last executing test programs: 11.440331293s ago: executing program 3 (id=3393): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000380)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x5, 0x0, 0x0, 0x41000}, 0x94) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000, 0x80000}) r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000240)=@bpf_lsm={0x18, 0x7, &(0x7f0000000180)=ANY=[@ANYBLOB="8510000004000000950000000000000018000000000000000000000000000000950000000000000085100000fcffffff95"], &(0x7f00000000c0)='GPL\x00'}, 0x94) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={r0, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000001680)=[0x0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0}}, 0x10) 11.24537353s ago: executing program 3 (id=3385): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000240), 0x4000000044402, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000e, 0x13, r0, 0x0) r1 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) 11.036138418s ago: executing program 3 (id=3387): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f00000001c0)='cpuset.mem_hardwall\x00', 0x2, 0x0) sendfile(r1, r1, 0x0, 0x6d276b17) 10.851349843s ago: executing program 3 (id=3391): syz_mount_image$iso9660(&(0x7f0000000000), &(0x7f0000000180)='./file1\x00', 0x8c48, &(0x7f0000000240)=ANY=[@ANYRES8=0x0, @ANYRES32, @ANYRES32], 0x1, 0x5b9, &(0x7f0000000340)="$eJzs3E1v3MYZAOChLEULBTUKBI0dx0AYJwf3YGV3VcsQ0oO3FCUx2V0uSCqQT0VQy6lQKS3qFmh88yVt0BY99Vzk2l/QP5XfoIL7IevL2vhz2+B5AHuGy5cz71AEB0vsMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIUrWm81WFLpZf3snfrpkvch7F+yftPefE8UJCyGE+aN+Q4jqf6HRCFdHH11960nsT+r/boQro60roVEXjfDozbd//PFb83P1gQtRFC5I6LV4+NWj33y+v7/7+1kn8hIcRs9+zGbaz8o863U20zgr83htdbX50dZGGW9k3bS8V1ZpL06KtFPlRXwzuRtCWFuJ0+V7+XZ/c73TTeObyU/j1tranVvtZnM1/mR5kHaKMu9/9MlymWxl3W7W3xzG1Ltvtd8Ld+oL8dOsiqu004vjB3v7uyvTkqyDWt8nqD0tqN1st1utdru1envt9p1mszG+Wo8+mG+eEk4fMj/7i5bX7o3Q+Gt9oQw3Jve4N17qjRyew2Hyj1mnAAAAALxi0fAZezR8On91WNvIumnzRMxhNLP0AAAAgJdg+NX+yvgBQAhXQ3T2+z8AAADw/+0vF66xC1EUysFiNFmqMtj5MDro1LXOwaXRR5dOt1htXIsujxsZFqvz460kvR69Mwp6ZxL93bh4MC2PqCgWoscvlkD4W7g2irl2f1Ten+wZ9bK0kXXT5STvftwKnc7luSrdqf745d6fQiiKw0vf9HuXo/Bgb393+Ve/3b8/zOVx3crjg/EvJM78UOJkLovhWC5/OFr3OB7x3ZMjXhg+iKlH/U2/tzTqtznozh+Nf2549OGZP+kF4/86vDuKeXdpVC6dHH+j7rO1fM7oj2fRGux8uDjubDzyhWfL4voo5vrND+rig5vjPQvHsmhPy6J9/PyPzkWYexlZHD8XKxdkcRj29ndXXjALgFl5cHoWGs274cn8f2beHd/e4tNNXXCXmzK711P41Nn911N7+Tq8P4p5/9r8k7n41B29OW1eaX7PeT2E87P4d7jxr3+GsB1uTIKfNsfW/f79xKwaHXxbH/DtmX4nK83LbjuqNy4tHvwuvP3wq0e39g4+/2L3i90v2+2V1ebPms3b7bAwHMa4MPcAcI60+C5aqv4cFUU2+GVrba3VqbbSuMiTT+MiW99M46xfpUWy1elvpvGgyKs8ybt15bNsPS3jcnswyIsq3siLeJCX2c7wzS/x+NUvZdrr9KssKQfdtFOmcZL3q05SxetZmcSD7V90s3IrLYYHl4M0yTaypFNleT8u8+0iSZfjuEzTY4HZetqvso2srvbjQZH1OsW9+LO8u91L4/W0TIpsUOWjBid9Zf2NvOgNm12e9ckGgP8RD8P4DXZHr7J75kpoTIk5r98zz0gBgNfm9Cy9OOuEAAAAAAAAAAAAAACAM44v1/v5eFHeC68IvLDSCEeVEF5FF3ffPG/Xe69oOM9ZCSHMv9IuJi9OmvlIfxiVRl2ZC7NOY/KexedtJwohTA/+UR0zqzsSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADzdfwMAAP//NkeOkA==") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f0000000240)='./file0\x00') stat(&(0x7f0000001d00)='./file1\x00', &(0x7f0000001d40)) 10.464389417s ago: executing program 3 (id=3394): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000000e40)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000040)="8f", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r0, 0x1) listen(r0, 0x1) 9.888238996s ago: executing program 3 (id=3405): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000080)={0x0, 0x7d, 0x20f}) 9.525229547s ago: executing program 32 (id=3405): sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000080)={0x0, 0x7d, 0x20f}) 5.047393759s ago: executing program 2 (id=3458): syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000000)={[{@nobarrier}]}, 0xff, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=") creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r0 = openat2$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f0000000000)=@v1={0x0, @adiantum, 0x0, @desc1}) 4.589185078s ago: executing program 2 (id=3461): syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000008c0)=ANY=[@ANYBLOB="6c0000001000010400d201000072f60000020000", @ANYRES32=0x0, @ANYBLOB="0524060000000000300012800b0001006272696467650000200002800c002e00fffff6ffffffffff050007001f000000060027000000000008000a00a8"], 0x6c}}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmmsg$alg(r0, &(0x7f0000000140), 0x4924b68, 0x0) 4.280426564s ago: executing program 4 (id=3466): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) syz_mount_image$msdos(&(0x7f0000000100), &(0x7f0000000180)='./file1\x00', 0xa0c406, &(0x7f0000000f80)=ANY=[@ANYBLOB="646f747300000000732c646d6173a594e5e0d4ee303030303032fd33a1ddfe6717c3d234e02f30303030302c6e6f646f74732cb7f973636172642c6e66733d6e6f73", @ANYRESDEC, @ANYRES64], 0x1, 0x2a2, &(0x7f0000001140)="$eJzs3M9r02AYwPGn6dZ0k/04CXrxQS96CbMe1UOVDcSC0q2iHoSMZVpa25EUbUUwZ0/7O4ZHb4L4D+y/8DYE2WknI22zNOu633Wt3fcDI++b5323J3nJeNKSbD1ff1ta9axVuyZGWsUQ8WVHZFaKsisRblOtdiraL/cz4sutuXfbnxdfvHyczeXm86oL2aU7GVWdvvb9/ccv13/ULj37Om2asjn7aut35ufm5c0rW3+W3hQ9LaakUq2prcvVas1eLju6UvRKlurTsmN7jhYrnuPuia+Wq2trDbUrK1OTa67jeWpXGmpIQ2tVTYdZVdSyLJ2abLbTcoGkTjyjsJHP29lOfz7Z34wwDFw3azcXdmLf1VDYGExGAABgkA6u/41ozG79b3TX/yJH1P+fwlHT33rW/56evv5PSlT/l5xW/V9zG2q/tovx+h+H6q7/j8f4N8ngLBJ+rPNgT8h1sxO9J1H/AwAAAAAAAAAAAAAAAAAAAADwP9gJgpkgCGaaW0NEgrBvikgy1u8x9UI9Wz+q4usfxH7McIEPWX+MgNiDe2mRX369UC8kWtt2fOFRbn5OW2IP/m3X64VkFL/djuve+LhMhvFMz3hKbt5ox5uxh09y8fh6vTAhK4dm7vfrFAAAAAAAMPIsjcxGO9MS3d9blprSHW/dv7dbfufzAe28GqgZH5OrY+d5JAAAAAAA4CBe40PJLpcd93wayXP8W6duiJxu+t3A7EsaSRE5Ykx+UWTwJ2pfw5ShSGOUG/f69guDhEh7z3j4z6DrKgAAAAAwWjr3Ayefy9f7AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD0x5neImYcb/CgjxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFn8DAAD//8DvvIM=") openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x105042, 0x1db) rename(&(0x7f0000000040)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000280)='./file0\x00') 4.055215643s ago: executing program 4 (id=3469): syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') pipe(&(0x7f0000000080)={0xffffffffffffffff}) mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f00000001c0), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}}) 3.665575257s ago: executing program 2 (id=3473): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000240)='blkio.bfq.empty_time\x00', 0x0, 0x0) preadv(r1, &(0x7f0000002540)=[{&(0x7f0000000480)=""/247, 0xf7}], 0x1, 0x0, 0x0) 3.544238948s ago: executing program 1 (id=3474): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000740)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a30000000180a3f6d6f578dbe9c8b000002000000040003800900020073797a30000000000900010073797a300000000014000000020a010100000000000000000000000614000000110001"], 0x6c}}, 0x880) 3.388750691s ago: executing program 1 (id=3476): r0 = socket(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hhf={{0x8}, {0x14, 0x2, [@TCA_HHF_RESET_TIMEOUT={0x8}, @TCA_HHF_HH_FLOWS_LIMIT={0x8}]}}]}, 0x40}}, 0x0) 3.04523763s ago: executing program 4 (id=3477): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000001c0)=@newqdisc={0x48, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_prio={{0x9}, {0x18, 0x2, {0x10, "00000000000010100000000000001010"}}}]}, 0x48}}, 0x0) 2.028307517s ago: executing program 0 (id=3480): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cgroup.controllers\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000002, 0x2a012, r0, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f00000000c0)='vegas\x00', 0x6) 2.002494779s ago: executing program 0 (id=3481): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r0}, 0x18) r1 = syz_init_net_socket$ax25(0x3, 0x2, 0xcb) connect$ax25(r1, &(0x7f00000001c0)={{0x3, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null]}, 0x48) 1.845754682s ago: executing program 0 (id=3482): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 1.688190366s ago: executing program 0 (id=3483): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$inet_mreqn(r1, 0x0, 0x23, &(0x7f00000000c0)={@multicast2=0xe0004000, @dev={0xac, 0x14, 0x14, 0x3a}}, 0xc) close_range(r0, 0xffffffffffffffff, 0x0) 726.594748ms ago: executing program 1 (id=3484): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_STATION(r0, &(0x7f0000000200)={0x0, 0x6, &(0x7f0000001040)={&(0x7f0000000000)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="cf04004000000000e0ff1200000008000300", @ANYRES32=r2, @ANYBLOB="0400130006001200000000000600b500850100000a0006000802110000010000280011"], 0x64}, 0x1, 0x0, 0x0, 0x400}, 0x0) 671.613043ms ago: executing program 2 (id=3485): r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) ioctl$TCSETSW(r0, 0x5403, &(0x7f0000000100)={0x401, 0x1, 0x4, 0x3, 0xd, "0ff884b5d0449ec8f2d8175b5505ddf5201923"}) ioctl$TCXONC(r0, 0x540a, 0x0) ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000000)=0x17) 671.067313ms ago: executing program 4 (id=3486): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000001c0)={0x6, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8ab8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000006900000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0xe, 0x0, &(0x7f0000000000)="e0b9547ed387dbe9abc89b6f5bec", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 669.970553ms ago: executing program 0 (id=3494): r0 = io_uring_setup(0x93d, &(0x7f0000000080)={0x0, 0x70e6, 0x2, 0x2, 0x119}) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x18, 0x3, &(0x7f0000000080)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x11}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r1}, 0x10) io_uring_register$IORING_REGISTER_IOWQ_MAX_WORKERS(r0, 0x13, &(0x7f0000000240)=[0x40, 0x8], 0x2) 428.684023ms ago: executing program 2 (id=3487): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0) pivot_root(&(0x7f0000000140)='./file0/file0\x00', &(0x7f0000000180)='./file0\x00') 425.995814ms ago: executing program 1 (id=3488): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x11, 0x3, &(0x7f0000001680)=ANY=[@ANYBLOB="1800000000030000000000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x9}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='contention_begin\x00', r0}, 0x18) r1 = syz_open_dev$evdev(&(0x7f0000000180), 0x1, 0x8000) ioctl$EVIOCRMFF(r1, 0x40044581, 0x0) 328.466642ms ago: executing program 4 (id=3489): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = eventfd(0x2) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) 192.245683ms ago: executing program 1 (id=3490): pipe(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) write$binfmt_misc(r1, 0x0, 0x4) write$binfmt_misc(r1, 0x0, 0xfffffecc) vmsplice(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="dd", 0x1}], 0x1, 0xf) 177.593215ms ago: executing program 0 (id=3491): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000040)=0x2) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000240)=0x7) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) 56.232055ms ago: executing program 4 (id=3492): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf22}, 0x48) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0xd, 0x1, 0x4, 0x1, 0x0, r0}, 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r1, &(0x7f00000001c0), &(0x7f0000000280)=@udp6=r0}, 0x20) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x7ff, r1}, 0x38) 55.497765ms ago: executing program 2 (id=3502): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f00000038c0), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r1 = eventfd(0x2) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x0, r1}) 0s ago: executing program 1 (id=3493): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4008001}, 0x0) r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="240000006800019f00000000000000000a0000000000000008"], 0x24}, 0x1, 0x0, 0x0, 0x4}, 0x0) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) kernel console output (not intermixed with test programs): ber: syz [ 292.762194][T10506] loop1: detected capacity change from 0 to 1024 [ 292.781756][ T6996] usb 5-1: config 0 descriptor?? [ 292.837892][ T6996] usb_ehset_test: probe of 5-1:0.0 failed with error -32 [ 293.022751][ T6996] usb 5-1: USB disconnect, device number 12 [ 293.094840][T10510] loop2: detected capacity change from 0 to 4096 [ 293.157981][T10510] ntfs: volume version 3.1. [ 293.231060][T10510] ntfs: (device loop2): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-3. You might want to try to use the mount option nls=utf8. [ 293.301983][T10510] ntfs: (device loop2): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 293.335373][T10523] delete_channel: no stack [ 293.354251][T10522] delete_channel: no stack [ 293.928058][T10541] loop1: detected capacity change from 0 to 256 [ 294.023138][T10541] FAT-fs (loop1): Directory bread(block 64) failed [ 294.043958][T10541] FAT-fs (loop1): Directory bread(block 65) failed [ 294.085430][T10541] FAT-fs (loop1): Directory bread(block 66) failed [ 294.119701][T10541] FAT-fs (loop1): Directory bread(block 67) failed [ 294.126435][T10541] FAT-fs (loop1): Directory bread(block 68) failed [ 294.202763][T10541] FAT-fs (loop1): Directory bread(block 69) failed [ 294.209460][T10541] FAT-fs (loop1): Directory bread(block 70) failed [ 294.259652][T10541] FAT-fs (loop1): Directory bread(block 71) failed [ 294.266330][T10541] FAT-fs (loop1): Directory bread(block 72) failed [ 294.313734][T10541] FAT-fs (loop1): Directory bread(block 73) failed [ 294.520188][T10541] syz.1.2442: attempt to access beyond end of device [ 294.520188][T10541] loop1: rw=524288, sector=1160, nr_sectors = 4 limit=256 [ 294.600081][T10541] syz.1.2442: attempt to access beyond end of device [ 294.600081][T10541] loop1: rw=0, sector=1160, nr_sectors = 4 limit=256 [ 294.620163][ T4281] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 294.645832][ T26] audit: type=1800 audit(1755260959.918:217): pid=10541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.2442" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=1048707 res=0 errno=0 [ 294.687208][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.828323][T10559] loop0: detected capacity change from 0 to 4096 [ 294.921370][T10559] ntfs3: loop0: Different NTFS' sector size (2048) and media sector size (512) [ 295.008789][T10559] ntfs3: loop0: Failed to load root. [ 295.073374][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 295.242350][T10546] loop2: detected capacity change from 0 to 32768 [ 295.334751][T10546] JBD2: Ignoring recovery information on journal [ 295.372593][T10546] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 295.558190][ T4264] ocfs2: Unmounting device (7,2) on (node local) [ 295.579707][ T4340] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 295.696361][ T26] audit: type=1326 audit(1755260960.968:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10580 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 295.758985][ T26] audit: type=1326 audit(1755260960.998:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10580 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 295.786839][ T4340] usb 1-1: Using ep0 maxpacket: 16 [ 295.794597][ T4340] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 295.813489][T10585] loop1: detected capacity change from 0 to 256 [ 295.828175][ T4340] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 295.848014][ T4340] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 295.856788][ T26] audit: type=1326 audit(1755260960.998:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10580 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 295.879132][ C1] vkms_vblank_simulate: vblank timer overrun [ 295.918091][T10585] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d) [ 295.925534][ T4340] usb 1-1: Product: syz [ 295.980479][ T4340] usb 1-1: Manufacturer: syz [ 295.985117][ T4340] usb 1-1: SerialNumber: syz [ 295.993341][T10588] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2463'. [ 296.019290][T10588] netlink: 'syz.2.2463': attribute type 2 has an invalid length. [ 296.027258][ T26] audit: type=1326 audit(1755260960.998:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10580 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 296.060173][ T4340] usb 1-1: config 0 descriptor?? [ 296.068509][T10588] netlink: 'syz.2.2463': attribute type 1 has an invalid length. [ 296.106989][ T26] audit: type=1326 audit(1755260960.998:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10580 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=65 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 296.130398][T10588] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2463'. [ 296.132376][ T4340] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 296.159296][ T4340] em28xx 1-1:0.0: DVB interface 0 found: isoc [ 296.248243][ T26] audit: type=1326 audit(1755260960.998:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10580 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 296.362979][ T26] audit: type=1326 audit(1755260960.998:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10580 comm="syz.2.2460" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 296.368903][ T4340] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 296.482061][T10601] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2470'. [ 296.514625][ T4340] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 296.538229][ T4340] em28xx 1-1:0.0: board has no eeprom [ 296.648889][ T4340] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 296.687425][ T4340] em28xx 1-1:0.0: dvb set to isoc mode. [ 296.714561][ T27] em28xx 1-1:0.0: Binding DVB extension [ 296.768057][ T4340] usb 1-1: USB disconnect, device number 15 [ 296.787803][ T4340] em28xx 1-1:0.0: Disconnecting em28xx [ 297.011304][ T27] em28xx 1-1:0.0: Registering input extension [ 297.049293][ T4340] em28xx 1-1:0.0: Closing input extension [ 297.213764][ T4340] em28xx 1-1:0.0: Freeing device [ 297.253820][T10596] loop1: detected capacity change from 0 to 32768 [ 297.276817][T10596] XFS: ikeep mount option is deprecated. [ 297.388955][T10596] XFS (loop1): Mounting V5 Filesystem [ 297.554807][T10596] XFS (loop1): Ending clean mount [ 297.562259][T10596] XFS (loop1): Quotacheck needed: Please wait. [ 297.721616][T10596] XFS (loop1): Quotacheck: Done. [ 297.863448][T10643] loop4: detected capacity change from 0 to 256 [ 297.902444][ T4273] XFS (loop1): Unmounting Filesystem [ 297.955595][T10643] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0xda218cab, utbl_chksum : 0xe619d30d) [ 298.218597][T10646] loop3: detected capacity change from 0 to 4096 [ 298.261471][T10646] ntfs3: loop3: Different NTFS' sector size (2048) and media sector size (512) [ 298.291110][T10653] program syz.2.2490 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 298.330412][T10646] ntfs3: loop3: Failed to load root. [ 299.145304][T10661] loop3: detected capacity change from 0 to 32768 [ 299.260479][T10661] JBD2: Ignoring recovery information on journal [ 299.368651][T10661] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 299.546761][ T4265] ocfs2: Unmounting device (7,3) on (node local) [ 300.244614][T10714] binder: 10713:10714 ioctl 400c620e 200000001f40 returned -22 [ 300.300390][T10716] loop3: detected capacity change from 0 to 512 [ 300.332589][T10716] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 300.404102][T10716] EXT4-fs (loop3): 1 truncate cleaned up [ 300.411213][T10716] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 300.544972][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 300.731590][ T4340] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 300.829479][ T4265] EXT4-fs (loop3): unmounting filesystem. [ 300.926569][ T4340] usb 1-1: Using ep0 maxpacket: 8 [ 300.947409][ T4340] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 300.955483][ T4340] usb 1-1: config 0 has no interface number 0 [ 300.981891][ T4340] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 300.994300][T10730] netlink: 'syz.2.2523': attribute type 30 has an invalid length. [ 301.022165][ T4340] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 301.042470][ T4340] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 301.065641][ T4340] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.105209][ T4340] usb 1-1: config 0 descriptor?? [ 301.152103][ T4340] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 301.389799][T10720] iowarrior 1-1:0.1: Error -90 while submitting URB [ 301.435634][ T4517] usb 1-1: USB disconnect, device number 16 [ 301.543563][T10747] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2533'. [ 301.587931][T10747] IPVS: Error joining to the multicast group [ 301.838279][T10742] loop4: detected capacity change from 0 to 32768 [ 301.875335][T10742] BTRFS: device fsid 3a375e4e-b156-4d76-a2ad-16e198ce1409 devid 1 transid 8 /dev/loop4 scanned by syz.4.2530 (10742) [ 301.907237][T10742] BTRFS info (device loop4): first mount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 301.919272][T10742] BTRFS info (device loop4): using xxhash64 (xxhash64-generic) checksum algorithm [ 301.935806][ T4315] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 301.966211][ T27] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 301.974909][T10742] BTRFS info (device loop4): using free space tree [ 302.005603][T10760] sg_write: data in/out 209152/4 bytes for SCSI command 0xf2-- guessing data in; [ 302.005603][T10760] program syz.3.2539 not setting count and/or reply_len properly [ 302.138474][ T4315] usb 3-1: unable to get BOS descriptor or descriptor too short [ 302.152542][ T4315] usb 3-1: config 6 has an invalid interface number: 96 but max is 0 [ 302.166152][ T27] usb 2-1: Using ep0 maxpacket: 8 [ 302.177401][ T27] usb 2-1: too many configurations: 120, using maximum allowed: 8 [ 302.202802][ T4315] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 302.206443][ T27] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 302.222572][T10742] BTRFS info (device loop4): enabling ssd optimizations [ 302.236046][ T27] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=24 [ 302.244574][ T27] usb 2-1: Product: syz [ 302.255006][ T27] usb 2-1: Manufacturer: syz [ 302.255330][ T4315] usb 3-1: config 6 has no interface number 0 [ 302.259989][ T27] usb 2-1: SerialNumber: syz [ 302.272544][ T4315] usb 3-1: config 6 interface 96 has no altsetting 0 [ 302.273637][ T27] usb 2-1: config 0 descriptor?? [ 302.292376][ T27] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 302.300929][ T27] usb 2-1: setting power ON [ 302.313479][ T27] dvb-usb: bulk message failed: -22 (2/0) [ 302.323231][ T4315] usb 3-1: string descriptor 0 read error: -22 [ 302.326570][ T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 302.356020][ T27] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 302.364517][ T27] usb 2-1: media controller created [ 302.366246][ T4315] usb 3-1: New USB device found, idVendor=10b8, idProduct=1e6e, bcdDevice=4f.2b [ 302.413445][ T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 302.430435][ T4315] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 302.473090][ T4266] BTRFS info (device loop4): last unmount of filesystem 3a375e4e-b156-4d76-a2ad-16e198ce1409 [ 302.500041][T10752] dvb-usb: bulk message failed: -22 (3/0) [ 302.516404][T10752] cxusb: i2c wr: len=80 is too big! [ 302.516404][T10752] [ 302.527230][ T27] usb 2-1: selecting invalid altsetting 6 [ 302.533427][ T27] usb 2-1: digital interface selection failed (-22) [ 302.556385][ T27] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 302.593643][ T27] usb 2-1: setting power OFF [ 302.599547][ T27] dvb-usb: bulk message failed: -22 (2/0) [ 302.674527][ T27] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 302.711621][ T27] (NULL device *): no alternate interface [ 302.738026][T10786] loop3: detected capacity change from 0 to 128 [ 302.818026][ T27] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 302.827794][T10786] FAT-fs (loop3): Invalid FSINFO signature: 0x4161ffff, 0x61417272 (sector = 1) [ 302.901934][ T27] usb 2-1: USB disconnect, device number 19 [ 302.925107][ T4516] Process accounting resumed [ 302.943735][ T4516] FAT-fs (loop3): error, corrupted file size (i_pos 548, 512) [ 302.971428][ T4516] FAT-fs (loop3): Filesystem has been set read-only [ 303.031636][ T4315] dvb-usb: found a 'DiBcom TFE7790P reference design' in cold state, will try to load a firmware [ 303.112568][ T4265] FAT-fs (loop3): Invalid FSINFO signature: 0x4161ffff, 0x61417272 (sector = 1) [ 303.120730][T10775] loop0: detected capacity change from 0 to 32768 [ 303.134038][T10775] XFS: noikeep mount option is deprecated. [ 303.148748][ T4315] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 303.194811][ T4315] dib0700: firmware download failed at 28 with -71 [ 303.225888][ T4315] usb 3-1: USB disconnect, device number 16 [ 303.267600][T10775] XFS (loop0): Mounting V5 Filesystem [ 303.309453][T10791] loop4: detected capacity change from 0 to 4096 [ 303.392135][T10791] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 303.442786][T10801] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2546'. [ 303.458461][T10775] XFS (loop0): Ending clean mount [ 303.471424][T10791] ntfs3: loop4: Failed to load $Extend. [ 303.483119][T10775] XFS (loop0): Quotacheck needed: Please wait. [ 303.535923][T10791] ntfs3: loop4: MFT: r=b, expect seq=0 instead of b! [ 303.591408][T10775] XFS (loop0): Quotacheck: Done. [ 303.730475][ T4315] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 303.838752][ T4277] XFS (loop0): Unmounting Filesystem [ 303.956536][ T4315] usb 2-1: New USB device found, idVendor=1645, idProduct=0008, bcdDevice=cf.36 [ 303.975907][ T4315] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 303.996606][ T4315] usb 2-1: config 0 descriptor?? [ 304.221766][ T4315] kaweth 2-1:0.0: Firmware present in device. [ 304.265112][T10805] loop4: detected capacity change from 0 to 40427 [ 304.284934][T10805] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x3ffff [ 304.309700][T10805] F2FS-fs (loop4): invalid crc value [ 304.347311][T10805] F2FS-fs (loop4): Found nat_bits in checkpoint [ 304.418477][ T4315] kaweth 2-1:0.0: Statistics collection: 0 [ 304.426090][ T4315] kaweth 2-1:0.0: Multicast filter limit: 0 [ 304.432992][ T4315] kaweth 2-1:0.0: MTU: 0 [ 304.438856][T10805] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 304.447014][ T4315] kaweth 2-1:0.0: Read MAC address 00:00:00:00:00:00 [ 304.467562][T10805] F2FS-fs (loop4): access invalid blkaddr:2816 [ 304.476823][T10805] CPU: 0 PID: 10805 Comm: syz.4.2549 Not tainted 6.1.148-syzkaller #0 [ 304.485022][T10805] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 304.495180][T10805] Call Trace: [ 304.498468][T10805] [ 304.501411][T10805] dump_stack_lvl+0x168/0x22e [ 304.506110][T10805] ? show_regs_print_info+0x12/0x12 [ 304.511330][T10805] ? f2fs_get_next_page_offset+0x6a0/0x6a0 [ 304.517520][T10805] f2fs_is_valid_blkaddr+0xc7e/0x1250 [ 304.522914][T10805] f2fs_map_blocks+0xd37/0x3840 [ 304.527819][T10805] ? f2fs_do_map_lock+0x70/0x70 [ 304.532690][T10805] ? preempt_count_add+0x8d/0x190 [ 304.537745][T10805] ? clear_nonspinnable+0x60/0x60 [ 304.542882][T10805] ? fiemap_prep+0x1a8/0x240 [ 304.547493][T10805] f2fs_fiemap+0x93d/0x1990 [ 304.552020][T10805] ? do_syscall_64+0x4c/0xa0 [ 304.556740][T10805] ? f2fs_overwrite_io+0x1e0/0x1e0 [ 304.561880][T10805] ? __lock_acquire+0x7c50/0x7c50 [ 304.566937][T10805] ? __might_fault+0xc2/0x120 [ 304.571637][T10805] ? __might_fault+0xa6/0x120 [ 304.576343][T10805] do_vfs_ioctl+0x1425/0x1d10 [ 304.581042][T10805] ? __ia32_compat_sys_ioctl+0x780/0x780 [ 304.586695][T10805] ? tomoyo_path_number_perm+0x1b6/0x600 [ 304.592347][T10805] ? __lock_acquire+0x7c50/0x7c50 [ 304.597368][T10805] ? slab_free_freelist_hook+0x131/0x1a0 [ 304.602995][T10805] ? tomoyo_path_number_perm+0x4ae/0x600 [ 304.608620][T10805] ? __kmem_cache_free+0xb6/0x1f0 [ 304.613638][T10805] ? tomoyo_path_number_perm+0x503/0x600 [ 304.619260][T10805] ? tomoyo_path_number_perm+0x1b6/0x600 [ 304.624883][T10805] ? tomoyo_check_path_acl+0x1c0/0x1c0 [ 304.630374][T10805] ? __fget_files+0x28/0x4d0 [ 304.634980][T10805] ? bpf_lsm_file_ioctl+0x5/0x10 [ 304.639924][T10805] ? security_file_ioctl+0x7c/0xa0 [ 304.645300][T10805] __se_sys_ioctl+0x83/0x170 [ 304.649892][T10805] do_syscall_64+0x4c/0xa0 [ 304.654327][T10805] ? clear_bhb_loop+0x60/0xb0 [ 304.658997][T10805] ? clear_bhb_loop+0x60/0xb0 [ 304.663664][T10805] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 304.669553][T10805] RIP: 0033:0x7f263918ebe9 [ 304.674086][T10805] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 304.693691][T10805] RSP: 002b:00007f2639fd3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 304.702103][T10805] RAX: ffffffffffffffda RBX: 00007f26393b5fa0 RCX: 00007f263918ebe9 [ 304.710062][T10805] RDX: 0000200000000040 RSI: 00000000c020660b RDI: 0000000000000004 [ 304.718109][T10805] RBP: 00007f2639211e19 R08: 0000000000000000 R09: 0000000000000000 [ 304.726081][T10805] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 304.734043][T10805] R13: 00007f26393b6038 R14: 00007f26393b5fa0 R15: 00007fff0d2db568 [ 304.742019][T10805] [ 304.753268][ T4315] kaweth: probe of 2-1:0.0 failed with error -5 [ 304.765584][T10813] loop3: detected capacity change from 0 to 32768 [ 304.783789][ T4315] usb 2-1: USB disconnect, device number 20 [ 304.856597][T10813] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode. [ 304.889454][T10813] (syz.3.2553,10813,0):ocfs2_file_write_iter:2446 ERROR: status = -27 [ 304.932265][ T4265] ocfs2: Unmounting device (7,3) on (node local) [ 305.412714][T10831] loop4: detected capacity change from 0 to 512 [ 305.463831][T10831] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 305.621189][ T26] audit: type=1326 audit(1755260970.903:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10836 comm="syz.2.2562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 305.709143][ T26] audit: type=1326 audit(1755260970.903:226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10836 comm="syz.2.2562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 305.822213][ T26] audit: type=1326 audit(1755260970.903:227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10836 comm="syz.2.2562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 305.906071][T10839] loop0: detected capacity change from 0 to 4096 [ 305.918937][ T26] audit: type=1326 audit(1755260970.903:228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10836 comm="syz.2.2562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 305.959618][T10839] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 306.031354][ T26] audit: type=1326 audit(1755260970.903:229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10836 comm="syz.2.2562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=33 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 306.146585][T10839] ntfs: volume version 3.1. [ 306.151281][ T26] audit: type=1326 audit(1755260970.903:230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10836 comm="syz.2.2562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 306.177117][T10843] xt_CT: No such helper "snmp" [ 306.177597][ T26] audit: type=1326 audit(1755260970.903:231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10836 comm="syz.2.2562" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f094ab8ebe9 code=0x7ffc0000 [ 306.524916][ T5395] ntfs: (device loop0): ntfs_write_block(): Writing beyond initialized size is not supported yet. Sorry. [ 306.587803][T10833] loop1: detected capacity change from 0 to 32768 [ 306.659274][T10866] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2573'. [ 306.696356][T10833] XFS (loop1): Mounting V5 Filesystem [ 306.797237][T10833] XFS (loop1): Ending clean mount [ 306.851927][T10876] loop0: detected capacity change from 0 to 512 [ 306.882903][T10833] XFS (loop1): Quotacheck needed: Please wait. [ 306.905199][T10878] netlink: 44 bytes leftover after parsing attributes in process `syz.4.2576'. [ 306.999076][T10876] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz.0.2574: bg 0: block 248: padding at end of block bitmap is not set [ 307.019715][T10833] XFS (loop1): Quotacheck: Done. [ 307.028226][T10876] Quota error (device loop0): write_blk: dquota write failed [ 307.074375][T10876] EXT4-fs error (device loop0): ext4_acquire_dquot:6814: comm syz.0.2574: Failed to acquire dquot type 1 [ 307.123177][T10876] EXT4-fs (loop0): 1 truncate cleaned up [ 307.128887][T10876] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 307.194302][T10876] ext4 filesystem being mounted at /498/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 307.206662][ T4273] XFS (loop1): Unmounting Filesystem [ 307.408828][T10876] EXT4-fs: Cannot change journaled quota options when quota turned on [ 307.560298][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 307.727842][T10869] loop3: detected capacity change from 0 to 32768 [ 307.744757][T10893] loop4: detected capacity change from 0 to 4096 [ 307.778024][T10869] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.2575 (10869) [ 307.844324][T10893] ntfs3: loop4: Different NTFS' sector size (4096) and media sector size (512) [ 307.871575][T10869] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 307.907994][T10869] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 307.944738][T10869] BTRFS info (device loop3): setting nodatacow, compression disabled [ 307.982376][T10893] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 308.003086][T10869] BTRFS info (device loop3): enabling auto defrag [ 308.009621][T10869] BTRFS info (device loop3): max_inline at 0 [ 308.052879][T10869] BTRFS info (device loop3): using free space tree [ 308.127716][T10893] ntfs3: loop4: ino=21, "bus" The size of extended attributes must not exceed 64KiB [ 308.335052][T10917] loop1: detected capacity change from 0 to 512 [ 308.402379][T10917] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 308.413072][T10917] ext4 filesystem being mounted at /494/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 308.534977][T10917] EXT4-fs error (device loop1): ext4_map_blocks:635: inode #2: block 10: comm syz.1.2589: lblock 15 mapped to illegal pblock 10 (length 19) [ 308.612983][ T6173] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 308.687714][ T4273] EXT4-fs (loop1): unmounting filesystem. [ 308.712021][ T4265] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 308.852605][ T6173] usb 5-1: Using ep0 maxpacket: 8 [ 308.864467][ T6173] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 308.879549][ T6173] usb 5-1: config 0 has no interface number 0 [ 308.905324][ T6173] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 308.978228][ T6173] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 309.014849][ T6173] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 309.035405][ T6173] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.055151][T10938] loop0: detected capacity change from 0 to 256 [ 309.071160][ T6173] usb 5-1: config 0 descriptor?? [ 309.143824][ T6173] iowarrior 5-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 309.252702][ T14] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 309.320734][T10920] iowarrior 5-1:0.1: Error -90 while submitting URB [ 309.348199][ T6173] usb 5-1: USB disconnect, device number 13 [ 309.394363][T10944] device bridge0 entered promiscuous mode [ 309.401154][T10944] device macvlan2 entered promiscuous mode [ 309.407363][T10940] loop2: detected capacity change from 0 to 4096 [ 309.438248][T10940] ntfs: volume version 3.1. [ 309.452460][ T14] usb 2-1: Using ep0 maxpacket: 16 [ 309.459454][ T14] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 309.488084][ T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 309.506168][ T14] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 309.538883][ T14] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 309.559695][ T14] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 309.610058][ T14] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 309.634722][ T14] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 309.653117][T10951] netlink: 184 bytes leftover after parsing attributes in process `syz.3.2598'. [ 309.672995][ T14] usb 2-1: Manufacturer: syz [ 309.695879][ T14] usb 2-1: config 0 descriptor?? [ 310.018990][T10953] loop2: detected capacity change from 0 to 32768 [ 310.026375][T10953] XFS: attr2 mount option is deprecated. [ 310.094033][T10959] loop3: detected capacity change from 0 to 4096 [ 310.139744][T10962] sp0: Synchronizing with TNC [ 310.180024][T10953] XFS (loop2): Mounting V5 Filesystem [ 310.232142][ T14] rc_core: IR keymap rc-hauppauge not found [ 310.239854][ T14] Registered IR keymap rc-empty [ 310.272549][T10959] ntfs3: loop3: ino=1e, "file1" attr_set_size [ 310.273396][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.336315][ T4374] XFS (loop2): Metadata CRC error detected at xfs_agi_read_verify+0x18d/0x250, xfs_agi block 0x2 [ 310.362998][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.406817][ T4374] XFS (loop2): Unmount and run xfs_repair [ 310.430715][ T4374] XFS (loop2): First 128 bytes of corrupted metadata buffer: [ 310.446261][ T14] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 310.485241][ T4374] 00000000: 58 41 47 49 00 00 00 01 00 00 00 00 00 00 10 00 XAGI............ [ 310.501183][ T14] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input19 [ 310.536440][ T4374] 00000010: 00 00 00 40 00 00 00 03 00 00 00 01 00 00 00 37 ...@...........7 [ 310.570472][ T4374] 00000020: 00 00 11 40 ff ff ff ff ff ff ff ff ff ff ff ff ...@............ [ 310.593182][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.638461][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.656738][ T4374] 00000030: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 310.701781][ T4374] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 310.712697][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.742088][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.767512][ T4374] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 310.777182][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.800166][ T4374] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 310.826252][ T4374] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ................ [ 310.842146][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.880661][T10953] XFS (loop2): metadata I/O error in "xfs_read_agi+0x295/0x650" at daddr 0x2 len 1 error 74 [ 310.891005][T10953] XFS (loop2): xfs_imap_lookup: xfs_ialloc_read_agi() returned error -117, agno 0 [ 310.900329][T10953] XFS (loop2): Failed to read root inode 0x1140, error 117 [ 310.901948][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.962431][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 310.991886][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 311.025039][ T14] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 311.046255][T10984] loop0: detected capacity change from 0 to 1024 [ 311.062513][ T14] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 311.094636][ T14] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 311.188224][ T14] usb 2-1: USB disconnect, device number 21 [ 311.368993][T10990] loop4: detected capacity change from 0 to 4096 [ 311.384959][T10989] hfsplus: invalid xattr key length: 0 [ 311.462871][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc0c00 [ 311.496708][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc0c00 [ 311.521369][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc0c00 [ 311.543514][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc0c00 [ 311.614069][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc1c00 [ 311.646626][ T4393] hfsplus: b-tree write err: -5, ino 8 [ 311.682317][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc2c00 [ 311.690205][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc4c00 [ 311.803425][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffc8c00 [ 311.836938][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffd0c00 [ 311.865157][T10990] ntfs3: loop4: try to read out of volume at offset 0x3fffffe0c00 [ 312.135785][ T4340] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 312.217939][T11013] netlink: 'syz.4.2622': attribute type 10 has an invalid length. [ 312.281638][T11013] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 312.304191][T11016] loop0: detected capacity change from 0 to 256 [ 312.305802][T11013] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 312.324566][T11015] netlink: 'syz.4.2622': attribute type 10 has an invalid length. [ 312.338132][T11015] netlink: 40 bytes leftover after parsing attributes in process `syz.4.2622'. [ 312.349805][ T4340] usb 3-1: Using ep0 maxpacket: 8 [ 312.360073][ T4340] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 312.379049][T11015] device batadv0 entered promiscuous mode [ 312.389815][ T4340] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.417449][ T4340] pvrusb2: Hardware description: Terratec Grabster AV400 [ 312.425788][ T4340] pvrusb2: ********** [ 312.430085][ T4340] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 312.450544][ T4340] pvrusb2: Important functionality might not be entirely working. [ 312.458672][ T4340] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 312.476473][ T4340] pvrusb2: ********** [ 312.488113][T11016] exFAT-fs (loop0): failed to load upcase table (idx : 0x0001034b, chksum : 0x6322ccb6, utbl_chksum : 0xe619d30d) [ 312.488153][T11015] bond0: (slave batadv0): Releasing backup interface [ 312.551323][T11015] bridge0: port 3(batadv0) entered blocking state [ 312.579842][T11015] bridge0: port 3(batadv0) entered disabled state [ 312.622775][ T2305] pvrusb2: Invalid write control endpoint [ 312.660654][ T4393] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 312.670920][ T4393] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 312.739981][T11020] 8021q: adding VLAN 0 to HW filter on device bond1 [ 312.784806][T11007] loop3: detected capacity change from 0 to 32768 [ 312.841420][T11002] pvrusb2: Invalid write control endpoint [ 312.876740][ T4340] usb 3-1: USB disconnect, device number 17 [ 312.991826][ T2305] pvrusb2: Invalid write control endpoint [ 313.000060][ T2305] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 313.043744][ T2305] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 313.075413][ T2305] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 313.077252][T11024] loop0: detected capacity change from 0 to 4096 [ 313.108020][ T2305] pvrusb2: Device being rendered inoperable [ 313.142802][T11024] __ntfs_warning: 22 callbacks suppressed [ 313.142818][T11024] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 313.159101][ T2305] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 313.232285][ T2305] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 313.260846][T11024] ntfs: (device loop0): read_ntfs_boot_sector(): Primary boot sector is invalid. [ 313.299008][T11024] ntfs: (device loop0): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy. [ 313.303303][ T2305] pvrusb2: Attached sub-driver cx25840 [ 313.358687][ T2305] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 313.385932][T11024] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 313.390145][ T2305] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 313.410375][T11024] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 313.512978][T11039] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 313.524611][T11024] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 313.524649][T11024] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5). [ 313.524698][T11024] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 313.524726][T11024] ntfs: (device loop0): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5). [ 313.524774][T11024] ntfs: (device loop0): ntfs_mapping_pairs_decompress(): Corrupt attribute. [ 313.532612][T11024] ntfs: volume version 3.1. [ 313.557744][T11041] loop1: detected capacity change from 0 to 512 [ 313.613801][T11039] bridge0: port 2(bridge_slave_1) entered disabled state [ 313.623345][T11039] bridge0: port 1(bridge_slave_0) entered disabled state [ 313.712084][ T5395] batman_adv: batadv0: IGMP Querier appeared [ 313.718160][ T5395] batman_adv: batadv0: MLD Querier appeared [ 313.789600][T11041] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 313.823333][T11041] ext4 filesystem being mounted at /503/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 313.989946][ T4273] EXT4-fs (loop1): unmounting filesystem. [ 314.377461][T11071] loop3: detected capacity change from 0 to 128 [ 314.535881][ T4340] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 314.720479][ T4340] usb 5-1: Using ep0 maxpacket: 32 [ 314.727853][ T4340] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 314.765340][ T4340] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 314.802202][ T4340] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 314.826726][ T4340] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 314.875377][ T4340] usb 5-1: Product: syz [ 314.888705][ T4340] usb 5-1: Manufacturer: syz [ 314.914732][ T4340] hub 5-1:4.0: USB hub found [ 314.923513][T11089] loop0: detected capacity change from 0 to 512 [ 314.958038][T11089] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem [ 314.998300][T11089] EXT4-fs (loop0): invalid journal inode [ 315.014479][T11089] EXT4-fs (loop0): can't get journal size [ 315.141813][ T4340] hub 5-1:4.0: 9 ports detected [ 315.152584][T11089] EXT4-fs (loop0): 1 truncate cleaned up [ 315.158273][T11089] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 315.174064][ T4340] hub 5-1:4.0: insufficient power available to use all downstream ports [ 315.243017][T11089] EXT4-fs warning (device loop0): ext4_group_add:1743: No reserved GDT blocks, can't resize [ 315.329699][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 315.357905][ T4340] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 315.366486][ T4340] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 315.431067][ T4340] usb 5-1: USB disconnect, device number 14 [ 315.536791][T11102] loop2: detected capacity change from 0 to 2048 [ 315.606703][T11102] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 315.625911][T11106] syzkaller1: tun_chr_ioctl cmd 35111 [ 315.633155][T11102] EXT4-fs (loop2): shut down requested (1) [ 315.671355][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 315.740285][ T27] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 315.851870][T11113] loop3: detected capacity change from 0 to 1024 [ 315.876782][T11115] loop1: detected capacity change from 0 to 16 [ 315.927254][T11117] loop2: detected capacity change from 0 to 256 [ 315.937624][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 128, changing to 11 [ 315.942750][T11115] erofs: (device loop1): mounted with root inode @ nid 36. [ 315.954241][ T27] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 315.996800][T11113] hfsplus: bad catalog entry type [ 316.028883][T11115] erofs: (device loop1): erofs_find_target_block: corrupted dir block 8200 @ nid 36 [ 316.035651][ T27] usb 1-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 316.094005][ T27] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.104165][T11115] erofs: (device loop1): z_erofs_readahead: readahead error at page 12 @ nid 36 [ 316.119741][ T27] usb 1-1: config 0 descriptor?? [ 316.127435][T11115] erofs: (device loop1): z_erofs_readahead: readahead error at page 9 @ nid 36 [ 316.144055][T11115] erofs: (device loop1): z_erofs_readahead: readahead error at page 8 @ nid 36 [ 316.153595][T11115] erofs: (device loop1): z_erofs_pcluster_readmore: readmore error at page 8 @ nid 36 [ 316.166712][ T11] hfsplus: b-tree write err: -5, ino 4 [ 316.211286][T11115] syz.1.2666: attempt to access beyond end of device [ 316.211286][T11115] loop1: rw=524288, sector=67108872, nr_sectors = 16 limit=16 [ 316.236480][T11115] syz.1.2666: attempt to access beyond end of device [ 316.236480][T11115] loop1: rw=524288, sector=720, nr_sectors = 8 limit=16 [ 316.521500][T11129] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 316.578053][T11129] bridge0: port 2(bridge_slave_1) entered disabled state [ 316.585608][T11129] bridge0: port 1(bridge_slave_0) entered disabled state [ 316.623137][ T27] elo 0003:04E7:0030.002E: hidraw0: USB HID v0.00 Device [HID 04e7:0030] on usb-dummy_hcd.0-1/input0 [ 316.859608][ T27] usb 1-1: USB disconnect, device number 17 [ 316.936376][T11137] fido_id[11137]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 317.067358][T11145] loop2: detected capacity change from 0 to 4096 [ 317.097727][T11145] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 317.126322][T11145] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 4096) [ 317.204166][T11153] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 317.261850][T11154] loop7: detected capacity change from 0 to 7 [ 317.323758][T11154] Dev loop7: unable to read RDB block 7 [ 317.339318][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.345708][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.432372][T11154] loop7: unable to read partition table [ 317.460895][T11154] loop7: partition table beyond EOD, truncated [ 317.507324][T11154] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 318.171804][T11178] loop4: detected capacity change from 0 to 256 [ 318.426673][T11159] loop1: detected capacity change from 0 to 32768 [ 318.478755][ T26] kauditd_printk_skb: 12 callbacks suppressed [ 318.478770][ T26] audit: type=1800 audit(1755260983.763:233): pid=11159 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2686" name="file1" dev="loop1" ino=4 res=0 errno=0 [ 318.527207][T11159] syz.1.2686: attempt to access beyond end of device [ 318.527207][T11159] loop1: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 318.551039][T11159] metapage_write_end_io: I/O error [ 318.558742][T11159] ERROR: (device loop1): diWrite: ixpxd invalid [ 318.558742][T11159] [ 318.629619][T11159] ERROR: (device loop1): remounting filesystem as read-only [ 318.665575][T11159] ERROR: (device loop1): txCommit: [ 318.665575][T11159] [ 318.701055][T11159] blkno = 8ed2c, nblocks = 1 [ 318.705706][T11159] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 318.705706][T11159] [ 318.762142][T11159] ERROR: (device loop1): dbAllocBits: leaf page corrupt [ 318.762142][T11159] [ 318.826661][T11159] syz.1.2686: attempt to access beyond end of device [ 318.826661][T11159] loop1: rw=34817, sector=4683776, nr_sectors = 4 limit=32768 [ 318.866072][T11191] sp0: Synchronizing with TNC [ 318.879519][T11159] syz.1.2686: attempt to access beyond end of device [ 318.879519][T11159] loop1: rw=34817, sector=4683780, nr_sectors = 2088 limit=32768 [ 318.892992][T11194] sp0: Found TNC [ 318.924434][T11159] syz.1.2686: attempt to access beyond end of device [ 318.924434][T11159] loop1: rw=34817, sector=4685868, nr_sectors = 476 limit=32768 [ 318.942048][ T27] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 318.997831][ T106] blkno = 8ed2c, nblocks = 4 [ 319.006115][ T106] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map [ 319.006115][ T106] [ 319.037568][ T106] blkno = 8ef00, nblocks = 141 [ 319.050638][ T106] ERROR: (device loop1): dbFree: block to be freed is outside the map [ 319.050638][ T106] [ 319.133132][ T27] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 319.192126][ T27] usb 3-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 319.232669][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.269666][T11201] loop0: detected capacity change from 0 to 256 [ 319.281261][ T27] usb 3-1: config 0 descriptor?? [ 319.293262][T11201] exfat: Deprecated parameter 'namecase' [ 319.360621][T11201] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 319.429557][T11187] loop4: detected capacity change from 0 to 32768 [ 319.532783][T11187] ialloc: diAlloc returned -5! [ 319.704962][ T106] ERROR: (device loop4): diUpdatePMap: the iag is outside the map [ 319.704962][ T106] [ 319.724042][ T27] aquacomputer_d5next 0003:0C70:F011.002F: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.2-1/input0 [ 319.744427][T11207] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2708'. [ 319.746113][ T106] ERROR: (device loop4): remounting filesystem as read-only [ 319.946870][ T27] usb 3-1: USB disconnect, device number 18 [ 320.067733][T11210] fido_id[11210]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 320.271426][ T5253] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 320.470165][ T5253] usb 4-1: Using ep0 maxpacket: 16 [ 320.508510][ T5253] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.530868][ T5253] usb 4-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 320.548973][ T5253] usb 4-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 320.609285][ T5253] usb 4-1: config 0 interface 0 has no altsetting 0 [ 320.625241][ T5253] usb 4-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 320.654534][ T5253] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.656189][ T5253] usb 4-1: config 0 descriptor?? [ 320.875669][T11238] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2722'. [ 320.908107][T11238] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2722'. [ 321.067398][ T5253] hid (null): report_id 0 is invalid [ 321.105878][T11243] loop2: detected capacity change from 0 to 1024 [ 321.135521][T11243] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 321.231454][T11243] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 321.296089][ T14] usb 4-1: USB disconnect, device number 17 [ 321.437693][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 321.808858][T11271] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2736'. [ 322.226895][T11269] loop4: detected capacity change from 0 to 40427 [ 322.242034][T11269] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 322.265506][T11269] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 322.299088][T11269] F2FS-fs (loop4): invalid crc value [ 322.348089][T11269] F2FS-fs (loop4): Found nat_bits in checkpoint [ 322.461907][T11269] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 322.490270][T11269] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 322.800269][ T4340] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 322.885684][T11295] netlink: 'syz.3.2746': attribute type 29 has an invalid length. [ 322.941028][T11295] netlink: 'syz.3.2746': attribute type 29 has an invalid length. [ 322.999761][ T4340] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 323.030036][ T4340] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.057017][ T4340] usb 3-1: config 0 descriptor?? [ 323.084631][ T4340] cp210x 3-1:0.0: cp210x converter detected [ 323.209833][T11303] ax25_connect(): syz.1.2748 uses autobind, please contact jreuter@yaina.de [ 323.493405][ T4393] kworker/u4:7: attempt to access beyond end of device [ 323.493405][ T4393] loop1: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 323.496186][ T4340] usb 3-1: cp210x converter now attached to ttyUSB0 [ 323.560549][ T4393] metapage_write_end_io: I/O error [ 323.614603][ T4393] JFS: metapage_get_blocks failed [ 323.619858][ T4393] JFS: metapage_get_blocks failed [ 323.676347][T11315] netlink: 452 bytes leftover after parsing attributes in process `syz.1.2753'. [ 323.750002][T11311] loop0: detected capacity change from 0 to 4096 [ 323.756799][ T27] usb 3-1: USB disconnect, device number 19 [ 323.765910][ T27] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 323.834325][T11319] loop4: detected capacity change from 0 to 256 [ 323.847516][T11311] ntfs: (device loop0): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel. [ 323.868038][T11319] exfat: Deprecated parameter 'namecase' [ 323.868071][T11319] exfat: Deprecated parameter 'namecase' [ 323.868134][T11319] exfat: Deprecated parameter 'namecase' [ 323.878944][ T27] cp210x 3-1:0.0: device disconnected [ 323.935026][T11319] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 324.140683][T11311] ntfs: volume version 3.1. [ 324.291783][T11323] netdevsim netdevsim1: Firmware load for 'nel/fscaps./file0/../file0' refused, path contains '..' component [ 324.941709][T11327] loop4: detected capacity change from 0 to 32768 [ 324.951533][T11341] input: syz1 as /devices/virtual/input/input20 [ 325.111084][T11344] loop0: detected capacity change from 0 to 512 [ 325.172827][T11344] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 325.183623][T11344] ext4 filesystem being mounted at /545/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 325.201077][T11344] EXT4-fs error (device loop0): ext4_do_update_inode:5254: inode #2: comm syz.0.2767: corrupted inode contents [ 325.226115][T11344] EXT4-fs error (device loop0): ext4_dirty_inode:6119: inode #2: comm syz.0.2767: mark_inode_dirty error [ 325.251059][T11348] EXT4-fs (loop0): shut down requested (1) [ 325.287084][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 325.305466][ T4393] Quota error (device loop0): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 325.538666][T11354] loop4: detected capacity change from 0 to 128 [ 325.560989][T11354] EXT4-fs: Ignoring removed nobh option [ 325.573194][T11354] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 325.584332][T11354] ext4 filesystem being mounted at /580/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 325.634231][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 325.721604][ T27] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 325.803453][ T5253] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 325.851046][T11365] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2774'. [ 325.914241][T11367] loop4: detected capacity change from 0 to 1024 [ 325.950609][ T27] usb 3-1: Using ep0 maxpacket: 32 [ 325.958926][T11367] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 325.971052][ T27] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 325.985178][ T27] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.996510][ T5253] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 326.008967][ T5253] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 326.019122][ T26] audit: type=1800 audit(1755260991.303:234): pid=11367 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2775" name="bus" dev="loop4" ino=18 res=0 errno=0 [ 326.045955][ T27] usb 3-1: config 0 descriptor?? [ 326.068188][ T5253] usb 1-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 326.081176][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 326.087046][ T5253] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 326.103913][ T5253] usb 1-1: config 0 descriptor?? [ 326.289862][ T27] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 326.305733][ T27] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 326.319898][ T27] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 326.329025][ T27] usb 3-1: media controller created [ 326.363399][ T27] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 326.493193][ T27] az6027: usb out operation failed. (-71) [ 326.494655][T11381] loop4: detected capacity change from 0 to 2048 [ 326.500535][ T27] az6027: usb out operation failed. (-71) [ 326.526933][ T27] stb0899_attach: Driver disabled by Kconfig [ 326.536674][ T27] az6027: no front-end attached [ 326.536674][ T27] [ 326.544412][ T27] az6027: usb out operation failed. (-71) [ 326.555513][ T5253] hid-steam 0003:28DE:1142.0031: unknown main item tag 0x0 [ 326.563295][ T27] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 326.572639][ T5253] hid-steam 0003:28DE:1142.0031: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 326.573586][T11381] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 326.585739][ T27] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input21 [ 326.605735][T11381] ext4 filesystem being mounted at /591/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 326.621771][ T5253] hid-steam 0003:28DE:1142.0032: unknown main item tag 0x0 [ 326.640057][ T5253] hid-steam 0003:28DE:1142.0032: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.0-1/input0 [ 326.662889][ T27] dvb-usb: schedule remote query interval to 400 msecs. [ 326.669881][ T27] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 326.732704][ T27] usb 3-1: USB disconnect, device number 20 [ 326.750729][ T5253] hid-steam 0003:28DE:1142.0031: Steam wireless receiver connected [ 326.790473][ T5253] usb 1-1: USB disconnect, device number 18 [ 326.841482][ T27] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 326.861825][ T5253] hid-steam 0003:28DE:1142.0031: Steam wireless receiver disconnected [ 326.923612][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 326.940887][T11384] fido_id[11384]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 327.156502][T11390] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2784'. [ 327.166536][T11390] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2784'. [ 327.176378][T11392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2785'. [ 327.193271][T11392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2785'. [ 327.207670][T11392] bridge0: port 3(vlan2) entered blocking state [ 327.217392][T11392] bridge0: port 3(vlan2) entered disabled state [ 327.231469][T11390] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2784'. [ 327.241270][T11393] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2784'. [ 328.239564][T11430] program syz.0.2803 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 328.565062][T11441] loop0: detected capacity change from 0 to 128 [ 328.608179][T11441] UDF-fs: error (device loop0): udf_read_tagged: read failed, block=256, location=256 [ 328.705600][T11441] UDF-fs: error (device loop0): udf_read_inode: (ino 86) failed unknown file type=13 [ 328.737263][T11443] loop2: detected capacity change from 0 to 4096 [ 328.750731][T11443] ntfs: (device loop2): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk. [ 328.768985][T11443] ntfs: (device loop2): ntfs_read_locked_inode(): $DATA attribute is missing. [ 328.778710][ T4393] JFS: metapage_get_blocks failed [ 328.787395][ T4374] kernel write not supported for file /1263/attr/exec (pid: 4374 comm: kworker/0:7) [ 328.825549][T11443] ntfs: (device loop2): ntfs_read_locked_inode(): Failed with error code -2. Marking corrupt inode 0x1 as bad. Run chkdsk. [ 328.908587][T11443] ntfs: (device loop2): load_system_files(): Failed to load $MFTMirr. Mounting read-only. Run ntfsfix and/or chkdsk. [ 329.033213][T11443] ntfs: volume version 3.1. [ 329.094308][T11443] ntfs: (device loop2): ntfs_ucstonls(): Unicode name contains characters that cannot be converted to character set iso8859-4. You might want to try to use the mount option nls=utf8. [ 329.153852][T11443] ntfs: (device loop2): ntfs_filldir(): Skipping unrepresentable inode 0x4. [ 329.877120][T11483] input: syz0 as /devices/virtual/input/input22 [ 330.100575][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 330.324200][T11468] loop2: detected capacity change from 0 to 32768 [ 330.341139][T11468] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.2820 (11468) [ 330.372422][T11468] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 330.392818][T11468] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 330.404375][T11468] BTRFS info (device loop2): setting nodatacow, compression disabled [ 330.416881][T11468] BTRFS info (device loop2): max_inline at 4096 [ 330.425170][T11468] BTRFS info (device loop2): using free space tree [ 330.511735][ T4330] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 330.700315][ T4330] usb 5-1: Using ep0 maxpacket: 8 [ 330.708318][ T4330] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 330.768836][ T4330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.832517][ T4330] pvrusb2: Hardware description: Terratec Grabster AV400 [ 330.859626][ T4330] pvrusb2: ********** [ 330.870555][ T4330] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 330.881446][ T4330] pvrusb2: Important functionality might not be entirely working. [ 330.889290][ T4330] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 330.920739][ T4330] pvrusb2: ********** [ 330.972095][ T4264] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 331.025781][ T2305] pvrusb2: Invalid write control endpoint [ 331.238848][T11495] pvrusb2: Invalid write control endpoint [ 331.410033][ T2305] pvrusb2: Invalid write control endpoint [ 331.442122][ T2305] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 331.480660][ T2305] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 331.532758][ T2305] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 331.544729][T11524] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2838'. [ 331.570633][ T2305] pvrusb2: Device being rendered inoperable [ 331.605281][ T2305] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 331.625815][ T2305] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 331.628767][T11522] loop3: detected capacity change from 0 to 4096 [ 331.650832][ T951] usb 5-1: USB disconnect, device number 15 [ 331.660750][T11522] ntfs3: loop3: Different NTFS' sector size (4096) and media sector size (512) [ 331.672018][ T2305] pvrusb2: Attached sub-driver cx25840 [ 331.692634][ T2305] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 331.716312][ T2305] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 331.753135][ T26] audit: type=1800 audit(1755260997.043:235): pid=11522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2837" name="file0" dev="loop3" ino=0 res=0 errno=0 [ 331.921651][ T4265] ntfs3: loop3: ntfs_evict_inode r=3 failed, -22. [ 331.961196][ T4265] ntfs3: loop3: Mark volume as dirty due to NTFS errors [ 332.004548][ T4265] ntfs3: loop3: ntfs_set_state r=3 failed, -22. [ 332.521268][T11556] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2850'. [ 332.709393][T11563] loop2: detected capacity change from 0 to 256 [ 332.787247][T11563] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 332.833708][T11545] loop3: detected capacity change from 0 to 32768 [ 332.852558][T11563] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512 [ 332.887523][T11545] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 scanned by syz.3.2845 (11545) [ 332.903829][T11563] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found [ 332.926073][T11563] UDF-fs: Scanning with blocksize 512 failed [ 332.983927][T11563] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256 [ 333.022350][T11563] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 333.023752][T11545] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 333.123035][T11545] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm [ 333.163434][T11545] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8) [ 333.228698][T11545] BTRFS info (device loop3): use lzo compression, level 0 [ 333.246251][T11545] BTRFS info (device loop3): max_inline at 0 [ 333.250753][ T6996] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 333.279368][T11545] BTRFS info (device loop3): using free space tree [ 333.292679][T11574] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2858'. [ 333.474709][ T6996] usb 1-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 333.518574][ T6996] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.530995][T11545] BTRFS info (device loop3): enabling ssd optimizations [ 333.576149][ T6996] usb 1-1: Product: syz [ 333.605087][ T6996] usb 1-1: Manufacturer: syz [ 333.619512][ T6996] usb 1-1: SerialNumber: syz [ 333.631941][ T26] audit: type=1800 audit(1755260998.923:236): pid=11545 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2845" name="file1" dev="loop3" ino=260 res=0 errno=0 [ 333.633435][T11545] BTRFS info (device loop3): resizing devid 6744073709551615 [ 333.680949][ T6996] usb 1-1: config 0 descriptor?? [ 333.713133][ T6996] i2c-tiny-usb 1-1:0.0: version 6d.cc found at bus 001 address 019 [ 333.755834][T11545] BTRFS info (device loop3): resizer unable to find device 6744073709551615 [ 333.814903][ T4334] JFS: metapage_get_blocks failed [ 333.944581][ T4265] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8 [ 334.130839][ T6996] (null): failure reading functionality [ 334.191002][ T6996] i2c i2c-1: connected i2c-tiny-usb device [ 334.379306][ T27] usb 1-1: USB disconnect, device number 19 [ 334.758164][T11627] loop3: detected capacity change from 0 to 1024 [ 334.771683][T11627] EXT4-fs: Ignoring removed nomblk_io_submit option [ 334.876919][T11627] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 334.965721][T11636] loop2: detected capacity change from 0 to 7 [ 334.996676][ T4265] EXT4-fs (loop3): unmounting filesystem. [ 335.014591][T11636] Dev loop2: unable to read RDB block 7 [ 335.054235][T11636] loop2: AHDI p1 p2 p3 [ 335.061103][T11636] loop2: partition table partially beyond EOD, truncated [ 335.094191][T11636] loop2: p1 start 1601398130 is beyond EOD, truncated [ 335.106779][T11636] loop2: p2 start 1702059890 is beyond EOD, truncated [ 335.390674][ T4515] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 335.585230][ T4515] usb 4-1: config 0 has an invalid interface number: 50 but max is 0 [ 335.613901][ T4515] usb 4-1: config 0 has no interface number 0 [ 335.630618][ T4515] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 335.641883][T11661] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2888'. [ 335.670623][ T4515] usb 4-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 335.711723][ T4515] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 335.761038][ T4515] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.783705][ T4515] usb 4-1: Product: syz [ 335.787935][ T4515] usb 4-1: Manufacturer: syz [ 335.804004][ T4515] usb 4-1: SerialNumber: syz [ 335.830845][ T4515] usb 4-1: config 0 descriptor?? [ 335.836936][T11643] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 335.880622][ T4515] yurex 4-1:0.50: USB YUREX device now attached to Yurex #0 [ 336.093511][ T4515] usb 4-1: USB disconnect, device number 18 [ 336.110816][ T6996] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 336.123764][ T4515] yurex 4-1:0.50: USB YUREX #0 now disconnected [ 336.153644][T11678] loop0: detected capacity change from 0 to 256 [ 336.267303][T11681] syz.0.2896: attempt to access beyond end of device [ 336.267303][T11681] loop0: rw=2049, sector=256, nr_sectors = 96 limit=256 [ 336.267463][T11678] syz.0.2896: attempt to access beyond end of device [ 336.267463][T11678] loop0: rw=2049, sector=352, nr_sectors = 4 limit=256 [ 336.322454][ T6996] usb 5-1: unable to get BOS descriptor or descriptor too short [ 336.336871][ T6996] usb 5-1: config 6 has an invalid interface number: 200 but max is 0 [ 336.361860][ T6996] usb 5-1: config 6 has no interface number 0 [ 336.376758][ T6996] usb 5-1: config 6 interface 200 has no altsetting 0 [ 336.388786][ T6996] usb 5-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 336.418995][ T6996] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.441477][ T6996] usb 5-1: Product: syz [ 336.447959][ T6996] usb 5-1: Manufacturer: syz [ 336.457138][ T6996] usb 5-1: SerialNumber: syz [ 336.750392][ T5253] usb 1-1: new full-speed USB device number 20 using dummy_hcd [ 336.825745][T11697] loop3: detected capacity change from 0 to 1024 [ 336.836627][T11697] EXT4-fs: Ignoring removed nobh option [ 336.843222][T11697] EXT4-fs: Ignoring removed bh option [ 336.854936][T11697] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 336.875334][T11697] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 336.900279][ T22] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 336.930328][T11697] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:3841: comm syz.3.2905: Allocating blocks 497-513 which overlap fs metadata [ 336.947071][ T5253] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 336.960729][ T5253] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 336.974198][T11697] EXT4-fs (loop3): pa ffff88807466e540: logic 256, phys. 385, len 8 [ 336.982824][T11697] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 337.000886][ T5253] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 337.009974][ T5253] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 337.018111][ T5253] usb 1-1: Product: syz [ 337.022346][ T5253] usb 1-1: Manufacturer: syz [ 337.026951][ T5253] usb 1-1: SerialNumber: syz [ 337.054819][ T6996] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 337.066762][ T6996] dvb-usb: bulk message failed: -71 (3/0) [ 337.078443][ T6996] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 337.095327][ T6996] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 337.103314][ T22] usb 3-1: config 0 interface 0 altsetting 250 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 337.103346][ T22] usb 3-1: config 0 interface 0 altsetting 250 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 337.103370][ T22] usb 3-1: config 0 interface 0 has no altsetting 0 [ 337.103422][ T22] usb 3-1: New USB device found, idVendor=056a, idProduct=00ce, bcdDevice= 0.00 [ 337.103446][ T22] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.105420][ T22] usb 3-1: config 0 descriptor?? [ 337.122607][ T6996] usb 5-1: media controller created [ 337.179446][ T6996] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 337.196439][ T6996] dvb-usb: bulk message failed: -71 (6/0) [ 337.203595][ T4265] EXT4-fs (loop3): unmounting filesystem. [ 337.211317][ T6996] dvb-usb: bulk message failed: -71 (6/0) [ 337.217141][ T6996] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 337.227734][ T6996] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input23 [ 337.248019][ T5253] usb 1-1: 0:2 : does not exist [ 337.253229][ T6996] dvb-usb: schedule remote query interval to 150 msecs. [ 337.287608][ T6996] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 337.296584][ T5253] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 337.323021][T11704] loop3: detected capacity change from 0 to 512 [ 337.339835][ T6996] usb 5-1: USB disconnect, device number 16 [ 337.395224][ T5253] usb 1-1: USB disconnect, device number 20 [ 337.407636][T11704] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 337.458129][ T6996] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 337.554268][ T22] wacom 0003:056A:00CE.0033: hidraw0: USB HID vff.fe Device [HID 056a:00ce] on usb-dummy_hcd.2-1/input0 [ 337.651581][ T4453] udevd[4453]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 337.761087][ T5253] usb 3-1: USB disconnect, device number 21 [ 337.891963][T11709] fido_id[11709]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 338.057580][T11719] loop4: detected capacity change from 0 to 2048 [ 338.116998][T11719] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 338.468344][ T5253] kernel read not supported for file /usbmon9 (pid: 5253 comm: kworker/1:11) [ 338.721534][T11741] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 339.235192][T11758] loop4: detected capacity change from 0 to 764 [ 339.490788][ T4512] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 339.526731][T11735] loop2: detected capacity change from 0 to 32768 [ 339.595979][T11735] XFS (loop2): Mounting V5 Filesystem [ 339.690922][ T4512] usb 4-1: Using ep0 maxpacket: 32 [ 339.702348][ T4512] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 339.712794][T11735] XFS (loop2): Ending clean mount [ 339.734863][ T4512] usb 4-1: config 0 has no interface number 0 [ 339.756958][T11735] XFS (loop2): Quotacheck needed: Please wait. [ 339.765229][ T4512] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 339.785219][ T4512] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.803925][ T4512] usb 4-1: Product: syz [ 339.814026][ T4512] usb 4-1: Manufacturer: syz [ 339.835202][ T4512] usb 4-1: SerialNumber: syz [ 339.884951][ T4512] usb 4-1: config 0 descriptor?? [ 339.899463][ T4512] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 339.934750][T11735] XFS (loop2): Quotacheck: Done. [ 340.044189][ T4264] XFS (loop2): Unmounting Filesystem [ 340.111875][ T4512] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 340.147012][ T4512] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 340.309123][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - xmit_empty message too short [ 340.509784][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 340.510521][ T5253] usb 4-1: USB disconnect, device number 19 [ 340.564089][ T5253] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 340.624642][ T5253] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 340.670556][ T5253] quatech2 4-1:0.51: device disconnected [ 341.809934][T11836] loop3: detected capacity change from 0 to 512 [ 341.867083][T11836] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 341.910463][T11836] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 341.937293][T11840] loop2: detected capacity change from 0 to 64 [ 341.946978][T11836] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2195: inode #15: comm syz.3.2962: corrupted in-inode xattr [ 341.968494][T11836] EXT4-fs error (device loop3): ext4_orphan_get:1405: comm syz.3.2962: couldn't read orphan inode 15 (err -117) [ 342.002573][T11836] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 342.165293][ T4265] EXT4-fs (loop3): unmounting filesystem. [ 342.204662][T11846] loop2: detected capacity change from 0 to 1024 [ 342.320442][T11846] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 342.390838][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 342.398231][T11816] loop4: detected capacity change from 0 to 32768 [ 342.514590][ T3637] udevd[3637]: worker [4453] terminated by signal 33 (Unknown signal 33) [ 342.540944][ T3637] udevd[3637]: worker [4453] failed while handling '/devices/virtual/block/loop4' [ 342.696750][T11816] XFS (loop4): Mounting V5 Filesystem [ 342.699205][T11869] loop3: detected capacity change from 0 to 1024 [ 342.725252][T11859] loop0: detected capacity change from 0 to 4096 [ 342.950774][T11816] XFS (loop4): Ending clean mount [ 342.994874][T11816] XFS (loop4): Quotacheck needed: Please wait. [ 343.101765][ T4393] hfsplus: b-tree write err: -5, ino 4 [ 343.201881][T11816] XFS (loop4): Quotacheck: Done. [ 343.364229][ T4266] XFS (loop4): Unmounting Filesystem [ 343.716871][T11896] loop3: detected capacity change from 0 to 4096 [ 343.815903][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 343.855953][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 343.888485][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 343.935529][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc0c00 [ 343.984952][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc1c00 [ 344.024599][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc2c00 [ 344.090744][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc4c00 [ 344.123219][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffc8c00 [ 344.160200][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffd0c00 [ 344.197650][T11896] ntfs3: loop3: try to read out of volume at offset 0x3fffffe0c00 [ 344.439003][T11918] loop0: detected capacity change from 0 to 1024 [ 344.806722][T11926] input: syz0 as /devices/virtual/input/input27 [ 344.927250][T11931] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2998'. [ 345.437926][T11947] loop0: detected capacity change from 0 to 256 [ 345.462429][T11922] loop2: detected capacity change from 0 to 32768 [ 345.546312][T11922] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode. [ 345.759947][T11954] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3006'. [ 345.954170][ T4264] ocfs2: Unmounting device (7,2) on (node local) [ 346.504004][ T6996] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 346.712413][ T6996] usb 5-1: Using ep0 maxpacket: 16 [ 346.723807][ T6996] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 346.754930][ T6996] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 346.787133][ T6996] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 346.813404][T11982] netlink: 'syz.3.3019': attribute type 10 has an invalid length. [ 346.830636][ T6996] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 346.860615][ T6996] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 346.920790][ T6996] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 346.934061][T11982] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 346.960577][ T6996] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 346.979182][ T6996] usb 5-1: Manufacturer: syz [ 346.986301][T11982] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 347.015932][ T6996] usb 5-1: config 0 descriptor?? [ 347.051889][T11986] netlink: 'syz.3.3019': attribute type 10 has an invalid length. [ 347.087612][T11986] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3019'. [ 347.099474][T11986] device batadv0 entered promiscuous mode [ 347.133553][T11986] bond0: (slave batadv0): Releasing backup interface [ 347.186073][T11986] bridge0: port 3(batadv0) entered blocking state [ 347.212717][T11986] bridge0: port 3(batadv0) entered disabled state [ 347.440673][ T6996] rc_core: IR keymap rc-hauppauge not found [ 347.446756][ T6996] Registered IR keymap rc-empty [ 347.460712][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.511895][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.544952][ T6996] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 347.609323][ T6996] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input28 [ 347.628349][ T5395] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 347.638213][ T5395] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 347.698046][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.750740][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.787417][T12007] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 347.790775][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.815933][T12007] bridge0: port 2(bridge_slave_1) entered disabled state [ 347.823323][T12007] bridge0: port 1(bridge_slave_0) entered disabled state [ 347.840693][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.890778][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.930708][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 347.970637][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 348.000728][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 348.060627][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 348.108488][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 348.150687][ T6996] mceusb 5-1:0.0: Error: mce write submit urb error = -90 [ 348.170071][T12017] loop0: detected capacity change from 0 to 2048 [ 348.185493][ T6996] mceusb 5-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 348.216297][ T6996] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 348.269287][ T6996] usb 5-1: USB disconnect, device number 17 [ 348.277368][T12017] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 348.579343][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 348.748832][T12037] tipc: Enabling of bearer rejected, failed to enable media [ 348.778173][T12040] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3041'. [ 348.903760][T12044] bridge0: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 348.934828][ T4515] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 349.098245][T12050] loop2: detected capacity change from 0 to 16 [ 349.123324][ T4515] usb 5-1: Using ep0 maxpacket: 8 [ 349.134360][ T4515] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 349.154183][T12050] erofs: (device loop2): mounted with root inode @ nid 36. [ 349.167276][ T4515] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 349.199131][ T4515] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 349.221879][T12050] overlayfs: failed to get metacopy (-117) [ 349.236403][ T4515] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 349.275131][ T4515] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 349.298927][ T4515] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 349.317098][ T4515] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 349.510825][T12065] loop0: detected capacity change from 0 to 164 [ 349.548256][ T4515] usb 5-1: GET_CAPABILITIES returned 0 [ 349.557790][ T4515] usbtmc 5-1:16.0: can't read capabilities [ 349.668943][T12067] loop2: detected capacity change from 0 to 1024 [ 349.704031][T12067] EXT4-fs: Ignoring removed bh option [ 349.754799][T12071] netlink: 'syz.0.3056': attribute type 10 has an invalid length. [ 349.791720][ T4515] usb 5-1: USB disconnect, device number 18 [ 349.800778][T12067] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 349.815206][T12071] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 349.858586][T12071] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 349.867561][T12074] netlink: 'syz.0.3056': attribute type 10 has an invalid length. [ 349.876667][T12074] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3056'. [ 349.885952][T12074] device batadv0 entered promiscuous mode [ 349.920171][T12074] bond0: (slave batadv0): Releasing backup interface [ 349.964474][T12074] bridge0: port 3(batadv0) entered blocking state [ 349.999635][T12074] bridge0: port 3(batadv0) entered disabled state [ 350.304193][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 350.377340][ T5395] batman_adv: batadv0: IGMP Querier appeared [ 350.384030][ T5395] batman_adv: batadv0: MLD Querier appeared [ 350.843184][T12098] netlink: 'syz.3.3067': attribute type 6 has an invalid length. [ 350.875405][T12098] netlink: 127868 bytes leftover after parsing attributes in process `syz.3.3067'. [ 351.335592][ T22] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 351.411509][T12115] netlink: 44 bytes leftover after parsing attributes in process `syz.1.3076'. [ 351.552778][ T22] usb 3-1: unable to get BOS descriptor or descriptor too short [ 351.580527][ T22] usb 3-1: config 6 has an invalid interface number: 200 but max is 0 [ 351.615162][ T22] usb 3-1: config 6 has no interface number 0 [ 351.640209][ T22] usb 3-1: config 6 interface 200 has no altsetting 0 [ 351.650766][ T22] usb 3-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 351.666705][ T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.675531][ T22] usb 3-1: Product: syz [ 351.680313][ T22] usb 3-1: Manufacturer: syz [ 351.685182][ T22] usb 3-1: SerialNumber: syz [ 351.854501][T12126] loop0: detected capacity change from 0 to 256 [ 352.270941][ T22] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 352.294397][ T22] dvb-usb: bulk message failed: -71 (3/0) [ 352.332120][ T22] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 352.397080][ T22] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 352.441505][ T22] usb 3-1: media controller created [ 352.492686][ T22] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 352.537444][ T22] dvb-usb: bulk message failed: -71 (6/0) [ 352.555590][ T22] dvb-usb: bulk message failed: -71 (6/0) [ 352.589545][ T22] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 352.629130][ T22] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input29 [ 352.648816][T12142] tipc: Started in network mode [ 352.658744][ T22] dvb-usb: schedule remote query interval to 150 msecs. [ 352.665593][T12142] tipc: Node identity , cluster identity 4711 [ 352.674980][T12142] tipc: Failed to set node id, please configure manually [ 352.690030][ T22] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 352.720016][T12142] tipc: Enabling of bearer rejected, failed to enable media [ 352.732581][ T22] usb 3-1: USB disconnect, device number 22 [ 352.833335][ T22] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 353.046002][T12152] netlink: 44 bytes leftover after parsing attributes in process `syz.4.3090'. [ 353.962302][T12148] loop0: detected capacity change from 0 to 40427 [ 353.979588][T12148] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x3ffff [ 353.997857][T12148] F2FS-fs (loop0): invalid crc value [ 354.022245][T12148] F2FS-fs (loop0): Found nat_bits in checkpoint [ 354.086133][T12148] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 354.154732][ T5253] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 354.194062][ T4277] syz-executor: attempt to access beyond end of device [ 354.194062][ T4277] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 354.367933][ T5253] usb 4-1: unable to get BOS descriptor or descriptor too short [ 354.376931][T12187] loop4: detected capacity change from 0 to 2048 [ 354.378135][T12189] tipc: Enabling of bearer rejected, failed to enable media [ 354.401881][ T5253] usb 4-1: config 6 has an invalid interface number: 200 but max is 0 [ 354.420448][ T5253] usb 4-1: config 6 has no interface number 0 [ 354.426713][ T5253] usb 4-1: config 6 interface 200 has no altsetting 0 [ 354.455199][T12187] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 354.462399][ T5253] usb 4-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 354.504029][ T5253] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.540513][ T5253] usb 4-1: Product: syz [ 354.544738][ T5253] usb 4-1: Manufacturer: syz [ 354.600594][ T5253] usb 4-1: SerialNumber: syz [ 354.637751][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 355.203663][ T5253] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 355.233761][ T5253] dvb-usb: bulk message failed: -71 (3/0) [ 355.249645][T12212] loop4: detected capacity change from 0 to 2048 [ 355.253930][ T5253] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 355.290466][ T5253] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 355.313696][T12212] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 355.330938][ T5253] usb 4-1: media controller created [ 355.358208][ T5253] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 355.412881][ T5253] dvb-usb: bulk message failed: -71 (6/0) [ 355.419058][ T5253] dvb-usb: bulk message failed: -71 (6/0) [ 355.430232][ T5253] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 355.449880][ T5253] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input30 [ 355.471471][ T5253] dvb-usb: schedule remote query interval to 150 msecs. [ 355.488886][ T5253] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 355.523750][ T5253] usb 4-1: USB disconnect, device number 20 [ 355.551521][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 355.593390][ T5253] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 356.069708][T12234] loop2: detected capacity change from 0 to 164 [ 356.446838][T12241] loop3: detected capacity change from 0 to 1024 [ 356.467569][T12241] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 356.567920][T12241] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 356.922561][ T4265] EXT4-fs (loop3): unmounting filesystem. [ 357.218106][T12262] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3126'. [ 357.240307][T12261] netlink: 452 bytes leftover after parsing attributes in process `syz.3.3140'. [ 357.318870][ T3637] udevd[3637]: worker [4256] terminated by signal 33 (Unknown signal 33) [ 357.347936][ T3637] udevd[3637]: worker [4256] failed while handling '/devices/virtual/block/loop1' [ 357.359485][T12264] input: syz1 as /devices/virtual/input/input31 [ 357.481798][T12270] loop0: detected capacity change from 0 to 256 [ 357.546457][T12270] exfat: Deprecated parameter 'namecase' [ 357.580050][T12270] exfat: Deprecated parameter 'namecase' [ 357.591333][T12270] exfat: Deprecated parameter 'namecase' [ 357.639796][T12270] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 358.245184][T12296] loop0: detected capacity change from 0 to 128 [ 358.308441][T12296] EXT4-fs: Ignoring removed nobh option [ 358.361119][T12296] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 358.379157][T12296] ext4 filesystem being mounted at /633/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 358.410462][ T5253] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 358.532562][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 358.602312][ T5253] usb 5-1: Using ep0 maxpacket: 8 [ 358.604809][T12308] loop2: detected capacity change from 0 to 1024 [ 358.609068][ T5253] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 358.638709][ T5253] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 358.667896][ T5253] pvrusb2: Hardware description: Terratec Grabster AV400 [ 358.697165][ T5253] pvrusb2: ********** [ 358.710034][ T5253] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 358.727109][ T5253] pvrusb2: Important functionality might not be entirely working. [ 358.750156][ T5253] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 358.763264][T12312] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3148'. [ 358.780282][ T5253] pvrusb2: ********** [ 358.818009][ T46] hfsplus: b-tree write err: -5, ino 4 [ 358.885485][ T2305] pvrusb2: Invalid write control endpoint [ 359.002967][ T2305] pvrusb2: Invalid write control endpoint [ 359.008747][ T2305] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 359.018625][ T2305] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 359.026694][ T2305] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 359.038077][ T2305] pvrusb2: Device being rendered inoperable [ 359.044672][ T2305] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 359.052983][ T2305] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 359.063092][ T2305] pvrusb2: Attached sub-driver cx25840 [ 359.070533][ T27] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 359.073891][ T2305] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 359.088768][ T2305] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 359.105527][T12294] pvrusb2: Killing an I2C read to 1 that has wlen too large (desired=62 limit=60) [ 359.117066][ T4340] usb 5-1: USB disconnect, device number 19 [ 359.280230][ T27] usb 4-1: Using ep0 maxpacket: 32 [ 359.286888][ T27] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 359.295221][ T27] usb 4-1: config 0 has no interface number 0 [ 359.301625][ T27] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 359.312690][ T27] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 359.328301][ T27] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 359.337521][ T27] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.353361][ T27] usb 4-1: config 0 descriptor?? [ 359.460653][ T4308] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 359.652981][ T4308] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 359.666227][ T4308] usb 3-1: can't read configurations, error -71 [ 359.967855][ T27] uclogic 0003:28BD:0094.0034: pen parameters not found [ 359.975765][ T27] uclogic 0003:28BD:0094.0034: interface is invalid, ignoring [ 360.186490][ T4515] usb 4-1: USB disconnect, device number 21 [ 361.067648][T12340] loop2: detected capacity change from 0 to 256 [ 361.301840][T12344] block nbd2: shutting down sockets [ 361.967366][T12361] loop2: detected capacity change from 0 to 512 [ 362.067108][T12361] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 362.086258][T12361] ext4 filesystem being mounted at /632/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 362.147745][T12371] netlink: 'syz.4.3175': attribute type 6 has an invalid length. [ 362.156146][T12371] netlink: 127868 bytes leftover after parsing attributes in process `syz.4.3175'. [ 362.222044][T12361] EXT4-fs error (device loop2): ext4_do_update_inode:5254: inode #2: comm syz.2.3171: corrupted inode contents [ 362.257661][T12376] EXT4-fs (loop2): shut down requested (1) [ 362.386362][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 362.401385][ T46] Quota error (device loop2): dquot_write_dquot: Can't write quota structure (error -5). Quota may get out of sync! [ 362.666002][T12390] loop3: detected capacity change from 0 to 2048 [ 362.671078][ T4515] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 362.707625][T12390] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 362.730071][T12390] ext4 filesystem being mounted at /641/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 362.870840][ T4515] usb 5-1: Using ep0 maxpacket: 32 [ 362.882440][ T4515] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 362.906039][ T4515] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 363.006172][ T4515] usb 5-1: config 0 descriptor?? [ 363.039073][ T4265] EXT4-fs (loop3): unmounting filesystem. [ 363.229394][ T4515] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 363.248509][ T4515] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 363.279957][ T4515] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 363.290705][ T4515] usb 5-1: media controller created [ 363.310689][ T4515] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 363.446992][ T4515] az6027: usb out operation failed. (-71) [ 363.466046][ T4515] az6027: usb out operation failed. (-71) [ 363.485420][ T4515] stb0899_attach: Driver disabled by Kconfig [ 363.499200][ T4515] az6027: no front-end attached [ 363.499200][ T4515] [ 363.551819][ T4515] az6027: usb out operation failed. (-71) [ 363.569843][ T4515] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 363.585000][ T4515] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input32 [ 363.603469][ T4515] dvb-usb: schedule remote query interval to 400 msecs. [ 363.620628][ T4515] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 363.679985][ T4515] usb 5-1: USB disconnect, device number 20 [ 363.809203][ T4515] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 364.177969][T12430] loop0: detected capacity change from 0 to 4096 [ 364.306714][T12434] loop2: detected capacity change from 0 to 4096 [ 364.368387][T12434] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 364.414978][T12434] ntfs3: loop2: Failed to load $Extend. [ 364.499820][ T4277] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 364.538527][ T4277] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 364.901301][ T4515] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 365.091485][ T4515] usb 4-1: Using ep0 maxpacket: 16 [ 365.099498][ T4515] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 365.140610][ T4515] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 365.162256][ T4515] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 365.186320][ T4515] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 365.217083][ T4515] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 365.249644][ T4515] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 365.266568][ T4515] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 365.275251][ T4515] usb 4-1: Manufacturer: syz [ 365.295642][ T4515] usb 4-1: config 0 descriptor?? [ 365.316452][T12461] loop2: detected capacity change from 0 to 2048 [ 365.357782][T12461] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 365.380365][T12461] NILFS (loop2): mounting unchecked fs [ 365.386011][T12461] NILFS (loop2): recovery required for readonly filesystem [ 365.420447][T12461] NILFS (loop2): write access will be enabled during recovery [ 365.458782][T12461] NILFS (loop2): norecovery option specified, skipping roll-forward recovery [ 365.468874][ T4460] udevd[4460]: incorrect nilfs2 checksum on /dev/loop2 [ 365.697744][T12466] loop0: detected capacity change from 0 to 4096 [ 365.722466][ T4515] rc_core: IR keymap rc-hauppauge not found [ 365.736375][ T4515] Registered IR keymap rc-empty [ 365.757301][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 365.816775][T12466] ntfs: volume version 3.1. [ 365.830566][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 365.875546][ T4515] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 365.941261][ T4515] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input33 [ 366.003994][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.060431][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.100740][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.140890][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.190935][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.232832][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.276756][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.310852][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.340306][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.380722][ T4515] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 366.411719][ T4515] mceusb 4-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 366.447155][ T4515] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 366.512060][ T4515] usb 4-1: USB disconnect, device number 22 [ 366.709287][T12499] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3231'. [ 366.744371][T12497] loop2: detected capacity change from 0 to 4096 [ 366.971130][ T4264] ntfs3: loop2: ntfs_evict_inode r=5 failed, -22. [ 366.977628][ T4264] ntfs3: loop2: Mark volume as dirty due to NTFS errors [ 367.093724][T12510] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3236'. [ 367.107878][T12510] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3236'. [ 367.110667][ T5253] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 367.147223][T12510] bridge0: port 3(vlan3) entered blocking state [ 367.169279][T12510] bridge0: port 3(vlan3) entered disabled state [ 367.320558][ T5253] usb 1-1: Using ep0 maxpacket: 16 [ 367.332245][ T5253] usb 1-1: unable to get BOS descriptor or descriptor too short [ 367.341453][ T5253] usb 1-1: config 9 has an invalid interface number: 48 but max is 0 [ 367.349581][ T5253] usb 1-1: config 9 has no interface number 0 [ 367.360543][ T5253] usb 1-1: config 9 interface 48 has no altsetting 0 [ 367.380376][ T27] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 367.407117][ T5253] usb 1-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=f3.7b [ 367.426211][ T5253] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.435439][ T5253] usb 1-1: Product: syz [ 367.439736][ T5253] usb 1-1: Manufacturer: syz [ 367.444465][ T5253] usb 1-1: SerialNumber: syz [ 367.644557][ T27] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 367.654231][ T27] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.671472][ T5253] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 367.677692][ T27] usb 3-1: Product: syz [ 367.682682][ T27] usb 3-1: Manufacturer: syz [ 367.687400][ T27] usb 3-1: SerialNumber: syz [ 367.694465][ T27] usb 3-1: config 0 descriptor?? [ 367.703164][ T27] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 025 [ 368.076995][ T5253] gspca_vc032x: reg_w err -71 [ 368.083958][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.089289][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.094755][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.100290][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.105746][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.112266][ T27] (null): failure reading functionality [ 368.118434][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.124727][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.130639][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.135938][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.142740][ T27] i2c i2c-1: connected i2c-tiny-usb device [ 368.154414][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.159746][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.165271][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.170912][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.176479][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.181905][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.187222][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.192837][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.198372][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.204020][ T5253] gspca_vc032x: I2c Bus Busy Wait 00 [ 368.209322][ T5253] gspca_vc032x: Unknown sensor... [ 368.214526][ T5253] vc032x: probe of 1-1:9.48 failed with error -22 [ 368.224113][ T5253] usb 1-1: USB disconnect, device number 21 [ 368.331334][ T27] usb 3-1: USB disconnect, device number 25 [ 368.838556][T12531] loop4: detected capacity change from 0 to 4096 [ 368.874692][T12531] ntfs3: loop4: Mark volume as dirty due to NTFS errors [ 369.123704][T12535] loop0: detected capacity change from 0 to 4096 [ 369.134720][T12537] loop2: detected capacity change from 0 to 2048 [ 369.145005][ T4266] ntfs3: loop4: ntfs_evict_inode r=5 failed, -22. [ 369.180267][T12535] ntfs3: loop0: Different NTFS' sector size (4096) and media sector size (512) [ 369.196650][T12537] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024) [ 369.223271][ T4515] kernel write not supported for file /1392/attr/exec (pid: 4515 comm: kworker/0:13) [ 369.239237][T12537] NILFS (loop2): mounting unchecked fs [ 369.305855][ T4592] udevd[4592]: incorrect nilfs2 checksum on /dev/loop2 [ 369.328036][ T26] audit: type=1800 audit(1755261034.614:237): pid=12535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.3247" name="file0" dev="loop0" ino=0 res=0 errno=0 [ 369.349995][T12537] NILFS (loop2): recovery complete [ 369.353170][T12541] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3251'. [ 369.389096][T12541] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3251'. [ 369.414762][T12542] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 369.428318][T12541] bridge0: port 4(vlan2) entered blocking state [ 369.471763][T12541] bridge0: port 4(vlan2) entered disabled state [ 369.496178][ T4277] ntfs3: loop0: ntfs_evict_inode r=3 failed, -22. [ 369.506173][ T4277] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 369.528318][ T4277] ntfs3: loop0: ntfs_set_state r=3 failed, -22. [ 369.802284][T12553] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3256'. [ 370.058110][T12560] loop2: detected capacity change from 0 to 512 [ 370.098032][T12560] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 370.122916][T12560] ext4 filesystem being mounted at /646/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 370.206549][T12560] EXT4-fs error (device loop2): ext4_do_update_inode:5254: inode #2: comm syz.2.3260: corrupted inode contents [ 370.224872][T12569] loop7: detected capacity change from 0 to 7 [ 370.247078][T12560] EXT4-fs error (device loop2): ext4_dirty_inode:6119: inode #2: comm syz.2.3260: mark_inode_dirty error [ 370.247128][T12569] Dev loop7: unable to read RDB block 7 [ 370.269804][T12560] EXT4-fs error (device loop2): ext4_do_update_inode:5254: inode #2: comm syz.2.3260: corrupted inode contents [ 370.284650][T12565] loop3: detected capacity change from 0 to 4096 [ 370.299793][T12570] EXT4-fs error (device loop2): ext4_do_update_inode:5254: inode #2: comm syz.2.3260: corrupted inode contents [ 370.335558][T12570] EXT4-fs error (device loop2): ext4_dirty_inode:6119: inode #2: comm syz.2.3260: mark_inode_dirty error [ 370.348095][T12570] EXT4-fs error (device loop2): ext4_do_update_inode:5254: inode #2: comm syz.2.3260: corrupted inode contents [ 370.365630][T12565] ntfs: volume version 3.1. [ 370.370908][T12570] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz.2.3260: mark_inode_dirty error [ 370.381347][T12569] loop7: unable to read partition table [ 370.390712][T12570] EXT4-fs error (device loop2): ext4_do_update_inode:5254: inode #2: comm syz.2.3260: corrupted inode contents [ 370.403628][T12569] loop7: partition table beyond EOD, truncated [ 370.410280][ T27] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 370.421430][T12570] EXT4-fs error (device loop2): ext4_dirty_inode:6119: inode #2: comm syz.2.3260: mark_inode_dirty error [ 370.450835][T12569] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 370.579454][ T3637] Dev loop7: unable to read RDB block 7 [ 370.588273][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 370.604399][ T27] usb 1-1: unable to get BOS descriptor or descriptor too short [ 370.613060][ T3637] loop7: unable to read partition table [ 370.633773][ T27] usb 1-1: config 6 has an invalid interface number: 96 but max is 0 [ 370.649712][ T3637] loop7: partition table beyond EOD, truncated [ 370.666641][ T27] usb 1-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 370.712950][ T27] usb 1-1: config 6 has no interface number 0 [ 370.729386][ T27] usb 1-1: config 6 interface 96 has no altsetting 0 [ 370.769628][ T27] usb 1-1: string descriptor 0 read error: -22 [ 370.794440][ T27] usb 1-1: New USB device found, idVendor=10b8, idProduct=1e6e, bcdDevice=4f.2b [ 370.828376][ T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.436882][ T27] dvb-usb: found a 'DiBcom TFE7790P reference design' in cold state, will try to load a firmware [ 371.479763][ T27] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 371.511318][ T27] dib0700: firmware download failed at 28 with -71 [ 371.537225][ T27] usb 1-1: USB disconnect, device number 22 [ 371.745626][T12602] loop4: detected capacity change from 0 to 4096 [ 371.834175][T12602] ntfs: volume version 3.1. [ 372.251207][T12610] loop7: detected capacity change from 0 to 7 [ 372.274402][T12610] Dev loop7: unable to read RDB block 7 [ 372.295561][T12610] loop7: unable to read partition table [ 372.315398][T12610] loop7: partition table beyond EOD, truncated [ 372.319185][T12612] loop4: detected capacity change from 0 to 1024 [ 372.336730][T12610] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 372.367489][T12612] EXT4-fs: Ignoring removed nomblk_io_submit option [ 372.444055][T12612] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 372.746596][ T4266] EXT4-fs (loop4): unmounting filesystem. [ 372.844851][T12627] loop2: detected capacity change from 0 to 1024 [ 372.890425][T12627] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors [ 372.933895][T12627] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (30349!=20869) [ 372.970850][T12627] EXT4-fs (loop2): invalid journal inode [ 372.986237][T12627] EXT4-fs (loop2): can't get journal size [ 373.013000][T12627] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 373.137917][T12627] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 37: comm syz.2.3284: path /652/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0 [ 373.167801][T12627] EXT4-fs error (device loop2): ext4_readdir:263: inode #2: block 3: comm syz.2.3284: path /652/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=511, rec_len=65535, size=1024 fake=0 [ 373.269234][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 373.468539][T12647] loop7: detected capacity change from 0 to 7 [ 373.506173][ T4460] Dev loop7: unable to read RDB block 7 [ 373.521492][ T4460] loop7: unable to read partition table [ 373.550796][ T4460] loop7: partition table beyond EOD, truncated [ 373.604016][T12647] Dev loop7: unable to read RDB block 7 [ 373.636696][T12647] loop7: unable to read partition table [ 373.644523][T12647] loop7: partition table beyond EOD, truncated [ 373.662098][T12647] loop_reread_partitions: partition scan of loop7 (úùƒå¡™‰ü¾CêjÌ–ã¢P=ý?ã}X‹ºÐ œëÜ%õ«`ÉæÖ€ù…ˆ{í©Ö˜Èµ4FLQkÝŠ) failed (rc=-5) [ 374.035818][T12640] loop4: detected capacity change from 0 to 32768 [ 374.107734][ T26] audit: type=1800 audit(1755261039.394:238): pid=12640 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.3290" name="file1" dev="loop4" ino=4 res=0 errno=0 [ 374.129559][T12640] syz.4.3290: attempt to access beyond end of device [ 374.129559][T12640] loop4: rw=1, sector=4680032, nr_sectors = 8 limit=32768 [ 374.163757][T12640] metapage_write_end_io: I/O error [ 374.169005][T12640] ERROR: (device loop4): diWrite: ixpxd invalid [ 374.169005][T12640] [ 374.195183][T12640] ERROR: (device loop4): remounting filesystem as read-only [ 374.259082][T12640] ERROR: (device loop4): txCommit: [ 374.259082][T12640] [ 374.282305][T12640] blkno = 8ed2c, nblocks = 1 [ 374.306094][T12640] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map [ 374.306094][T12640] [ 374.346597][T12640] ERROR: (device loop4): dbAllocBits: leaf page corrupt [ 374.346597][T12640] [ 374.357546][T12679] loop0: detected capacity change from 0 to 1024 [ 374.391077][T12640] syz.4.3290: attempt to access beyond end of device [ 374.391077][T12640] loop4: rw=34817, sector=4683776, nr_sectors = 4 limit=32768 [ 374.442904][T12640] syz.4.3290: attempt to access beyond end of device [ 374.442904][T12640] loop4: rw=34817, sector=4683780, nr_sectors = 2048 limit=32768 [ 374.500687][T12640] syz.4.3290: attempt to access beyond end of device [ 374.500687][T12640] loop4: rw=34817, sector=4685828, nr_sectors = 516 limit=32768 [ 374.570892][ T107] blkno = 8ed2c, nblocks = 4 [ 374.575550][ T107] ERROR: (device loop4): dbUpdatePMap: blocks are outside the map [ 374.575550][ T107] [ 374.609370][ T107] blkno = 8ef00, nblocks = 141 [ 374.633094][ T5253] kernel read not supported for file /usbmon9 (pid: 5253 comm: kworker/1:11) [ 374.640567][ T107] ERROR: (device loop4): dbFree: block to be freed is outside the map [ 374.640567][ T107] [ 374.877180][T12694] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 375.674743][T12711] loop2: detected capacity change from 0 to 512 [ 375.733452][T12711] EXT4-fs: Ignoring removed nomblk_io_submit option [ 375.781385][T12711] EXT4-fs (loop2): revision level too high, forcing read-only mode [ 375.789681][T12711] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e128, mo2=0002] [ 375.831786][T12711] EXT4-fs (loop2): orphan cleanup on readonly fs [ 375.838254][T12711] Quota error (device loop2): v2_read_header: Failed header read: expected=8 got=0 [ 375.940245][T12711] EXT4-fs warning (device loop2): ext4_enable_quotas:7066: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix. [ 375.958861][T12711] EXT4-fs (loop2): Cannot turn on quotas: error -22 [ 375.966637][T12711] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz.2.3334: bg 0: block 40: padding at end of block bitmap is not set [ 375.994136][T12704] loop0: detected capacity change from 0 to 32768 [ 376.005808][T12704] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.3320 (12704) [ 376.025984][T12711] EXT4-fs (loop2): Remounting filesystem read-only [ 376.050757][T12711] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6170: Corrupt filesystem [ 376.066472][T12711] EXT4-fs (loop2): Remounting filesystem read-only [ 376.079303][T12704] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 376.096504][T12711] EXT4-fs (loop2): 1 truncate cleaned up [ 376.105163][T12711] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 376.120056][T12704] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 376.129357][T12724] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3329'. [ 376.144914][T12704] BTRFS info (device loop0): using free space tree [ 376.195359][T12732] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3328'. [ 376.201572][T12711] EXT4-fs (loop2): shut down requested (2) [ 376.418788][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 376.501255][T12704] BTRFS info (device loop0): enabling ssd optimizations [ 376.527437][T12748] usb usb6: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 376.773657][ T4277] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf [ 377.735802][T12780] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 378.100435][ T5261] usb 3-1: new full-speed USB device number 26 using dummy_hcd [ 378.322405][ T5261] usb 3-1: config 0 has an invalid interface number: 50 but max is 0 [ 378.351156][ T5261] usb 3-1: config 0 has no interface number 0 [ 378.357304][ T5261] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 378.421004][ T5261] usb 3-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 378.455105][ T5261] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 378.484493][ T5261] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.503067][ T5261] usb 3-1: Product: syz [ 378.522578][ T5261] usb 3-1: Manufacturer: syz [ 378.527400][ T5261] usb 3-1: SerialNumber: syz [ 378.548526][ T5261] usb 3-1: config 0 descriptor?? [ 378.555620][T12787] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 378.582595][ T5261] yurex 3-1:0.50: USB YUREX device now attached to Yurex #0 [ 378.774189][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.780726][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.818605][ T4512] usb 3-1: USB disconnect, device number 26 [ 378.848901][ T4512] yurex 3-1:0.50: USB YUREX #0 now disconnected [ 379.375792][T12836] loop3: detected capacity change from 0 to 2048 [ 379.400318][T12839] loop0: detected capacity change from 0 to 512 [ 379.418346][T12836] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 379.457426][T12839] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 379.459972][T12841] loop2: detected capacity change from 0 to 512 [ 379.518469][T12841] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 379.541205][T12841] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 379.560645][T12839] EXT4-fs (loop0): 1 truncate cleaned up [ 379.566324][T12839] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 379.625558][T12841] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2195: inode #15: comm syz.2.3371: corrupted in-inode xattr [ 379.724375][T12841] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.3371: couldn't read orphan inode 15 (err -117) [ 379.783532][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 379.802653][T12841] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 379.917248][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 380.209373][ C0] vcan0: j1939_tp_rxtimer: 0xffff88807c755800: rx timeout, send abort [ 380.222355][ C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88807c755800: 0x2fe01: (3) A timeout occurred and this is the connection abort to close the session. [ 380.877975][T12874] loop2: detected capacity change from 0 to 2048 [ 380.942914][T12874] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 381.080655][ T4308] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 381.147392][T12881] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 381.284356][ T4308] usb 5-1: config 0 has an invalid interface number: 50 but max is 0 [ 381.319142][ T4308] usb 5-1: config 0 has no interface number 0 [ 381.340866][ T4308] usb 5-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 381.355191][T12888] loop3: detected capacity change from 0 to 736 [ 381.407188][ T4308] usb 5-1: config 0 interface 50 altsetting 0 endpoint 0x82 has invalid maxpacket 1023, setting to 64 [ 381.432416][ T4308] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc [ 381.450584][ T4308] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.460828][ T4308] usb 5-1: Product: syz [ 381.465021][ T4308] usb 5-1: Manufacturer: syz [ 381.484389][ T4308] usb 5-1: SerialNumber: syz [ 381.512896][ T4308] usb 5-1: config 0 descriptor?? [ 381.518570][T12872] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 381.544015][ T4308] yurex 5-1:0.50: USB YUREX device now attached to Yurex #0 [ 381.777582][ T4308] usb 5-1: USB disconnect, device number 21 [ 381.807236][ T4308] yurex 5-1:0.50: USB YUREX #0 now disconnected [ 382.546522][ T5442] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.639977][T12919] loop0: detected capacity change from 0 to 512 [ 382.677349][T12922] loop2: detected capacity change from 0 to 764 [ 382.710641][T12919] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 382.773547][ T5442] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 382.802257][T12919] EXT4-fs (loop0): 1 truncate cleaned up [ 382.807975][T12919] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 383.046313][ T5442] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.143373][ T5442] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 383.440684][ T4272] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 383.459066][ T4272] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 383.469108][ T4272] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 383.509264][ T4272] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 383.530967][ T4272] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 383.539301][ T4272] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 383.594514][ T4277] EXT4-fs (loop0): unmounting filesystem. [ 383.855427][ T5442] tipc: Left network mode [ 384.033112][T12956] loop2: detected capacity change from 0 to 256 [ 384.634704][T12977] ax25_connect(): syz.1.3430 uses autobind, please contact jreuter@yaina.de [ 384.775979][T12985] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3431'. [ 384.958786][T12989] loop2: detected capacity change from 0 to 256 [ 385.029044][T12989] FAT-fs (loop2): Directory bread(block 64) failed [ 385.060777][T12989] FAT-fs (loop2): Directory bread(block 65) failed [ 385.092213][T12989] FAT-fs (loop2): Directory bread(block 66) failed [ 385.120824][T12989] FAT-fs (loop2): Directory bread(block 67) failed [ 385.127507][T12989] FAT-fs (loop2): Directory bread(block 68) failed [ 385.210727][T12989] FAT-fs (loop2): Directory bread(block 69) failed [ 385.245702][T12989] FAT-fs (loop2): Directory bread(block 70) failed [ 385.256198][T12940] chnl_net:caif_netlink_parms(): no params data found [ 385.300828][T12989] FAT-fs (loop2): Directory bread(block 71) failed [ 385.320796][T12989] FAT-fs (loop2): Directory bread(block 72) failed [ 385.337905][T12989] FAT-fs (loop2): Directory bread(block 73) failed [ 385.570676][ T4281] Bluetooth: hci1: command 0x0409 tx timeout [ 385.907398][T12940] bridge0: port 1(bridge_slave_0) entered blocking state [ 385.949916][T12940] bridge0: port 1(bridge_slave_0) entered disabled state [ 385.975303][T12940] device bridge_slave_0 entered promiscuous mode [ 386.193261][T12940] bridge0: port 2(bridge_slave_1) entered blocking state [ 386.218409][T12940] bridge0: port 2(bridge_slave_1) entered disabled state [ 386.251919][T12940] device bridge_slave_1 entered promiscuous mode [ 386.467114][T12940] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 386.572000][T12940] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 386.600777][ T5442] IPVS: stopping master sync thread 10369 ... [ 386.707913][T12940] team0: Port device team_slave_0 added [ 387.115335][T13050] loop2: detected capacity change from 0 to 512 [ 387.163036][T12940] team0: Port device team_slave_1 added [ 387.221553][T13050] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.3458: casefold flag without casefold feature [ 387.237277][T13050] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.3458: couldn't read orphan inode 15 (err -117) [ 387.253005][T13050] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 387.487670][ T4264] EXT4-fs (loop2): unmounting filesystem. [ 387.650695][ T4281] Bluetooth: hci1: command 0x041b tx timeout [ 387.727614][T12940] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 387.771558][T12940] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 387.872096][T12940] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 387.910681][T13068] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3461'. [ 388.111863][T12940] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 388.118859][T12940] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 388.248099][T12940] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 388.356619][ T5442] device hsr_slave_0 left promiscuous mode [ 388.405169][ T5442] device hsr_slave_1 left promiscuous mode [ 388.421553][ T5442] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 388.450484][ T5442] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 388.482280][ T5442] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 388.502601][ T5442] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 388.532872][ T5442] bridge0: port 3(batadv0) entered disabled state [ 388.582525][ T5442] device bridge_slave_1 left promiscuous mode [ 388.588850][ T5442] bridge0: port 2(bridge_slave_1) entered disabled state [ 388.617915][ T5442] device bridge_slave_0 left promiscuous mode [ 388.631441][ T5442] bridge0: port 1(bridge_slave_0) entered disabled state [ 388.727305][ T5442] device bridge0 left promiscuous mode [ 388.747697][ T5442] device veth1_macvtap left promiscuous mode [ 388.762751][ T5442] device veth0_macvtap left promiscuous mode [ 388.776781][ T5442] device veth1_vlan left promiscuous mode [ 388.795574][ T5442] device veth0_vlan left promiscuous mode [ 389.045378][T13104] loop0: detected capacity change from 0 to 32768 [ 389.103672][T13104] XFS (loop0): Mounting V5 Filesystem [ 389.168207][T13104] XFS (loop0): Ending clean mount [ 389.175944][T13104] XFS (loop0): Quotacheck needed: Please wait. [ 389.289577][T13104] XFS (loop0): Quotacheck: Done. [ 389.359584][ T4277] XFS (loop0): Unmounting Filesystem [ 389.741766][ T4281] Bluetooth: hci1: command 0x040f tx timeout [ 389.964377][T13122] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3479'. [ 389.976571][T13122] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3479'. [ 389.986116][T13122] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3479'. [ 390.166652][ T5442] team0 (unregistering): Port device team_slave_1 removed [ 390.170214][T13126] ax25_connect(): syz.0.3481 uses autobind, please contact jreuter@yaina.de [ 390.245963][ T5442] team0 (unregistering): Port device team_slave_0 removed [ 390.352140][ T5442] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 390.465276][ T5442] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 391.195314][ T5442] bond0 (unregistering): Released all slaves [ 391.441283][T12940] device hsr_slave_0 entered promiscuous mode [ 391.451496][T12940] device hsr_slave_1 entered promiscuous mode [ 391.561127][T13133] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3484'. [ 391.810549][ T4281] Bluetooth: hci1: command 0x0419 tx timeout [ 392.087015][T13154] sp0: Synchronizing with TNC [ 392.149999][ T5395] [ 392.152337][ T5395] ===================================================== [ 392.159347][ T5395] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected [ 392.166805][ T5395] 6.1.148-syzkaller #0 Not tainted [ 392.171910][ T5395] ----------------------------------------------------- [ 392.178813][ T5395] kworker/u4:9/5395 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 392.186689][ T5395] ffffffff8d5911f8 (disc_data_lock#2){.+.+}-{2:2}, at: sixpack_write_wakeup+0x2c/0x460 [ 392.196326][ T5395] [ 392.196326][ T5395] and this task is already holding: [ 392.203739][ T5395] ffffffff96f6cf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 [ 392.212484][ T5395] which would create a new lock dependency: [ 392.218380][ T5395] (&port_lock_key){-.-.}-{2:2} -> (disc_data_lock#2){.+.+}-{2:2} [ 392.226195][ T5395] [ 392.226195][ T5395] but this new dependency connects a HARDIRQ-irq-safe lock: [ 392.235619][ T5395] (&port_lock_key){-.-.}-{2:2} [ 392.235635][ T5395] [ 392.235635][ T5395] ... which became HARDIRQ-irq-safe at: [ 392.248224][ T5395] lock_acquire+0x1b4/0x490 [ 392.252968][ T5395] _raw_spin_lock_irqsave+0xa4/0xf0 [ 392.258241][ T5395] serial8250_handle_irq+0x7a/0x6d0 [ 392.263513][ T5395] serial8250_default_handle_irq+0xb4/0x1a0 [ 392.269495][ T5395] serial8250_interrupt+0x9b/0x1c0 [ 392.274721][ T5395] __handle_irq_event_percpu+0x298/0xa30 [ 392.280419][ T5395] handle_irq_event+0x87/0x1e0 [ 392.285260][ T5395] handle_edge_irq+0x243/0xb20 [ 392.290093][ T5395] __common_interrupt+0xd7/0x1e0 [ 392.295111][ T5395] common_interrupt+0xb0/0xd0 [ 392.299863][ T5395] asm_common_interrupt+0x22/0x40 [ 392.304955][ T5395] _raw_spin_unlock_irqrestore+0xa5/0x100 [ 392.310757][ T5395] uart_write+0x68a/0x910 [ 392.315220][ T5395] n_tty_write+0xd1a/0x11c0 [ 392.319878][ T5395] file_tty_write+0x4dd/0x860 [ 392.324615][ T5395] vfs_write+0x44c/0x960 [ 392.328925][ T5395] ksys_write+0x143/0x240 [ 392.333332][ T5395] do_syscall_64+0x4c/0xa0 [ 392.337836][ T5395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 392.343842][ T5395] [ 392.343842][ T5395] to a HARDIRQ-irq-unsafe lock: [ 392.350933][ T5395] (disc_data_lock#2){.+.+}-{2:2} [ 392.350955][ T5395] [ 392.350955][ T5395] ... which became HARDIRQ-irq-unsafe at: [ 392.363807][ T5395] ... [ 392.363811][ T5395] lock_acquire+0x1b4/0x490 [ 392.371038][ T5395] _raw_read_lock+0x32/0x40 [ 392.375613][ T5395] sixpack_ioctl+0x81/0x540 [ 392.380178][ T5395] tty_ioctl+0x87c/0xba0 [ 392.384482][ T5395] __se_sys_ioctl+0xfa/0x170 [ 392.389148][ T5395] do_syscall_64+0x4c/0xa0 [ 392.393716][ T5395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 392.399724][ T5395] [ 392.399724][ T5395] other info that might help us debug this: [ 392.399724][ T5395] [ 392.410107][ T5395] Possible interrupt unsafe locking scenario: [ 392.410107][ T5395] [ 392.418433][ T5395] CPU0 CPU1 [ 392.423865][ T5395] ---- ---- [ 392.429208][ T5395] lock(disc_data_lock#2); [ 392.433709][ T5395] local_irq_disable(); [ 392.440456][ T5395] lock(&port_lock_key); [ 392.447306][ T5395] lock(disc_data_lock#2); [ 392.454312][ T5395] [ 392.457738][ T5395] lock(&port_lock_key); [ 392.462219][ T5395] [ 392.462219][ T5395] *** DEADLOCK *** [ 392.462219][ T5395] [ 392.470338][ T5395] 6 locks held by kworker/u4:9/5395: [ 392.475701][ T5395] #0: ffff888017479138 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 392.486729][ T5395] #1: ffffc90003e67d00 ((work_completion)(&buf->work)){+.+.}-{0:0}, at: process_one_work+0x7a1/0x1160 [ 392.497746][ T5395] #2: ffff888024690ce8 (&buf->lock){+.+.}-{3:3}, at: flush_to_ldisc+0x34/0x860 [ 392.506857][ T5395] #3: ffff88807845f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 [ 392.516138][ T5395] #4: ffffffff96f6cf68 (&port_lock_key){-.-.}-{2:2}, at: uart_write+0x113/0x910 [ 392.525265][ T5395] #5: ffff88807845f098 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref+0x18/0x80 [ 392.534565][ T5395] [ 392.534565][ T5395] the dependencies between HARDIRQ-irq-safe lock and the holding lock: [ 392.544979][ T5395] -> (&port_lock_key){-.-.}-{2:2} { [ 392.550173][ T5395] IN-HARDIRQ-W at: [ 392.554127][ T5395] lock_acquire+0x1b4/0x490 [ 392.560267][ T5395] _raw_spin_lock_irqsave+0xa4/0xf0 [ 392.567192][ T5395] serial8250_handle_irq+0x7a/0x6d0 [ 392.574106][ T5395] serial8250_default_handle_irq+0xb4/0x1a0 [ 392.581633][ T5395] serial8250_interrupt+0x9b/0x1c0 [ 392.588377][ T5395] __handle_irq_event_percpu+0x298/0xa30 [ 392.595648][ T5395] handle_irq_event+0x87/0x1e0 [ 392.602039][ T5395] handle_edge_irq+0x243/0xb20 [ 392.608432][ T5395] __common_interrupt+0xd7/0x1e0 [ 392.615002][ T5395] common_interrupt+0xb0/0xd0 [ 392.621380][ T5395] asm_common_interrupt+0x22/0x40 [ 392.628142][ T5395] _raw_spin_unlock_irqrestore+0xa5/0x100 [ 392.635537][ T5395] uart_write+0x68a/0x910 [ 392.641526][ T5395] n_tty_write+0xd1a/0x11c0 [ 392.647686][ T5395] file_tty_write+0x4dd/0x860 [ 392.653999][ T5395] vfs_write+0x44c/0x960 [ 392.659872][ T5395] ksys_write+0x143/0x240 [ 392.665830][ T5395] do_syscall_64+0x4c/0xa0 [ 392.671889][ T5395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 392.679437][ T5395] IN-SOFTIRQ-W at: [ 392.683406][ T5395] lock_acquire+0x1b4/0x490 [ 392.689597][ T5395] _raw_spin_lock_irqsave+0xa4/0xf0 [ 392.696424][ T5395] serial8250_handle_irq+0x7a/0x6d0 [ 392.703250][ T5395] serial8250_default_handle_irq+0xb4/0x1a0 [ 392.710770][ T5395] serial8250_interrupt+0x9b/0x1c0 [ 392.717656][ T5395] __handle_irq_event_percpu+0x298/0xa30 [ 392.725060][ T5395] handle_irq_event+0x87/0x1e0 [ 392.731470][ T5395] handle_edge_irq+0x243/0xb20 [ 392.737868][ T5395] __common_interrupt+0xd7/0x1e0 [ 392.744633][ T5395] common_interrupt+0x59/0xd0 [ 392.750968][ T5395] asm_common_interrupt+0x22/0x40 [ 392.757668][ T5395] handle_softirqs+0x1c8/0x920 [ 392.764120][ T5395] __irq_exit_rcu+0x12f/0x220 [ 392.770442][ T5395] irq_exit_rcu+0x5/0x20 [ 392.776334][ T5395] sysvec_apic_timer_interrupt+0xa0/0xc0 [ 392.783625][ T5395] asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 392.791435][ T5395] default_idle+0xb/0x10 [ 392.797322][ T5395] default_idle_call+0x84/0xc0 [ 392.803723][ T5395] do_idle+0x1fc/0x570 [ 392.809423][ T5395] cpu_startup_entry+0x3f/0x60 [ 392.815819][ T5395] rest_init+0x2dc/0x300 [ 392.821696][ T5395] start_kernel+0x0/0x539 [ 392.827653][ T5395] start_kernel+0x490/0x539 [ 392.833807][ T5395] secondary_startup_64_no_verify+0xcf/0xdb [ 392.841348][ T5395] INITIAL USE at: [ 392.845216][ T5395] lock_acquire+0x1b4/0x490 [ 392.851261][ T5395] _raw_spin_lock_irqsave+0xa4/0xf0 [ 392.858092][ T5395] serial8250_do_set_termios+0x544/0x17d0 [ 392.865356][ T5395] uart_set_options+0x3c2/0x5d0 [ 392.871753][ T5395] serial8250_console_setup+0x2ce/0x3a0 [ 392.879013][ T5395] univ8250_console_setup+0xe9/0x180 [ 392.885865][ T5395] try_enable_preferred_console+0x48a/0x600 [ 392.893340][ T5395] register_console+0x1b0/0x9c0 [ 392.899764][ T5395] univ8250_console_init+0x41/0x43 [ 392.906537][ T5395] console_init+0x1bc/0x78e [ 392.912617][ T5395] start_kernel+0x303/0x539 [ 392.918661][ T5395] secondary_startup_64_no_verify+0xcf/0xdb [ 392.926217][ T5395] } [ 392.928732][ T5395] ... key at: [] port_lock_key+0x0/0x20 [ 392.936462][ T5395] [ 392.936462][ T5395] the dependencies between the lock to be acquired [ 392.936470][ T5395] and HARDIRQ-irq-unsafe lock: [ 392.950089][ T5395] -> (disc_data_lock#2){.+.+}-{2:2} { [ 392.955462][ T5395] HARDIRQ-ON-R at: [ 392.959421][ T5395] lock_acquire+0x1b4/0x490 [ 392.965567][ T5395] _raw_read_lock+0x32/0x40 [ 392.971728][ T5395] sixpack_ioctl+0x81/0x540 [ 392.977876][ T5395] tty_ioctl+0x87c/0xba0 [ 392.983750][ T5395] __se_sys_ioctl+0xfa/0x170 [ 392.989969][ T5395] do_syscall_64+0x4c/0xa0 [ 392.996011][ T5395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 393.003649][ T5395] SOFTIRQ-ON-R at: [ 393.007607][ T5395] lock_acquire+0x1b4/0x490 [ 393.013737][ T5395] _raw_read_lock+0x32/0x40 [ 393.019873][ T5395] sixpack_ioctl+0x81/0x540 [ 393.025999][ T5395] tty_ioctl+0x87c/0xba0 [ 393.031868][ T5395] __se_sys_ioctl+0xfa/0x170 [ 393.038088][ T5395] do_syscall_64+0x4c/0xa0 [ 393.044126][ T5395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 393.051675][ T5395] INITIAL USE at: [ 393.055546][ T5395] lock_acquire+0x1b4/0x490 [ 393.061677][ T5395] _raw_write_lock_irq+0x9f/0xe0 [ 393.068160][ T5395] sixpack_close+0x28/0x290 [ 393.074208][ T5395] tty_ldisc_kill+0xa6/0x1a0 [ 393.080357][ T5395] tty_ldisc_release+0x170/0x200 [ 393.086850][ T5395] tty_release_struct+0x26/0xd0 [ 393.093241][ T5395] tty_release+0xc72/0x1600 [ 393.099282][ T5395] __fput+0x22c/0x920 [ 393.104815][ T5395] task_work_run+0x1ca/0x250 [ 393.111123][ T5395] exit_to_user_mode_loop+0xe6/0x110 [ 393.117951][ T5395] exit_to_user_mode_prepare+0xb1/0x140 [ 393.125039][ T5395] syscall_exit_to_user_mode+0x16/0x40 [ 393.132041][ T5395] do_syscall_64+0x58/0xa0 [ 393.138013][ T5395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 393.145451][ T5395] INITIAL READ USE at: [ 393.149756][ T5395] lock_acquire+0x1b4/0x490 [ 393.156245][ T5395] _raw_read_lock+0x32/0x40 [ 393.162723][ T5395] sixpack_ioctl+0x81/0x540 [ 393.169205][ T5395] tty_ioctl+0x87c/0xba0 [ 393.175420][ T5395] __se_sys_ioctl+0xfa/0x170 [ 393.182073][ T5395] do_syscall_64+0x4c/0xa0 [ 393.188551][ T5395] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 393.196423][ T5395] } [ 393.198898][ T5395] ... key at: [] disc_data_lock+0x18/0x100 [ 393.206791][ T5395] ... acquired at: [ 393.210662][ T5395] _raw_read_lock+0x32/0x40 [ 393.215319][ T5395] sixpack_write_wakeup+0x2c/0x460 [ 393.220578][ T5395] tty_wakeup+0xb4/0xf0 [ 393.224882][ T5395] tty_port_default_wakeup+0x9e/0xf0 [ 393.230407][ T5395] serial8250_tx_chars+0x629/0x830 [ 393.235671][ T5395] serial8250_start_tx+0x6a9/0x8a0 [ 393.241021][ T5395] uart_write+0x67d/0x910 [ 393.245505][ T5395] sixpack_receive_buf+0x438/0x1430 [ 393.250859][ T5395] tty_ldisc_receive_buf+0x113/0x150 [ 393.256304][ T5395] tty_port_default_receive_buf+0x69/0x90 [ 393.262262][ T5395] flush_to_ldisc+0x2f7/0x860 [ 393.267105][ T5395] process_one_work+0x898/0x1160 [ 393.272316][ T5395] worker_thread+0xaa2/0x1250 [ 393.277142][ T5395] kthread+0x29d/0x330 [ 393.281449][ T5395] ret_from_fork+0x1f/0x30 [ 393.286020][ T5395] [ 393.288322][ T5395] [ 393.288322][ T5395] stack backtrace: [ 393.294205][ T5395] CPU: 0 PID: 5395 Comm: kworker/u4:9 Not tainted 6.1.148-syzkaller #0 [ 393.302433][ T5395] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 393.312665][ T5395] Workqueue: events_unbound flush_to_ldisc [ 393.318462][ T5395] Call Trace: [ 393.321732][ T5395] [ 393.324646][ T5395] dump_stack_lvl+0x168/0x22e [ 393.329310][ T5395] ? load_image+0x3b0/0x3b0 [ 393.333889][ T5395] ? show_regs_print_info+0x12/0x12 [ 393.339093][ T5395] ? load_image+0x3b0/0x3b0 [ 393.343594][ T5395] ? print_shortest_lock_dependencies+0xf0/0x160 [ 393.349905][ T5395] __lock_acquire+0x660b/0x7c50 [ 393.354740][ T5395] ? verify_lock_unused+0x140/0x140 [ 393.359917][ T5395] lock_acquire+0x1b4/0x490 [ 393.364413][ T5395] ? sixpack_write_wakeup+0x2c/0x460 [ 393.369678][ T5395] ? read_lock_is_recursive+0x10/0x10 [ 393.375027][ T5395] ? ldsem_down_read_trylock+0x134/0x190 [ 393.380662][ T5395] ? tty_ldisc_ref+0x18/0x80 [ 393.385232][ T5395] ? __ldsem_down_read_nested+0x7d0/0x7d0 [ 393.390924][ T5395] ? sixpack_receive_buf+0x1430/0x1430 [ 393.396358][ T5395] _raw_read_lock+0x32/0x40 [ 393.400844][ T5395] ? sixpack_write_wakeup+0x2c/0x460 [ 393.406103][ T5395] sixpack_write_wakeup+0x2c/0x460 [ 393.411208][ T5395] ? sixpack_receive_buf+0x1430/0x1430 [ 393.416642][ T5395] tty_wakeup+0xb4/0xf0 [ 393.420801][ T5395] tty_port_default_wakeup+0x9e/0xf0 [ 393.426065][ T5395] serial8250_tx_chars+0x629/0x830 [ 393.431153][ T5395] serial8250_start_tx+0x6a9/0x8a0 [ 393.436242][ T5395] uart_write+0x67d/0x910 [ 393.440552][ T5395] sixpack_receive_buf+0x438/0x1430 [ 393.445731][ T5395] ? ldsem_down_read_trylock+0x134/0x190 [ 393.451341][ T5395] ? sixpack_ioctl+0x540/0x540 [ 393.456077][ T5395] tty_ldisc_receive_buf+0x113/0x150 [ 393.461356][ T5395] tty_port_default_receive_buf+0x69/0x90 [ 393.467064][ T5395] flush_to_ldisc+0x2f7/0x860 [ 393.471725][ T5395] ? process_one_work+0x7a1/0x1160 [ 393.476814][ T5395] process_one_work+0x898/0x1160 [ 393.481737][ T5395] ? worker_detach_from_pool+0x240/0x240 [ 393.487362][ T5395] ? _raw_spin_lock_irq+0xab/0xe0 [ 393.492367][ T5395] ? _raw_spin_lock_irqsave+0xf0/0xf0 [ 393.497817][ T5395] ? kthread_data+0x4b/0xc0 [ 393.502301][ T5395] worker_thread+0xaa2/0x1250 [ 393.506973][ T5395] kthread+0x29d/0x330 [ 393.511020][ T5395] ? worker_clr_flags+0x1a0/0x1a0 [ 393.516040][ T5395] ? kthread_blkcg+0xd0/0xd0 [ 393.520608][ T5395] ret_from_fork+0x1f/0x30 [ 393.525032][ T5395] [ 393.557625][T12940] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 393.574946][T12940] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 393.585029][T12940] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 393.623444][T12940] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 393.804009][T12940] 8021q: adding VLAN 0 to HW filter on device bond0 [ 393.829261][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 393.838025][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 393.849945][T12940] 8021q: adding VLAN 0 to HW filter on device team0 [ 393.865332][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 393.879952][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 393.899923][ T5395] bridge0: port 1(bridge_slave_0) entered blocking state [ 393.907114][ T5395] bridge0: port 1(bridge_slave_0) entered forwarding state [ 393.940956][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 393.949269][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 393.958751][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 393.969102][ T5395] bridge0: port 2(bridge_slave_1) entered blocking state [ 393.976281][ T5395] bridge0: port 2(bridge_slave_1) entered forwarding state [ 393.986927][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 393.996190][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 394.006193][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 394.015434][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 394.040010][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 394.048532][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 394.057665][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 394.067929][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 394.076860][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 394.086306][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 394.094949][ T5395] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 394.105109][T12940] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 394.298864][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 394.308445][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 394.324931][T12940] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 394.581389][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 394.591910][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 394.608938][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 394.618398][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 394.627679][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 394.635932][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 394.645667][T12940] device veth0_vlan entered promiscuous mode [ 394.655748][T12940] device veth1_vlan entered promiscuous mode [ 394.686234][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 394.695802][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 394.705914][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 394.714781][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 394.726795][T12940] device veth0_macvtap entered promiscuous mode [ 394.742796][T12940] device veth1_macvtap entered promiscuous mode [ 394.764508][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.776234][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.789249][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.800176][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.810000][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.820768][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.830785][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 394.843359][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.854502][T12940] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 394.864143][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 394.873995][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 394.885241][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 394.895189][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 394.907985][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.920717][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.933120][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.943595][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.953560][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.964015][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.973952][T12940] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 394.986606][T12940] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 394.997442][T12940] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 395.021397][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 395.031964][ T5442] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 395.044720][T12940] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.054834][T12940] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.065042][T12940] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.074757][T12940] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 395.107446][T12940] ieee80211 phy13: Selected rate control algorithm 'minstrel_ht' [ 395.133434][ T5442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.146034][T12940] ieee80211 phy14: Selected rate control algorithm 'minstrel_ht' [ 395.154710][ T5442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.166943][ T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 395.184703][ T46] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 395.193740][ T46] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 395.201881][ T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready