last executing test programs: 7.813957439s ago: executing program 2 (id=3335): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/tcp6\x00') pread64(r0, &(0x7f00000000c0)=""/169, 0xa9, 0x4fd7) 7.659645581s ago: executing program 2 (id=3337): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000000)='kfree\x00', r0, 0x0, 0x1}, 0x18) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_usb_connect$uac1(0x4, 0x71, &(0x7f0000000580)=ANY=[], 0x0) close_range(r2, 0xffffffffffffffff, 0x200000000000000) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000380)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffa) add_key$fscrypt_provisioning(&(0x7f00000000c0), &(0x7f0000000180)={'syz', 0x3}, &(0x7f00000001c0)={0x3, 0x0, @c}, 0x29, r4) r5 = add_key$keyring(&(0x7f0000000100), &(0x7f00000000c0)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) keyctl$unlink(0x9, r5, r5) keyctl$revoke(0x3, r5) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="0500000004000000df7f0000010000", @ANYRES32, @ANYBLOB='\x00'/19, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000000000000000006800000000000000006f6ce54c0000000000"], 0x48) keyctl$join(0x1, 0x0) r7 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x4, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000000070000000000001f000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x4, 0x0, 0x0, 0x41100}, 0x94) r8 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r7}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) r9 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) dup(r9) syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800, &(0x7f00000009c0)={[{@errors_remount}, {@debug}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5e}}, {@noauto_da_alloc}, {@bsdgroups}, {@jqfmt_vfsv1}, {@abort}, {@data_err_ignore}]}, 0x2, 0x476, &(0x7f0000000540)="$eJzs3M1vFOUfAPDvzLblx2v7Q3wBUavE2PjS0oLKwYtGEw8YTfSAN2tbCKFQQ2sihEg1Bi8mhkTP6tHEv8CbF6OeTLzq3ZAQ5QJ6qpnZmbK7dLctLLuF/XySZZ9n5pl9nm9nnp1n5pklgJ41nP2TRGyLiN8jYrCarS8wXH27duXc1D9Xzk0lsbT05l9JXu7qlXNTZdFyu61FZiSNSD9JikrqzZ85e2JydnbmdJEfWzj53tj8mbPPHD85eWzm2MypiUOHDh4Yf/65iWfbEmcW19U9H87t3f3q2xdfmzpy8d2fv8vau61YXxtHg00N72s2nAX+91JueWFafXt83RFsbNtr0klfFxvCulQiIttd/Xn/H4xKXN95g/HKx11tHHBbZeemFie2xSXgLpZEt1sAdEd5os+uf8tXh4YeG8LlF6sXQFnc14pXdU1feameXxttv031D0fEkcV/v8pe0fo+BABAW3w29eXheHql8V8a99WU21HMoQxFxP8jYmdE3BMRuyLi3oi87P0R8cDqVaa1mcapoRvHP+mlmw5uDbLx3wvF3Fb9+G+5mUOVIrc9j78/OXp8dmZ/8TcZif5NWX68RR0/vPzb583W1Y7/sldWfzkWLNpxqa/hBt305MJkPihtg8sfRezpWyn+ZHkmIImI3RGxZ30fvaNMHH/y273NCq0efwttmGda+ibiier+X4yG+EtJ6/nJsf/F7Mz+sfKouNEvv154o1n9txR/G2T7f0v98d9YZCipna+dX38dF/74tOk1zc0e/wPJW/m2A8WyDyYXFk6PRwwkh/N83fKJ69uW+bJ8Fv/IvpX7/85imyz+ByMiO4gfioiHI+KRou2PRsRjEbGvRfw/vdR8XX38m7d1Y/9PN3z/bc7XLB//Dft//YnKiR+/X7n2r99Z2/4/mKdGiiX5998q1trAW/zzAQAAwB0hzZ+BT9LR5XSajo5Wn+HfFVvS2bn5haeOzr1/arr6rPxQ9Kflna7Bmvuh48li8YnV/ERxr7hcf6C4b/xFZXOeH52am53ucuzQ67Y26f+ZPyvdbh1w2600jzYx0IWGAB3X2P/T+uz51zvZGKCjmj5Hs6Wz7QA6b5Xn6NJOtQPoPP9fC/Sulfr/+Ya8uQC4Ozn/Q+/S/6F36f/Qu/R/6Emr/Ui+cou//Ze44xLJ2gpH2v2mboxEf0S05QMHNkQ4RaLb30wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADt8V8AAAD//5qI6jE=") open(&(0x7f0000000340)='./file0\x00', 0x20000, 0x0) open(&(0x7f00000000c0)='./file0\x00', 0x4000, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x11, 0xc, &(0x7f00000004c0)=ANY=[@ANYRESOCT=r1, @ANYRES32=r6, @ANYRES16=r8], &(0x7f0000000240)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getrusage(0x1, &(0x7f00000003c0)) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000380)="39000000130003475fae7cdac52541300600000001000000450000002500000019001900040002000200000000000006040000000000000000", 0x39}], 0x1) 4.922121827s ago: executing program 0 (id=3346): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000340)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000180)=0x10) getsockopt$inet_sctp_SCTP_MAX_BURST(0xffffffffffffffff, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x83, &(0x7f0000000040)={r1}, 0x8) 4.471757845s ago: executing program 3 (id=3350): bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000b80)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$IPVS_CMD_SET_SERVICE(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000140)={0xc8, 0x0, 0x101, 0x70bd2c, 0x25dfdbfd, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x100}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x80}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x1}, @IPVS_CMD_ATTR_SERVICE={0x3c, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv4=@remote}, @IPVS_SVC_ATTR_PE_NAME={0x8}, @IPVS_SVC_ATTR_ADDR={0x14, 0x3, @ipv6=@loopback}]}, @IPVS_CMD_ATTR_DAEMON={0x60, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x3}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @rand_addr=0x64010102}, @IPVS_DAEMON_ATTR_SYNC_ID={0x8, 0x3, 0x2}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'hsr0\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @private1}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0x8}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_to_bridge\x00'}]}]}, 0xc8}, 0x1, 0x0, 0x0, 0x80}, 0x1) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000"], 0x48) syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file2\x00', 0x2000410, &(0x7f0000000000)={[{@bsdgroups}, {@jqfmt_vfsv1}]}, 0xc1, 0x7da, &(0x7f0000000fc0)="$eJzs3c1rG80dAODfyh+ynbR2odAmJ0OhNYTIdeomLfSQ0kMpNBBoz02MrJjUshUsOcTGEOdQ6KXQlh4K7SXnfqSHQq/9uLb/ROmhJITWMW/e04tediX5U5LtxJId/Dyw2pnd2Z0Z7ezsSLtIAVxYk+lLLuJKRPw8iRhvLk8iYigLDUbcbqR7u7VRTKck6vUf/C/J0vz50u6+kub8UjPyxYj4+08iruUO5jranJdLK83QdG3p0XR1bf36w6W5hdJCafnmzOzsjVtfv3Xz8Fbv6qN/rV9+9YvvfuWPtwfjCy9+9o8kbsfl5rrtrY3ie+7+kMmYbL4nQ+lbuM93TjuzM5acdQF4J+mpOdA4y+NKjMdAFurgfU9AAOBceBoRdQDggklc/wHggml9D7C9tVFsTWf7jUR/vf52RIw06t+6v9lYM9i8ZzeS3Qcd20723RlJImLiFPKfjIjf/uVHv0+n6NF9SIB2Np9FxP2Jye2t/IH+P0n7v+Gj95DvuOar3TarN7abPLBY/wf989d0/PONw+O/qzsP9IxkrwfGPyP5Nufuuzj6/M+97LDpMfqmo6Xjv2/tebZtd/y389DaxEAz9plszDeUPHhYLqV922cjYiqG8ml8Jkva/imoqTefvOmU/97x3/9/+ePfpfmn890UuZeD+aiP79lmfq42dwpVz7x+FnF1sF39k53xb9Jh/Hu34173H5rvffOnv+mUMq1/Wt/WdLj+vVV/HvHltsd/91gmXZ9PnM6aw3SrUbTxp//8eqxT/rvHP5/N0/xbnwX6IT3+Y93rP5GGqmvri3PlcmmlevI8/vl8/G+d1u1t/+3rn7X/fdL2P5z8MAu3WtqTuVptZSZiOPn+4eU3drdtxVvp0/pPfan9+d+p/eeaz8be34l1N/hq+A/NXbWtf2azU/17K63//ImOf5dAvbnNgVUv3i4OdMr/eMd/NgtNNZccp/87oqTv0ZoBAAAAAAAAAAAAAAAAAAAAAAAA4ORyEXE5klxhJ5zLFQqN//D+fIzlypVq7dqDyuryfGT/lT0RQ7nWT12O7/k91Jnm7+G34jcOxL8WEZ+LiF/lR7N4oVgpz5915QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg6dL+//9/ms4Khca6/+bPunQAQM+MnHUBAIC+c/0HgIvnZNf/0Z6VAwDonxN//q8nvSkIANA3x77+3+9tOQCA/nH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgB67e+dOOtU/3toopvH5x2uri5XH1+dL1cXC0mqxUKysPCosVCoL5VKhWFnquKPNxqxcqTyajeXVJ9O1UrU2XV1bv7dUWV2u3Xu4NLdQulca6lvNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD4qmvri3PlcmlFoEtgtDR6HopxjgKDcS6KcSiw+e+hrF13TRwTH0zjH+6SJjnNvEYPLtnbS4yeSd8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8CH4NAAA//9RvRhH") r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) futex(&(0x7f000000cffc)=0x1, 0x86, 0x2, 0x0, 0x0, 0xfffffffc) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x4, 0x80, 0x8, 0x9eea, 0x2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @remote, 0x80, 0x17fc8, 0x3, 0x10}}) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000780)={{{@in6, @in6=@remote}}, {{@in=@multicast1}, 0x0, @in6=@local}}, &(0x7f00000005c0)=0xe8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x28011, r2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, &(0x7f0000000300)=0x2) 4.277708488s ago: executing program 3 (id=3352): r0 = syz_open_procfs(0x0, &(0x7f0000000580)='attr/exec\x00') mount$9p_fd(0x0, &(0x7f0000000100)='.\x00', &(0x7f0000000040), 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r0]) r1 = syz_io_uring_setup(0x2e3b, &(0x7f0000000240)={0x0, 0x69e5, 0x10000, 0x0, 0x295, 0x0, r0}, &(0x7f00000003c0), &(0x7f0000001040)) io_uring_enter(r1, 0x567, 0xa1ff, 0x0, 0x0, 0x0) 4.213398849s ago: executing program 3 (id=3353): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, 0xffffffffffffffff}, 0x4) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000900)={0x11, 0x10, &(0x7f0000000a40)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70500000800000085000000b600000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10) capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) setrlimit(0x40000000000008, &(0x7f0000000080)={0x0, 0x6}) r3 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r3, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$inet(r3, &(0x7f0000000780)=[{{&(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac1414aaffffffff0000000010000000000000000000000007"], 0x30}}], 0x1, 0x4008804) 4.15156315s ago: executing program 2 (id=3354): r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='net/tcp6\x00') pread64(r0, &(0x7f00000000c0)=""/169, 0xa9, 0x4fd7) 4.132164811s ago: executing program 3 (id=3355): bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r2, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r3 = io_uring_setup(0x1fc4, 0x0) r4 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r6 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r6, 0xffff) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001e80)=ANY=[@ANYBLOB="cb16000210010000b70700000100f0ff5070000000000000480000000820000095000000000000002ba7e1d30c04aa8b3382022ce2a1d97411a0f6b599e83f24a3aa81d36bb7019c13bd23212fb56f040026fbfefc4a056bdc17487902317142fac7e7be168c1886d0d4d94f2f4eb45c652fbc1626cca2a28d67893547db51ee988e6e06c8cedf7ceb9fc40400ae5e4aa74c92c6a51cbf9b0a4def23d410f6accd364158a4591c559f76c0130bfc4e90a6341865c3f5ab3e89cf6c662ed4148d3b3e22278d00031e5388ee5c867de2c6211d6ececb0c18ce74c4dae15cb7947c491b8bea3fd2f73902ebcfcf4982277d9800011b405bbf7b02433a9bcd715f5888b2007f000000001c000000010000000000000600000000309329170ee5b567e70f00c484d339c480f70006a10f58fa64533500000000000000000000000031000000000000001208e75a89faffbfb11b7dc6ea31001e846c12423a169f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bc24fef5d7d617de7a6520655a80d0900f4d433623c850af895abba14f6fbd7fbad1f98e26ad4deaf1a4f294b2a431ab9142f3a06d54740a4bc5e3abd378af7c9676a08ef74c48785f895b4ec8d1141d5e8744d7f09ab4df6027bf48cabecead649f96ea24d3287a7b01ab84d336f3c0f45a0642d6f2c494160cb7f46ce680eeb80157eb23f9902519ac655fa73103170cbc496d7122034b85e7e87a2db762cbb253fbd76b9117c1a11d18aa2040c5f0c289906000000000000005ffe91ff799a11d9b219c00c369a12bf8685b862d0dbdd956cbda1bae489bcef5ae59136aaadc59609f4d42617c0e6066938b521a0f2e2467a6c435ad5b800262a5da053ced5e95394e500000072737638ac44fb61310e2df511c60b3c88113996a81fb64bce5eb95ce91738640ff7ae6ed6b62086e699955926934389cdf9bcffff3ffd86fe9ce05268bf8a3958f2206cdc7095682c14f10be1075832956762b2dcc6251e7b74cb1da627e332765511c58215bf84d253e8778e6e8ffe4ea50b076446f35efffc806b340658342d2d9e1ef68c6ef3e98407d2fcefb34a0000000000000000895ddbb76122b1222e4da37177fe833e4fcaa67997e92a206ebd085bd9f90008d3fdd528efe6c1dca17f45ba5e8bd3153a0077bb43f8a63dd390d18f0239b41da1a52383a4c6768ca1bb66b8fb3c5000f6f246fd20356a60769b461b6cdf133de073b1df08ae09268b0073bb97d88d741a5546e76caf4b6b1387ff37ec13d262dae0260be74cdf7bb6d3107597430ef5bbd476bb9d69b2aef9f3cb644b4bf01ccf16d40720939daf2af469bdfb361b9c015dd026fd0fffe3c66f5c343afb78a7cfd852f3e05c089887d7df2ff4f9982030019421af6b78ff9c444a17091875cfe4eab0e7f50eb69c860b1613a6b4f5af04f9c635d8d646c89f8b85f820ce7464c731deba39f9ff7b815f7b0acba754c01ed8bf1bba0010a8c6a2b966d861f9dd547abf2e9b23e5607f00f80b58fd76e4bc46c84799aa792cdaeb6cfb858e577dacff607ba513250e13ae696cd6ed7d318190a93b9ee07927efca6b8d1f5980994690bbe002db5146439d906a0d4aef065214b15666cdca81091b69acee2c7ce0821fc19e0891f0b53469f935c5ac420100010000000000fb53faf4420638489e6a1c696d8c414a87b60000000000080000b6be15579518540000bc2d061827ae6349a045b780893771524a424335b9fc34616ee9f09141057262530b7c2f7c9b969938779736ece7b470078ac0b1b4b528000000009866e99948a9096672ec9f3800c2fc35ba6516e542624c47bdba76a816c3a3dd6c3fa87a3ec91df199a9af91a7babf2b8d0e7b77e6dfb4bbc9817847b705000000a1000000000000ab8353f3800f045b90b0eaab6d731199c9447eabbc8c740183aff5389742e47de5000000826a570d14310700cf2ae3366ebdb7f1000000000000333c00e6addbf4c71ffad6bfb5babb49109f92a5a52042c425190a6e3f1a8a3abfe6059da9c952cf35c98ce7616355493d280f2d0be99e18fd0900c769e7eb4edc1c03a33676080000007229e0237c1e34641848531712ff09e89fb062a3e66f4f3c9d7a7fc9aab1ced0ae679733830039cb61ea0691f0b4e0b33194404e643243c3841e1e7fe301f7f47a7f89512d92e83624e3de705bdfbfd0e5e381398e9d5428a00cc8a6d097d97e6ac8bd09b1a5577920a650114a522c1e2dcdc4f606fcbcee91770a9fada34d38cd7976a9228a0a0dd8661be8162e966aac26bea4c11458cd6ce22ddf7054cdd0a60ef3ec000000000000000000425cb75dc7ec92e9a5d29f9c99697d2a98ae0a9f35e4196c3faeb7a690bf897846f6f0f1c163d6075119169d55d10da9ad0e4b2c636d200000009baaf94e2b2c48e70d8453f832eecfb1de2a3f38a5c986de9e37737dac74db251d5e9ea2b8ed39e91a7a17d01b49f7aaff7c4c73c3484bdcab362838ed940035b270a3646ef55b9f070ae14466b3acef9f8b28fb938a237e2e068ae4a6bce4407b54cc14614c2cdf877f000000000000000000000000bdcf23144e6c16b9235552aed83b6428f34d88c258a9ad16386bba51b60838fb11bc193a206b5a25b7233b222e4e68e0d1e88f26b9a45b6c29469530a37ea92aaf421cdcc1f594ecfaff9a79b56f8b380380020000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) fcntl$addseals(r6, 0x409, 0x7) r7 = ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f00000002c0)={r6, 0x0, 0x0, 0x8000}) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x9, 0x3, 0x2f0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x278, 0xffffffff, 0xffffffff, 0x278, 0xffffffff, 0x3, &(0x7f0000000080), {[{{@ipv6={@mcast2, @mcast2, [0xffffffff, 0xffffff00, 0xff], [0xff000000, 0xff, 0xffffffff, 0xff000000], 'veth0_virt_wifi\x00', 'veth0_virt_wifi\x00', {0xff}, {}, 0x3a, 0x5, 0x0, 0x28}, 0x0, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x9, 0xf6, {0x938f}}}}, {{@uncond, 0x0, 0xd8, 0x138, 0x0, {}, [@common=@frag={{0x30}, {[0x0, 0x39], 0x9, 0x0, 0x1}}]}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, [0xffffff00, 0xff, 0xff], 0x4e20, 0x4e23, 0x4e20, 0x4e21, 0x1, 0xa1a9, 0x7, 0x7, 0x2f}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x350) r8 = fcntl$dupfd(r7, 0x0, r7) r9 = socket$nl_route(0x10, 0x3, 0x0) r10 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r10, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r9, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r11, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x4) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r8}) syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000fe07124081173809499b0102030109022400010010000009040000028b86470009040000000000000009"], 0x0) r12 = socket(0x2, 0x5, 0x0) sendmmsg$inet_sctp(r12, &(0x7f0000000bc0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000001c0)=[{0x0}], 0x1, &(0x7f0000000140)=ANY=[@ANYBLOB="30000000000000008400000001000000000000000c0000000000000000002b0388edb6556900"/50, @ANYRES32=0x0], 0x30}], 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_SET_VLAN_INGRESS_PRIORITY_CMD(r1, 0x8983, &(0x7f0000000240)={0x2, 'veth1_to_bridge\x00', {0x7}}) close_range(r3, 0xffffffffffffffff, 0x0) 4.096469621s ago: executing program 2 (id=3356): r0 = socket$kcm(0x11, 0x200000000000002, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, &(0x7f0000000480)=ANY=[@ANYBLOB="7a0af8ff75253073bfa100000000000007010000f9ffffffb702000005000000bf130000000000008500000023000000b700000000000000950000ff00000000b2595285faa6ead0169191d54f81d9217fc560e2fc91f6da4dad4fdc2eb1b5986fc4a3f611a7c8edd3aa5d6ee7ab10b1a297cf52866651ddd73f30f2382f6cda4bfdd45be583823c0f09621f3c1c65ee19ee875daf45006a4c4ea5e15b2f9618d547244a22000000000098045f785a1292fcb8c1d3079a00db453620ce72d75946c2b638d91dbef661935839c77edf2d34b12cd48a1b20fb7dd8430a19f2c50d77bc0ea9b0af58e604f4942eb613eff28902010045ef76d7d864409ef2dc9518a09f4886afc26abba34635d0e8b598a51bc7421d33fe226c944bc76be40d435aa8b5208ff0df2db7619a12df6bee431a668135b8214afa5827b56a8074bf1e6cf5d84b35a3a3a4c66824fe12dbe20fcf50a194185b9e2d8b815fedb0d982936156be34dda66fb977aef7c9cb92428ef25d9bf665bd60020500000000000000abe4cb8d826e1ec03cc492f5cad6227c94fea467aea7fa8b58abc37056433edf43fba5566a3e02200b95941d34ac81fd48f9b7314ffa730017f3d37fdb23bc26992529402a520ef67e246415a697a95ca3314ded0d8a24abd57e042888a9141ab4e6c6b939aaefc248791464970c43120211b9bc82a85cd2fc18f535c7986c2d52ba62f74f000000000080c4adf75a0a108585e9b2000000000000000000000074054d643c2b5692d8304a23eaf9153c457ae5bbe49b3c164461470a452bd357fa62341c759dc21b45a06ec414cadf9695d0"], &(0x7f0000000100)='GPL\x00'}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000300)=r1, 0x4) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x1c1842, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000100)) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_devices(r2, &(0x7f0000000440)=ANY=[@ANYBLOB="1e03f2003c5ca601288763"], 0xffdd) 3.939631494s ago: executing program 0 (id=3357): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==") openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) 3.863788475s ago: executing program 0 (id=3358): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) close(r1) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x7a, 0x0, 0x0, 0x41000, 0x44, '\x00', 0x0, @cgroup_sysctl=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r4}, &(0x7f0000000340), &(0x7f0000000300)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000100)='kmem_cache_free\x00'}, 0x18) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}, 0x1, 0x0, 0x0, 0x1}, 0x0) writev(r0, &(0x7f0000000040)=[{&(0x7f0000000100)="89e7ee2c78dad9b4b473fec988cafb", 0x240}], 0x1) 1.15972654s ago: executing program 1 (id=3368): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100001700000000000000ff000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000002007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008002010b704000000000000850000000100000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = openat$nci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) sendto$llc(r3, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x1a, 0x0, 0x0, 0x9, 0xfd}, 0x10) close_range(r2, 0xffffffffffffffff, 0x200000000000000) 1.048065022s ago: executing program 1 (id=3369): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f00000002c0)={[{@noquota}, {@nobh}]}, 0x1, 0x786, &(0x7f00000020c0)="$eJzs3c9rHGUfAPDvbJKmTfu+yQsvaL0YEDRQmpgaWwWFigcRLBT0bLtstqFmky3ZTWlCQIsIXgQVD4JeevLgj3rz6o+r/hcexFI1LVY8SGQ2s+2m2U03abIbzecDk32emdl8n+/Or2d3hpkA9qzh9E8u4nBEvJtEDGbjk4joq5V6I06uzndreamQDkmsrLz8a1Kb5+byUiEa3pM6mFUejIhv34o4klsft7KwOJ0vlYpzWX2sOnNhrLKwePT8TH6qOFWcPT4+MXHsxJMnjm9frr//sHjo2nsvPPbFyT/ffODqO98lcTIOZdMa89iyZ9dWh2M4+0z60o9wjefvO9juknS7AWxJumn2rG7lcTgGo6dWAgD+zV6PiBUAYI9JHP8BYI+p/w5wc3mpUB+6+4tEZ11/LiL2r+ZfP7+5OqU3O2e3v3YedOBmsubMSBIRQ9sQfzgiPv7q1c/SIbbrPCRAG964HBFnh4bX7/+TddcsbNbjG0zbl70O3zU+je8MNHTG12n/56lm/b/c7f5PNOn/9DfZdrei2fa/ZsSBbQiygeufRDzTcG3brYb8M0M9We0/tT5fX3LufKmY7tv+GxEj0def1sc3iDFy468braY19v9+e/+1T9P46eudOXI/9/avfc9kvpq/n5wbXb8c8VBvs/yT28s/adH/Pd1mjBeffvujVtPS/NN868P6/CO7OmlnrFyJeLTp8r9zRVuy4fWJY7XVYay+UjTx5Y8fDrSK37j80yGNX/8u0Anp8h/YOP+hpPF6zcrmY3x/ZfCbVtPunX/z9X9f8kqtXO9HXMpXq3PjEfuSl9aPP3bnvZfyD2el1fnT/Eceab79b7T+p98Jz7aZf++1Xz7fev47K81/clPLf/OFq7eme1rFb2/5T9RKI9mYdvZ/7Tbwfj47AAAAAAAAAAAAAAAAAAAAAAAAAGhXLiIORZIbvV3O5UZHV5/h/f8YyJXKleqRc+X52cmoPSt7KPpy9VtdDjbcD3U8ux9+vX7srvoTEfG/iPig/0BSv4/iZJdzBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC6gy2e/5/6qb/brQMAdsz+bjcAAOg4x38A2Hsc/wFg72nv+N+z4+0AADrH938A2Hsc/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANhhp0+dSoeVP5aXCml98uLC/HT54tHJYmV6dGa+MFooz10YnSqXp0rF0UJ55l7/r1QuX5iI2flLY9VipTpWWVg8M1Oen62eOT+TnyqeKfZ1JCsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2JzKwuJ0vlQqzilsobCyO5rR/UJPtjrtlvZ0tJDsjmZsc6HLOyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf4i/AwAA//+3ACFj") r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000007c0), 0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, 0x0) 888.890095ms ago: executing program 1 (id=3370): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x59dc6d71776a1654}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x18) 656.772628ms ago: executing program 1 (id=3371): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000000085000000040000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_genetlink_get_family_id$smc(&(0x7f0000000000), 0xffffffffffffffff) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000300)={0x40, r0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}, @SMC_PNETID_NAME={0x9, 0x1, 'syz0\x00'}, @SMC_PNETID_IBNAME={0x9, 0x3, 'syz1\x00'}]}, 0x40}}, 0x0) sendmsg$SMC_PNETID_DEL(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={0x50, r0, 0xe27, 0x70bd28, 0x0, {0x4, 0x7, 0x2}, [@SMC_PNETID_ETHNAME={0xffffffffffffff6f, 0x2, 'team_slave_1\x00'}, @SMC_PNETID_IBPORT={0x0, 0x4, 0x2}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'wlan1\x00'}, @SMC_PNETID_IBPORT={0x5, 0x4, 0x2}]}, 0x50}, 0x1, 0x40030000000000}, 0x4000) 335.912794ms ago: executing program 0 (id=3372): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="06000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) lstat(&(0x7f00000000c0)='./file1\x00', 0x0) 302.933205ms ago: executing program 1 (id=3373): bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==") r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='./file1\x00', 0x105042, 0x1db) writev(r0, &(0x7f0000000140), 0x0) 293.308655ms ago: executing program 2 (id=3374): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x3}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x1, 0x2000000, 0x0, 0x10}, 0x84) 223.726636ms ago: executing program 0 (id=3375): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_read_part_table(0x60d, &(0x7f0000002200)="$eJzs3D9olHcYB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSw5Q4tBkUM0jHLlK4DhonYwYnRaFzEQeLkMGlYBepHXLl7l6SOyjF0oRS/HyGe353PDzf94F3/V34XxtIuTi1Kp3y/qd/298a3TzP50xzYvJ4q9VqnU5KOZtyxsq7l5MMpX9q9icZ7plz8/udq9/+9mG5+fTUq/fOPVgc2JhZyTtJdvU2Z+SvHqXyzzZlO9wafzi6cGW2erX9pdpYW/84uf1yorZycnFp+UT52Oft3y8nj4r+7osxkoup51K+zCdDbxz19eax1Jc/386vj194Um2sfdd8fnB9b3Xw7vkjr/etXrt/KJlrR0yl87JvGv6Xi/fkL/Tkz41dn15qHD1wZ8+Nw/V7j2svBn9vdRWR5a3JBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABge9xqf1yZrV6tj194Um2sffPzTx/dfjlRWzm5uLR8YvjYs6LvUVGHinox9VxKOclMZvJFZt88crrUmz/+cHRhI/+Pncnzg+t7q82754+8nly9dv9Qp6uUqXYZ2IqN+/XnN9bmxq5PLzWOHriz58bh+r3HtReD3b6ZSj7rrJuksvWPAQAAAAAAAAAAAAAAAAAAwFtuYvL4vqkPaqeTUs7uSPLrV51b9q3KyI/p3Lzv2l/UZ5Vkd5KbO7r/BdB8eurV8LkHi78Ul+LnU8l8kl0/rJxJ3t3IudwfW96czH/pzwAAAP//gTiR5w==") openat(0xffffffffffffff9c, 0x0, 0x105042, 0x1db) 219.371556ms ago: executing program 3 (id=3376): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000006c59850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x18) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0, 0xffffffffffffffff}, &(0x7f0000000340), &(0x7f00000004c0)=r1}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000240)={{r3}, &(0x7f0000000040), &(0x7f0000000200)=r1}, 0x20) 129.516468ms ago: executing program 0 (id=3377): socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) pipe(&(0x7f00000000c0)) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x100000000001, 0x0, 0x1, 0x0) sendmsg(r1, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r2, &(0x7f00000000c0)={0x1d, r3}, 0x10) sendmsg$can_bcm(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="01000000971bac5544ad77590779467f", @ANYRES64=0x0, @ANYRES64=0x2710, @ANYRES64=0x0, @ANYRES64=0x2710, @ANYBLOB="0000000001"], 0x80}}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb4b, 0x9, 0x8, 0x0, 0x400003}, 0x0) getsockopt$CAN_RAW_LOOPBACK(0xffffffffffffffff, 0x65, 0x20, 0x0, &(0x7f0000001040)=0x5d) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r4 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) write$6lowpan_control(0xffffffffffffffff, &(0x7f0000000180)='connect aa:aa:aa:aa:aa:11 0', 0x1b) mkdir(&(0x7f0000000140)='./control\x00', 0x5) r5 = inotify_init1(0x0) inotify_add_watch(r5, &(0x7f0000000180)='./control\x00', 0x64000ba6) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000680), 0x40000, 0x19) sched_setattr(r4, &(0x7f00000001c0)={0x38, 0x3, 0xc, 0x101, 0x6, 0x7, 0x6b4, 0x510000000, 0x6, 0x40}, 0x0) setsockopt$RXRPC_SECURITY_KEY(0xffffffffffffffff, 0x110, 0xffe, 0x0, 0x0) 67.683669ms ago: executing program 3 (id=3378): bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x39) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, 0x0, &(0x7f0000000300)) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000100)='kmem_cache_free\x00', r0}, 0x18) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x20, 0x3, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x99ee}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000500)={r2, 0x0, 0x2d, 0x0, @val=@netfilter={0xa, 0x4, 0x600, 0x1}}, 0x20) bpf$ENABLE_STATS(0x20, 0x0, 0x0) sendmsg$inet6(r1, &(0x7f0000000800)={&(0x7f0000000080)={0xa, 0x4e24, 0x8, @loopback, 0x4}, 0x1c, &(0x7f0000000380)=[{&(0x7f00000000c0)="88", 0x1}], 0x1}, 0x4048043) 46.351279ms ago: executing program 2 (id=3379): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x300000c, 0x50032, 0xffffffffffffffff, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000003200)=ANY=[@ANYBLOB="1e0000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x59dc6d71776a1654}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r1}, 0x18) 0s ago: executing program 1 (id=3380): mkdirat(0xffffffffffffff9c, 0x0, 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x104, 0x0) getdents64(r0, 0x0, 0x0) kernel console output (not intermixed with test programs): z [ 1064.063515][T14864] usb 3-1: Manufacturer: syz [ 1064.068516][T14864] usb 3-1: SerialNumber: syz [ 1064.112231][T14864] usb 3-1: config 0 descriptor?? [ 1064.329376][T13879] Bluetooth: hci4: command 0x0419 tx timeout [ 1064.335707][T13879] Bluetooth: hci3: command 0x0c1a tx timeout [ 1064.409445][T13793] Bluetooth: hci0: command 0x0c1a tx timeout [ 1064.649795][T16463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1064.661515][T16463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1066.790529][T16475] loop0: detected capacity change from 0 to 164 [ 1066.826515][T16475] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1066.846642][T16475] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1066.861654][T16475] Symlink component flag not implemented [ 1066.867476][T16475] Symlink component flag not implemented [ 1066.874009][T16475] Symlink component flag not implemented (7) [ 1066.884493][T16475] Symlink component flag not implemented (116) [ 1067.770601][ T5879] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1067.900780][T16461] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2792'. [ 1067.919375][T16466] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2796'. [ 1067.992840][ T5879] usb 1-1: config 0 has no interfaces? [ 1068.002555][ T5833] usb 3-1: USB disconnect, device number 121 [ 1068.021737][ T5879] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1068.058540][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1068.069109][ T5879] usb 1-1: Product: syz [ 1068.074243][ T5879] usb 1-1: Manufacturer: syz [ 1068.079126][ T5879] usb 1-1: SerialNumber: syz [ 1068.094339][ T5879] usb 1-1: config 0 descriptor?? [ 1068.600083][ T5833] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1068.650219][T16499] loop1: detected capacity change from 0 to 512 [ 1070.499257][ T5833] usb 3-1: Using ep0 maxpacket: 16 [ 1071.337126][T16499] EXT4-fs: error -4 creating inode table initialization thread [ 1071.345748][T16499] EXT4-fs (loop1): mount failed [ 1072.250067][ T5833] usb 3-1: device descriptor read/all, error -71 [ 1072.501852][T14856] usb 1-1: USB disconnect, device number 22 [ 1072.587258][T16510] loop1: detected capacity change from 0 to 164 [ 1072.642928][T16510] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1072.699338][T16510] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1072.733529][T16510] Symlink component flag not implemented [ 1072.747976][T16510] Symlink component flag not implemented [ 1072.769098][T16510] Symlink component flag not implemented (7) [ 1072.799139][T16510] Symlink component flag not implemented (116) [ 1073.481532][T16528] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2811'. [ 1073.509383][T14856] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 1073.592443][T16528] batadv0: entered promiscuous mode [ 1073.598504][T16528] macvtap1: entered promiscuous mode [ 1073.642235][T16531] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2812'. [ 1073.653012][T16528] macvtap1: entered allmulticast mode [ 1073.663744][T16528] batadv0: entered allmulticast mode [ 1073.685100][T16528] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 1073.841592][T14856] usb 2-1: config 0 has no interfaces? [ 1073.852079][T14856] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1073.869260][T14856] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1073.888941][T14856] usb 2-1: Product: syz [ 1073.898713][T14856] usb 2-1: Manufacturer: syz [ 1073.916105][T14856] usb 2-1: SerialNumber: syz [ 1073.932438][T14856] usb 2-1: config 0 descriptor?? [ 1074.019386][T14850] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1074.110856][T16537] loop0: detected capacity change from 0 to 1024 [ 1074.121877][T16537] EXT4-fs (loop0): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1074.158595][T16526] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2810'. [ 1074.206390][T16537] EXT4-fs (loop0): orphan cleanup on readonly fs [ 1074.269148][T16537] EXT4-fs error (device loop0): ext4_read_block_bitmap_nowait:478: comm syz.0.2815: Invalid block bitmap block 0 in block_group 0 [ 1074.284834][T14850] usb 4-1: Using ep0 maxpacket: 8 [ 1074.296127][T14850] usb 4-1: config 0 has an invalid interface number: 246 but max is 0 [ 1074.299724][T16537] __quota_error: 24 callbacks suppressed [ 1074.299743][T16537] Quota error (device loop0): write_blk: dquota write failed [ 1074.304852][T14850] usb 4-1: config 0 has no interface number 0 [ 1074.334264][T14850] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1074.343799][T14850] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1074.352047][T14850] usb 4-1: Product: syz [ 1074.356449][T14850] usb 4-1: Manufacturer: syz [ 1074.361241][T14850] usb 4-1: SerialNumber: syz [ 1074.382300][T16537] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 1074.407096][T14850] usb 4-1: config 0 descriptor?? [ 1074.431703][T16537] EXT4-fs error (device loop0): ext4_acquire_dquot:6938: comm syz.0.2815: Failed to acquire dquot type 0 [ 1074.434872][T16541] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1074.456555][T16541] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1074.469596][ T5833] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 1074.482120][T16537] EXT4-fs error (device loop0): ext4_free_blocks:6681: comm syz.0.2815: Freeing blocks not in datazone - block = 0, count = 4096 [ 1074.527840][T16537] EXT4-fs error (device loop0): ext4_read_inode_bitmap:140: comm syz.0.2815: Invalid inode bitmap blk 0 in block_group 0 [ 1074.551287][T12976] Quota error (device loop0): do_check_range: Getting block 0 out of range 1-8 [ 1074.562850][T12976] EXT4-fs error (device loop0): ext4_release_dquot:6974: comm kworker/u4:0: Failed to release dquot type 0 [ 1074.577790][T16537] EXT4-fs error (device loop0) in ext4_free_inode:363: Corrupt filesystem [ 1074.587320][T14850] msi2500 4-1:0.246: Registered as swradio24 [ 1074.595185][T14850] msi2500 4-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1074.613674][T16537] EXT4-fs (loop0): 1 orphan inode deleted [ 1074.621863][T16537] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback. [ 1074.636251][T16531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1074.658788][T16531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1074.679275][ T5833] usb 3-1: Using ep0 maxpacket: 16 [ 1074.680909][T16537] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1074.700181][T16538] netlink: 'syz.2.2814': attribute type 29 has an invalid length. [ 1074.729854][T14850] usb 4-1: USB disconnect, device number 108 [ 1075.395545][T16553] loop3: detected capacity change from 0 to 164 [ 1075.443588][T16553] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1075.508723][T16553] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1075.550680][T14850] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1075.566519][T16553] Symlink component flag not implemented [ 1075.577540][T16553] Symlink component flag not implemented [ 1075.584927][T16553] Symlink component flag not implemented (7) [ 1075.592319][T16553] Symlink component flag not implemented (116) [ 1075.772848][T14850] usb 1-1: config 0 has no interfaces? [ 1075.792123][T14850] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1075.803582][T14850] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1075.814895][T14850] usb 1-1: Product: syz [ 1075.822053][T14850] usb 1-1: Manufacturer: syz [ 1075.828492][T14850] usb 1-1: SerialNumber: syz [ 1075.846086][T14850] usb 1-1: config 0 descriptor?? [ 1076.267861][T14856] usb 2-1: USB disconnect, device number 10 [ 1076.358843][T16564] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2821'. [ 1076.959413][T16573] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2823'. [ 1077.272052][ T5833] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1077.293686][ T5833] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1077.335609][ T5833] usb 3-1: can't read configurations, error -71 [ 1077.375497][T16576] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.2824'. [ 1077.444058][T16576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2824'. [ 1077.469626][T16576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2824'. [ 1077.801045][ T5833] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 1077.876538][T16589] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2830'. [ 1078.002060][ T5833] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1078.026293][ T5833] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1078.048827][ T5833] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1078.060690][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1078.078481][ T5833] usb 3-1: Product: syz [ 1078.083956][ T5833] usb 3-1: Manufacturer: syz [ 1078.089953][ T5833] usb 3-1: SerialNumber: syz [ 1078.097982][ T5833] usb 3-1: config 0 descriptor?? [ 1078.107251][ T5833] redrat3 3-1:0.0: Couldn't find all endpoints [ 1078.134270][T16599] loop1: detected capacity change from 0 to 1024 [ 1078.151846][T16599] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 1078.216151][T16599] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1078.229711][T16599] ext4 filesystem being mounted at /104/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1078.265656][ T5833] usb 1-1: USB disconnect, device number 23 [ 1078.323503][ T6234] usb 3-1: USB disconnect, device number 125 [ 1078.383770][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1078.921186][T16618] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2838'. [ 1079.038349][T16622] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2840'. [ 1079.139078][T16624] loop1: detected capacity change from 0 to 2048 [ 1079.226800][T16624] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1079.451604][T16629] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1079.471966][T16629] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1736 with error 28 [ 1079.486385][T16629] EXT4-fs (loop1): This should not happen!! Data will be lost [ 1079.486385][T16629] [ 1079.497454][T16629] EXT4-fs (loop1): Total free blocks count 0 [ 1079.510451][T16629] EXT4-fs (loop1): Free/Dirty block details [ 1079.516955][T16629] EXT4-fs (loop1): free_blocks=2415919104 [ 1079.523600][T16629] EXT4-fs (loop1): dirty_blocks=1744 [ 1079.529304][T16629] EXT4-fs (loop1): Block reservation details [ 1079.535436][T16629] EXT4-fs (loop1): i_reserved_data_blocks=109 [ 1079.599638][ T5834] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1079.823406][ T5834] usb 3-1: config 0 has no interfaces? [ 1079.878253][T16634] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1079.889802][ T5834] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1079.898905][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1079.914536][ T5834] usb 3-1: Product: syz [ 1079.923795][ T5834] usb 3-1: Manufacturer: syz [ 1079.928468][ T5834] usb 3-1: SerialNumber: syz [ 1079.943142][ T5834] usb 3-1: config 0 descriptor?? [ 1080.005093][T16634] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.111970][ T2939] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 1080.168427][T16634] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.357426][T16634] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1080.466668][T16634] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1080.487030][T16634] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1080.504639][T16634] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1080.522446][T16634] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1081.164919][T16658] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2850'. [ 1082.201298][T14864] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 1082.223830][T16675] xt_CT: No such helper "pptp" [ 1082.281492][T14856] usb 3-1: USB disconnect, device number 126 [ 1082.392230][T14864] usb 1-1: config 0 has no interfaces? [ 1082.408085][T14864] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1082.420422][T14864] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1082.428826][T14864] usb 1-1: Product: syz [ 1082.434089][T14864] usb 1-1: Manufacturer: syz [ 1082.438855][T14864] usb 1-1: SerialNumber: syz [ 1082.447982][T14864] usb 1-1: config 0 descriptor?? [ 1083.149350][T14864] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1083.340559][T14864] usb 2-1: Using ep0 maxpacket: 16 [ 1083.375001][T16698] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2864'. [ 1083.439752][T16694] netlink: 'syz.1.2862': attribute type 29 has an invalid length. [ 1083.478228][T14856] usb 1-1: USB disconnect, device number 24 [ 1083.740772][T16710] loop0: detected capacity change from 0 to 164 [ 1083.862477][T16710] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1083.887663][T16710] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1083.913944][T16710] Symlink component flag not implemented [ 1083.935675][ T6234] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 1083.944055][T16710] Symlink component flag not implemented [ 1083.981074][T16710] Symlink component flag not implemented (7) [ 1083.998823][T16710] Symlink component flag not implemented (116) [ 1084.132997][ T6234] usb 3-1: config 0 has no interfaces? [ 1084.173102][ T6234] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1084.249345][ T6234] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1084.332505][ T6234] usb 3-1: Product: syz [ 1084.345914][ T6234] usb 3-1: Manufacturer: syz [ 1084.362451][ T6234] usb 3-1: SerialNumber: syz [ 1084.387669][ T6234] usb 3-1: config 0 descriptor?? [ 1085.129452][ T6234] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 1085.319555][ T6234] usb 1-1: Using ep0 maxpacket: 8 [ 1085.327964][ T6234] usb 1-1: config 0 has an invalid interface number: 246 but max is 0 [ 1085.336433][ T6234] usb 1-1: config 0 has no interface number 0 [ 1085.347497][ T6234] usb 1-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1085.357050][ T6234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.365349][ T5833] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 1085.373248][ T6234] usb 1-1: Product: syz [ 1085.378595][ T6234] usb 1-1: Manufacturer: syz [ 1085.383500][ T6234] usb 1-1: SerialNumber: syz [ 1085.393724][ T6234] usb 1-1: config 0 descriptor?? [ 1085.463829][ T6234] msi2500 1-1:0.246: Registered as swradio24 [ 1085.471695][ T6234] msi2500 1-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1085.572522][ T5833] usb 4-1: config 0 has no interfaces? [ 1085.587006][ T5833] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1085.596882][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.613776][ T5833] usb 4-1: Product: syz [ 1085.620532][ T5833] usb 4-1: Manufacturer: syz [ 1085.626334][T16723] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1085.631277][ T5833] usb 4-1: SerialNumber: syz [ 1085.653353][T16723] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1085.662488][ T5833] usb 4-1: config 0 descriptor?? [ 1085.698592][T14846] usb 1-1: USB disconnect, device number 25 [ 1085.896258][T14864] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1085.930890][T14864] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1085.956776][T14864] usb 2-1: can't read configurations, error -71 [ 1086.092335][ T5834] usb 4-1: USB disconnect, device number 109 [ 1086.102674][T16735] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.2875'. [ 1086.146399][T16735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2875'. [ 1086.157134][T16735] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2875'. [ 1086.586104][ T9] usb 3-1: USB disconnect, device number 127 [ 1086.659608][T14864] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1086.751979][T16750] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2882'. [ 1086.761175][T16750] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2882'. [ 1086.812177][T16750] veth3: entered promiscuous mode [ 1086.817361][T16750] veth3: entered allmulticast mode [ 1086.861458][T14864] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1086.909107][T14864] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1086.923089][T14864] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1086.937636][T14864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1086.958134][T14864] usb 2-1: Product: syz [ 1086.968623][T14864] usb 2-1: Manufacturer: syz [ 1086.980472][T14864] usb 2-1: SerialNumber: syz [ 1087.001391][T14864] usb 2-1: config 0 descriptor?? [ 1087.012814][T14864] redrat3 2-1:0.0: Couldn't find all endpoints [ 1087.101541][T16758] 9pnet: p9_errstr2errno: server reported unknown error [ 1087.228628][ T9] usb 2-1: USB disconnect, device number 12 [ 1087.508594][T14864] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 1087.666162][ T28] audit: type=1326 audit(1753396890.172:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.719971][ T28] audit: type=1326 audit(1753396890.202:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.749767][T14864] usb 1-1: Using ep0 maxpacket: 16 [ 1087.765234][ T28] audit: type=1326 audit(1753396890.202:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.789796][ T28] audit: type=1326 audit(1753396890.202:2256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.815318][ T28] audit: type=1326 audit(1753396890.202:2257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.843370][ T28] audit: type=1326 audit(1753396890.202:2258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.870066][ T28] audit: type=1326 audit(1753396890.202:2259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.893993][ T28] audit: type=1326 audit(1753396890.202:2260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.943548][ T28] audit: type=1326 audit(1753396890.202:2261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=188 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1087.982196][ T28] audit: type=1326 audit(1753396890.202:2262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16765 comm="syz.3.2887" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f910438e9a9 code=0x7ffc0000 [ 1088.046223][T16759] netlink: 'syz.0.2883': attribute type 29 has an invalid length. [ 1088.119337][ T9] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 1088.316280][ T9] usb 4-1: config 0 has no interfaces? [ 1088.331172][ T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1088.340447][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1088.350647][ T9] usb 4-1: Product: syz [ 1088.355253][ T9] usb 4-1: Manufacturer: syz [ 1088.364105][ T9] usb 4-1: SerialNumber: syz [ 1088.377983][ T9] usb 4-1: config 0 descriptor?? [ 1088.529432][ T6234] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1088.725025][ T6234] usb 2-1: config 0 has no interfaces? [ 1088.734208][ T6234] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1088.751782][ T6234] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1088.766461][ T6234] usb 2-1: Product: syz [ 1088.774678][ T6234] usb 2-1: Manufacturer: syz [ 1088.781159][ T6234] usb 2-1: SerialNumber: syz [ 1088.790460][ T6234] usb 2-1: config 0 descriptor?? [ 1088.868388][T16780] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2892'. [ 1088.986855][T16782] loop2: detected capacity change from 0 to 2048 [ 1089.024281][T16782] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1089.193687][T16786] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1089.233090][T16786] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 376 with error 28 [ 1089.262738][T16786] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1089.262738][T16786] [ 1089.283228][T16786] EXT4-fs (loop2): Total free blocks count 0 [ 1089.297420][T16786] EXT4-fs (loop2): Free/Dirty block details [ 1089.309377][T16786] EXT4-fs (loop2): free_blocks=2415919104 [ 1089.315422][T16786] EXT4-fs (loop2): dirty_blocks=384 [ 1089.319743][ T6234] usb 2-1: USB disconnect, device number 13 [ 1089.320985][T16786] EXT4-fs (loop2): Block reservation details [ 1089.333118][T16786] EXT4-fs (loop2): i_reserved_data_blocks=24 [ 1089.434133][ T1121] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 1089.837013][T16796] loop2: detected capacity change from 0 to 164 [ 1089.850592][T16796] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1089.864892][T16796] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1089.874176][T16796] Symlink component flag not implemented [ 1089.880653][T16796] Symlink component flag not implemented [ 1089.886919][T16796] Symlink component flag not implemented (7) [ 1089.893106][T16796] Symlink component flag not implemented (116) [ 1090.097376][T16798] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.2898'. [ 1090.198896][T16798] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2898'. [ 1090.208818][T16798] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2898'. [ 1090.250467][T14864] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1090.270286][T14864] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 1090.278389][T14864] usb 1-1: can't read configurations, error -71 [ 1090.499283][ T5833] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1090.693472][ T5833] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1090.714207][ T5833] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1090.739381][ T5833] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1090.759634][ T5833] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1090.784625][ T5833] usb 2-1: Product: syz [ 1090.798691][ T5833] usb 2-1: Manufacturer: syz [ 1090.815114][ T5833] usb 2-1: SerialNumber: syz [ 1090.827119][T14846] usb 4-1: USB disconnect, device number 110 [ 1090.847178][ T5833] usb 2-1: config 0 descriptor?? [ 1090.866887][ T5833] redrat3 2-1:0.0: Couldn't find all endpoints [ 1090.934234][T16810] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2901'. [ 1091.083106][ T5833] usb 2-1: USB disconnect, device number 14 [ 1091.659356][T14864] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 1091.799351][T14846] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1091.833942][T16829] syz.1.2909[16829] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1091.836402][T16829] syz.1.2909[16829] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1091.852185][T14864] usb 3-1: config 0 has no interfaces? [ 1091.901606][T14864] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1091.912600][T14864] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1091.921563][T14864] usb 3-1: Product: syz [ 1091.925792][T14864] usb 3-1: Manufacturer: syz [ 1091.931871][T14864] usb 3-1: SerialNumber: syz [ 1091.943292][T14864] usb 3-1: config 0 descriptor?? [ 1091.989283][T14846] usb 4-1: Using ep0 maxpacket: 16 [ 1092.006906][T16827] netlink: 'syz.3.2908': attribute type 29 has an invalid length. [ 1092.406923][ T5834] usb 3-1: USB disconnect, device number 2 [ 1092.449413][T14864] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1092.644625][T14864] usb 2-1: config 0 has no interfaces? [ 1092.677178][T14864] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1092.691553][T14864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.707522][T14864] usb 2-1: Product: syz [ 1092.714447][T14864] usb 2-1: Manufacturer: syz [ 1092.728748][T14864] usb 2-1: SerialNumber: syz [ 1092.747783][T14864] usb 2-1: config 0 descriptor?? [ 1093.553913][T16849] loop2: detected capacity change from 0 to 1024 [ 1093.567552][T16849] EXT4-fs: Ignoring removed bh option [ 1093.582287][T16849] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1093.605855][T16849] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1093.635611][T16849] syz.2.2915[16849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1093.635790][T16849] syz.2.2915[16849] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1093.702128][T16855] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.2917'. [ 1093.756305][T16855] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2917'. [ 1093.779964][T16857] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2915'. [ 1093.991390][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1094.029334][ T5833] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 1094.231865][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1094.243307][ T5833] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1094.260275][ T5833] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1094.273467][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.282165][ T5833] usb 1-1: Product: syz [ 1094.286379][ T5833] usb 1-1: Manufacturer: syz [ 1094.292356][ T5833] usb 1-1: SerialNumber: syz [ 1094.303552][ T5833] usb 1-1: config 0 descriptor?? [ 1094.313968][ T5833] redrat3 1-1:0.0: Couldn't find all endpoints [ 1094.516449][ T5833] usb 1-1: USB disconnect, device number 28 [ 1094.554168][T14846] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1094.577060][T14846] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1094.587027][T14846] usb 4-1: can't read configurations, error -71 [ 1094.969814][T14846] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 1095.132337][ T6234] usb 2-1: USB disconnect, device number 15 [ 1095.160790][T14846] usb 4-1: Using ep0 maxpacket: 8 [ 1095.170934][T14846] usb 4-1: config 0 has an invalid interface number: 246 but max is 0 [ 1095.196514][T14846] usb 4-1: config 0 has no interface number 0 [ 1095.213677][T16870] loop2: detected capacity change from 0 to 2048 [ 1095.224600][T14846] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1095.237120][T14846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1095.250322][T14846] usb 4-1: Product: syz [ 1095.254638][T14846] usb 4-1: Manufacturer: syz [ 1095.263029][T14846] usb 4-1: SerialNumber: syz [ 1095.271464][T16870] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1095.311544][T14846] usb 4-1: config 0 descriptor?? [ 1095.512365][T14846] msi2500 4-1:0.246: Registered as swradio24 [ 1095.518444][T14846] msi2500 4-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1095.523837][T16883] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1095.560760][T16866] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1095.620603][T16866] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1095.652869][T16883] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 312 with error 28 [ 1095.707893][T14846] usb 4-1: USB disconnect, device number 112 [ 1095.714479][T16883] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1095.714479][T16883] [ 1095.773774][T16883] EXT4-fs (loop2): Total free blocks count 0 [ 1095.804283][T16883] EXT4-fs (loop2): Free/Dirty block details [ 1095.824807][T16883] EXT4-fs (loop2): free_blocks=2415919104 [ 1095.834988][T16883] EXT4-fs (loop2): dirty_blocks=320 [ 1095.851785][T16883] EXT4-fs (loop2): Block reservation details [ 1095.872611][T16883] EXT4-fs (loop2): i_reserved_data_blocks=20 [ 1096.109332][T14864] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1096.181989][T12976] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1096.399711][T14864] usb 2-1: Using ep0 maxpacket: 16 [ 1096.497404][T16892] netlink: 'syz.1.2928': attribute type 29 has an invalid length. [ 1097.116720][T16905] loop2: detected capacity change from 0 to 1024 [ 1097.132676][T16905] EXT4-fs: Ignoring removed orlov option [ 1097.152821][T16905] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1097.186061][T16905] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1097.256825][T16905] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #12: block 7: comm syz.2.2932: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 1097.286980][T16905] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2867: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 1097.316102][T16905] EXT4-fs error (device loop2): ext4_check_all_de:666: inode #12: block 7: comm syz.2.2932: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0 [ 1097.401575][T16912] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2934'. [ 1097.415367][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1097.589788][T14861] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 1097.718006][T16921] loop2: detected capacity change from 0 to 2048 [ 1097.748749][T16921] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1097.793677][T14861] usb 1-1: config 0 has no interfaces? [ 1097.811744][T14861] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1097.821721][T14861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1097.832466][T14861] usb 1-1: Product: syz [ 1097.837576][T14861] usb 1-1: Manufacturer: syz [ 1097.843501][T14861] usb 1-1: SerialNumber: syz [ 1097.853061][T14861] usb 1-1: config 0 descriptor?? [ 1097.916923][T16924] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1097.944219][T16924] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 206 with error 28 [ 1097.958030][T16924] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1097.958030][T16924] [ 1097.983889][T16924] EXT4-fs (loop2): Total free blocks count 0 [ 1097.990462][T16924] EXT4-fs (loop2): Free/Dirty block details [ 1097.996648][T16924] EXT4-fs (loop2): free_blocks=2415919104 [ 1098.004128][T16924] EXT4-fs (loop2): dirty_blocks=208 [ 1098.009766][T16924] EXT4-fs (loop2): Block reservation details [ 1098.015943][T16924] EXT4-fs (loop2): i_reserved_data_blocks=13 [ 1098.044039][T16927] netlink: 4 bytes leftover after parsing attributes in process `,&#^%'. [ 1098.150696][ T1121] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1098.298031][T16930] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2940'. [ 1098.507766][T16936] netlink: 40 bytes leftover after parsing attributes in process `syz.2.2942'. [ 1098.894326][T14864] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1098.908080][T14864] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1098.915968][T14864] usb 2-1: can't read configurations, error -71 [ 1099.212235][T16944] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2945'. [ 1099.539836][T16948] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1099.561221][T16948] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address [ 1099.573720][T16948] bond0: (slave ip6tnl0): Error -95 calling set_mac_address [ 1099.856715][T16957] loop2: detected capacity change from 0 to 164 [ 1099.895975][T16957] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1099.906279][T16962] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2950'. [ 1099.938697][T16957] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1099.972498][T16957] Symlink component flag not implemented [ 1099.990101][T16957] Symlink component flag not implemented [ 1100.002959][T16957] Symlink component flag not implemented (7) [ 1100.022190][T16957] Symlink component flag not implemented (116) [ 1100.261575][ T5833] usb 1-1: USB disconnect, device number 29 [ 1100.368031][T16979] netlink: 40 bytes leftover after parsing attributes in process `syz.1.2955'. [ 1100.379562][ T6234] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1100.570231][ T6234] usb 4-1: Using ep0 maxpacket: 16 [ 1100.584016][T16967] netlink: 'syz.3.2952': attribute type 29 has an invalid length. [ 1100.699492][T14850] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 1100.762391][ T6234] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1100.770870][ T5833] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1100.783273][ T6234] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1100.804028][ T6234] usb 4-1: can't read configurations, error -71 [ 1100.890204][T14850] usb 3-1: Using ep0 maxpacket: 32 [ 1100.959832][ T5833] usb 1-1: Using ep0 maxpacket: 8 [ 1100.967586][ T5833] usb 1-1: config 0 has an invalid interface number: 246 but max is 0 [ 1101.014829][T14850] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1101.029313][ T5833] usb 1-1: config 0 has no interface number 0 [ 1101.066027][T14850] usb 3-1: config 0 has no interface number 0 [ 1101.097473][ T5833] usb 1-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1101.129463][T14850] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1101.153657][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.191678][T14850] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1101.271240][ T5833] usb 1-1: Product: syz [ 1101.275501][ T5833] usb 1-1: Manufacturer: syz [ 1101.349355][T14850] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1101.357431][T14850] usb 3-1: Product: syz [ 1101.370968][ T5833] usb 1-1: SerialNumber: syz [ 1101.379059][ T5833] usb 1-1: config 0 descriptor?? [ 1101.384265][T14850] usb 3-1: Manufacturer: syz [ 1101.394390][T14850] usb 3-1: SerialNumber: syz [ 1101.445886][T14850] usb 3-1: config 0 descriptor?? [ 1101.467123][T14850] smsc75xx v1.0.0 [ 1101.485591][T14850] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1101.575019][T14850] smsc75xx: probe of 3-1:0.184 failed with error -22 [ 1101.649454][ T5833] msi2500 1-1:0.246: Registered as swradio24 [ 1101.660413][T16977] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1101.691521][ T5833] msi2500 1-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1101.800015][T16977] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1101.861478][T14850] usb 1-1: USB disconnect, device number 30 [ 1102.104115][T17012] loop3: detected capacity change from 0 to 2048 [ 1102.278318][T17012] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1102.765578][T17026] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1102.808640][T17026] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 152 with error 28 [ 1102.846521][T17026] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1102.846521][T17026] [ 1102.884658][T17026] EXT4-fs (loop3): Total free blocks count 0 [ 1102.901544][T17026] EXT4-fs (loop3): Free/Dirty block details [ 1102.924709][T17026] EXT4-fs (loop3): free_blocks=2415919104 [ 1102.959812][T17026] EXT4-fs (loop3): dirty_blocks=160 [ 1102.984029][T17026] EXT4-fs (loop3): Block reservation details [ 1102.999318][T17026] EXT4-fs (loop3): i_reserved_data_blocks=10 [ 1103.211972][T17040] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2961'. [ 1103.361997][ T6052] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 4 with error 28 [ 1103.780890][T17046] loop3: detected capacity change from 0 to 164 [ 1103.822030][T17046] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1103.936160][T17046] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1103.989379][ T6234] usb 3-1: USB disconnect, device number 3 [ 1103.995550][T17046] Symlink component flag not implemented [ 1104.020880][T17046] Symlink component flag not implemented [ 1104.033893][T17048] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2965'. [ 1104.051446][T17046] Symlink component flag not implemented (7) [ 1104.067065][T17046] Symlink component flag not implemented (116) [ 1104.652671][T17061] loop2: detected capacity change from 0 to 128 [ 1104.965954][ T6052] kworker/u4:12: attempt to access beyond end of device [ 1104.965954][ T6052] loop2: rw=1, sector=145, nr_sectors = 896 limit=128 [ 1105.545995][T17076] loop3: detected capacity change from 0 to 1024 [ 1105.582344][T17076] EXT4-fs: Ignoring removed orlov option [ 1105.621112][T17076] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1105.665110][T17076] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1105.675850][T17078] loop1: detected capacity change from 0 to 164 [ 1105.782114][T17078] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1105.907448][T17078] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1105.934198][T17078] Symlink component flag not implemented [ 1105.949915][T17078] Symlink component flag not implemented [ 1105.964745][T17078] Symlink component flag not implemented (7) [ 1105.978517][T17078] Symlink component flag not implemented (116) [ 1106.042748][T14636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1107.774421][T17110] loop2: detected capacity change from 0 to 1024 [ 1107.813682][T17110] EXT4-fs: Ignoring removed orlov option [ 1107.834151][T17110] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1108.045403][T17110] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1108.076216][T17092] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1108.196171][T17092] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1108.203993][T17092] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1108.224252][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1108.234232][T17092] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1108.810673][T13793] Bluetooth: hci1: command 0x0c1a tx timeout [ 1108.828792][T17125] bond0: (slave ip6tnl0): The slave device specified does not support setting the MAC address [ 1108.855210][T17125] bond0: (slave ip6tnl0): Error -95 calling set_mac_address [ 1108.883649][T17126] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2991'. [ 1109.322504][T17129] netlink: 'syz.2.2990': attribute type 20 has an invalid length. [ 1110.120834][ T6234] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 1110.239338][T13793] Bluetooth: hci0: command 0x0c1a tx timeout [ 1110.245432][T13879] Bluetooth: hci4: command 0x0419 tx timeout [ 1110.245475][ T5104] Bluetooth: hci3: command 0x0c1a tx timeout [ 1110.399233][ T6234] usb 4-1: Using ep0 maxpacket: 16 [ 1110.465764][T17147] netlink: 'syz.3.2998': attribute type 29 has an invalid length. [ 1110.715714][ T6234] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1110.781169][ T6234] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1110.801722][ T6234] usb 4-1: can't read configurations, error -71 [ 1110.918142][T17155] loop1: detected capacity change from 0 to 164 [ 1110.944989][T17155] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1110.965415][T17155] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1111.007272][T17155] Symlink component flag not implemented [ 1111.016296][T17155] Symlink component flag not implemented [ 1111.042440][T17155] Symlink component flag not implemented (7) [ 1111.066530][T17155] Symlink component flag not implemented (116) [ 1111.264214][T17157] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3002'. [ 1111.828991][T17170] loop2: detected capacity change from 0 to 1024 [ 1111.841204][T17170] EXT4-fs: Ignoring removed orlov option [ 1111.858168][T17170] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1111.935909][T17170] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1112.132626][T17170] EXT4-fs error (device loop2): ext4_check_all_de:666: inode #12: block 7: comm syz.2.3007: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 1112.290103][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1112.352050][T17187] netlink: 'syz.3.3009': attribute type 20 has an invalid length. [ 1112.539017][T17190] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3012'. [ 1112.849966][T17192] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3013'. [ 1113.097741][T17180] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1113.107511][T17180] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1113.118423][T17180] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1113.128766][T17180] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1113.409286][ T6234] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1113.599353][ T6234] usb 1-1: Using ep0 maxpacket: 16 [ 1113.647579][T17186] netlink: 'syz.0.3011': attribute type 29 has an invalid length. [ 1114.004190][ T6234] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1114.023377][ T6234] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 1114.038967][ T6234] usb 1-1: can't read configurations, error -71 [ 1114.159400][T13793] Bluetooth: hci1: command 0x0c1a tx timeout [ 1114.871708][T17213] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3021'. [ 1114.891737][T17213] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3021'. [ 1114.992124][T17217] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3022'. [ 1115.119479][T13793] Bluetooth: hci4: command 0x0419 tx timeout [ 1115.125583][T13793] Bluetooth: hci3: command 0x0c1a tx timeout [ 1115.210212][T13793] Bluetooth: hci0: command 0x0c1a tx timeout [ 1115.211584][T17221] loop3: detected capacity change from 0 to 164 [ 1115.234759][T17221] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1115.282406][T17221] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1115.321537][T17221] Symlink component flag not implemented [ 1115.359656][T17221] Symlink component flag not implemented [ 1115.371187][T17221] Symlink component flag not implemented (7) [ 1115.392460][T17221] Symlink component flag not implemented (116) [ 1115.608826][T17224] netlink: 'syz.2.3023': attribute type 20 has an invalid length. [ 1116.163376][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.170570][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1116.469442][ T6234] usb 4-1: new high-speed USB device number 117 using dummy_hcd [ 1116.749350][ T6234] usb 4-1: Using ep0 maxpacket: 16 [ 1116.791317][T17236] netlink: 'syz.3.3028': attribute type 29 has an invalid length. [ 1117.015872][ T6234] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1117.066317][ T6234] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1117.086135][ T6234] usb 4-1: can't read configurations, error -71 [ 1117.129368][T14850] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1117.213621][T17249] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3032'. [ 1117.223049][T17249] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3032'. [ 1117.328278][T14850] usb 1-1: config 0 has no interfaces? [ 1117.378303][T17253] loop2: detected capacity change from 0 to 1024 [ 1117.405918][T17253] EXT4-fs: Ignoring removed orlov option [ 1117.421081][T14850] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1117.433151][T17253] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1117.443254][T14850] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1117.456250][T14850] usb 1-1: Product: syz [ 1117.460874][T14850] usb 1-1: Manufacturer: syz [ 1117.466283][T14850] usb 1-1: SerialNumber: syz [ 1117.481702][T14850] usb 1-1: config 0 descriptor?? [ 1117.487720][T17253] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1117.535238][T17253] EXT4-fs error (device loop2): ext4_check_all_de:666: inode #12: block 7: comm syz.2.3033: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 1117.763499][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1117.908073][T17263] loop2: detected capacity change from 0 to 164 [ 1117.924277][T17263] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1117.982352][T17263] rock: corrupted directory entry. extent=28, offset=16056320, size=0 [ 1118.034375][T17263] Symlink component flag not implemented [ 1118.056756][T17263] Symlink component flag not implemented [ 1118.071700][T17263] Symlink component flag not implemented (7) [ 1118.078993][T17263] Symlink component flag not implemented (116) [ 1118.199554][ T6234] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 1118.422449][ T6234] usb 4-1: Using ep0 maxpacket: 32 [ 1118.488163][ T6234] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1118.537011][ T6234] usb 4-1: config 0 has no interface number 0 [ 1118.572616][ T6234] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1118.638372][ T6234] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1118.711627][ T6234] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1118.737578][T17271] loop2: detected capacity change from 0 to 1024 [ 1118.762852][T17271] EXT4-fs: Ignoring removed orlov option [ 1118.777743][ T6234] usb 4-1: Product: syz [ 1118.786930][ T6234] usb 4-1: Manufacturer: syz [ 1118.827695][T17271] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1118.843114][ T6234] usb 4-1: SerialNumber: syz [ 1118.932085][ T6234] usb 4-1: config 0 descriptor?? [ 1118.944176][T17271] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1118.960904][ T6234] smsc75xx v1.0.0 [ 1118.970761][ T6234] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1118.993146][T17271] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #12: block 7: comm syz.2.3039: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 1119.013295][ T6234] smsc75xx: probe of 4-1:0.184 failed with error -22 [ 1119.132919][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1119.265223][T17280] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3041'. [ 1119.297955][T17280] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3041'. [ 1119.529637][T17278] netlink: 'syz.1.3040': attribute type 20 has an invalid length. [ 1119.989337][ T5833] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 1120.034260][T14864] usb 1-1: USB disconnect, device number 33 [ 1120.219288][ T5833] usb 3-1: Using ep0 maxpacket: 16 [ 1120.334083][T17291] netlink: 'syz.2.3042': attribute type 29 has an invalid length. [ 1121.588975][T14864] usb 4-1: USB disconnect, device number 118 [ 1122.456562][T17314] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3050'. [ 1122.466598][T17314] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3050'. [ 1122.940986][ T5833] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1122.984438][ T5833] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1123.015492][ T5833] usb 3-1: can't read configurations, error -71 [ 1123.206599][T17329] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.3055'. [ 1123.273462][T17329] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3055'. [ 1123.549272][T14850] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1123.719276][ T5833] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 1123.782373][T14850] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1123.809367][T14850] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1123.828913][T14850] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1123.848777][T14850] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1123.879342][T14861] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 1123.931337][T14850] usb 1-1: Product: syz [ 1123.935551][T14850] usb 1-1: Manufacturer: syz [ 1123.940600][ T5833] usb 3-1: Using ep0 maxpacket: 32 [ 1123.946752][T14850] usb 1-1: SerialNumber: syz [ 1123.954940][ T5833] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 1123.963554][ T5833] usb 3-1: config 0 has no interface number 0 [ 1123.972654][T14850] usb 1-1: config 0 descriptor?? [ 1123.978626][ T5833] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1123.997228][T14850] redrat3 1-1:0.0: Couldn't find all endpoints [ 1124.010265][ T5833] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1124.024486][T17336] kvm: kvm [17335]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 1124.028782][ T5833] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1124.045544][T17336] kvm: kvm [17335]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x100000000 [ 1124.062419][ T5833] usb 3-1: Product: syz [ 1124.066828][ T5833] usb 3-1: Manufacturer: syz [ 1124.071624][ T5833] usb 3-1: SerialNumber: syz [ 1124.072985][T14861] usb 4-1: Using ep0 maxpacket: 8 [ 1124.088359][ T5833] usb 3-1: config 0 descriptor?? [ 1124.101513][T14861] usb 4-1: config 0 has an invalid interface number: 246 but max is 0 [ 1124.102481][ T5833] smsc75xx v1.0.0 [ 1124.114095][ T5833] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1124.119335][T14861] usb 4-1: config 0 has no interface number 0 [ 1124.132261][T17336] kvm: kvm [17335]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x80 [ 1124.132776][ T5833] smsc75xx: probe of 3-1:0.184 failed with error -22 [ 1124.171835][T14861] usb 4-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1124.198866][ T5833] usb 1-1: USB disconnect, device number 34 [ 1124.227891][T14861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1124.267298][T14861] usb 4-1: Product: syz [ 1124.273398][T14861] usb 4-1: Manufacturer: syz [ 1124.281399][T14861] usb 4-1: SerialNumber: syz [ 1124.302076][T14861] usb 4-1: config 0 descriptor?? [ 1124.516418][T14861] msi2500 4-1:0.246: Registered as swradio24 [ 1124.525909][T17334] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1124.538839][T14861] msi2500 4-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1124.542854][T17334] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1124.590534][T14861] usb 4-1: USB disconnect, device number 119 [ 1124.699415][T14850] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1124.843555][T17348] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3059'. [ 1124.855231][T17348] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3059'. [ 1124.879279][T14850] usb 2-1: device descriptor read/64, error -71 [ 1125.160264][T14850] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 1125.224577][T17354] loop3: detected capacity change from 0 to 1024 [ 1125.243013][T17354] EXT4-fs: Ignoring removed orlov option [ 1125.304204][T17354] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1125.369444][T14850] usb 2-1: device descriptor read/64, error -71 [ 1125.384005][T17354] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1125.488901][T17354] EXT4-fs error (device loop3): ext4_find_dest_de:2115: inode #12: block 7: comm syz.3.3061: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 1125.490767][T14850] usb usb2-port1: attempt power cycle [ 1125.578618][T14636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1125.959392][T14850] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1125.992686][T14850] usb 2-1: device descriptor read/8, error -71 [ 1126.289402][T14850] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1126.330218][T14850] usb 2-1: device descriptor read/8, error -71 [ 1126.459622][T14850] usb usb2-port1: unable to enumerate USB device [ 1127.126489][T14864] usb 3-1: USB disconnect, device number 5 [ 1127.755008][T17376] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.3067'. [ 1127.874530][T17376] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3067'. [ 1127.886183][T17376] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3067'. [ 1128.169321][T14861] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1128.234765][T17388] loop2: detected capacity change from 0 to 1024 [ 1128.247097][T17388] EXT4-fs: Ignoring removed orlov option [ 1128.300468][T17388] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1128.365811][T17388] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1128.381443][T14861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1128.407081][T17388] EXT4-fs error (device loop2): ext4_find_dest_de:2115: inode #12: block 7: comm syz.2.3072: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 1128.569877][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1128.573163][T14861] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1128.611255][T14861] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1128.623968][T14861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1128.692733][T14861] usb 2-1: Product: syz [ 1128.712357][T14861] usb 2-1: Manufacturer: syz [ 1128.722880][T14861] usb 2-1: SerialNumber: syz [ 1128.733110][T14861] usb 2-1: config 0 descriptor?? [ 1128.768814][T14861] redrat3 2-1:0.0: Couldn't find all endpoints [ 1128.868983][T17395] loop2: detected capacity change from 0 to 1024 [ 1128.880372][T17395] EXT4-fs: Ignoring removed orlov option [ 1128.916207][T17395] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1128.948731][T17395] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1128.974531][ T5834] usb 2-1: USB disconnect, device number 22 [ 1128.997459][T17361] delete_channel: no stack [ 1129.146230][T17395] EXT4-fs error (device loop2): ext4_check_all_de:666: inode #12: block 7: comm syz.2.3073: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 1129.321005][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1129.526450][T17403] random: crng reseeded on system resumption [ 1129.535053][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.580409][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.589292][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.607002][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.642010][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.671602][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.679362][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.679384][ T5834] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 1129.688903][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.746116][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.793783][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.809691][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.827654][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.850851][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.878077][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.904641][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.929394][ T5834] usb 4-1: Using ep0 maxpacket: 32 [ 1129.929455][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.963821][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.980468][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1129.988170][ T5834] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1130.008687][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.033454][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.049930][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.050590][ T5834] usb 4-1: config 0 has no interface number 0 [ 1130.073500][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.092973][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.110827][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.146029][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.168527][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.178156][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.186914][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.205912][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.215014][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.222592][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.232477][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.241449][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.250374][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.279400][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.297661][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.317097][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.357174][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.382059][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.382062][ T5834] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1130.417323][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.430679][ T5834] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1130.442514][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.454510][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.470740][T14850] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 1130.478553][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1130.491294][ T5834] usb 4-1: Product: syz [ 1130.514816][T14850] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz1 [ 1130.529213][ T5834] usb 4-1: Manufacturer: syz [ 1130.543440][ T5834] usb 4-1: SerialNumber: syz [ 1130.582229][ T5834] usb 4-1: config 0 descriptor?? [ 1130.697904][ T5834] smsc75xx v1.0.0 [ 1130.717720][ T5834] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1130.756715][T17420] fido_id[17420]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1130.851554][ T5834] smsc75xx: probe of 4-1:0.184 failed with error -22 [ 1131.809446][ T5833] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1132.010096][ T5833] usb 2-1: device descriptor read/64, error -71 [ 1132.146266][T17439] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3084'. [ 1132.341883][ T5833] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1132.509285][ T5833] usb 2-1: device descriptor read/64, error -71 [ 1132.543058][T17441] loop2: detected capacity change from 0 to 2048 [ 1132.606336][T17441] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1132.652280][ T5833] usb usb2-port1: attempt power cycle [ 1132.808832][T17446] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1132.829540][T17446] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 400 with error 28 [ 1132.949427][T17446] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1132.949427][T17446] [ 1132.979591][T17446] EXT4-fs (loop2): Total free blocks count 0 [ 1133.009411][T17446] EXT4-fs (loop2): Free/Dirty block details [ 1133.015410][T17446] EXT4-fs (loop2): free_blocks=2415919104 [ 1133.034617][T17446] EXT4-fs (loop2): dirty_blocks=400 [ 1133.052260][T17446] EXT4-fs (loop2): Block reservation details [ 1133.067319][T17446] EXT4-fs (loop2): i_reserved_data_blocks=25 [ 1133.129371][ T5833] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1133.176243][ T5833] usb 2-1: device descriptor read/8, error -71 [ 1133.233633][ T2939] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1133.386767][ T6234] usb 4-1: USB disconnect, device number 120 [ 1133.492698][T17459] loop3: detected capacity change from 0 to 2048 [ 1133.510079][ T5833] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 1133.540705][T17459] loop3: p1 < > p4 [ 1133.545547][ T5833] usb 2-1: device descriptor read/8, error -71 [ 1133.583016][T17459] loop3: p4 size 8388608 extends beyond EOD, truncated [ 1133.653775][T17463] netlink: 'syz.0.3090': attribute type 20 has an invalid length. [ 1133.699869][ T5833] usb usb2-port1: unable to enumerate USB device [ 1133.745567][T16367] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1133.921614][T16374] udevd[16374]: inotify_add_watch(7, /dev/loop3p4, 10) failed: No such file or directory [ 1133.942791][T16367] udevd[16367]: inotify_add_watch(7, /dev/loop3p1, 10) failed: No such file or directory [ 1133.995848][T17467] loop3: detected capacity change from 0 to 1024 [ 1134.007479][T17467] EXT4-fs: Ignoring removed bh option [ 1134.021489][T17467] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1134.041333][T17467] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1134.062731][T17467] syz.3.3092[17467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1134.062834][T17467] syz.3.3092[17467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1134.235088][T17467] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3092'. [ 1134.546181][T14636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1135.116612][T17433] delete_channel: no stack [ 1135.299945][T17482] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3097'. [ 1135.318317][T17482] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3097'. [ 1135.453628][T17484] loop3: detected capacity change from 0 to 2048 [ 1135.498547][T17484] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1135.532764][T17492] xt_connbytes: Forcing CT accounting to be enabled [ 1135.741444][T17494] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1135.756895][T17499] loop1: detected capacity change from 0 to 1024 [ 1135.766203][T17499] EXT4-fs: Ignoring removed orlov option [ 1135.781019][T17494] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 178 with error 28 [ 1135.796514][T17499] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1135.797934][T17494] EXT4-fs (loop3): This should not happen!! Data will be lost [ 1135.797934][T17494] [ 1135.816892][T17494] EXT4-fs (loop3): Total free blocks count 0 [ 1135.826850][T17499] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1135.842725][T17494] EXT4-fs (loop3): Free/Dirty block details [ 1135.848924][T17494] EXT4-fs (loop3): free_blocks=2415919104 [ 1135.863376][T17494] EXT4-fs (loop3): dirty_blocks=192 [ 1135.890891][T17494] EXT4-fs (loop3): Block reservation details [ 1135.910520][T17494] EXT4-fs (loop3): i_reserved_data_blocks=12 [ 1135.944442][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1135.969717][T14861] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 1136.179274][T14861] usb 3-1: Using ep0 maxpacket: 8 [ 1136.190992][T14861] usb 3-1: config 0 has an invalid interface number: 246 but max is 0 [ 1136.209417][T14861] usb 3-1: config 0 has no interface number 0 [ 1136.216559][ T1121] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1136.242536][T14861] usb 3-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1136.265476][T14861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1136.274131][T14861] usb 3-1: Product: syz [ 1136.278478][T14861] usb 3-1: Manufacturer: syz [ 1136.283304][T14861] usb 3-1: SerialNumber: syz [ 1136.292462][T14861] usb 3-1: config 0 descriptor?? [ 1136.448532][T14861] msi2500 3-1:0.246: Registered as swradio24 [ 1136.503530][T14861] msi2500 3-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1136.514417][T17496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1136.569682][T17496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1136.629274][T14864] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1136.700431][ T6234] usb 3-1: USB disconnect, device number 6 [ 1136.868957][T17529] netlink: 'syz.3.3107': attribute type 20 has an invalid length. [ 1136.899319][T14864] usb 2-1: device descriptor read/64, error -71 [ 1137.172844][T14864] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1137.399281][T14864] usb 2-1: device descriptor read/64, error -71 [ 1137.601789][T14864] usb usb2-port1: attempt power cycle [ 1137.886534][T17538] loop2: detected capacity change from 0 to 512 [ 1137.960753][T16367] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 1138.119279][T14864] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1138.172395][T17538] loop2: detected capacity change from 0 to 4096 [ 1138.219961][T14864] usb 2-1: device descriptor read/8, error -71 [ 1138.444146][T17538] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1138.466193][T17538] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled [ 1138.479385][T17538] EXT4-fs (loop2): stripe (248) is not aligned with cluster size (16), stripe is disabled [ 1138.490179][T14864] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1138.529033][T17538] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000. [ 1138.558508][T17543] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3112'. [ 1138.604939][T14864] usb 2-1: device descriptor read/8, error -71 [ 1138.691457][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1138.750583][T14864] usb usb2-port1: unable to enumerate USB device [ 1138.897547][T17550] loop2: detected capacity change from 0 to 2048 [ 1138.918627][T17550] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1139.095159][T17556] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1139.149468][T17556] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 178 with error 28 [ 1139.210518][T17556] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1139.210518][T17556] [ 1139.245604][T17556] EXT4-fs (loop2): Total free blocks count 0 [ 1139.267641][T17556] EXT4-fs (loop2): Free/Dirty block details [ 1139.299304][T17556] EXT4-fs (loop2): free_blocks=2415919104 [ 1139.305227][T17556] EXT4-fs (loop2): dirty_blocks=192 [ 1139.312786][ T5833] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 1139.362477][T17556] EXT4-fs (loop2): Block reservation details [ 1139.383325][T17556] EXT4-fs (loop2): i_reserved_data_blocks=12 [ 1139.494417][T17514] delete_channel: no stack [ 1139.529936][ T5833] usb 4-1: Using ep0 maxpacket: 32 [ 1139.552687][ T5833] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 1139.575893][ T5833] usb 4-1: config 0 has no interface number 0 [ 1139.592741][ T5833] usb 4-1: config 0 interface 184 has no altsetting 0 [ 1139.738102][ T1121] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1140.134327][ T5833] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1140.159517][ T5833] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1140.180398][ T5833] usb 4-1: Product: syz [ 1140.190732][ T5833] usb 4-1: Manufacturer: syz [ 1140.206451][ T5833] usb 4-1: SerialNumber: syz [ 1140.281366][ T5833] usb 4-1: config 0 descriptor?? [ 1140.299018][T17576] loop2: detected capacity change from 0 to 4096 [ 1140.335784][T17576] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1140.503044][ T5833] smsc75xx v1.0.0 [ 1140.506817][ T5833] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1140.636918][ T5833] smsc75xx: probe of 4-1:0.184 failed with error -22 [ 1141.128778][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1141.697022][T17600] loop2: detected capacity change from 0 to 2048 [ 1141.785340][T17600] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1141.899611][T14864] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1141.988639][T17606] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1142.040867][T17606] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 352 with error 28 [ 1142.080485][T14864] usb 1-1: device descriptor read/64, error -71 [ 1142.210612][T17606] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1142.210612][T17606] [ 1142.229792][T17606] EXT4-fs (loop2): Total free blocks count 0 [ 1142.237468][T17606] EXT4-fs (loop2): Free/Dirty block details [ 1142.244098][T17606] EXT4-fs (loop2): free_blocks=2415919104 [ 1142.252068][T17606] EXT4-fs (loop2): dirty_blocks=368 [ 1142.257702][T17606] EXT4-fs (loop2): Block reservation details [ 1142.264227][T17606] EXT4-fs (loop2): i_reserved_data_blocks=23 [ 1142.438191][ T2939] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1142.450785][T14864] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1142.609841][T14864] usb 1-1: device descriptor read/64, error -71 [ 1142.739604][T14864] usb usb1-port1: attempt power cycle [ 1142.959644][T14861] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 1143.098079][ T5833] usb 4-1: USB disconnect, device number 121 [ 1143.179814][T14861] usb 3-1: Using ep0 maxpacket: 8 [ 1143.189508][T14864] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 1143.199552][T14861] usb 3-1: config 0 has an invalid interface number: 246 but max is 0 [ 1143.208046][T14861] usb 3-1: config 0 has no interface number 0 [ 1143.236211][T14864] usb 1-1: device descriptor read/8, error -71 [ 1143.265161][T14861] usb 3-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1143.277620][T14861] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1143.287110][T14861] usb 3-1: Product: syz [ 1143.291378][T14861] usb 3-1: Manufacturer: syz [ 1143.296015][T14861] usb 3-1: SerialNumber: syz [ 1143.312950][T14861] usb 3-1: config 0 descriptor?? [ 1143.458332][T14861] msi2500 3-1:0.246: Registered as swradio24 [ 1143.465851][T14861] msi2500 3-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1143.509456][T14864] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 1143.534354][T17612] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1143.570952][T14864] usb 1-1: device descriptor read/8, error -71 [ 1143.577475][T17612] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1143.686741][T14861] usb 3-1: USB disconnect, device number 7 [ 1143.705424][T14864] usb usb1-port1: unable to enumerate USB device [ 1144.425663][T17592] delete_channel: no stack [ 1145.119502][ T5833] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 1145.309246][ T5833] usb 1-1: Using ep0 maxpacket: 32 [ 1145.338560][ T5833] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 1145.357994][ T5833] usb 1-1: config 0 has no interface number 0 [ 1145.371352][ T5833] usb 1-1: config 0 interface 184 has no altsetting 0 [ 1145.392657][ T5833] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1145.412077][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1145.427838][ T5833] usb 1-1: Product: syz [ 1145.443693][ T5833] usb 1-1: Manufacturer: syz [ 1145.448404][ T5833] usb 1-1: SerialNumber: syz [ 1145.469994][ T5833] usb 1-1: config 0 descriptor?? [ 1145.478580][ T5833] smsc75xx v1.0.0 [ 1145.483836][ T5833] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 1145.494716][ T5833] smsc75xx: probe of 1-1:0.184 failed with error -22 [ 1146.147873][T17642] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1146.156340][T17642] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1146.199465][T17642] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1146.207204][T17642] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1146.338325][T17646] loop1: detected capacity change from 0 to 1024 [ 1146.348043][T17642] batadv0 (unregistering): left allmulticast mode [ 1146.370501][T17646] EXT4-fs: Ignoring removed orlov option [ 1146.402284][T17646] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1146.452993][T17646] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1146.517075][T17646] EXT4-fs error (device loop1): ext4_check_all_de:666: inode #12: block 7: comm syz.1.3144: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=108 fake=0 [ 1146.560461][T17648] loop2: detected capacity change from 0 to 512 [ 1146.584347][T17648] EXT4-fs (loop2): VFS: Can't find ext4 filesystem [ 1146.672796][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1146.842153][T17659] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3148'. [ 1146.975490][T17663] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3150'. [ 1147.108446][T17670] tipc: Started in network mode [ 1147.115645][T17670] tipc: Node identity 52eeb60468ce, cluster identity 4711 [ 1147.123746][T17670] tipc: Enabled bearer , priority 0 [ 1147.154105][T17669] tipc: Disabling bearer [ 1147.330504][T17676] loop2: detected capacity change from 0 to 2048 [ 1147.367092][T17676] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1147.379527][ T6234] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1147.395721][T17680] loop3: detected capacity change from 0 to 1024 [ 1147.405343][T17680] EXT4-fs: Ignoring removed bh option [ 1147.419508][T17680] EXT4-fs: inline encryption not supported [ 1147.453546][T17680] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 1147.489537][T17680] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=c80ce018, mo2=0000] [ 1147.507033][T17680] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 2: comm syz.3.3157: lblock 2 mapped to illegal pblock 2 (length 1) [ 1147.531467][ T6052] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1147.550705][ T6052] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 640 with error 28 [ 1147.560107][T17680] __quota_error: 6 callbacks suppressed [ 1147.560127][T17680] Quota error (device loop3): qtree_write_dquot: dquota write failed [ 1147.563183][ T6052] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1147.563183][ T6052] [ 1147.569073][T17680] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 48: comm syz.3.3157: lblock 0 mapped to illegal pblock 48 (length 1) [ 1147.576874][ T6052] EXT4-fs (loop2): Total free blocks count 0 [ 1147.576896][ T6052] EXT4-fs (loop2): Free/Dirty block details [ 1147.576912][ T6052] EXT4-fs (loop2): free_blocks=2415919104 [ 1147.576930][ T6052] EXT4-fs (loop2): dirty_blocks=656 [ 1147.576944][ T6052] EXT4-fs (loop2): Block reservation details [ 1147.576956][ T6052] EXT4-fs (loop2): i_reserved_data_blocks=41 [ 1147.639904][T17681] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 24 with max blocks 2 with error 28 [ 1147.659681][T17680] Quota error (device loop3): v2_write_file_info: Can't write info structure [ 1147.670826][ T6234] usb 2-1: config 0 has no interfaces? [ 1147.671201][T17680] EXT4-fs error (device loop3): ext4_acquire_dquot:6938: comm syz.3.3157: Failed to acquire dquot type 0 [ 1147.688247][T17680] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5902: Corrupt filesystem [ 1147.706076][ T6234] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1147.716101][ T6234] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1147.725125][T17680] EXT4-fs error (device loop3): ext4_evict_inode:252: inode #11: comm syz.3.3157: mark_inode_dirty error [ 1147.727145][ T6234] usb 2-1: Product: syz [ 1147.741013][ T6234] usb 2-1: Manufacturer: syz [ 1147.745879][ T6234] usb 2-1: SerialNumber: syz [ 1147.750837][T17680] EXT4-fs warning (device loop3): ext4_evict_inode:255: couldn't mark inode dirty (err -117) [ 1147.762445][T17680] EXT4-fs (loop3): 1 orphan inode deleted [ 1147.768334][ T6234] usb 2-1: config 0 descriptor?? [ 1147.771564][T17680] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1147.780270][ T5879] usb 1-1: USB disconnect, device number 39 [ 1147.794100][ T2939] EXT4-fs error (device loop3): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:8: lblock 1 mapped to illegal pblock 1 (length 1) [ 1147.852736][ T2939] Quota error (device loop3): remove_tree: Can't read quota data block 1 [ 1147.880176][ T2939] EXT4-fs error (device loop3): ext4_release_dquot:6974: comm kworker/u4:8: Failed to release dquot type 0 [ 1147.939260][T17680] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro. [ 1147.989776][T14636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1148.134924][T17690] loop3: detected capacity change from 0 to 1024 [ 1148.143587][T17690] EXT4-fs: Ignoring removed bh option [ 1148.149598][T17690] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1148.183428][T17690] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1148.227768][T17690] syz.3.3159[17690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1148.227927][T17690] syz.3.3159[17690] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1148.419457][T17699] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3162'. [ 1148.565985][T14636] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1148.621592][T17705] tipc: Started in network mode [ 1148.641712][T17705] tipc: Node identity 6addcf75e541, cluster identity 4711 [ 1148.659854][T17705] tipc: Enabled bearer , priority 0 [ 1148.703710][T17704] tipc: Disabling bearer [ 1149.022836][T17718] loop3: detected capacity change from 0 to 2364 [ 1149.191854][T17726] loop2: detected capacity change from 0 to 1024 [ 1149.211805][T17726] EXT4-fs: Ignoring removed bh option [ 1149.229102][T17726] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1149.248182][T17726] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1149.266521][T17726] syz.2.3174[17726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1149.266680][T17726] syz.2.3174[17726] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1149.441327][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1150.135831][ T5879] usb 2-1: USB disconnect, device number 31 [ 1150.703706][T17744] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1150.727972][T17744] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1150.742312][T17744] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1150.748718][T17744] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1151.290111][T14846] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 1151.352569][T17775] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.3190'. [ 1151.405335][T17775] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3190'. [ 1151.494853][T14846] usb 3-1: config 0 has no interfaces? [ 1151.509300][T14846] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1151.526595][T14846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1151.541484][T14846] usb 3-1: Product: syz [ 1151.547397][T14846] usb 3-1: Manufacturer: syz [ 1151.570971][T14846] usb 3-1: SerialNumber: syz [ 1151.585038][T14846] usb 3-1: config 0 descriptor?? [ 1151.689285][ T5833] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 1151.809275][ T6234] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1151.900578][ T5833] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1151.933252][ T5833] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1151.944061][T17782] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3185'. [ 1151.965570][T17782] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1151.974873][T17782] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1152.059357][ T6234] usb 2-1: Using ep0 maxpacket: 16 [ 1152.068726][T17779] netlink: 'syz.1.3191': attribute type 29 has an invalid length. [ 1152.087633][ T5833] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1152.116480][ T5833] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1152.138242][ T5833] usb 1-1: Product: syz [ 1152.150527][ T5833] usb 1-1: Manufacturer: syz [ 1152.169633][ T5833] usb 1-1: SerialNumber: syz [ 1152.193362][ T5833] usb 1-1: config 0 descriptor?? [ 1152.214081][ T5833] redrat3 1-1:0.0: Couldn't find all endpoints [ 1152.239348][T13793] Bluetooth: hci1: command 0x0c1a tx timeout [ 1152.417159][T14864] usb 1-1: USB disconnect, device number 40 [ 1152.799349][T13793] Bluetooth: hci0: command 0x0c1a tx timeout [ 1152.799400][ T5104] Bluetooth: hci4: command 0x0419 tx timeout [ 1152.805495][T13793] Bluetooth: hci3: command 0x0c1a tx timeout [ 1153.138395][T17786] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3192'. [ 1153.189228][T17788] x_tables: duplicate underflow at hook 1 [ 1153.308057][T17790] serio: Serial port ptm0 [ 1153.674178][ T5833] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 1153.691697][ T5833] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1154.698880][ T6234] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1154.728058][ T6234] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1154.766528][ T6234] usb 2-1: can't read configurations, error -71 [ 1154.848994][T14864] usb 3-1: USB disconnect, device number 8 [ 1155.017868][T17816] loop2: detected capacity change from 0 to 2048 [ 1155.089119][T17816] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1155.163442][T17824] syz.3.3203[17824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1155.163594][T17824] syz.3.3203[17824] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1155.294638][T17825] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1155.326349][T17825] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 376 with error 28 [ 1155.348122][T17825] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1155.348122][T17825] [ 1155.377114][T17825] EXT4-fs (loop2): Total free blocks count 0 [ 1155.377142][T17825] EXT4-fs (loop2): Free/Dirty block details [ 1155.377160][T17825] EXT4-fs (loop2): free_blocks=2415919104 [ 1155.377180][T17825] EXT4-fs (loop2): dirty_blocks=384 [ 1155.377197][T17825] EXT4-fs (loop2): Block reservation details [ 1155.377211][T17825] EXT4-fs (loop2): i_reserved_data_blocks=24 [ 1155.567372][ T2939] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1156.636838][T14846] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 1156.831802][T14846] usb 3-1: Using ep0 maxpacket: 16 [ 1156.840621][T17840] netlink: 'syz.2.3208': attribute type 29 has an invalid length. [ 1156.886590][T17854] loop1: detected capacity change from 0 to 512 [ 1156.907822][T17854] EXT4-fs: Ignoring removed mblk_io_submit option [ 1156.916406][T17854] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 1156.972129][T17854] EXT4-fs (loop1): 1 truncate cleaned up [ 1156.981623][T17854] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1157.164833][T17854] netlink: 830 bytes leftover after parsing attributes in process `syz.1.3212'. [ 1157.211360][T14861] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1157.222210][T17860] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3213'. [ 1157.238243][ T28] audit: type=1326 audit(1753396959.429:2269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.261129][T17860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3213'. [ 1157.295969][T17854] 9pnet_fd: Insufficient options for proto=fd [ 1157.302793][ T28] audit: type=1326 audit(1753396959.448:2270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.350056][ T28] audit: type=1326 audit(1753396959.448:2271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.388091][ T28] audit: type=1326 audit(1753396959.448:2272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.469427][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1157.476480][ T28] audit: type=1326 audit(1753396959.466:2273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.528966][ T28] audit: type=1326 audit(1753396959.466:2274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.568716][T14861] usb 1-1: config 0 has no interfaces? [ 1157.593144][T14861] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1157.603079][T14861] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1157.615107][ T28] audit: type=1326 audit(1753396959.466:2275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.687347][ T28] audit: type=1326 audit(1753396959.466:2276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.718039][T14861] usb 1-1: Product: syz [ 1157.766613][T14861] usb 1-1: Manufacturer: syz [ 1157.768952][ T28] audit: type=1326 audit(1753396959.466:2277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.814260][T14861] usb 1-1: SerialNumber: syz [ 1157.828553][ T28] audit: type=1326 audit(1753396959.466:2278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17849 comm="syz.1.3212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1157.830719][T14861] usb 1-1: config 0 descriptor?? [ 1157.851284][ C1] vkms_vblank_simulate: vblank timer overrun [ 1158.299442][T17876] tipc: Enabled bearer , priority 0 [ 1158.340221][T17874] tipc: Disabling bearer [ 1158.558210][T17880] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3210'. [ 1158.622256][T17880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1158.661977][T17880] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1158.715036][T17884] loop1: detected capacity change from 0 to 1024 [ 1158.750620][T17884] EXT4-fs: Ignoring removed orlov option [ 1158.759457][T17884] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1158.815783][T17884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1158.921263][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1159.092618][T17891] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3223'. [ 1159.118259][T17891] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3223'. [ 1159.492753][T17896] loop1: detected capacity change from 0 to 1024 [ 1159.500627][T17896] EXT4-fs: Ignoring removed bh option [ 1159.515177][T17896] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1159.589471][T17896] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1159.769695][T17896] syz.1.3225[17896] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1159.771807][T17896] syz.1.3225[17896] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1159.839166][T14846] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1159.899457][T17898] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3225'. [ 1159.945313][T14846] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1159.970106][T14846] usb 3-1: can't read configurations, error -71 [ 1160.166748][T17904] loop2: detected capacity change from 0 to 1024 [ 1160.175559][T17904] EXT4-fs: Ignoring removed orlov option [ 1160.213269][T17904] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1160.265265][T14861] usb 1-1: USB disconnect, device number 41 [ 1160.267046][T17904] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1160.391079][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1160.479352][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1160.506774][T17909] tipc: Enabled bearer , priority 0 [ 1160.550718][T17911] loop2: detected capacity change from 0 to 2048 [ 1160.559797][T17911] EXT4-fs: Ignoring removed nobh option [ 1160.610484][T17908] tipc: Disabling bearer [ 1160.617810][T17911] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1160.643781][T17914] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3232'. [ 1160.653521][T17914] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3232'. [ 1160.693915][T17917] loop1: detected capacity change from 0 to 1024 [ 1160.733245][T17917] EXT4-fs: Ignoring removed orlov option [ 1160.751443][T17917] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1160.820519][T17917] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1160.864466][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1160.993951][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1161.250809][T17932] sctp: [Deprecated]: syz.1.3237 (pid 17932) Use of int in max_burst socket option. [ 1161.250809][T17932] Use struct sctp_assoc_value instead [ 1161.275265][T14861] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1161.479768][T14861] usb 1-1: Using ep0 maxpacket: 16 [ 1161.504044][T17925] netlink: 'syz.0.3234': attribute type 29 has an invalid length. [ 1161.793874][ T5879] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 1161.995714][ T5879] usb 2-1: config 0 has no interfaces? [ 1162.017871][ T5879] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1162.041566][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1162.061386][ T5879] usb 2-1: Product: syz [ 1162.067032][ T5879] usb 2-1: Manufacturer: syz [ 1162.097330][ T5879] usb 2-1: SerialNumber: syz [ 1162.121661][ T5879] usb 2-1: config 0 descriptor?? [ 1162.246507][T17940] loop2: detected capacity change from 0 to 2048 [ 1162.299899][T17940] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1162.475720][T17947] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3238'. [ 1162.524247][T17947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1162.543570][T17945] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1162.547113][T17947] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1162.590165][T17945] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 206 with error 28 [ 1162.613596][T17950] syz.3.3240[17950] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1162.613719][T17950] syz.3.3240[17950] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1162.651230][T17945] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1162.651230][T17945] [ 1162.736770][T17945] EXT4-fs (loop2): Total free blocks count 0 [ 1162.743403][T17945] EXT4-fs (loop2): Free/Dirty block details [ 1162.750227][T17945] EXT4-fs (loop2): free_blocks=2415919104 [ 1162.756547][T17945] EXT4-fs (loop2): dirty_blocks=208 [ 1162.762512][T17945] EXT4-fs (loop2): Block reservation details [ 1162.770659][T17945] EXT4-fs (loop2): i_reserved_data_blocks=13 [ 1162.778714][T17952] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3240'. [ 1162.882680][ T2939] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1163.055599][T17955] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3241'. [ 1163.072623][T17955] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3241'. [ 1163.373202][T17957] tipc: Enabled bearer , priority 0 [ 1163.397015][T17956] tipc: Disabling bearer [ 1163.685799][T17959] loop2: detected capacity change from 0 to 8192 [ 1163.743177][ T28] kauditd_printk_skb: 48 callbacks suppressed [ 1163.743194][ T28] audit: type=1800 audit(1753396965.420:2327): pid=17959 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3243" name="file1" dev="loop2" ino=1048607 res=0 errno=0 [ 1164.355970][T14861] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1164.377180][T14861] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 1164.398516][T14861] usb 1-1: can't read configurations, error -71 [ 1164.663615][T17979] syz.2.3252[17979] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1164.665235][T17979] syz.2.3252[17979] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1164.705647][T17978] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3250'. [ 1164.751602][T17978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3250'. [ 1165.095751][T14846] usb 2-1: USB disconnect, device number 34 [ 1165.265625][T17996] loop2: detected capacity change from 0 to 512 [ 1165.292252][T17996] EXT4-fs (loop2): #blocks per group too big: 466944 [ 1167.341076][T14846] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1167.460315][ T6234] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1167.475527][T18018] x_tables: duplicate underflow at hook 1 [ 1167.546964][T14846] usb 4-1: Using ep0 maxpacket: 16 [ 1167.595375][T17999] netlink: 'syz.3.3258': attribute type 29 has an invalid length. [ 1167.677230][ T6234] usb 1-1: Using ep0 maxpacket: 8 [ 1167.690391][ T6234] usb 1-1: config 0 has an invalid interface number: 246 but max is 0 [ 1167.702144][ T6234] usb 1-1: config 0 has no interface number 0 [ 1167.830722][ T6234] usb 1-1: New USB device found, idVendor=2040, idProduct=d300, bcdDevice=16.b3 [ 1167.847792][ T6234] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1167.856510][ T6234] usb 1-1: Product: syz [ 1167.860832][ T6234] usb 1-1: Manufacturer: syz [ 1167.866800][ T6234] usb 1-1: SerialNumber: syz [ 1167.878085][ T6234] usb 1-1: config 0 descriptor?? [ 1168.046300][ T6234] msi2500 1-1:0.246: Registered as swradio24 [ 1168.054267][ T6234] msi2500 1-1:0.246: SDR API is still slightly experimental and functionality changes may follow [ 1168.164607][ T5879] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 1168.231541][T18012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1168.257218][T18012] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1168.285129][T14864] usb 1-1: USB disconnect, device number 44 [ 1168.839537][ T5879] usb 2-1: config 0 has no interfaces? [ 1168.862425][ T5879] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1168.887812][ T5879] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1168.904237][ T5879] usb 2-1: Product: syz [ 1168.908874][ T5879] usb 2-1: Manufacturer: syz [ 1168.914203][ T5879] usb 2-1: SerialNumber: syz [ 1168.924964][ T5879] usb 2-1: config 0 descriptor?? [ 1169.046650][T18034] loop2: detected capacity change from 0 to 2048 [ 1169.210988][T18034] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1169.234409][T18034] EXT4-fs error (device loop2): ext4_lookup:1858: inode #16: comm syz.2.3268: iget: bad extended attribute block 458752 [ 1169.389803][T18043] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3266'. [ 1169.431840][T18043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1169.467160][T18043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1169.753828][T14846] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1169.777154][T14846] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1169.804650][T14846] usb 4-1: can't read configurations, error -71 [ 1170.165332][T18049] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.3272'. [ 1170.167565][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1170.279052][T18049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3272'. [ 1170.293045][T18049] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3272'. [ 1170.787834][T14846] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 1171.005123][T14846] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1171.024703][T14846] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1171.095036][T14846] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1171.105395][T14846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1171.113592][T14846] usb 4-1: Product: syz [ 1171.117944][T14846] usb 4-1: Manufacturer: syz [ 1171.124087][T14846] usb 4-1: SerialNumber: syz [ 1171.132449][T14846] usb 4-1: config 0 descriptor?? [ 1171.145419][T14846] redrat3 4-1:0.0: Couldn't find all endpoints [ 1171.149679][ T5879] usb 2-1: USB disconnect, device number 35 [ 1171.373698][ T6234] usb 4-1: USB disconnect, device number 123 [ 1171.945357][T18073] loop2: detected capacity change from 0 to 2048 [ 1171.978076][T14864] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 1171.990219][T18073] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1172.228780][T14864] usb 2-1: Using ep0 maxpacket: 16 [ 1172.261723][T18069] netlink: 'syz.1.3278': attribute type 29 has an invalid length. [ 1172.324589][T18076] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1172.357896][T18076] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 60 with max blocks 328 with error 28 [ 1172.372526][T18076] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1172.372526][T18076] [ 1172.383218][T18076] EXT4-fs (loop2): Total free blocks count 0 [ 1172.389284][T18076] EXT4-fs (loop2): Free/Dirty block details [ 1172.396001][T18076] EXT4-fs (loop2): free_blocks=2415919104 [ 1172.402273][T18076] EXT4-fs (loop2): dirty_blocks=400 [ 1172.407525][T18076] EXT4-fs (loop2): Block reservation details [ 1172.420647][T18076] EXT4-fs (loop2): i_reserved_data_blocks=25 [ 1172.525832][ T1121] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1172.942423][T14861] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 1173.053081][T18093] netlink: 28 bytes leftover after parsing attributes in process `syz.0.3287'. [ 1173.177353][T14861] usb 4-1: config 0 has no interfaces? [ 1173.268547][T14861] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1173.289641][T14861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1173.297811][T14861] usb 4-1: Product: syz [ 1173.303719][T14861] usb 4-1: Manufacturer: syz [ 1173.308602][T14861] usb 4-1: SerialNumber: syz [ 1173.326610][T14861] usb 4-1: config 0 descriptor?? [ 1173.511804][T18101] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.3290'. [ 1173.592451][T18103] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3290'. [ 1173.641158][T18085] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3283'. [ 1173.737950][T18104] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1173.757277][T18104] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1173.954332][ T5879] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1174.234054][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1174.258431][ T5879] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1174.310657][ T5879] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1174.332932][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1174.365365][ T5879] usb 1-1: Product: syz [ 1174.386252][ T5879] usb 1-1: Manufacturer: syz [ 1174.422818][ T5879] usb 1-1: SerialNumber: syz [ 1174.460853][ T5879] usb 1-1: config 0 descriptor?? [ 1174.502399][ T5879] redrat3 1-1:0.0: Couldn't find all endpoints [ 1174.714385][ T5834] usb 1-1: USB disconnect, device number 45 [ 1175.167753][T18117] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3296'. [ 1175.358548][T14864] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1175.376065][T18119] loop2: detected capacity change from 0 to 1024 [ 1175.402192][T14864] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1175.412329][T14864] usb 2-1: can't read configurations, error -71 [ 1175.442671][T18119] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1175.455375][T18119] ext4 filesystem being mounted at /272/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 1175.476077][ T28] audit: type=1800 audit(1753396976.265:2328): pid=18119 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3297" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 1175.592959][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1175.612069][T18124] loop1: detected capacity change from 0 to 2048 [ 1175.648138][T18126] syz.0.3299[18126] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1175.648281][T18126] syz.0.3299[18126] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1175.699435][T18124] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1175.816710][T18131] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3299'. [ 1175.985201][T18135] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1176.057453][T18135] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 812 with error 28 [ 1176.084397][T18135] EXT4-fs (loop1): This should not happen!! Data will be lost [ 1176.084397][T18135] [ 1176.096674][T18135] EXT4-fs (loop1): Total free blocks count 0 [ 1176.104182][T18135] EXT4-fs (loop1): Free/Dirty block details [ 1176.110485][T18135] EXT4-fs (loop1): free_blocks=2415919104 [ 1176.118632][T18135] EXT4-fs (loop1): dirty_blocks=816 [ 1176.127608][T18135] EXT4-fs (loop1): Block reservation details [ 1176.133857][T18135] EXT4-fs (loop1): i_reserved_data_blocks=51 [ 1176.347823][T14861] usb 4-1: USB disconnect, device number 124 [ 1176.378408][T12976] EXT4-fs (loop1): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1176.833947][T18150] netlink: 16178 bytes leftover after parsing attributes in process `syz.3.3307'. [ 1176.932770][T18150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3307'. [ 1176.969554][T18150] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3307'. [ 1177.126106][T18161] loop2: detected capacity change from 0 to 2048 [ 1177.179243][T14864] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 1177.206843][T18161] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 1177.308566][ T5879] usb 4-1: new high-speed USB device number 125 using dummy_hcd [ 1177.367640][T18166] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters [ 1177.384961][T18166] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 556 with error 28 [ 1177.419316][T18166] EXT4-fs (loop2): This should not happen!! Data will be lost [ 1177.419316][T18166] [ 1177.419342][T14864] usb 2-1: Using ep0 maxpacket: 16 [ 1177.448473][T18166] EXT4-fs (loop2): Total free blocks count 0 [ 1177.460661][T18151] netlink: 'syz.1.3306': attribute type 29 has an invalid length. [ 1177.503584][T18166] EXT4-fs (loop2): Free/Dirty block details [ 1177.509957][T18166] EXT4-fs (loop2): free_blocks=2415919104 [ 1177.516078][T18166] EXT4-fs (loop2): dirty_blocks=560 [ 1177.522838][T18166] EXT4-fs (loop2): Block reservation details [ 1177.529451][T18166] EXT4-fs (loop2): i_reserved_data_blocks=35 [ 1177.537522][T14846] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 1177.552069][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1177.564710][ T5879] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1177.600180][ T5879] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1177.612440][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1177.620688][ T5879] usb 4-1: Product: syz [ 1177.625539][ T5879] usb 4-1: Manufacturer: syz [ 1177.630221][ T5879] usb 4-1: SerialNumber: syz [ 1177.644065][ T5879] usb 4-1: config 0 descriptor?? [ 1177.671414][ T5879] redrat3 4-1:0.0: Couldn't find all endpoints [ 1177.750250][T12976] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 2 with error 28 [ 1177.781553][T14846] usb 1-1: config 0 has no interfaces? [ 1177.824875][T14846] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1177.836198][T14846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1177.844657][T14846] usb 1-1: Product: syz [ 1177.849710][T14846] usb 1-1: Manufacturer: syz [ 1177.870747][T14846] usb 1-1: SerialNumber: syz [ 1177.889211][ T5879] usb 4-1: USB disconnect, device number 125 [ 1177.943958][T14846] usb 1-1: config 0 descriptor?? [ 1178.079477][T18170] loop2: detected capacity change from 0 to 1024 [ 1178.095169][T18170] EXT4-fs: Ignoring removed bh option [ 1178.118978][T18170] EXT4-fs: Ignoring removed nomblk_io_submit option [ 1178.159518][T18170] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1178.204737][T18170] syz.2.3312[18170] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1178.204881][T18170] syz.2.3312[18170] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1178.416670][T18175] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3311'. [ 1178.490301][T18176] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3312'. [ 1178.577287][T18165] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1178.697554][T18165] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1179.057051][T14001] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1179.247961][ T6234] usb 4-1: new high-speed USB device number 126 using dummy_hcd [ 1179.468181][ T6234] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1179.476734][ T6234] usb 4-1: can't read configurations, error -61 [ 1179.644453][ T1290] ieee802154 phy0 wpan0: encryption failed: -22 [ 1179.652273][ T6234] usb 4-1: new high-speed USB device number 127 using dummy_hcd [ 1179.665302][ T1290] ieee802154 phy1 wpan1: encryption failed: -22 [ 1179.886126][ T6234] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1179.964244][ T6234] usb 4-1: can't read configurations, error -61 [ 1180.044408][ T6234] usb usb4-port1: attempt power cycle [ 1180.308108][T18196] netlink: 16178 bytes leftover after parsing attributes in process `syz.2.3321'. [ 1180.345229][T14864] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1180.393214][T14864] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1180.409241][T18196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3321'. [ 1180.418676][T14864] usb 2-1: can't read configurations, error -71 [ 1180.433233][T18196] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3321'. [ 1180.487115][T18199] loop1: detected capacity change from 0 to 1024 [ 1180.532973][T18199] EXT4-fs: Ignoring removed orlov option [ 1180.564188][T18199] EXT4-fs (loop1): stripe (5) is not aligned with cluster size (16), stripe is disabled [ 1180.580438][ T6234] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 1180.618170][T18199] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 1180.637765][ T6234] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1180.653133][ T6234] usb 4-1: can't read configurations, error -61 [ 1180.690798][T18199] EXT4-fs error (device loop1): ext4_find_dest_de:2115: inode #12: block 7: comm syz.1.3322: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0 [ 1180.710804][T14850] usb 1-1: USB disconnect, device number 46 [ 1180.757118][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1180.766218][ T5879] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 1180.819624][ T6234] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 1180.882067][ T6234] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1180.895790][ T6234] usb 4-1: can't read configurations, error -61 [ 1180.915111][ T6234] usb usb4-port1: unable to enumerate USB device [ 1180.962714][ T5879] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1180.976544][ T28] audit: type=1326 audit(1753396981.332:2329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18206 comm="syz.1.3326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1181.003629][ T5879] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1181.019915][ T28] audit: type=1326 audit(1753396981.332:2330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18206 comm="syz.1.3326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=305 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1181.043323][ T28] audit: type=1326 audit(1753399559.345:2331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18206 comm="syz.1.3326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1181.068432][ T5879] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1181.077857][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1181.088241][ T28] audit: type=1326 audit(1753399559.345:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18206 comm="syz.1.3326" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a55b8e9a9 code=0x7ffc0000 [ 1181.111127][ T5879] usb 3-1: Product: syz [ 1181.115639][ T5879] usb 3-1: Manufacturer: syz [ 1181.120293][ T5879] usb 3-1: SerialNumber: syz [ 1181.128116][ T5879] usb 3-1: config 0 descriptor?? [ 1181.142188][ T5879] redrat3 3-1:0.0: Couldn't find all endpoints [ 1181.248820][ T5834] kernel write not supported for file /617/attr/exec (pid: 5834 comm: kworker/1:3) [ 1181.361828][ T6234] usb 3-1: USB disconnect, device number 11 [ 1181.902335][ T6234] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1182.090747][T18229] loop2: detected capacity change from 0 to 2364 [ 1182.110458][ T6234] usb 2-1: config 0 has no interfaces? [ 1182.118914][ T6234] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1182.140603][ T6234] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1182.148711][ T6234] usb 2-1: Product: syz [ 1182.162445][ T6234] usb 2-1: Manufacturer: syz [ 1182.167114][ T6234] usb 2-1: SerialNumber: syz [ 1182.186302][ T6234] usb 2-1: config 0 descriptor?? [ 1182.304903][T18233] syzkaller0: entered promiscuous mode [ 1182.312377][T18233] syzkaller0: entered allmulticast mode [ 1182.335946][ T28] audit: type=1326 audit(1753399560.591:2333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18234 comm="syz.2.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd77958e9a9 code=0x7ffc0000 [ 1182.385562][ T28] audit: type=1326 audit(1753399560.591:2334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18234 comm="syz.2.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7fd77958e9a9 code=0x7ffc0000 [ 1182.408646][ T28] audit: type=1326 audit(1753399560.591:2335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18234 comm="syz.2.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd77958e9a9 code=0x7ffc0000 [ 1182.433481][ T28] audit: type=1326 audit(1753399560.591:2336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18234 comm="syz.2.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd77958e9a9 code=0x7ffc0000 [ 1182.456700][ T28] audit: type=1326 audit(1753399560.591:2337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18234 comm="syz.2.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd77958e9a9 code=0x7ffc0000 [ 1182.481492][ T28] audit: type=1326 audit(1753399560.591:2338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18234 comm="syz.2.3337" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7fd77958e9a9 code=0x7ffc0000 [ 1182.504020][ C1] vkms_vblank_simulate: vblank timer overrun [ 1182.592539][T18224] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1182.604071][T18224] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1182.775485][ T5879] kernel write not supported for file /590/attr/exec (pid: 5879 comm: kworker/0:5) [ 1183.193724][T18253] netlink: 16178 bytes leftover after parsing attributes in process `syz.0.3342'. [ 1183.266886][T18253] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3342'. [ 1183.574511][ T5879] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 1183.781850][ T5879] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1183.792256][ T5879] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1183.805852][ T5879] usb 1-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1183.815060][ T5879] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1183.823541][ T5879] usb 1-1: Product: syz [ 1183.827849][ T5879] usb 1-1: Manufacturer: syz [ 1183.832591][ T5879] usb 1-1: SerialNumber: syz [ 1183.839817][ T5879] usb 1-1: config 0 descriptor?? [ 1183.848528][ T5879] redrat3 1-1:0.0: Couldn't find all endpoints [ 1184.070307][ T5879] usb 1-1: USB disconnect, device number 47 [ 1185.168000][T18221] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3331'. [ 1185.222225][ T5879] usb 2-1: USB disconnect, device number 40 [ 1185.303782][T18265] loop1: detected capacity change from 0 to 2048 [ 1185.361160][T18265] loop1: p1 < > p4 [ 1185.367845][T18265] loop1: p4 size 8388608 extends beyond EOD, truncated [ 1185.367975][T18267] tipc: Enabling of bearer rejected, failed to enable media [ 1185.555208][T18276] netlink: 16178 bytes leftover after parsing attributes in process `syz.1.3351'. [ 1185.591499][T18276] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3351'. [ 1185.692859][T14861] kernel write not supported for file /679/attr/exec (pid: 14861 comm: kworker/1:16) [ 1185.889518][T14864] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1185.927278][T18289] syzkaller0: entered promiscuous mode [ 1185.933114][T18289] syzkaller0: entered allmulticast mode [ 1186.130715][T14864] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0 [ 1186.175552][T14864] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0 [ 1186.192323][T14864] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f [ 1186.201652][T14864] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1186.253816][T14864] usb 2-1: Product: syz [ 1186.275741][T14864] usb 2-1: Manufacturer: syz [ 1186.297668][T14864] usb 2-1: SerialNumber: syz [ 1186.322691][T14861] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 1186.335036][T14864] usb 2-1: config 0 descriptor?? [ 1186.357671][T14864] redrat3 2-1:0.0: Couldn't find all endpoints [ 1186.585386][T14864] usb 2-1: USB disconnect, device number 41 [ 1186.674225][T14861] usb 4-1: config 0 has no interfaces? [ 1187.049405][T14861] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1187.071230][T14861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1187.079972][T14861] usb 4-1: Product: syz [ 1187.092760][T14861] usb 4-1: Manufacturer: syz [ 1187.097593][T14861] usb 4-1: SerialNumber: syz [ 1187.105942][T14861] usb 4-1: config 0 descriptor?? [ 1187.643839][T18309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1187.665107][T18309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1187.772562][ T5879] kernel write not supported for file /633/attr/exec (pid: 5879 comm: kworker/0:5) [ 1188.081682][T18317] loop1: detected capacity change from 0 to 2048 [ 1188.133012][T18317] loop1: p1 < > p4 [ 1188.139240][T18317] loop1: p4 size 8388608 extends beyond EOD, truncated [ 1188.466837][T18321] loop1: detected capacity change from 0 to 2048 [ 1188.533122][T18321] loop1: p1 < > p4 [ 1188.538784][T18321] loop1: p4 size 8388608 extends beyond EOD, truncated [ 1188.943768][T18330] loop1: detected capacity change from 0 to 2048 [ 1188.951248][T18330] EXT4-fs: Ignoring removed nobh option [ 1189.007152][T18330] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 1189.055954][T15046] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 1189.525133][T18299] tipc: Enabling of bearer rejected, failed to enable media [ 1189.553254][T18305] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3355'. [ 1189.680035][T14861] usb 4-1: USB disconnect, device number 4 [ 1189.802217][T18347] loop1: detected capacity change from 0 to 2048 [ 1189.858795][T18347] loop1: p1 < > p4 [ 1189.864292][T18347] loop1: p4 size 8388608 extends beyond EOD, truncated [ 1189.900544][T18353] BUG: assuming non migratable context at include/linux/filter.h:599 [ 1189.919781][T18353] in_atomic(): 0, irqs_disabled(): 0, migration_disabled() 0 pid: 18353, name: syz.3.3378 [ 1189.929790][T18353] 3 locks held by syz.3.3378/18353: [ 1189.946696][T18353] #0: ffff88802dab0a30 (sk_lock-AF_INET6){+.+.}-{0:0}, at: sctp_sendmsg+0xb92/0x27e0 [ 1189.963265][T18353] #1: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: sctp_v6_xmit+0x65d/0x1230 [ 1189.977734][T18353] #2: ffffffff8cd2fba0 (rcu_read_lock){....}-{1:2}, at: nf_hook+0x9e/0x370 [ 1189.995632][T18353] CPU: 1 PID: 18353 Comm: syz.3.3378 Not tainted 6.6.100-syzkaller #0 [ 1190.003962][T18353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1190.014083][T18353] Call Trace: [ 1190.017397][T18353] [ 1190.020353][T18353] dump_stack_lvl+0x16c/0x230 [ 1190.025065][T18353] ? show_regs_print_info+0x20/0x20 [ 1190.030307][T18353] ? nf_nat_inet_fn+0x93e/0xbc0 [ 1190.035204][T18353] __cant_migrate+0x234/0x2e0 [ 1190.039920][T18353] ? __cant_sleep+0x210/0x210 [ 1190.044621][T18353] ? nf_nat_ipv6_fn+0x21b/0x2d0 [ 1190.049671][T18353] nf_hook_run_bpf+0x90/0x1e0 [ 1190.054372][T18353] ? ip6table_filter_table_init+0x70/0xb0 [ 1190.060130][T18353] ? bpf_nf_link_attach+0x810/0x810 [ 1190.065354][T18353] ? nf_nat_ipv6_out+0x2f3/0x380 [ 1190.070315][T18353] ? bpf_nf_link_attach+0x810/0x810 [ 1190.075536][T18353] nf_hook_slow+0xbd/0x200 [ 1190.079977][T18353] nf_hook+0x215/0x370 [ 1190.084064][T18353] ? nf_hook_slow+0x1b4/0x200 [ 1190.088785][T18353] ? nf_hook+0x9e/0x370 [ 1190.092958][T18353] ? ip6_make_skb+0x4c0/0x4c0 [ 1190.097647][T18353] ? nf_hook+0x2f0/0x370 [ 1190.101904][T18353] ? ip6_output+0x3b0/0x3b0 [ 1190.106434][T18353] ? nf_hook+0x9e/0x370 [ 1190.110645][T18353] ? ip6_make_skb+0x4c0/0x4c0 [ 1190.115352][T18353] ip6_output+0x272/0x3b0 [ 1190.119758][T18353] ? ip6_output+0x3b0/0x3b0 [ 1190.124298][T18353] ip6_xmit+0x10a7/0x1830 [ 1190.128652][T18353] ? kasan_set_track+0x5f/0x70 [ 1190.133448][T18353] ? ip6_autoflowlabel+0xe0/0xe0 [ 1190.138419][T18353] ? read_lock_is_recursive+0x20/0x20 [ 1190.143829][T18353] ? sctp_v6_xmit+0x65d/0x1230 [ 1190.148616][T18353] sctp_v6_xmit+0x9e3/0x1230 [ 1190.153411][T18353] ? __sctp_v6_cmp_addr+0x510/0x510 [ 1190.158636][T18353] ? slab_free_freelist_hook+0x130/0x1b0 [ 1190.164306][T18353] ? sctp_packet_transmit+0x14ab/0x2a30 [ 1190.169871][T18353] ? kmem_cache_free+0xf8/0x280 [ 1190.174754][T18353] sctp_packet_transmit+0x2488/0x2a30 [ 1190.180177][T18353] sctp_packet_singleton+0x234/0x330 [ 1190.185582][T18353] ? sctp_outq_select_transport+0x570/0x570 [ 1190.191601][T18353] ? sctp_outq_select_transport+0x45d/0x570 [ 1190.197520][T18353] ? sctp_transport_burst_limited+0x197/0x280 [ 1190.203617][T18353] sctp_outq_flush+0x4f1/0x3100 [ 1190.208492][T18353] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1190.214427][T18353] ? _raw_spin_unlock+0x40/0x40 [ 1190.219307][T18353] ? rcu_is_watching+0x15/0xb0 [ 1190.224132][T18353] ? enqueue_timer+0x225/0x530 [ 1190.228911][T18353] ? sctp_outq_tail+0x8b0/0x8b0 [ 1190.233826][T18353] ? sctp_outq_tail+0x604/0x8b0 [ 1190.238721][T18353] ? sctp_outq_uncork+0x4d/0xa0 [ 1190.243626][T18353] sctp_do_sm+0x52d6/0x59a0 [ 1190.248209][T18353] ? sctp_generate_t3_rtx_event+0x340/0x340 [ 1190.254142][T18353] ? __se_sys_sendmsg+0x1a5/0x270 [ 1190.259228][T18353] ? __sk_mem_raise_allocated+0xaa9/0x1370 [ 1190.265246][T18353] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 1190.270655][T18353] sctp_sendmsg_to_asoc+0x101c/0x17f0 [ 1190.276062][T18353] ? __asan_memcpy+0x40/0x70 [ 1190.280694][T18353] ? sctp_assoc_add_peer+0xcf3/0x13a0 [ 1190.286114][T18353] ? sctp_sendmsg_check_sflags+0x2e0/0x2e0 [ 1190.291955][T18353] ? __sctp_connect+0xd20/0xd20 [ 1190.296835][T18353] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1190.302329][T18353] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 1190.307914][T18353] ? security_sctp_bind_connect+0x89/0xb0 [ 1190.313672][T18353] sctp_sendmsg+0x1941/0x27e0 [ 1190.318387][T18353] ? sctp_getsockopt+0xb60/0xb60 [ 1190.323537][T18353] ? aa_sk_perm+0x7fc/0x930 [ 1190.328078][T18353] ? aa_af_perm+0x2b0/0x2b0 [ 1190.332620][T18353] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 1190.339070][T18353] ? sock_rps_record_flow+0x19/0x400 [ 1190.344370][T18353] ? inet_send_prepare+0x260/0x260 [ 1190.349515][T18353] ? inet_sendmsg+0xe9/0x2f0 [ 1190.354207][T18353] ? inet_send_prepare+0x260/0x260 [ 1190.359409][T18353] ____sys_sendmsg+0x5bf/0x950 [ 1190.364271][T18353] ? __asan_memset+0x22/0x40 [ 1190.368896][T18353] ? __sys_sendmsg_sock+0x30/0x30 [ 1190.374051][T18353] ? __import_iovec+0x5f2/0x860 [ 1190.378955][T18353] ? import_iovec+0x73/0xa0 [ 1190.383488][T18353] ___sys_sendmsg+0x220/0x290 [ 1190.388200][T18353] ? __sys_sendmsg+0x270/0x270 [ 1190.393004][T18353] ? rcu_read_lock_any_held+0xb4/0x120 [ 1190.398506][T18353] __se_sys_sendmsg+0x1a5/0x270 [ 1190.403381][T18353] ? __x64_sys_sendmsg+0x80/0x80 [ 1190.408360][T18353] ? lockdep_hardirqs_on+0x98/0x150 [ 1190.413592][T18353] do_syscall_64+0x55/0xb0 [ 1190.418036][T18353] ? clear_bhb_loop+0x40/0x90 [ 1190.422729][T18353] ? clear_bhb_loop+0x40/0x90 [ 1190.427422][T18353] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1190.433347][T18353] RIP: 0033:0x7f910438e9a9 [ 1190.437826][T18353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1190.457457][T18353] RSP: 002b:00007f910522e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1190.465902][T18353] RAX: ffffffffffffffda RBX: 00007f91045b5fa0 RCX: 00007f910438e9a9 [ 1190.473894][T18353] RDX: 0000000004048043 RSI: 0000200000000800 RDI: 0000000000000004 [ 1190.481887][T18353] RBP: 00007f9104410d69 R08: 0000000000000000 R09: 0000000000000000 [ 1190.490311][T18353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1190.498306][T18353] R13: 0000000000000000 R14: 00007f91045b5fa0 R15: 00007fff8595fce8 [ 1190.506309][T18353] [ 1190.515182][T18353] check_preemption_disabled: 27 callbacks suppressed [ 1190.515201][T18353] BUG: using smp_processor_id() in preemptible [00000000] code: syz.3.3378/18353 [ 1190.532665][T18353] caller is nf_hook_run_bpf+0x157/0x1e0 [ 1190.538385][T18353] CPU: 0 PID: 18353 Comm: syz.3.3378 Tainted: G W 6.6.100-syzkaller #0 [ 1190.548065][T18353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1190.558159][T18353] Call Trace: [ 1190.561476][T18353] [ 1190.564423][T18353] dump_stack_lvl+0x16c/0x230 [ 1190.569214][T18353] ? show_regs_print_info+0x20/0x20 [ 1190.574461][T18353] ? load_image+0x3b0/0x3b0 [ 1190.579000][T18353] ? __cant_migrate+0x240/0x2e0 [ 1190.583873][T18353] ? __cant_sleep+0x210/0x210 [ 1190.588581][T18353] check_preemption_disabled+0x104/0x110 [ 1190.594244][T18353] nf_hook_run_bpf+0x157/0x1e0 [ 1190.599024][T18353] ? ip6table_filter_table_init+0x70/0xb0 [ 1190.604965][T18353] ? bpf_nf_link_attach+0x810/0x810 [ 1190.610224][T18353] ? nf_nat_ipv6_out+0x2f3/0x380 [ 1190.615202][T18353] ? bpf_nf_link_attach+0x810/0x810 [ 1190.620463][T18353] nf_hook_slow+0xbd/0x200 [ 1190.624944][T18353] nf_hook+0x215/0x370 [ 1190.629047][T18353] ? nf_hook_slow+0x1b4/0x200 [ 1190.633750][T18353] ? nf_hook+0x9e/0x370 [ 1190.637921][T18353] ? ip6_make_skb+0x4c0/0x4c0 [ 1190.642627][T18353] ? nf_hook+0x2f0/0x370 [ 1190.646893][T18353] ? ip6_output+0x3b0/0x3b0 [ 1190.651425][T18353] ? nf_hook+0x9e/0x370 [ 1190.655596][T18353] ? ip6_make_skb+0x4c0/0x4c0 [ 1190.660299][T18353] ip6_output+0x272/0x3b0 [ 1190.664656][T18353] ? ip6_output+0x3b0/0x3b0 [ 1190.669230][T18353] ip6_xmit+0x10a7/0x1830 [ 1190.673620][T18353] ? kasan_set_track+0x5f/0x70 [ 1190.678424][T18353] ? ip6_autoflowlabel+0xe0/0xe0 [ 1190.683408][T18353] ? read_lock_is_recursive+0x20/0x20 [ 1190.688815][T18353] ? sctp_v6_xmit+0x65d/0x1230 [ 1190.693607][T18353] sctp_v6_xmit+0x9e3/0x1230 [ 1190.698231][T18353] ? __sctp_v6_cmp_addr+0x510/0x510 [ 1190.703585][T18353] ? slab_free_freelist_hook+0x130/0x1b0 [ 1190.709246][T18353] ? sctp_packet_transmit+0x14ab/0x2a30 [ 1190.714810][T18353] ? kmem_cache_free+0xf8/0x280 [ 1190.719702][T18353] sctp_packet_transmit+0x2488/0x2a30 [ 1190.725208][T18353] sctp_packet_singleton+0x234/0x330 [ 1190.730521][T18353] ? sctp_outq_select_transport+0x570/0x570 [ 1190.736469][T18353] ? sctp_outq_select_transport+0x45d/0x570 [ 1190.742507][T18353] ? sctp_transport_burst_limited+0x197/0x280 [ 1190.748619][T18353] sctp_outq_flush+0x4f1/0x3100 [ 1190.753519][T18353] ? _raw_spin_unlock_irqrestore+0x86/0x110 [ 1190.759464][T18353] ? _raw_spin_unlock+0x40/0x40 [ 1190.764373][T18353] ? rcu_is_watching+0x15/0xb0 [ 1190.769371][T18353] ? enqueue_timer+0x225/0x530 [ 1190.774167][T18353] ? sctp_outq_tail+0x8b0/0x8b0 [ 1190.779066][T18353] ? sctp_outq_tail+0x604/0x8b0 [ 1190.783944][T18353] ? sctp_outq_uncork+0x4d/0xa0 [ 1190.788823][T18353] sctp_do_sm+0x52d6/0x59a0 [ 1190.793367][T18353] ? sctp_generate_t3_rtx_event+0x340/0x340 [ 1190.799308][T18353] ? __se_sys_sendmsg+0x1a5/0x270 [ 1190.804406][T18353] ? __sk_mem_raise_allocated+0xaa9/0x1370 [ 1190.810261][T18353] sctp_primitive_ASSOCIATE+0x95/0xc0 [ 1190.815674][T18353] sctp_sendmsg_to_asoc+0x101c/0x17f0 [ 1190.821081][T18353] ? __asan_memcpy+0x40/0x70 [ 1190.825809][T18353] ? sctp_assoc_add_peer+0xcf3/0x13a0 [ 1190.831307][T18353] ? sctp_sendmsg_check_sflags+0x2e0/0x2e0 [ 1190.837255][T18353] ? __sctp_connect+0xd20/0xd20 [ 1190.842150][T18353] ? __local_bh_enable_ip+0x12e/0x1c0 [ 1190.847557][T18353] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 1190.853219][T18353] ? security_sctp_bind_connect+0x89/0xb0 [ 1190.858979][T18353] sctp_sendmsg+0x1941/0x27e0 [ 1190.864011][T18353] ? sctp_getsockopt+0xb60/0xb60 [ 1190.869060][T18353] ? aa_sk_perm+0x7fc/0x930 [ 1190.873618][T18353] ? aa_af_perm+0x2b0/0x2b0 [ 1190.878182][T18353] ? tomoyo_socket_sendmsg_permission+0x1e1/0x2f0 [ 1190.884641][T18353] ? sock_rps_record_flow+0x19/0x400 [ 1190.889973][T18353] ? inet_send_prepare+0x260/0x260 [ 1190.895108][T18353] ? inet_sendmsg+0xe9/0x2f0 [ 1190.899776][T18353] ? inet_send_prepare+0x260/0x260 [ 1190.904940][T18353] ____sys_sendmsg+0x5bf/0x950 [ 1190.909753][T18353] ? __asan_memset+0x22/0x40 [ 1190.914365][T18353] ? __sys_sendmsg_sock+0x30/0x30 [ 1190.919408][T18353] ? __import_iovec+0x5f2/0x860 [ 1190.924290][T18353] ? import_iovec+0x73/0xa0 [ 1190.928825][T18353] ___sys_sendmsg+0x220/0x290 [ 1190.933531][T18353] ? __sys_sendmsg+0x270/0x270 [ 1190.938339][T18353] ? rcu_read_lock_any_held+0xb4/0x120 [ 1190.943841][T18353] __se_sys_sendmsg+0x1a5/0x270 [ 1190.948756][T18353] ? __x64_sys_sendmsg+0x80/0x80 [ 1190.953751][T18353] ? lockdep_hardirqs_on+0x98/0x150 [ 1190.958978][T18353] do_syscall_64+0x55/0xb0 [ 1190.963429][T18353] ? clear_bhb_loop+0x40/0x90 [ 1190.968131][T18353] ? clear_bhb_loop+0x40/0x90 [ 1190.972851][T18353] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 1190.978861][T18353] RIP: 0033:0x7f910438e9a9 [ 1190.983381][T18353] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1191.003034][T18353] RSP: 002b:00007f910522e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1191.011559][T18353] RAX: ffffffffffffffda RBX: 00007f91045b5fa0 RCX: 00007f910438e9a9 [ 1191.019560][T18353] RDX: 0000000004048043 RSI: 0000200000000800 RDI: 0000000000000004 [ 1191.027550][T18353] RBP: 00007f9104410d69 R08: 0000000000000000 R09: 0000000000000000 [ 1191.035541][T18353] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1191.043525][T18353] R13: 0000000000000000 R14: 00007f91045b5fa0 R15: 00007fff8595fce8 [ 1191.051535][T18353] [ 1191.826639][T18357] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1191.839334][T18357] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1191.855309][T18357] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1191.865846][T18357] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1193.765720][T17784] Bluetooth: hci1: command 0x0c1a tx timeout [ 1194.025805][T17784] Bluetooth: hci4: command 0x0419 tx timeout [ 1194.025881][T13879] Bluetooth: hci3: command 0x0c1a tx timeout [ 1194.112427][T13879] Bluetooth: hci0: command 0x0c1a tx timeout