232.924020][ T6633] loop3: detected capacity change from 0 to 32768 [ 232.926011][ T6625] XFS (loop1): Mounting V5 Filesystem [ 232.971085][ T4436] usb 5-1: USB disconnect, device number 10 [ 232.992318][ T4436] cyberjack ttyUSB0: Reiner SCT Cyberjack USB card reader converter now disconnected from ttyUSB0 [ 233.023185][ T6631] loop2: detected capacity change from 0 to 32768 [ 233.030449][ T4436] cyberjack 5-1:0.69: device disconnected [ 233.097033][ T6631] (syz.2.535,6631,0):ocfs2_parse_options:1459 ERROR: Invalid heartbeat mount options [ 233.129748][ T6631] (syz.2.535,6631,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 233.147174][ T6633] (syz.3.536,6633,0):ocfs2_read_virt_blocks:991 ERROR: Inode #18 contains a hole at offset 4096 [ 233.205068][ T6633] (syz.3.536,6633,1):ocfs2_read_dir_block:511 ERROR: status = -5 [ 233.213371][ T6633] (syz.3.536,6633,1):ocfs2_init_local_system_inodes:493 ERROR: status=-22, sysfile=8, slot=0 [ 233.239703][ T6625] XFS (loop1): Ending clean mount [ 233.250650][ T6625] XFS (loop1): Quotacheck needed: Please wait. [ 233.258485][ T6633] (syz.3.536,6633,0):ocfs2_init_local_system_inodes:502 ERROR: status = -22 [ 233.268257][ T6633] (syz.3.536,6633,0):ocfs2_mount_volume:1818 ERROR: status = -22 [ 233.923248][ T6625] XFS (loop1): Quotacheck: Done. [ 233.926918][ T6633] (syz.3.536,6633,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 234.012691][ T4169] XFS (loop1): Unmounting Filesystem [ 234.275672][ T6662] loop2: detected capacity change from 0 to 512 [ 234.413441][ T6662] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a014c028, mo2=0002] [ 234.418633][ T6652] loop0: detected capacity change from 0 to 32768 [ 234.437988][ T6662] System zones: 0-2, 18-18, 34-35 [ 234.487420][ T6662] EXT4-fs (loop2): mounted filesystem without journal. Opts: resuid=0x0000000000000000,debug,data_err=abort,data_err=ignore,grpquota,errors=remount-ro,. Quota mode: writeback. [ 234.511295][ T6662] ext4 filesystem being mounted at /108/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 234.585913][ T6652] (syz.0.539,6652,0):ocfs2_read_virt_blocks:991 ERROR: Inode #18 contains a hole at offset 4096 [ 234.604372][ T6652] (syz.0.539,6652,0):ocfs2_read_dir_block:511 ERROR: status = -5 [ 234.613444][ T6652] (syz.0.539,6652,0):ocfs2_init_local_system_inodes:493 ERROR: status=-22, sysfile=8, slot=0 [ 234.617762][ T6662] EXT4-fs error (device loop2): ext4_empty_dir:3139: inode #12: comm syz.2.535: Directory hole found for htree leaf block 0 [ 234.624287][ T6652] (syz.0.539,6652,0):ocfs2_init_local_system_inodes:502 ERROR: status = -22 [ 234.646026][ T6652] (syz.0.539,6652,0):ocfs2_mount_volume:1818 ERROR: status = -22 [ 234.666739][ T6652] (syz.0.539,6652,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 234.821846][ T6662] EXT4-fs (loop2): Remounting filesystem read-only [ 235.944225][ T6680] loop0: detected capacity change from 0 to 128 [ 236.687040][ T6663] loop4: detected capacity change from 0 to 32768 [ 236.715235][ T21] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 236.823291][ T6663] XFS (loop4): Mounting V5 Filesystem [ 236.930596][ T6678] loop3: detected capacity change from 0 to 32768 [ 236.951297][ T6663] XFS (loop4): Ending clean mount [ 236.961295][ T6663] XFS (loop4): Quotacheck needed: Please wait. [ 236.965221][ T21] usb 1-1: Using ep0 maxpacket: 16 [ 237.007454][ T6678] [ 237.007454][ T6678] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.007454][ T6678] [ 237.065736][ T6663] XFS (loop4): Quotacheck: Done. [ 237.095574][ T21] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.106983][ T26] audit: type=1800 audit(1740954902.554:11): pid=6678 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.545" name="file1" dev="loop3" ino=4 res=0 errno=0 [ 237.140573][ T21] usb 1-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 237.200983][ T21] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.209014][ T6678] [ 237.209014][ T6678] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.209014][ T6678] [ 237.226878][ T6678] [ 237.226878][ T6678] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.226878][ T6678] [ 237.261733][ T21] usb 1-1: config 0 descriptor?? [ 237.277891][ T4177] XFS (loop4): Unmounting Filesystem [ 237.315143][ T6678] [ 237.315143][ T6678] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.315143][ T6678] [ 237.460759][ T6678] [ 237.460759][ T6678] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.460759][ T6678] [ 237.597052][ T6694] netlink: 20 bytes leftover after parsing attributes in process `syz.3.545'. [ 237.618162][ T6692] find_entry called with index = 0 [ 237.635416][ T6692] read_mapping_page failed! [ 237.677369][ T6692] ERROR: (device loop3): txCommit: [ 237.677369][ T6692] [ 237.757023][ T21] kye 0003:0458:0087.000F: unknown main item tag 0x0 [ 237.763763][ T21] kye 0003:0458:0087.000F: unknown main item tag 0x0 [ 237.801366][ T21] kye 0003:0458:0087.000F: unknown main item tag 0x0 [ 237.822036][ T21] kye 0003:0458:0087.000F: unknown main item tag 0x0 [ 237.853104][ T21] kye 0003:0458:0087.000F: unknown main item tag 0x0 [ 237.880959][ T154] ERROR: (device loop3): diWrite: ixpxd invalid [ 237.880959][ T154] [ 237.905350][ T21] kye 0003:0458:0087.000F: hidraw0: USB HID v0.00 Device [HID 0458:0087] on usb-dummy_hcd.0-1/input0 [ 237.935781][ T154] ERROR: (device loop3): txCommit: [ 237.935781][ T154] [ 237.945653][ T154] jfs_write_inode: jfs_commit_inode failed! [ 237.970226][ T4167] [ 237.970226][ T4167] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 237.970226][ T4167] [ 238.026951][ T4167] [ 238.026951][ T4167] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 238.026951][ T4167] [ 238.230347][ T6698] loop4: detected capacity change from 0 to 4096 [ 238.291973][ T6698] ntfs: (device loop4): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 238.312427][ T6698] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 238.350212][ T6698] ntfs: (device loop4): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 238.384452][ T6698] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 238.407850][ T6698] ntfs: volume version 3.1. [ 238.412544][ T6698] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 238.465109][ T6698] ntfs: (device loop4): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 238.487040][ T6698] ntfs: (device loop4): ntfs_check_logfile(): Error mapping $LogFile page (index 0). [ 238.487099][ T4355] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 238.497646][ T6698] ntfs: (device loop4): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 238.580829][ T6698] ntfs: (device loop4): ntfs_lookup_inode_by_name(): Actual VCN (0x0) of index buffer is different from expected VCN (0x900000000000000). Directory inode 0x5 is corrupt or driver bug. [ 238.667571][ T6709] FAULT_INJECTION: forcing a failure. [ 238.667571][ T6709] name failslab, interval 1, probability 0, space 0, times 0 [ 238.681025][ T6709] CPU: 0 PID: 6709 Comm: syz.3.552 Not tainted 5.15.178-syzkaller #0 [ 238.689126][ T6709] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 238.699209][ T6709] Call Trace: [ 238.702513][ T6709] [ 238.705465][ T6709] dump_stack_lvl+0x1e3/0x2d0 [ 238.710289][ T6709] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 238.715955][ T6709] ? panic+0x860/0x860 [ 238.720248][ T6709] ? __might_sleep+0xc0/0xc0 [ 238.724893][ T6709] should_fail+0x38a/0x4c0 [ 238.729339][ T6709] ? simple_xattr_set+0x101/0x530 [ 238.734412][ T6709] should_failslab+0x5/0x20 [ 238.738927][ T6709] slab_pre_alloc_hook+0x53/0xc0 [ 238.743877][ T6709] ? simple_xattr_set+0x101/0x530 [ 238.749041][ T6709] __kmalloc_track_caller+0x6c/0x300 [ 238.754359][ T6709] ? simple_xattr_set+0x101/0x530 [ 238.759407][ T6709] kstrdup+0x31/0x70 [ 238.763313][ T6709] simple_xattr_set+0x101/0x530 [ 238.768199][ T6709] kernfs_vfs_user_xattr_set+0x354/0x450 [ 238.773839][ T6709] ? read_lock_is_recursive+0x10/0x10 [ 238.779214][ T6709] ? kernfs_vfs_xattr_set+0xb0/0xb0 [ 238.784411][ T6709] ? posix_xattr_acl+0xa5/0xd0 [ 238.789194][ T6709] ? evm_protect_xattr+0x33b/0xa70 [ 238.794305][ T6709] ? kernfs_vfs_xattr_set+0xb0/0xb0 [ 238.799501][ T6709] __vfs_setxattr+0x3e7/0x420 [ 238.804189][ T6709] __vfs_setxattr_noperm+0x12a/0x5e0 [ 238.809483][ T6709] vfs_setxattr+0x21d/0x420 [ 238.813999][ T6709] ? xattr_permission+0x4f0/0x4f0 [ 238.819022][ T6709] ? __might_fault+0xb4/0x110 [ 238.823710][ T6709] ? strncpy_from_user+0x209/0x370 [ 238.828850][ T6709] setxattr+0x27e/0x2e0 [ 238.833031][ T6709] ? path_setxattr+0x2a0/0x2a0 [ 238.837820][ T6709] ? preempt_count_add+0x8f/0x180 [ 238.842861][ T6709] ? __mnt_want_write+0x1e6/0x260 [ 238.847893][ T6709] path_setxattr+0x1bc/0x2a0 [ 238.852572][ T6709] ? simple_xattr_list_add+0xf0/0xf0 [ 238.857858][ T6709] ? syscall_enter_from_user_mode+0x2e/0x240 [ 238.863848][ T6709] __x64_sys_setxattr+0xb7/0xd0 [ 238.868701][ T6709] do_syscall_64+0x3b/0xb0 [ 238.873111][ T6709] ? clear_bhb_loop+0x15/0x70 [ 238.877909][ T6709] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 238.883828][ T6709] RIP: 0033:0x7f6740e88169 [ 238.888282][ T6709] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.907918][ T6709] RSP: 002b:00007f673ecd0038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc [ 238.916345][ T6709] RAX: ffffffffffffffda RBX: 00007f67410a1080 RCX: 00007f6740e88169 [ 238.924320][ T6709] RDX: 0000000000000000 RSI: 0000400000000040 RDI: 0000400000000000 [ 238.932288][ T6709] RBP: 00007f673ecd0090 R08: 0000000000000002 R09: 0000000000000000 [ 238.940267][ T6709] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 238.948239][ T6709] R13: 0000000000000000 R14: 00007f67410a1080 R15: 00007ffe8638bc18 [ 238.956227][ T6709] [ 239.125503][ T4355] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 239.143309][ T4355] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 239.153971][ T4355] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 239.164053][ T4428] usb 1-1: USB disconnect, device number 12 [ 239.244089][ T4355] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.308795][ T4355] usb 3-1: config 0 descriptor?? [ 239.318793][ T6711] loop4: detected capacity change from 0 to 1024 [ 239.356728][ T6711] hfsplus: unable to parse mount options [ 239.418312][ T6714] tipc: Cannot configure node identity twice [ 239.430914][ T6714] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 239.584583][ T6711] loop4: detected capacity change from 0 to 1024 [ 240.027415][ T4355] lenovo 0003:17EF:6047.0010: unknown main item tag 0x0 [ 240.097512][ T4355] lenovo 0003:17EF:6047.0010: unknown main item tag 0x0 [ 240.226222][ T4355] lenovo 0003:17EF:6047.0010: unknown main item tag 0x0 [ 240.368037][ T4355] lenovo 0003:17EF:6047.0010: unknown main item tag 0x0 [ 240.531216][ T4355] lenovo 0003:17EF:6047.0010: unknown main item tag 0x0 [ 240.555746][ T6705] loop1: detected capacity change from 0 to 32768 [ 240.593946][ T4355] lenovo 0003:17EF:6047.0010: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0 [ 240.789649][ T6705] XFS (loop1): Mounting V5 Filesystem [ 240.967179][ T6705] XFS (loop1): Ending clean mount [ 241.031289][ T6705] XFS (loop1): Quotacheck needed: Please wait. [ 241.071880][ T6737] loop0: detected capacity change from 0 to 4096 [ 241.140861][ T6705] XFS (loop1): Quotacheck: Done. [ 241.248099][ T4169] XFS (loop1): Unmounting Filesystem [ 241.254724][ T6737] input: syz0 as /devices/virtual/input/input6 [ 241.265113][ T4428] Bluetooth: hci0: command 0x0c1a tx timeout [ 241.312949][ T6711] hfsplus: cannot replace xattr [ 241.402598][ T2339] usb 3-1: USB disconnect, device number 37 [ 241.545726][ T6751] loop3: detected capacity change from 0 to 128 [ 241.919706][ T6749] loop2: detected capacity change from 0 to 4096 [ 242.027164][ T6749] ntfs: volume version 3.1. [ 242.235849][ T5067] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 242.485171][ T5067] usb 4-1: Using ep0 maxpacket: 16 [ 242.564144][ T6767] netlink: 4 bytes leftover after parsing attributes in process `syz.2.567'. [ 242.605642][ T5067] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 242.629759][ T5067] usb 4-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 242.659544][ T5067] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.683337][ T5067] usb 4-1: config 0 descriptor?? [ 243.061454][ T6772] loop2: detected capacity change from 0 to 4096 [ 243.063911][ T6760] loop4: detected capacity change from 0 to 32768 [ 243.249079][ T5067] kye 0003:0458:0087.0011: unknown main item tag 0x0 [ 243.284731][ T6760] xfs: Unknown parameter 'uid' [ 243.391348][ T6772] __ntfs_error: 21 callbacks suppressed [ 243.391417][ T6772] ntfs: (device loop2): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 243.750830][ T5067] kye 0003:0458:0087.0011: unknown main item tag 0x0 [ 243.788745][ T5067] kye 0003:0458:0087.0011: unknown main item tag 0x0 [ 243.833805][ T6772] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 243.848174][ T5067] kye 0003:0458:0087.0011: unknown main item tag 0x0 [ 243.865882][ T4433] Bluetooth: hci0: command 0x0406 tx timeout [ 243.872409][ T6772] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 243.899203][ T6772] ntfs: (device loop2): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 243.900781][ T5067] kye 0003:0458:0087.0011: unknown main item tag 0x0 [ 243.923053][ T6772] ntfs: volume version 3.1. [ 243.952777][ T6772] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 243.974507][ T6780] netlink: 'syz.0.570': attribute type 12 has an invalid length. [ 243.983603][ T6776] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported [ 244.008349][ T6780] netlink: 'syz.0.570': attribute type 29 has an invalid length. [ 244.031830][ T6772] ntfs: (device loop2): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 244.036994][ T5067] kye 0003:0458:0087.0011: hidraw0: USB HID v0.00 Device [HID 0458:0087] on usb-dummy_hcd.3-1/input0 [ 244.086168][ T6780] netlink: 148 bytes leftover after parsing attributes in process `syz.0.570'. [ 244.145296][ T6772] ntfs: (device loop2): ntfs_check_logfile(): Error mapping $LogFile page (index 0). [ 244.164584][ T6772] ntfs: (device loop2): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 244.200495][ T6772] ntfs: (device loop2): ntfs_lookup_inode_by_name(): Actual VCN (0x0) of index buffer is different from expected VCN (0x900000000000000). Directory inode 0x5 is corrupt or driver bug. [ 244.219262][ T6780] netlink: 'syz.0.570': attribute type 2 has an invalid length. [ 244.242408][ T6772] ntfs: (device loop2): check_windows_hibernation_status(): Failed to find inode number for hiberfil.sys. [ 244.262629][ T6780] netlink: 'syz.0.570': attribute type 3 has an invalid length. [ 244.293937][ T6780] netlink: 27 bytes leftover after parsing attributes in process `syz.0.570'. [ 244.845574][ T6788] loop2: detected capacity change from 0 to 2048 [ 244.856798][ T21] usb 4-1: USB disconnect, device number 16 [ 244.977817][ T6793] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 245.235092][ T4355] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 245.501016][ T4355] usb 2-1: Using ep0 maxpacket: 8 [ 245.511337][ T6784] loop4: detected capacity change from 0 to 32768 [ 245.560580][ T6801] loop3: detected capacity change from 0 to 4096 [ 245.625327][ T4355] usb 2-1: too many endpoints for config 0 interface 0 altsetting 255: 255, using maximum allowed: 30 [ 245.646847][ T4355] usb 2-1: config 0 interface 0 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 245.672323][ T4355] usb 2-1: config 0 interface 0 has no altsetting 0 [ 245.690649][ T6784] XFS (loop4): Mounting V5 Filesystem [ 245.742219][ T6801] ntfs: volume version 3.1. [ 245.835368][ T4355] usb 2-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 245.846773][ T4355] usb 2-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 245.855368][ T4355] usb 2-1: Product: syz [ 245.859922][ T4355] usb 2-1: Manufacturer: syz [ 245.864553][ T4355] usb 2-1: SerialNumber: syz [ 245.871244][ T6784] XFS (loop4): Ending clean mount [ 245.883715][ T4355] usb 2-1: config 0 descriptor?? [ 245.889022][ T6784] XFS (loop4): Quotacheck needed: Please wait. [ 245.973467][ T6815] netlink: 4 bytes leftover after parsing attributes in process `syz.2.579'. [ 246.017861][ T6784] XFS (loop4): Quotacheck: Done. [ 246.167105][ T4177] XFS (loop4): Unmounting Filesystem [ 246.202693][ T6819] netlink: 4 bytes leftover after parsing attributes in process `syz.0.581'. [ 246.227092][ T4355] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd [ 246.245215][ T4355] gspca_zc3xx: reg_w_i err -71 [ 246.250063][ T4355] gspca_zc3xx: probe of 2-1:0.0 failed with error -71 [ 246.268144][ T4355] usb 2-1: USB disconnect, device number 14 [ 247.289331][ T6831] loop1: detected capacity change from 0 to 1024 [ 247.343430][ T6833] loop3: detected capacity change from 0 to 128 [ 247.366135][ T6831] hfsplus: unable to parse mount options [ 247.981622][ T6840] IPVS: lc: SCTP 127.0.0.1:0 - no destination available [ 248.005115][ T21] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 248.385072][ T21] usb 4-1: Using ep0 maxpacket: 16 [ 248.483467][ T6842] device bond0 entered promiscuous mode [ 248.505374][ T21] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 248.519954][ T6842] device bond_slave_0 entered promiscuous mode [ 248.526396][ T6842] device bond_slave_1 entered promiscuous mode [ 248.534450][ T6842] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 248.550616][ T6842] device bond0 left promiscuous mode [ 248.556147][ T6842] device bond_slave_0 left promiscuous mode [ 248.562289][ T6842] device bond_slave_1 left promiscuous mode [ 248.576509][ T21] usb 4-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 248.606076][ T21] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.636712][ T6829] loop0: detected capacity change from 0 to 40427 [ 248.652641][ T21] usb 4-1: config 0 descriptor?? [ 248.726331][ T6829] F2FS-fs (loop0): Found nat_bits in checkpoint [ 248.847591][ T6838] loop4: detected capacity change from 0 to 32768 [ 248.882345][ T6829] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 248.982654][ T6838] tipc: Enabled bearer , priority 10 [ 249.021849][ T6829] syz.0.584 (6829): drop_caches: 2 [ 249.126169][ T4436] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 249.137066][ T21] kye 0003:0458:0087.0012: unknown main item tag 0x0 [ 249.155972][ T21] kye 0003:0458:0087.0012: unknown main item tag 0x0 [ 249.162719][ T21] kye 0003:0458:0087.0012: unknown main item tag 0x0 [ 249.190007][ T21] kye 0003:0458:0087.0012: unknown main item tag 0x0 [ 249.197961][ T6857] netlink: 4 bytes leftover after parsing attributes in process `syz.2.593'. [ 249.204869][ T21] kye 0003:0458:0087.0012: unknown main item tag 0x0 [ 249.230562][ T21] kye 0003:0458:0087.0012: hidraw0: USB HID v0.00 Device [HID 0458:0087] on usb-dummy_hcd.3-1/input0 [ 249.294274][ T6829] syz.0.584 (6829): drop_caches: 2 [ 249.425116][ T4436] usb 2-1: Using ep0 maxpacket: 8 [ 249.585685][ T4436] usb 2-1: config 0 has an invalid interface number: 5 but max is 0 [ 249.598033][ T4436] usb 2-1: config 0 has no interface number 0 [ 249.815350][ T4436] usb 2-1: New USB device found, idVendor=1498, idProduct=a090, bcdDevice=f0.ff [ 249.834030][ T4436] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.851793][ T4436] usb 2-1: Product: syz [ 249.863574][ T4436] usb 2-1: Manufacturer: syz [ 249.873727][ T4436] usb 2-1: SerialNumber: syz [ 249.892303][ T4436] usb 2-1: config 0 descriptor?? [ 250.991254][ T4355] usb 4-1: USB disconnect, device number 17 [ 251.015791][ T6850] loop1: detected capacity change from 0 to 4096 [ 251.132735][ T6868] loop4: detected capacity change from 0 to 32768 [ 251.139734][ T6880] netlink: 8 bytes leftover after parsing attributes in process `syz.2.598'. [ 251.179868][ C0] IPv4: Oversized IP packet from 172.20.20.24 [ 251.194579][ T6850] ntfs3: loop1: Different NTFS' sector size (4096) and media sector size (512) [ 251.246705][ T6850] ntfs3: loop1: Mark volume as dirty due to NTFS errors [ 251.377392][ T6850] ntfs3: loop1: Failed to load $MFT. [ 251.383819][ T6868] XFS (loop4): Mounting V5 Filesystem [ 251.790402][ T21] usb 2-1: USB disconnect, device number 15 [ 251.840481][ T6868] XFS (loop4): Ending clean mount [ 251.868210][ T6868] XFS (loop4): Quotacheck needed: Please wait. [ 252.011158][ T6912] netlink: 4 bytes leftover after parsing attributes in process `syz.2.604'. [ 252.038642][ T6868] XFS (loop4): Quotacheck: Done. [ 252.197021][ T4177] XFS (loop4): Unmounting Filesystem [ 252.642003][ T6891] loop3: detected capacity change from 0 to 32768 [ 253.447318][ T6891] jfs: Unrecognized mount option "0177777777777777777777718446744073709551615" or missing value [ 253.515166][ T21] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 253.575964][ T6931] loop0: detected capacity change from 0 to 32768 [ 253.593126][ T6934] netlink: 8 bytes leftover after parsing attributes in process `syz.1.612'. [ 253.722875][ T6931] (syz.0.611,6931,1):ocfs2_verify_userspace_stack:855 ERROR: cluster stack passed to mount, but this filesystem does not support it [ 253.931637][ T6931] (syz.0.611,6931,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 254.010033][ T6891] loop3: detected capacity change from 0 to 2048 [ 254.132351][ T21] usb 3-1: Using ep0 maxpacket: 16 [ 254.193931][ T6891] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000000000,grpquota,lazytime,stripe=0x000000000004ffff,norecovery,errors=remount-ro,max_batch_time=0x0000000000000814,. Quota mode: writeback. [ 254.275335][ T21] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 254.315385][ T21] usb 3-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 254.324469][ T21] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.344211][ T26] kauditd_printk_skb: 20 callbacks suppressed [ 254.344227][ T26] audit: type=1326 audit(1740954919.794:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6888 comm="syz.3.599" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f6740e88169 code=0x0 [ 254.355594][ T21] usb 3-1: config 0 descriptor?? [ 254.804378][ T6960] loop3: detected capacity change from 0 to 4096 [ 254.894077][ T6964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.619'. [ 254.899004][ T6960] ntfs: (device loop3): ntfs_read_locked_inode(): Failed to load attribute list attribute. [ 254.911945][ T21] kye 0003:0458:0087.0013: unknown main item tag 0x0 [ 254.927898][ T21] kye 0003:0458:0087.0013: unknown main item tag 0x0 [ 254.946893][ T21] kye 0003:0458:0087.0013: unknown main item tag 0x0 [ 254.953736][ T6960] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -22. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 254.965863][ T21] kye 0003:0458:0087.0013: unknown main item tag 0x0 [ 254.982188][ T6960] ntfs: (device loop3): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 255.002513][ T6960] ntfs: (device loop3): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default. [ 255.005311][ T21] kye 0003:0458:0087.0013: unknown main item tag 0x0 [ 255.016597][ T6960] ntfs: volume version 3.1. [ 255.031647][ T6960] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 255.046747][ T21] kye 0003:0458:0087.0013: hidraw0: USB HID v0.00 Device [HID 0458:0087] on usb-dummy_hcd.2-1/input0 [ 255.060040][ T6960] ntfs: (device loop3): ntfs_read_block(): Failed to read from inode 0x2, attribute type 0x80, vcn 0x0, offset 0x800 because its location on disk could not be determined even after retrying (error code -5). [ 255.118021][ T6960] ntfs: (device loop3): ntfs_check_logfile(): Error mapping $LogFile page (index 0). [ 255.130253][ T6960] ntfs: (device loop3): load_system_files(): Failed to load $LogFile. Will not be able to remount read-write. Mount in Windows. [ 255.195876][ T6960] ntfs: (device loop3): ntfs_lookup_inode_by_name(): Actual VCN (0x0) of index buffer is different from expected VCN (0x900000000000000). Directory inode 0x5 is corrupt or driver bug. [ 255.256342][ T6971] loop0: detected capacity change from 0 to 128 [ 255.384704][ T6971] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 255.427003][ T6955] loop1: detected capacity change from 0 to 32768 [ 255.440043][ T6971] ext4 filesystem being mounted at /130/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 255.519451][ T6971] fscrypt: loop0: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12 [ 255.564136][ T6955] XFS (loop1): Mounting V5 Filesystem [ 255.586721][ T6962] loop4: detected capacity change from 0 to 32768 [ 255.667756][ T1421] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.674660][ T1421] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.800345][ T6962] XFS (loop4): Mounting V5 Filesystem [ 256.625408][ T2339] usb 3-1: USB disconnect, device number 38 [ 256.638843][ T6955] XFS (loop1): Ending clean mount [ 256.699524][ T6962] XFS (loop4): Ending clean mount [ 256.737418][ T6962] XFS (loop4): Quotacheck needed: Please wait. [ 256.853649][ T4169] XFS (loop1): Unmounting Filesystem [ 256.937927][ T6962] XFS (loop4): Quotacheck: Done. [ 257.156517][ T4177] XFS (loop4): Unmounting Filesystem [ 258.360428][ T6995] loop0: detected capacity change from 0 to 32768 [ 258.458455][ T6995] gfs2: fsid=syz:syz: Trying to join cluster "lock_dlm", "syz:syz" [ 258.500338][ T6995] dlm: no local IP address has been set [ 258.520132][ T6995] dlm: cannot start dlm midcomms -107 [ 258.540304][ T6995] gfs2: fsid=syz:syz: dlm_new_lockspace error -107 [ 258.549510][ T7031] loop3: detected capacity change from 0 to 128 [ 258.567147][ T7029] loop1: detected capacity change from 0 to 1024 [ 258.599416][ T7029] EXT4-fs (loop1): Unrecognized mount option "fsuuid=8abff2c6-fa56-3a5c-8abf-f57f1c33" or missing value [ 258.637508][ T7028] loop4: detected capacity change from 0 to 4096 [ 258.781392][ T7028] ntfs: volume version 3.1. [ 259.116137][ T7039] netlink: 24 bytes leftover after parsing attributes in process `syz.2.638'. [ 259.125322][ T4216] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 259.145511][ T7040] Cannot find set identified by id 0 to match [ 259.252508][ T7044] loop1: detected capacity change from 0 to 1024 [ 259.399574][ T7044] EXT4-fs (loop1): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock [ 259.409572][ T4216] usb 4-1: Using ep0 maxpacket: 16 [ 259.443518][ T7044] EXT4-fs (loop1): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869) [ 259.536795][ T7044] EXT4-fs error (device loop1): ext4_get_journal_inode:5160: inode #5: comm syz.1.639: unexpected bad inode w/o EXT4_IGET_BAD [ 259.550400][ T4216] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 259.809033][ T4216] usb 4-1: New USB device found, idVendor=0458, idProduct=0087, bcdDevice= 0.00 [ 259.967922][ T7044] EXT4-fs (loop1): no journal found [ 259.982830][ T4216] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.216174][ T4216] usb 4-1: config 0 descriptor?? [ 260.410380][ T7058] loop4: detected capacity change from 0 to 64 [ 260.564563][ T7034] loop0: detected capacity change from 0 to 40427 [ 260.656051][ T7034] F2FS-fs (loop0): invalid crc value [ 260.686844][ T7034] F2FS-fs (loop0): Found nat_bits in checkpoint [ 260.707004][ T4216] kye 0003:0458:0087.0014: unknown main item tag 0x0 [ 260.737964][ T4216] kye 0003:0458:0087.0014: unknown main item tag 0x0 [ 260.750637][ T4216] kye 0003:0458:0087.0014: unknown main item tag 0x0 [ 260.795456][ T4216] kye 0003:0458:0087.0014: unknown main item tag 0x0 [ 260.801147][ T7066] device lo entered promiscuous mode [ 260.802212][ T4216] kye 0003:0458:0087.0014: unknown main item tag 0x0 [ 260.837530][ T4216] kye 0003:0458:0087.0014: hidraw0: USB HID v0.00 Device [HID 0458:0087] on usb-dummy_hcd.3-1/input0 [ 260.895251][ T7034] F2FS-fs (loop0): Start checkpoint disabled! [ 260.989852][ T7034] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6 [ 261.628145][ T7073] bridge0: port 2(bridge_slave_1) entered disabled state [ 261.670423][ T144] attempt to access beyond end of device [ 261.670423][ T144] loop0: rw=2049, want=40968, limit=40427 [ 261.903341][ T7079] loop4: detected capacity change from 0 to 4096 [ 261.967363][ T7079] __ntfs_error: 21 callbacks suppressed [ 261.967382][ T7079] ntfs: (device loop4): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 261.996283][ T7079] ntfs: (device loop4): read_ntfs_boot_sector(): Mount option errors=recover not used. Aborting without trying to recover. [ 262.074266][ T7079] ntfs: (device loop4): ntfs_fill_super(): Not an NTFS volume. [ 262.097184][ T4436] usb 4-1: USB disconnect, device number 18 [ 262.340290][ T7079] loop4: detected capacity change from 0 to 512 [ 262.464309][ T7079] EXT4-fs (loop4): Ignoring removed nomblk_io_submit option [ 262.495071][ T7079] EXT4-fs (loop4): filesystem is read-only [ 262.497443][ T7086] loop0: detected capacity change from 0 to 4096 [ 262.546667][ T7079] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors [ 262.592641][ T7079] EXT4-fs (loop4): filesystem is read-only [ 262.615749][ T7086] ntfs: (device loop0): parse_ntfs_boot_sector(): MFTMirr LCN (511, 0x1ff) is beyond end of volume. Weird. [ 262.625093][ T7079] EXT4-fs (loop4): orphan cleanup on readonly fs [ 262.645095][ T4436] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 262.645299][ T7086] ntfs: (device loop0): ntfs_fill_super(): Unsupported NTFS filesystem. [ 262.666140][ T7079] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz.4.650: bg 0: block 64: padding at end of block bitmap is not set [ 262.688237][ T7079] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6183: Corrupt filesystem [ 262.742445][ T7079] EXT4-fs (loop4): 1 orphan inode deleted [ 262.785333][ T7079] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,auto_da_alloc=0x0000000000000000,inode_readahead_blks=0x0000000000001000,user_xattr,nouid32,nomblk_io_submit,data_err=abort,grpid,noauto_da_alloc,,errors=continue. Quota mode: none. [ 262.925195][ T4436] usb 4-1: Using ep0 maxpacket: 16 [ 263.085235][ T4436] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 263.116368][ T4436] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 263.185135][ T4355] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 263.305285][ T4436] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 263.330136][ T4436] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.382588][ T4436] usb 4-1: Product: syz [ 263.402364][ T4436] usb 4-1: Manufacturer: syz [ 263.436587][ T4436] usb 4-1: SerialNumber: syz [ 263.445204][ T4355] usb 1-1: Using ep0 maxpacket: 32 [ 263.605355][ T4355] usb 1-1: unable to get BOS descriptor or descriptor too short [ 263.705324][ T4355] usb 1-1: config 127 has an invalid interface number: 25 but max is 0 [ 263.715029][ T4355] usb 1-1: config 127 has no interface number 0 [ 263.779842][ T4355] usb 1-1: config 127 interface 25 has no altsetting 0 [ 263.795255][ T4436] usb 4-1: 0:2 : does not exist [ 263.860358][ T4436] usb 4-1: USB disconnect, device number 19 [ 264.035280][ T4355] usb 1-1: New USB device found, idVendor=1110, idProduct=9000, bcdDevice=f4.11 [ 264.051310][ T4355] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.070010][ T4355] usb 1-1: Product: syz [ 264.077546][ T4355] usb 1-1: Manufacturer: syz [ 264.089887][ T4355] usb 1-1: SerialNumber: syz [ 264.265057][ T21] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 264.272831][ T2339] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 264.396827][ T4355] usb 1-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9000) Rev (0XF411): ADI930 [ 264.525105][ T2339] usb 5-1: Using ep0 maxpacket: 8 [ 264.530293][ T21] usb 2-1: Using ep0 maxpacket: 16 [ 264.535632][ T4215] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 264.655375][ T2339] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 264.663715][ T21] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 264.675193][ T2339] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 264.685475][ T21] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 264.695310][ T2339] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 264.705172][ T21] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00 [ 264.715193][ T2339] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 264.725285][ T21] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.734051][ T2339] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 264.748350][ T21] usb 2-1: config 0 descriptor?? [ 264.754307][ T2339] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 264.763509][ T2339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.795387][ T4215] usb 4-1: Using ep0 maxpacket: 32 [ 264.860255][ T4355] usb 1-1: reset high-speed USB device number 13 using dummy_hcd [ 264.905315][ T4355] usb 1-1: device reset changed ep0 maxpacket size! [ 264.915382][ T4215] usb 4-1: config 0 has an invalid interface number: 235 but max is 0 [ 264.926256][ T4215] usb 4-1: config 0 has no interface number 0 [ 264.932723][ T4355] ueagle-atm 1-1:127.25: usbatm_usb_probe: bind failed: -19! [ 264.942472][ T4355] usb 1-1: USB disconnect, device number 13 [ 265.035168][ T2339] usb 5-1: GET_CAPABILITIES returned 0 [ 265.040981][ T2339] usbtmc 5-1:16.0: can't read capabilities [ 265.085319][ T4215] usb 4-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47 [ 265.094508][ T4215] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 265.102746][ T4355] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 265.110477][ T4215] usb 4-1: Product: syz [ 265.114660][ T4215] usb 4-1: Manufacturer: syz [ 265.120059][ T4215] usb 4-1: SerialNumber: syz [ 265.128913][ T4215] usb 4-1: config 0 descriptor?? [ 265.227086][ T21] appleir 0003:05AC:8241.0015: unknown main item tag 0x0 [ 265.234326][ T21] appleir 0003:05AC:8241.0015: unknown main item tag 0x0 [ 265.248386][ T21] appleir 0003:05AC:8241.0015: unknown main item tag 0x0 [ 265.255637][ T21] appleir 0003:05AC:8241.0015: unknown main item tag 0x0 [ 265.262750][ T21] appleir 0003:05AC:8241.0015: unknown main item tag 0x0 [ 265.270453][ T21] appleir 0003:05AC:8241.0015: No inputs registered, leaving [ 265.291696][ T21] appleir 0003:05AC:8241.0015: hiddev1,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0 [ 265.351424][ T21] usb 5-1: USB disconnect, device number 11 [ 265.365316][ T4355] usb 1-1: Using ep0 maxpacket: 8 [ 265.365500][ T7130] usbtmc 5-1:16.0: usb_control_msg returned -71 [ 265.415544][ T4215] kaweth 4-1:0.235: Firmware present in device. [ 265.443590][ T4433] usb 2-1: USB disconnect, device number 16 [ 265.455320][ T4215] kaweth 4-1:0.235: Error reading configuration (-71), no net device created [ 265.464218][ T4215] kaweth: probe of 4-1:0.235 failed with error -5 [ 265.487559][ T4355] usb 1-1: unable to get BOS descriptor or descriptor too short [ 265.522986][ T4215] usb 4-1: USB disconnect, device number 20 [ 265.566217][ T4355] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 265.581497][ T4355] usb 1-1: can't read configurations, error -71 [ 265.631840][ T7164] netlink: 28 bytes leftover after parsing attributes in process `syz.2.684'. [ 265.641664][ T7164] netlink: 12 bytes leftover after parsing attributes in process `syz.2.684'. [ 265.650600][ T7164] netlink: 'syz.2.684': attribute type 2 has an invalid length. [ 265.809851][ T7172] tipc: Started in network mode [ 265.815167][ T7172] tipc: Node identity 00000000000000000000ffffac1e0003, cluster identity 4711 [ 265.824205][ T7172] tipc: Enabling of bearer rejected, failed to enable media [ 265.975156][ T4215] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 266.053532][ T7178] netlink: 'syz.0.690': attribute type 4 has an invalid length. [ 266.145032][ T2339] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 266.147521][ T7182] netlink: 20 bytes leftover after parsing attributes in process `syz.4.693'. [ 266.198180][ T7182] netlink: 20 bytes leftover after parsing attributes in process `syz.4.693'. [ 266.375241][ T4215] usb 4-1: config 0 has an invalid interface number: 235 but max is 0 [ 266.383491][ T4215] usb 4-1: config 0 has no interface number 0 [ 266.425084][ T2339] usb 3-1: Using ep0 maxpacket: 32 [ 266.545362][ T2339] usb 3-1: config 0 has an invalid interface number: 7 but max is 3 [ 266.554106][ T2339] usb 3-1: config 0 has an invalid interface number: 126 but max is 3 [ 266.593545][ T2339] usb 3-1: config 0 has an invalid interface number: 161 but max is 3 [ 266.602159][ T4215] usb 4-1: New USB device found, idVendor=085a, idProduct=0009, bcdDevice=a3.47 [ 266.612157][ T4215] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.620575][ T2339] usb 3-1: config 0 has no interface number 1 [ 266.627979][ T4215] usb 4-1: Product: syz [ 266.632332][ T4215] usb 4-1: Manufacturer: syz [ 266.637237][ T2339] usb 3-1: config 0 has no interface number 2 [ 266.643454][ T2339] usb 3-1: config 0 has no interface number 3 [ 266.647522][ T4436] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 266.650075][ T4215] usb 4-1: SerialNumber: syz [ 266.666606][ T2339] usb 3-1: config 0 interface 7 altsetting 0 has an invalid endpoint with address 0x0, skipping [ 266.690442][ T4215] usb 4-1: config 0 descriptor?? [ 266.845265][ T2339] usb 3-1: New USB device found, idVendor=1bc7, idProduct=1041, bcdDevice=b7.e3 [ 266.860593][ T2339] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.873059][ T2339] usb 3-1: Product: syz [ 266.877604][ T2339] usb 3-1: Manufacturer: syz [ 266.893379][ T2339] usb 3-1: SerialNumber: syz [ 266.903551][ T26] audit: type=1326 audit(1740954932.364:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7208 comm="syz.0.705" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff0217b8169 code=0x0 [ 266.939211][ T2339] usb 3-1: config 0 descriptor?? [ 266.956797][ T4215] kaweth 4-1:0.235: Firmware present in device. [ 266.976172][ T2339] cdc_mbim 3-1:0.7: CDC Union missing and no IAD found [ 266.988944][ T2339] cdc_mbim 3-1:0.7: bind() failure [ 267.000694][ T2339] option 3-1:0.7: GSM modem (1-port) converter detected [ 267.027962][ T2339] option 3-1:0.126: GSM modem (1-port) converter detected [ 267.052715][ T2339] option 3-1:0.161: GSM modem (1-port) converter detected [ 267.078985][ T2339] option 3-1:0.0: GSM modem (1-port) converter detected [ 267.099419][ T4436] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 267.112147][ T4436] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 267.165910][ T4215] kaweth 4-1:0.235: Statistics collection: 0 [ 267.172278][ T4215] kaweth 4-1:0.235: Multicast filter limit: 0 [ 267.205315][ T4436] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 267.214492][ T4215] kaweth 4-1:0.235: MTU: 0 [ 267.220247][ T4436] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 267.229667][ T4215] kaweth 4-1:0.235: Read MAC address 00:00:00:00:00:00 [ 267.247702][ T2339] usb 3-1: USB disconnect, device number 39 [ 267.249403][ T4436] usb 5-1: SerialNumber: syz [ 267.261225][ T2339] option 3-1:0.7: device disconnected [ 267.295380][ T2339] option 3-1:0.126: device disconnected [ 267.319409][ T2339] option 3-1:0.161: device disconnected [ 267.342380][ T2339] option 3-1:0.0: device disconnected [ 267.375240][ T4215] kaweth: probe of 4-1:0.235 failed with error -5 [ 267.403911][ T4215] usb 4-1: USB disconnect, device number 21 [ 267.567229][ T4436] usb 5-1: 0:2 : does not exist [ 267.594537][ T4436] usb 5-1: USB disconnect, device number 12 [ 267.836299][ T7214] misc userio: Invalid payload size [ 267.857256][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 267.858565][ T7216] syzkaller0: tun_chr_ioctl cmd 1074025677 [ 267.902365][ T7216] syzkaller0: linktype set to 0 [ 268.056206][ T2339] psmouse serio3: Failed to reset mouse on : -5 [ 268.875217][ T4216] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 269.265373][ T4216] usb 5-1: config 0 has no interfaces? [ 269.465318][ T4216] usb 5-1: New USB device found, idVendor=8b63, idProduct=6fac, bcdDevice=80.95 [ 269.474401][ T4216] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 269.492747][ T4216] usb 5-1: Product: syz [ 269.502406][ T4216] usb 5-1: Manufacturer: syz [ 269.511309][ T4216] usb 5-1: SerialNumber: syz [ 269.522563][ T4216] usb 5-1: config 0 descriptor?? [ 269.645960][ T26] audit: type=1326 audit(1740954935.104:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7294 comm="syz.3.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6740e88169 code=0x7ffc0000 [ 269.668205][ C1] vkms_vblank_simulate: vblank timer overrun [ 269.689699][ T26] audit: type=1326 audit(1740954935.144:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7294 comm="syz.3.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6740e88169 code=0x7ffc0000 [ 269.729286][ T26] audit: type=1326 audit(1740954935.144:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7294 comm="syz.3.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6740e88169 code=0x7ffc0000 [ 269.772385][ T26] audit: type=1326 audit(1740954935.144:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7294 comm="syz.3.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=217 compat=0 ip=0x7f6740e88169 code=0x7ffc0000 [ 269.811735][ T26] audit: type=1326 audit(1740954935.144:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7294 comm="syz.3.740" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6740e88169 code=0x7ffc0000 [ 270.272716][ T4355] usb 5-1: USB disconnect, device number 13 [ 270.395007][ T4216] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 270.670417][ T4216] usb 4-1: Using ep0 maxpacket: 16 [ 270.735086][ T4355] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 270.795204][ T4216] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 270.803264][ T4216] usb 4-1: config 0 has no interface number 0 [ 270.985316][ T4216] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 270.999142][ T4216] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.007375][ T4216] usb 4-1: Product: syz [ 271.011838][ T4216] usb 4-1: Manufacturer: syz [ 271.020655][ T4216] usb 4-1: SerialNumber: syz [ 271.027725][ T4216] usb 4-1: config 0 descriptor?? [ 271.077103][ T4216] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 271.095153][ T4355] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 271.105618][ T4355] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 271.185235][ T4355] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 271.194649][ T4355] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 271.202958][ T4355] usb 5-1: SerialNumber: syz [ 271.488754][ T4355] usb 5-1: 0:2 : does not exist [ 271.501019][ T4355] usb 5-1: USB disconnect, device number 14 [ 271.635154][ T2339] misc userio: Buffer overflowed, userio client isn't keeping up [ 272.145296][ T4216] gspca_spca1528: reg_w err -71 [ 272.150301][ T4216] spca1528: probe of 4-1:0.1 failed with error -71 [ 272.164393][ T4216] usb 4-1: USB disconnect, device number 22 [ 272.907773][ T2339] input: PS/2 Generic Mouse as /devices/serio3/input/input7 [ 273.145076][ T2339] psmouse serio3: Failed to enable mouse on [ 273.781754][ T4323] udevd[4323]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 274.203199][ T7351] netlink: 'syz.2.761': attribute type 10 has an invalid length. [ 274.296258][ T7351] bond0: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 274.635072][ T4216] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 274.915137][ T4216] usb 1-1: Using ep0 maxpacket: 16 [ 275.055292][ T4216] usb 1-1: config 0 has an invalid interface number: 99 but max is 0 [ 275.071472][ T4216] usb 1-1: config 0 has no interface number 0 [ 275.275236][ T4216] usb 1-1: New USB device found, idVendor=04da, idProduct=1801, bcdDevice=7f.4e [ 275.296648][ T4216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 275.320749][ T4216] usb 1-1: Product: syz [ 275.344020][ T4216] usb 1-1: Manufacturer: syz [ 275.363009][ T4216] usb 1-1: SerialNumber: syz [ 275.388890][ T4216] usb 1-1: config 0 descriptor?? [ 275.413081][ T7376] netlink: 8 bytes leftover after parsing attributes in process `syz.4.771'. [ 275.535200][ T2339] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 275.670181][ T4216] usb 1-1: USB disconnect, device number 16 [ 275.775117][ T2339] usb 2-1: Using ep0 maxpacket: 16 [ 275.895364][ T2339] usb 2-1: config 0 has no interfaces? [ 276.061448][ T2339] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 276.065026][ T4433] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 276.103146][ T2339] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 276.121080][ T2339] usb 2-1: Product: syz [ 276.125416][ T2339] usb 2-1: Manufacturer: syz [ 276.145827][ T2339] usb 2-1: SerialNumber: syz [ 276.183444][ T2339] usb 2-1: config 0 descriptor?? [ 276.433563][ T2339] usb 2-1: USB disconnect, device number 17 [ 276.455122][ T4355] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 276.485240][ T4433] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 276.516404][ T4433] usb 4-1: New USB device found, idVendor=28de, idProduct=1205, bcdDevice= 0.00 [ 276.555193][ T4433] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.577262][ T4433] usb 4-1: config 0 descriptor?? [ 276.705119][ T4355] usb 5-1: Using ep0 maxpacket: 16 [ 276.715034][ T4216] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 276.825121][ T4355] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 276.833296][ T4355] usb 5-1: config 0 has no interface number 0 [ 276.839771][ T4215] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 276.989421][ T4216] usb 3-1: Using ep0 maxpacket: 8 [ 277.015293][ T4355] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 277.030946][ T4355] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.039490][ T4355] usb 5-1: Product: syz [ 277.043775][ T4355] usb 5-1: Manufacturer: syz [ 277.049884][ T4355] usb 5-1: SerialNumber: syz [ 277.057301][ T4433] hid-generic 0003:28DE:1205.0016: hidraw0: USB HID v0.00 Device [HID 28de:1205] on usb-dummy_hcd.3-1/input0 [ 277.057639][ T4355] usb 5-1: config 0 descriptor?? [ 277.095036][ T4215] usb 1-1: Using ep0 maxpacket: 16 [ 277.112223][ T4355] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 277.216587][ T4215] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 277.229694][ T4215] usb 1-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 277.238837][ T4215] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.248493][ T4215] usb 1-1: config 0 descriptor?? [ 277.258630][ T4433] usb 4-1: USB disconnect, device number 23 [ 277.288680][ T4215] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input10 [ 277.305692][ T4216] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10a3, bcdDevice=23.a2 [ 277.315138][ T4216] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 277.323176][ T4216] usb 3-1: Product: syz [ 277.328103][ T4216] usb 3-1: Manufacturer: syz [ 277.332726][ T4216] usb 3-1: SerialNumber: syz [ 277.340584][ T4216] usb 3-1: config 0 descriptor?? [ 277.515229][ T3532] bcm5974 1-1:0.0: could not read from device [ 277.557248][ T3532] bcm5974 1-1:0.0: could not read from device [ 277.585342][ T4215] bcm5974 1-1:0.0: could not read from device [ 277.595182][ T4216] usb 3-1: dvb_usb_v2: found a 'Terratec H7' in warm state [ 277.612494][ T4215] input: failed to attach handler mousedev to device input10, error: -5 [ 277.629350][ T4215] usb 1-1: USB disconnect, device number 17 [ 277.655274][ T3532] bcm5974 1-1:0.0: could not read from device [ 277.978931][ T4355] gspca_spca1528: reg_w err -71 [ 278.019550][ T4355] spca1528: probe of 5-1:0.1 failed with error -71 [ 278.044204][ T4355] usb 5-1: USB disconnect, device number 15 [ 278.357848][ T4215] usb 2-1: new low-speed USB device number 18 using dummy_hcd [ 278.725134][ T4215] usb 2-1: unable to get BOS descriptor or descriptor too short [ 278.780816][ T4355] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 278.788768][ T4215] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 278.804421][ T7464] kvm: apic: phys broadcast and lowest prio [ 278.806020][ T4215] usb 2-1: can't read configurations, error -71 [ 278.971770][ T7473] IPv6: NLM_F_REPLACE set, but no existing node found! [ 279.050984][ T4355] usb 5-1: Using ep0 maxpacket: 8 [ 279.178686][ T4355] usb 5-1: config 0 has no interfaces? [ 279.295154][ T4357] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 279.321875][ T7483] netlink: 12 bytes leftover after parsing attributes in process `syz.1.819'. [ 279.355239][ T4355] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0099, bcdDevice=95.0d [ 279.378335][ T4355] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.403324][ T4355] usb 5-1: Product: syz [ 279.414656][ T4355] usb 5-1: Manufacturer: syz [ 279.422257][ T4355] usb 5-1: SerialNumber: syz [ 279.450599][ T4355] usb 5-1: config 0 descriptor?? [ 279.625246][ T4216] usb write operation failed. (-71) [ 279.644138][ T4216] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 279.655737][ T4216] dvbdev: DVB: registering new adapter (Terratec H7) [ 279.663504][ T4216] usb 3-1: media controller created [ 279.695086][ T4216] usb read operation failed. (-71) [ 279.715121][ T4216] usb write operation failed. (-71) [ 279.719745][ T4355] usb 5-1: USB disconnect, device number 16 [ 279.732573][ T4216] dvb_usb_az6007: probe of 3-1:0.0 failed with error -5 [ 279.773884][ T4216] usb 3-1: USB disconnect, device number 40 [ 279.846506][ T4357] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 279.885080][ T4357] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.921338][ T4357] usb 1-1: Product: syz [ 279.945217][ T4357] usb 1-1: Manufacturer: syz [ 279.955896][ T4357] usb 1-1: SerialNumber: syz [ 279.966846][ T4357] usb 1-1: config 0 descriptor?? [ 280.040566][ T4357] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 280.113920][ T7506] netlink: 8 bytes leftover after parsing attributes in process `syz.3.829'. [ 280.585228][ T4216] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 280.850747][ T4216] usb 5-1: Using ep0 maxpacket: 8 [ 280.988094][ T4216] usb 5-1: config 0 has an invalid interface number: 130 but max is 0 [ 281.011489][ T4216] usb 5-1: config 0 has no interface number 0 [ 281.035231][ T4216] usb 5-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=71.1b [ 281.054660][ T4216] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.079100][ T4216] usb 5-1: config 0 descriptor?? [ 281.085127][ T4357] gspca_sunplus: reg_r err -71 [ 281.090125][ T4357] sunplus: probe of 1-1:0.0 failed with error -71 [ 281.121973][ T4357] usb 1-1: USB disconnect, device number 18 [ 281.137271][ T4216] ftdi_sio 5-1:0.130: FTDI USB Serial Device converter detected [ 281.151478][ T4216] usb 5-1: Detected FT-X [ 281.345277][ T26] audit: type=1326 audit(1740954946.804:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.373978][ T26] audit: type=1326 audit(1740954946.804:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.396561][ T4216] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 281.404102][ T26] audit: type=1326 audit(1740954946.804:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.426795][ T4216] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 281.434575][ T26] audit: type=1326 audit(1740954946.804:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.459592][ T26] audit: type=1326 audit(1740954946.804:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.482005][ T4216] ftdi_sio 5-1:0.130: GPIO initialisation failed: -71 [ 281.488926][ T26] audit: type=1326 audit(1740954946.804:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f89890aead0 code=0x7ffc0000 [ 281.528118][ T4216] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 281.554022][ T4216] usb 5-1: USB disconnect, device number 17 [ 281.561931][ T26] audit: type=1326 audit(1740954946.824:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.588098][ T26] audit: type=1326 audit(1740954946.824:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.612173][ T4216] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 281.623260][ T4436] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 281.635018][ T4216] ftdi_sio 5-1:0.130: device disconnected [ 281.642192][ T26] audit: type=1326 audit(1740954946.824:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.666287][ T26] audit: type=1326 audit(1740954946.824:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7514 comm="syz.4.833" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f89890b0169 code=0x7ffc0000 [ 281.776261][ T7570] netlink: 8 bytes leftover after parsing attributes in process `syz.2.857'. [ 282.035205][ T4436] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 282.074690][ T4436] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 282.105003][ T4436] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 282.121713][ T4436] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 282.147019][ T4436] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 282.315646][ T4436] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 282.325056][ T4357] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 282.339348][ T4436] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 282.390872][ T4436] usb 4-1: Product: syz [ 282.444659][ T4436] usb 4-1: Manufacturer: syz [ 282.516207][ T4436] cdc_wdm 4-1:1.0: skipping garbage [ 282.523048][ T4436] cdc_wdm 4-1:1.0: skipping garbage [ 282.569772][ T4436] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 282.575091][ T4357] usb 2-1: Using ep0 maxpacket: 16 [ 282.579958][ T4436] cdc_wdm 4-1:1.0: Unknown control protocol [ 282.625556][ T4215] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 282.765260][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 282.865234][ T4357] usb 2-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 282.875163][ T4357] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.883202][ T4357] usb 2-1: Product: syz [ 282.905359][ T4357] usb 2-1: Manufacturer: syz [ 282.910530][ T4357] usb 2-1: SerialNumber: syz [ 282.938816][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #01!!! [ 282.948231][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 282.954860][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 282.966735][ T4436] usb 4-1: USB disconnect, device number 24 [ 282.980720][ T4357] usb 2-1: config 0 descriptor?? [ 283.029730][ T4357] as10x_usb: device has been detected [ 283.045483][ T4357] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 283.119312][ T4357] usb 2-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 283.155135][ T4215] usb 1-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 283.180086][ T4215] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.194592][ T4215] usb 1-1: Product: syz [ 283.199649][ T4215] usb 1-1: Manufacturer: syz [ 283.211263][ T4215] usb 1-1: SerialNumber: syz [ 283.259671][ T4357] as10x_usb: error during firmware upload part1 [ 283.267359][ T4215] usb 1-1: config 0 descriptor?? [ 283.289134][ T4357] Registered device Sky IT Digital Key (green led) [ 283.306344][ T4215] ch341 1-1:0.0: ch341-uart converter detected [ 283.856013][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 283.878807][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 283.996396][ T4357] usb 2-1: USB disconnect, device number 20 [ 284.050792][ T4357] Unregistered device Sky IT Digital Key (green led) [ 284.056187][ T4357] as10x_usb: device has been disconnected [ 284.375148][ T4355] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 284.445135][ T4215] ch341-uart ttyUSB0: failed to read break control: -71 [ 284.476202][ T4215] ch341-uart: probe of ttyUSB0 failed with error -71 [ 284.523916][ T4215] usb 1-1: USB disconnect, device number 19 [ 284.545837][ T4215] ch341 1-1:0.0: device disconnected [ 284.655085][ T4355] usb 4-1: Using ep0 maxpacket: 8 [ 284.668466][ T7619] kernel read not supported for file / œ7³ÏüâW)ës“§ (pid: 7619 comm: syz.4.876) [ 284.674997][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #1c2!!! [ 284.679059][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #40!!! [ 284.785365][ T4355] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 284.794448][ T4355] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.809230][ T4355] usb 4-1: config 0 descriptor?? [ 284.865108][ T4357] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 285.075232][ T4355] asix 4-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 285.115207][ T4357] usb 2-1: Using ep0 maxpacket: 8 [ 285.286181][ T7580] syz.2.860 (7580): drop_caches: 3 [ 285.395093][ T4357] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 285.412486][ T4357] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.421085][ T4357] usb 2-1: Product: syz [ 285.425685][ T4357] usb 2-1: Manufacturer: syz [ 285.430714][ T4357] usb 2-1: SerialNumber: syz [ 285.440108][ T4357] usb 2-1: config 0 descriptor?? [ 285.448105][ T7631] xt_hashlimit: size too large, truncated to 1048576 [ 285.487589][ T4357] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 285.970168][ T7639] netlink: 52 bytes leftover after parsing attributes in process `syz.0.884'. [ 286.128864][ T2339] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 286.138107][ T4355] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 286.175218][ T4355] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to send software reset: ffffffb9 [ 286.204406][ T4355] asix: probe of 4-1:0.0 failed with error -71 [ 286.232423][ T4355] usb 4-1: USB disconnect, device number 25 [ 286.242268][ T7643] netlink: 16 bytes leftover after parsing attributes in process `syz.0.886'. [ 286.396729][ T2339] usb 5-1: Using ep0 maxpacket: 32 [ 286.515272][ T2339] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be [ 286.525749][ T2339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.541722][ T2339] usb 5-1: config 0 descriptor?? [ 286.587425][ T2339] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 287.683892][ T4357] gspca_sonixj: reg_w1 err -71 [ 287.749942][ T4357] sonixj: probe of 2-1:0.0 failed with error -71 [ 287.755026][ T4216] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 287.767338][ T4357] usb 2-1: USB disconnect, device number 21 [ 287.859783][ T7670] usb usb8: usbfs: process 7670 (syz.3.894) did not claim interface 0 before use [ 288.335183][ T4216] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 288.344266][ T4216] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.375022][ T4216] usb 1-1: Product: syz [ 288.379236][ T4216] usb 1-1: Manufacturer: syz [ 288.394029][ T4216] usb 1-1: SerialNumber: syz [ 288.423832][ T4216] usb 1-1: config 0 descriptor?? [ 288.575262][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 288.645099][ T4355] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 288.712279][ T4216] usb 1-1: atusb_control_msg: req 0x10 val 0x0 idx 0x0, error -71 [ 288.722281][ T4216] usb 1-1: Firmware version (0.0) predates our first public release. [ 288.753139][ T4216] usb 1-1: Please update to version 0.2 or newer [ 288.805197][ T4216] usb 1-1: atusb_probe: initialization failed, error = -71 [ 288.815589][ T4216] atusb: probe of 1-1:0.0 failed with error -71 [ 288.842226][ T4216] usb 1-1: USB disconnect, device number 20 [ 288.975059][ T4355] usb 4-1: Using ep0 maxpacket: 16 [ 289.095222][ T4355] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 289.119340][ T4355] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 289.128818][ T4355] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.146057][ T4355] usb 4-1: config 0 descriptor?? [ 289.188629][ T4355] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input11 [ 289.415254][ T3532] bcm5974 4-1:0.0: could not read from device [ 289.439050][ T2339] gspca_vc032x: reg_w err -71 [ 289.444523][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.450301][ T4355] bcm5974 4-1:0.0: could not read from device [ 289.462759][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.468348][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.473856][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.485471][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.492206][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.503722][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.510408][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.537357][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.551023][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.563071][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.572202][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.578197][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.583724][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.603862][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.627962][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.649182][ T2339] gspca_vc032x: I2c Bus Busy Wait 00 [ 289.662962][ T2339] gspca_vc032x: Unknown sensor... [ 289.668705][ T2339] vc032x: probe of 5-1:0.0 failed with error -22 [ 289.686528][ T2339] usb 5-1: USB disconnect, device number 18 [ 289.727641][ T3532] bcm5974 4-1:0.0: could not read from device [ 289.753473][ T4355] input: failed to attach handler mousedev to device input11, error: -5 [ 289.775287][ T3532] bcm5974 4-1:0.0: could not read from device [ 289.781090][ T4355] usb 4-1: USB disconnect, device number 26 [ 289.788117][ T3532] bcm5974 4-1:0.0: could not read from device [ 290.547307][ T7748] dccp_invalid_packet: P.Data Offset(0) too small [ 290.623765][ T7750] netlink: 12 bytes leftover after parsing attributes in process `syz.2.929'. [ 290.786690][ T4216] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 290.925077][ T7765] netlink: 136 bytes leftover after parsing attributes in process `syz.3.936'. [ 290.944077][ T7765] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 291.206169][ T7773] [ 291.208532][ T7773] ====================================================== [ 291.215551][ T7773] WARNING: possible circular locking dependency detected [ 291.222572][ T7773] 5.15.178-syzkaller #0 Not tainted [ 291.227771][ T7773] ------------------------------------------------------ [ 291.234793][ T7773] syz.3.939/7773 is trying to acquire lock: [ 291.240689][ T7773] ffff88802686cc28 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}, at: __flush_work+0xcf/0x1a0 [ 291.251760][ T7773] [ 291.251760][ T7773] but task is already holding lock: [ 291.259132][ T7773] ffffffff8ded0008 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 291.268822][ T7773] [ 291.268822][ T7773] which lock already depends on the new lock. [ 291.268822][ T7773] [ 291.279235][ T7773] [ 291.279235][ T7773] the existing dependency chain (in reverse order) is: [ 291.288298][ T7773] [ 291.288298][ T7773] -> #4 (rfkill_global_mutex){+.+.}-{3:3}: [ 291.296317][ T7773] lock_acquire+0x1db/0x4f0 [ 291.301361][ T7773] __mutex_lock_common+0x1da/0x25a0 [ 291.307103][ T7773] mutex_lock_nested+0x17/0x20 [ 291.312426][ T7773] rfkill_register+0x30/0x880 [ 291.317624][ T7773] hci_register_dev+0x4dd/0xa50 [ 291.322992][ T7773] vhci_create_device+0x310/0x590 [ 291.328532][ T7773] vhci_write+0x382/0x430 [ 291.333392][ T7773] vfs_write+0xacd/0xe50 [ 291.338151][ T7773] ksys_write+0x1a2/0x2c0 [ 291.342994][ T7773] do_syscall_64+0x3b/0xb0 [ 291.347921][ T7773] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 291.354333][ T7773] [ 291.354333][ T7773] -> #3 (&data->open_mutex){+.+.}-{3:3}: [ 291.362146][ T7773] lock_acquire+0x1db/0x4f0 [ 291.367166][ T7773] __mutex_lock_common+0x1da/0x25a0 [ 291.372880][ T7773] mutex_lock_nested+0x17/0x20 [ 291.378155][ T7773] vhci_send_frame+0x8a/0xf0 [ 291.383268][ T7773] hci_send_frame+0x1af/0x2f0 [ 291.388456][ T7773] hci_tx_work+0xb2e/0x1a30 [ 291.393478][ T7773] process_one_work+0x8a1/0x10c0 [ 291.398932][ T7773] worker_thread+0xaca/0x1280 [ 291.404122][ T7773] kthread+0x3f6/0x4f0 [ 291.408706][ T7773] ret_from_fork+0x1f/0x30 [ 291.413637][ T7773] [ 291.413637][ T7773] -> #2 ((work_completion)(&hdev->tx_work)){+.+.}-{0:0}: [ 291.422838][ T7773] lock_acquire+0x1db/0x4f0 [ 291.427867][ T7773] __flush_work+0xeb/0x1a0 [ 291.432795][ T7773] hci_dev_do_close+0x20a/0x1070 [ 291.438247][ T7773] process_one_work+0x8a1/0x10c0 [ 291.443706][ T7773] worker_thread+0xaca/0x1280 [ 291.448897][ T7773] kthread+0x3f6/0x4f0 [ 291.453478][ T7773] ret_from_fork+0x1f/0x30 [ 291.458408][ T7773] [ 291.458408][ T7773] -> #1 (&hdev->req_lock){+.+.}-{3:3}: [ 291.466142][ T7773] lock_acquire+0x1db/0x4f0 [ 291.471168][ T7773] __mutex_lock_common+0x1da/0x25a0 [ 291.476882][ T7773] mutex_lock_nested+0x17/0x20 [ 291.482160][ T7773] bg_scan_update+0xa1/0x4a0 [ 291.487264][ T7773] process_one_work+0x8a1/0x10c0 [ 291.492715][ T7773] worker_thread+0xaca/0x1280 [ 291.497906][ T7773] kthread+0x3f6/0x4f0 [ 291.502521][ T7773] ret_from_fork+0x1f/0x30 [ 291.507626][ T7773] [ 291.507626][ T7773] -> #0 ((work_completion)(&hdev->bg_scan_update)){+.+.}-{0:0}: [ 291.517561][ T7773] validate_chain+0x1649/0x5930 [ 291.522927][ T7773] __lock_acquire+0x1295/0x1ff0 [ 291.528296][ T7773] lock_acquire+0x1db/0x4f0 [ 291.533313][ T7773] __flush_work+0xeb/0x1a0 [ 291.538243][ T7773] __cancel_work_timer+0x519/0x6a0 [ 291.543871][ T7773] hci_request_cancel_all+0xcb/0x300 [ 291.549669][ T7773] hci_dev_do_close+0x51/0x1070 [ 291.555036][ T7773] hci_rfkill_set_block+0x114/0x1a0 [ 291.560751][ T7773] rfkill_set_block+0x1e7/0x430 [ 291.566117][ T7773] rfkill_fop_write+0x5b7/0x790 [ 291.571481][ T7773] vfs_write+0x30c/0xe50 [ 291.576238][ T7773] ksys_write+0x1a2/0x2c0 [ 291.581102][ T7773] do_syscall_64+0x3b/0xb0 [ 291.586031][ T7773] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 291.592439][ T7773] [ 291.592439][ T7773] other info that might help us debug this: [ 291.592439][ T7773] [ 291.602655][ T7773] Chain exists of: [ 291.602655][ T7773] (work_completion)(&hdev->bg_scan_update) --> &data->open_mutex --> rfkill_global_mutex [ 291.602655][ T7773] [ 291.618379][ T7773] Possible unsafe locking scenario: [ 291.618379][ T7773] [ 291.625901][ T7773] CPU0 CPU1 [ 291.631340][ T7773] ---- ---- [ 291.636692][ T7773] lock(rfkill_global_mutex); [ 291.641535][ T7773] lock(&data->open_mutex); [ 291.648637][ T7773] lock(rfkill_global_mutex); [ 291.655912][ T7773] lock((work_completion)(&hdev->bg_scan_update)); [ 291.662493][ T7773] [ 291.662493][ T7773] *** DEADLOCK *** [ 291.662493][ T7773] [ 291.670625][ T7773] 1 lock held by syz.3.939/7773: [ 291.675556][ T7773] #0: ffffffff8ded0008 (rfkill_global_mutex){+.+.}-{3:3}, at: rfkill_fop_write+0x1a5/0x790 [ 291.685659][ T7773] [ 291.685659][ T7773] stack backtrace: [ 291.691557][ T7773] CPU: 0 PID: 7773 Comm: syz.3.939 Not tainted 5.15.178-syzkaller #0 [ 291.699619][ T7773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 291.709678][ T7773] Call Trace: [ 291.712965][ T7773] [ 291.715904][ T7773] dump_stack_lvl+0x1e3/0x2d0 [ 291.720613][ T7773] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 291.726247][ T7773] ? print_circular_bug+0x12b/0x1a0 [ 291.731450][ T7773] check_noncircular+0x2f8/0x3b0 [ 291.736394][ T7773] ? add_chain_block+0x850/0x850 [ 291.741342][ T7773] ? lockdep_lock+0x11f/0x2a0 [ 291.746046][ T7773] validate_chain+0x1649/0x5930 [ 291.750911][ T7773] ? __lock_acquire+0x1295/0x1ff0 [ 291.755957][ T7773] ? reacquire_held_locks+0x660/0x660 [ 291.761340][ T7773] ? mark_lock+0x98/0x340 [ 291.765666][ T7773] ? look_up_lock_class+0x77/0x120 [ 291.770780][ T7773] ? register_lock_class+0x100/0x9a0 [ 291.776149][ T7773] ? mark_lock+0x98/0x340 [ 291.780477][ T7773] ? is_dynamic_key+0x1f0/0x1f0 [ 291.785327][ T7773] ? __lock_acquire+0x1295/0x1ff0 [ 291.790347][ T7773] ? mark_lock+0x98/0x340 [ 291.794671][ T7773] __lock_acquire+0x1295/0x1ff0 [ 291.799525][ T7773] lock_acquire+0x1db/0x4f0 [ 291.804021][ T7773] ? __flush_work+0xcf/0x1a0 [ 291.808608][ T7773] ? rcu_lock_release+0x5/0x20 [ 291.813369][ T7773] ? read_lock_is_recursive+0x10/0x10 [ 291.818738][ T7773] ? start_flush_work+0x776/0x820 [ 291.823784][ T7773] __flush_work+0xeb/0x1a0 [ 291.828196][ T7773] ? __flush_work+0xcf/0x1a0 [ 291.832779][ T7773] ? flush_work+0x20/0x20 [ 291.837106][ T7773] ? print_irqtrace_events+0x210/0x210 [ 291.842557][ T7773] ? lock_timer_base+0x260/0x260 [ 291.847494][ T7773] ? __cancel_work_timer+0x467/0x6a0 [ 291.852773][ T7773] __cancel_work_timer+0x519/0x6a0 [ 291.857881][ T7773] ? cancel_work_sync+0x20/0x20 [ 291.862726][ T7773] ? lockdep_hardirqs_on+0x94/0x130 [ 291.867932][ T7773] ? __cancel_work+0x2ef/0x380 [ 291.872826][ T7773] ? cancel_work+0x20/0x20 [ 291.877271][ T7773] ? print_irqtrace_events+0x210/0x210 [ 291.882732][ T7773] hci_request_cancel_all+0xcb/0x300 [ 291.888019][ T7773] hci_dev_do_close+0x51/0x1070 [ 291.892958][ T7773] ? _raw_spin_unlock_irqrestore+0xd9/0x130 [ 291.898851][ T7773] ? _raw_spin_unlock+0x40/0x40 [ 291.903700][ T7773] ? kmem_cache_alloc_trace+0x143/0x290 [ 291.909248][ T7773] hci_rfkill_set_block+0x114/0x1a0 [ 291.914444][ T7773] ? rcu_lock_release+0x20/0x20 [ 291.919289][ T7773] rfkill_set_block+0x1e7/0x430 [ 291.924143][ T7773] rfkill_fop_write+0x5b7/0x790 [ 291.929000][ T7773] ? rfkill_fop_read+0x470/0x470 [ 291.933934][ T7773] ? fsnotify_perm+0x64/0x590 [ 291.938623][ T7773] ? security_file_permission+0x75/0xa0 [ 291.944184][ T7773] ? rfkill_fop_read+0x470/0x470 [ 291.949123][ T7773] vfs_write+0x30c/0xe50 [ 291.953378][ T7773] ? file_end_write+0x250/0x250 [ 291.958230][ T7773] ? __fget_files+0x413/0x480 [ 291.962909][ T7773] ? __fdget_pos+0x1e9/0x380 [ 291.967492][ T7773] ? ksys_write+0x77/0x2c0 [ 291.971908][ T7773] ksys_write+0x1a2/0x2c0 [ 291.976233][ T7773] ? print_irqtrace_events+0x210/0x210 [ 291.981689][ T7773] ? __ia32_sys_read+0x80/0x80 [ 291.986448][ T7773] ? syscall_enter_from_user_mode+0x2e/0x240 [ 291.992426][ T7773] ? lockdep_hardirqs_on+0x94/0x130 [ 291.997630][ T7773] ? syscall_enter_from_user_mode+0x2e/0x240 [ 292.003624][ T7773] do_syscall_64+0x3b/0xb0 [ 292.008045][ T7773] ? clear_bhb_loop+0x15/0x70 [ 292.012727][ T7773] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 292.018630][ T7773] RIP: 0033:0x7f6740e88169 [ 292.023051][ T7773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 292.042652][ T7773] RSP: 002b:00007f673ecf1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 292.051067][ T7773] RAX: ffffffffffffffda RBX: 00007f67410a0fa0 RCX: 00007f6740e88169 [ 292.059035][ T7773] RDX: 0000000000000008 RSI: 0000400000000080 RDI: 0000000000000003 [ 292.067004][ T7773] RBP: 00007f6740f092a0 R08: 0000000000000000 R09: 0000000000000000 [ 292.074967][ T7773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 292.082933][ T7773] R13: 0000000000000000 R14: 00007f67410a0fa0 R15: 00007ffe8638bc18 [ 292.090904][ T7773] [ 292.105891][ T4216] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 292.114517][ T4216] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 292.158901][ T4216] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 292.168217][ T4216] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 292.183976][ T4216] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 292.325220][ T4216] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 292.334288][ T4216] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 292.343598][ T4216] usb 1-1: Product: syz [ 292.348159][ T4216] usb 1-1: Manufacturer: syz [ 292.408602][ T4216] cdc_wdm 1-1:1.0: skipping garbage [ 292.413841][ T4216] cdc_wdm 1-1:1.0: skipping garbage [ 292.427954][ T4216] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 292.433944][ T4216] cdc_wdm 1-1:1.0: Unknown control protocol [ 292.613018][ T4355] usb 1-1: USB disconnect, device number 21