last executing test programs: 4.723559869s ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000100)=ANY=[], 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="1400000035000b63d25a80643d66b7d808f2e2ff", 0x14}], 0x1}, 0x0) 4.697199673s ago: executing program 0: syz_init_net_socket$x25(0x9, 0x5, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000000c0)="044aac2f202c5feda71e039a57a93088fdcce4afe28aac61837792741a190670ccbe1a2b00aa77a87d56a3f12c7920ad02928a5dac14e5b896f000fcf6521928480be9af82613a5c661f4110adba358afd8b5b4ef1702051e393ede2698112a1f1bdf1d0f568546ed322ab4c53545bd2cd6e48522f0c154cb3c6864dc30ae921db100f1ee97a234503338f8fdf356472da0c7ab62f274f34", 0xadf29f33fb903ae1, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x800) shutdown(r0, 0x0) recvmsg(r0, &(0x7f00000008c0)={0x0, 0x4, &(0x7f0000000840)=[{&(0x7f0000000040)=""/50, 0xfffffe72}, {&(0x7f0000000240)=""/52, 0x34}, {&(0x7f0000000780)=""/129, 0x80}, {&(0x7f0000000300)=""/68, 0x44}, {&(0x7f0000000380)=""/121, 0x79}, {&(0x7f0000000400)=""/183, 0xb7}], 0x6}, 0x40000110) 4.687877575s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0xfff, 0x7}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r0}, &(0x7f0000000040), &(0x7f0000000180)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='ext4_ext_remove_space_done\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) 4.627248724s ago: executing program 2: openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x22048854, &(0x7f0000000200)={0x2, 0x4e23, @empty}, 0x10) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000600), 0x4) sendto$inet(r0, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27) recvmsg(r0, &(0x7f0000001500)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000035c0)=""/4106, 0x100a}], 0x1, 0x0, 0x0, 0x407006}, 0x104) 3.80964102s ago: executing program 0: socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) socket$kcm(0x10, 0x400000002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x4, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0xa, 0x4, 0x3}, 0x48) socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES64=r3], 0x40}}, 0x0) 3.711816836s ago: executing program 2: r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) unshare(0x20000400) ppoll(&(0x7f00000003c0)=[{r2, 0x52a5}, {r0}], 0x2, 0x0, 0x0, 0x0) 3.568275708s ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) mmap(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x1000003, 0x10, r0, 0x1000) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000080)={0x10, 0x4, &(0x7f0000001600)=ANY=[@ANYBLOB="1800000000200000000000000000000079103000000000001fb703000100000085200000040000009500090000000000af960fe3d80860a1fed93052e0a142be28b0e7462a0f0d5c152e5e7bde04e856d03873afed47"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0xe, r0}, 0x90) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=ANY=[@ANYBLOB="300000002100010000000000000000000a00000000000000000000000c001400", @ANYRES32], 0x30}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000000c0)={'wlan1\x00'}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_CONNECT(r3, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_DEL(r2, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)={0x40, 0xa, 0x6, 0x101, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x10, 0x8, 0x0, 0x1, [{0xc, 0x7, 0x0, 0x1, @IPSET_ATTR_SKBPRIO={0x8}}]}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}, @IPSET_ATTR_LINENO={0x8}]}, 0x40}}, 0x0) syz_genetlink_get_family_id$mptcp(0x0, r0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="5c0000002a00090000000000000000000400002c45001180e0bb52e02ec894947911996c1489b2e0f6fc3b7bb23439de2e30f0531b2696e070d8d0ccc81f0300bc25958bcb286fcbe0a177c3c93b898adf"], 0x5c}, 0x1, 0x3000000}, 0x0) 3.512946996s ago: executing program 0: r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000640)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7, 0x1, 0x1}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$evdev(&(0x7f0000000040), 0x1, 0x80) ioctl$EVIOCSKEYCODE(0xffffffffffffffff, 0x40084504, &(0x7f0000000080)=[0x7f, 0x3]) write$char_usb(r1, &(0x7f0000000200)='V', 0x1) 3.398102244s ago: executing program 2: syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000000000)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, &(0x7f0000000240)={0x0, 0x0, 0xc, &(0x7f0000000100)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x2}]}}) 2.659426299s ago: executing program 4: bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x10001, 0x1, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x3, 0x3800, 0x3f, 0x11}, 0x48) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000500)={{r2}, &(0x7f0000000480)=0x1f6, 0x0}, 0x20) 2.613264206s ago: executing program 4: r0 = syz_open_dev$hidraw(0x0, 0x46b, 0x8c02) syz_usb_connect(0x0, 0x36, &(0x7f0000001080)=ANY=[@ANYBLOB="120100004ba1f040031810551b7c0102030109022400010000d00009040000029f1cd40009050200ff03000000090501", @ANYRESOCT, @ANYRES16, @ANYRES64=0x0], 0x0) syz_open_dev$hidraw(0x0, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) ioctl$HIDIOCSFEATURE(r0, 0xc0404806, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x0) 1.570134557s ago: executing program 2: r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x3, 0x862b01) syz_usb_connect$uac1(0x0, 0x84, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x72, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@extension_unit={0xb, 0x24, 0x8, 0x0, 0x0, 0x0, "954872c2"}, @processing_unit={0x8, 0x24, 0x7, 0x0, 0x0, 0x0, "f0"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 1.531944653s ago: executing program 0: syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$hiddev(0x0, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, 0x0) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000001080)={0x0, 0x0, 0x0, {0x0, 0x1}, {0x53, 0x2}, @cond=[{0x0, 0x401, 0x6, 0xfffa, 0x0, 0x8001}]}) r0 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) 1.306875648s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x3, &(0x7f0000000280)=ANY=[@ANYBLOB="85000000cb00000057000000485600009500413100000000"], &(0x7f0000000240)='syzkaller\x00', 0x1, 0xdb4f, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x16, 0xffffffffffffffff, 0x8, &(0x7f0000000040), 0x0, 0x10, &(0x7f0000000000), 0x39732c2798f58b29}, 0x48) 1.283280801s ago: executing program 1: bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB="61153c000000000061135c0000000000bfa000000000000007000000ee00160e5e03010000000000570500000000000069163a0000000000bf07000000000000260507000fff0720670600003f0000001506000019e60060bf500000000000002f650000000000006507f9ff0100000007070000cddfffff1e75000000000000bf54000000000000070400000400f9ffad4301000000000095000000000000001500000000000000950000000000000032ed3c12dc8c27df8ecf264e0f84f9f17d3c30e32f1754558f2278af6d71d79a5e12814cb1d8a5d4601d295c45a6a0b9bdb7dd3997f9c9c4f6f3be4b369289aa6812b8e007e733a9a4f1b0af3dda82ee45a010fb94fe9de57b9d8a814261bdb94a05002000c6c60bf70d742a81762bab8395fa64810b5b40d893ea8fe0185473d51b546cad3f1d5ace0600006e7c955ccefa1f6ab689b555202da2e0ec2871b4a7e65836429a527dc47ebe84a423b6c8d345dc0da3085b0ab71ca1b901627b562ed04ae76002d4519af619e3cca4d69e0dee5eb106774a8f3e6916dfec88158f0200000000c8fb730a5c1bf2b2bb71a629361997a75fd552bdc206438b8ef4901fd03c16dfda44e2a2235c8ac86d8a297dff0445a15f21dce431e56723888fb126a163f16f920ae2fb494059bba8e3b680324a188076eb685d00c4e9b2ad9bc1172ba7cbebe174aba210d739a018f9bbec63222d20cecac4d03723f1c932fb3bba54b3a6aa57f1ad2e99e0e67ab9ff16d20000009f0f53acbb40b4f8e2738270001562ed834f2af97787f696649a462e7ee4bcf8b07a10d6735154beb4000000000000000000000000004000bc00f679629709e7e78f4ddc211bc3ebe6bd9d42ca0140a7afaab43176e65ec1118d50d1e827f3472f4445d253880800000000000000690884f800031e03a651bb96589a7e2e509bcc1d161347623cb5e7ac4629c8ab04871bc47287cd31cc43010000007b40407d000000210000000000000000005f37d83f84e98a523d80bd970d703f37ca364a601ae899a56715a0a62a34c6c94cce6994521629ab028acfc1d926a0f6a5489af8dc2f17923f3c40dfd1970a55c22fe3a5ac000000000000000000000000000000c1eb2d91fb79ea00000000815266b2c9e1bfadc7498e9dda5d000000bb0d00000000000000000000e4007be511fe32fbc90e2364a55e9bb66ac64423d2d00fea2594e190deae46e26c596f84eba9000000000000003cc3aa39ee4b1386bab561cda886fa642994cacd473b543ccb5f0d7b63924f17c67b13631822a11dc3c693962895496d4f6e9cc54db6c7205a6b26f92121ef53e553acdf42068fff496d2da7d6327f31d7c8cc5d325c5379b0363ce8bd1f61b007e1ff5f1be1969a1ba791ad46d800000000c7f26a0337302f3b41eae59809fd05d12f6186f117b062df67d3a63f3265dd1410eea68208a3f26b2989b832d8b34a34a4f08b34b3042065acaa10856e858d27adee7daf32903d3fc78700d429a2d4c8b6d803eb83eecfe4c7ff9e6ab5a52e83d089dad7a8710eec53f1b11cced7bc3c8da0c44d2fbf9f6f3ff3be4d1458077c2253b0c7c7a0a9fdd63bf910dc20e5cb2a88e59febc47f1212a21f631dbaa74f22bad050e9856b48ae3a03a497c37758537650fe6db80300c41fdc3d78e046f6160e1741299e8dc29906870e6431ed1eab5d067a183f064b060a8ec12725d42e3a74863d66bee966b1574f8e01b3f34a267ff0afa1e1c758a0079b747067312e9815a21cb3f1f8150d999d788535a4d3114dbc7e2bf2402a75fd7a55733360040855ed5d1c0d634fc5fb38f8709d87b27f8a5d9121fdc058447b728f134f72062fc4b1ca0780b1a7af137ff7b4ff139604faf0453b65586f65c7943d56b52f06c870edf0c5d744b5272b44c23480b2bdbff947c4dfa108cbb88202eeb81f428a5b3c299848649e1a6bff52f657a67463d7dbf85ae9321fc2cc17dc4a29b9cba8ded5de8206c812439ab129ae818837ee1562078fc524b3baf49a0be9bb7d958d5e87c6c09bf71a894bad62934782cc308e936d7637e07c4a2a3bc87b0da20000d9ef418cf19e7a8c4c328be0ce91798adc2dca871073f6bd61940aabc86b94f8cbde4d47060400e722a6a2af483ad0d3415ed0f9db009acaba9eaea93f811d434e00000000000000000000d154672fea96aedf346279ec00000000000000000000d535d41b0067f01e2e54b9154d876020b669640ead4ca44631fadf7c4ac39a1b331dbdcd52b36df021b731ef1f92330d347f88ced5c1aaadbcdd8d2257e3a9a7c7494fadf9be36f7a2334ee6e9446fa1fd486f85d672a77dc5bd21463994d49f12016305a1e394d292b66840fe32b40ad665d241a8b8a32b3100450c32832789aa8a096f41201b585cd76631c88cf958e9e9047f5af1730c5e83db12460a0768fd4b62be6c41eed307048bac8d1f7f164574241e06027654b248dcc38749eee0c1ee7c61b3f6411a559c3d45637b11e440ed5a99109b8e71d28c3d677af5f0499c6d3fc6a129775056958c9df824ebe5fa9fb306b24a8a8334910627d03efe69d4b61c4345f048c5da8aca16cea848fa77d2507c920a6bd654b00e07789382ed902c80deeff2fd5c78f42e4353e5360c3e55962efd1331e6736eaf4ee27736fa54803ee8ec1a15266ffcd8b30368740b584c2559e691e542cab3d49db327db62328f159d1e0900b3e23e84dedcd1377aa15dbeab7db181bd66980c3557c7d9f7377fcb6023accb5c368a121acf70e5f4c3f2a0ea07011c7149ea979cab2ee65cf7ffa29152b7a8fed89575e6e6fd77d4d9463d21775abac886ee6a1f2d7d8523840438a73d6307a87e2f525867fc3af7ab74520a773ae26bae74cdd405a211e8833e1ba523cde51d04a7ca6732"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xffffffffffffffd2}, 0x48) 1.246077727s ago: executing program 1: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020000fadc00000000000000000000850000002c000000850000002a00000095"], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000000c0)={r0, 0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf2ffffff, 0x0, 0x0, 0x0, 0x0}, 0x50) 1.219782331s ago: executing program 1: socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) socket$kcm(0x10, 0x400000002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x4, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0xa, 0x4, 0x3}, 0x48) socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES64=r3], 0x40}}, 0x0) 1.080482963s ago: executing program 1: socket$nl_xfrm(0x10, 0x3, 0x6) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_init_net_socket$nfc_raw(0x27, 0x3, 0x0) syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$kcm(0xa, 0x2, 0x11) setsockopt$sock_attach_bpf(r0, 0x1, 0x3d, &(0x7f00000002c0), 0x8) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x8844) pipe(0x0) socket$packet(0x11, 0x0, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000180)={0x38, 0x1403, 0x1, 0x0, 0x0, "", [{{0x9, 0x2, 'syz0\x00'}, {0x8, 0x41, 'rxe\x00'}, {0x14, 0x33, 'veth0_vlan\x00'}}]}, 0x38}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) bind$inet6(r2, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r3, 0x6, 0x210000000013, 0x0, 0x0) connect$inet(r3, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(0xffffffffffffffff, 0x6, 0x16, &(0x7f0000000000)=[@sack_perm, @window, @sack_perm, @sack_perm, @timestamp, @timestamp, @timestamp, @timestamp], 0x20000149) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x0, 0x803, 0x0) 1.009875264s ago: executing program 3: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000400000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x800, 0x0, 0x2000000000903, 0x1}, 0x20) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='smaps\x00') r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x2, 0x4, 0x1, 0xbf27, 0x500}, 0x48) r2 = getgid() write$FUSE_ENTRY(0xffffffffffffffff, &(0x7f00000005c0)={0x90, 0x0, 0x0, {0x0, 0x0, 0x3, 0x0, 0x5, 0xfffffff8, {0x2, 0x3, 0x5, 0x0, 0x3f7, 0x4, 0xfff, 0x4, 0xfffffffc, 0x8000, 0x400, 0xffffffffffffffff, r2, 0x4, 0x1}}}, 0x90) r3 = openat(0xffffffffffffffff, &(0x7f0000000040)='.\x00', 0x200000, 0x0) mkdirat(r3, &(0x7f0000000140)='./bus\x00', 0x0) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) mount$bpf(0x0, &(0x7f0000001040)='./bus\x00', &(0x7f0000001080), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='context']) epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0) r5 = syz_mount_image$ext4(&(0x7f0000000880)='ext2\x00', &(0x7f0000000000)='./file0\x00', 0x20808a, &(0x7f00000003c0)={[{@block_validity}]}, 0xfe, 0x51a, &(0x7f00000008c0)="$eJzs3V9rZGcZAPDnnGSySZOaVL2ohdZild2iO5M0to1etBXFu4JS79eQTELIJBMyk3YTiqT4AQQRLXjllTeCH0CQfgQpFOy9qCiiu3rhhXrkzJzZzc6e2WQxMxOT3w/Omfe858/zvMnmzHv+7DkBXFnPR8QbETERES9GxHxRnxZDHHeHfLm7d95dy4d8zlt/TSIp6vq3OVusNt39KNU6PNpebTTq+8V0rb2zV2sdHt3c2lndrG/Wd5eXl15ZeXXl5ZXFx2/UwsNVebte+8Yff/yDn3/ztV9/6Z3f3frzje/l+X+9t8Dxw+04Dx93xpX8Z3HPZETsDyPYGEwU7amMOxEAAM4k7+N/MiI+1+n/z8dEpzfX0d+lmx59dgAAAMB5yF6fi38lERkAAABwab0eEXORpNXiXoC5SNNqtXsP76fjibTRbLW/uNE82F3P50UsRCXd2GrUF4t7aheikuTTS8Vtt73pl/qml78S8VRE/Gh+pjNdXWs21sd98gMAAACuiNm+4/9/zHeP/wEAAIBLpuR5WQAAAMAlM+j4PxlxHgAAAMDwDDr+vzbiPAAAAICh+Nabb+ZD1nuP9/rbhwfbzbdvrtdb29Wdg7XqWnN/r7rZbG52ntm3c9r2Gs3m3pdj9+B2rV1vtWutw6NbO82D3fatLe8PBAAAgHF56rMffJxExPFXZzpDbiofTQxYwbMC4NJIH2fhPwwvD2D0Bn3NA5ff5LgTAMbneNwJAOP2wKM+SjoFJ2/eSU8u/JshJgUAAJyr658pv/6fHwJUxp0cMFSPdf0fuFRc/4er60zX/++f/P9wmLkAo1XRA4Ar77RXfQx8eEfZ9f+psgWz7NRtAQAAQzXXGSdptbgWOBdpWq1GPNn5r/6VZGOrUV+MiE9ExG/nK9fy6aXuOl4PCAAAAAAAAAAAAAAAAAAAAAAAAABnlGVJZAAAAMClFpH+KYmImQHnB6aSf85H8Uqvd3761k9ur7bb+0t5/d/u1bffL+pfGumpCwAAAGCA3nF67zgeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM7T3TvvrhXD1Cjj/uVrEbHwQPy17pzJmO58TkclIp74exKTJ9ZLImLiHOIfvxcRT5fFT/K0YqHIoj9+GhEzo4n/bJZlpfFnzyE+XGUf5PufN8r+/tJ4vvNZ/vc/WQz/q8H7v/Te/m9iwP7vyTPGeOajX9YGxn8v4pnJ8v1PL34yIP4LZRss+aF89ztHRw9Vdjce2c8irkd5/JOxau2dvVrr8Ojm1s7qZn2zvru8vPTKyqsrL68s1ja2GvViXNrGHz77q//0Vf076+q0PwbEXzil/Z/PC5UTlVl/mCLYR7fvfKpbrPRtohP/xgvlv/+nHxE//zfxheJ7IJ9/vVc+7pZPeu4XHz5XmlgRf31A+0/7/d8YtNE+L377+78/46IAwAi0Do+2VxuN+v7QC+9nWTaqWGcq7M1eiDQuSqHXuxtaiOmL0tL/x8K1iBhd0PM4swUAAFw09zv9484EAAAAAAAAAAAAAAAAAAAArq7WYaTDfpxYf8zj8TQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCR/hsAAP//zeHaBw==") r6 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/sysvipc/shm\x00', 0x0, 0x0) connect$unix(r7, &(0x7f0000000100)=@abs={0x0, 0x0, 0x4e23}, 0x6e) r8 = syz_pidfd_open(0xffffffffffffffff, 0x0) poll(&(0x7f0000000200)=[{r5, 0x10}, {r6, 0x100}, {r3, 0xd040}, {r8, 0x400}, {r1, 0x3000}, {r6, 0x8000}, {r4, 0x80}, {r0, 0x4100}], 0x8, 0xffffffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x2, &(0x7f0000000140)=[{0x35, 0x0, 0x0, 0x5}, {}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000280)={0x2, &(0x7f0000000240)=[{0x7fff, 0x9, 0x80, 0x4}, {0x4, 0x2f, 0x3f, 0x2}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000000340)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r9, 0xc0182101, &(0x7f0000000180)={r10}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a5"], &(0x7f0000000400)='GPL\x00'}, 0x90) ftruncate(0xffffffffffffffff, 0xc17a) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f0000000480)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r9, 0x40182103, &(0x7f0000000080)={r11, 0x3, r9, 0x5}) shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffc000/0x3000)=nil) 975.946739ms ago: executing program 0: gettid() timer_create(0x5, &(0x7f0000000080), 0x0) write$P9_RSETATTR(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) write$FUSE_NOTIFY_INVAL_ENTRY(0xffffffffffffffff, 0x0, 0x2a) bind$inet(0xffffffffffffffff, 0x0, 0x0) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) socketpair$unix(0x1, 0x0, 0x0, 0x0) futex(0x0, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) r0 = memfd_create(&(0x7f00000008c0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o8\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HOA\xc8\x80kR\xfc\xcb%u3\xec\xde%\x00]\xd8\xebD\x82S\x17?\xd6As\xc2\xb1\x9aF\xe2\xba[\xc7%\x88 \xeeQR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11)W\x9c\x82\x91\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\x9c\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\x9d\xb8\x89\x06\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D\x82`\xea\x16\xc6\xce\x83\xab\x05\x19-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6\xff\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'98\x90\xf4*[/\xdf\xd6\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xf4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x8d\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94 2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[\xc5\xeb\xb1ux\x94\x1b\xeb\x19W\xff\xe0w\xb5\r\xd0\x9c\xb4\xe2X~\'\x86n\xaa\xf0\x87\xd29S\xb7\x7fM\xaa\xfe\'\xf1\t\x15\x87\xfe:\x8e\xad\xf0$\x8d\xaa\xbf;\x96\xeb&+\xb6(\x92\x92Y\xa5\xa0\x8c\xe8\xe0L\xac\x86\xc4\x90\xcc\xf2\x1c\x97a\xec\xfb9\x9b\x95\xeb\xe9\xa7\xbdn\xdd\x14\xc5 \x8cV\x87\xa2\xf6\xf8\xdco\xa1\x1d\x14\x19\x94\x12(\xaf\xb9v\x92I4D\x87\x13:\x1f3j\xe8\xb7\xc2\xcf\xc2\xe1i\xe5Fp\\\xe6\x95~\xbaV\xa6,\x8aB\x93_\xe3\xffzDr~W\xaa?\x03\x9fM\x03\\\xd3\xe6UN\x97Y\xff\xdd\xaaa%\x02\x1e&\xd2K\xf6\x01\xba\x02\xc4\xd0\xf2\x80\xc8\xf7\xcd; \x92C\x03\xfb\xec\xf6\x04\x15bC\t\x8a\x9b\x13\xf4\x9e-Mb\x89\xd5h\xff\xe6Z\xb0\xa1\x11\xba\xc5<\x87\x87^rl\x8aP\'\xe0\xdbU~h\xe9\xbc)\xda4\b\xa2k\xc6[\xc2\x93 \xb9\xe75\xe5\xd7Nb[[\b\xb0Q\xb2:\x8f}T\xe76\x8f\x94k2i%\xb2\x18g\xfc\x05\v\xf4\x9bA\x99r\xcd\xeb\xdc\xf6\x1aI\xa1\bB-\xd4\a\xd8\xbe\xacx\x94P\x93\a\xd2\x04V\xceN\x93\x1d]\x8d6\xcc\xac\b\x1f\x0f\xa2\xd27\t\x1a&\xc3\x0f\x99\x18il\xd6NC\xa6f\xcfjjo\xb4)\xad=hp(\xbe29\x1a\xb6\xd6\xbcm^\x8aM\x1b\xc2iZ\xc1\\AY\xf4\xe5N\xc3\x0e\xc1\f\x94\xdf\x14q\x9bVk\x88\xd6\x88\x06\xb3\xa4\x93\xf4\xffw\xdc\xdf\xa4\xc9K\xa7g\xc3\x1a\x13\xac\n\xba\x8a\xbf=\x8eI\xcb\xd9\xdf\xb0 \a\xf5\xd0z6F:.\ni S\xec\xba\xf5\xa1\x10/^\xd5[*\x80\x113Uy\xa78\x9f\xae=R\xae\x912|\xcc\x8b\x97\x05\xf2\x18\xd0\xfb \xcd\x02\xdf@\xa4\xac\xb6\xba\xe8jQ\x1e\xd1\xcd\xe4\xbf\x14\xde', 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1000005, 0x11, r0, 0x0) fallocate(r0, 0x0, 0x0, 0x8000007) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$TIOCGETD(r1, 0x5452, &(0x7f0000000040)) close(0xffffffffffffffff) socket$inet_udp(0x2, 0x2, 0x0) timer_create(0x0, &(0x7f0000000000), 0x0) timer_settime(0x0, 0x0, 0x0, 0x0) 712.86811ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x3}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) 658.066038ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x2}, 0x48) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000880)={0x13, 0xa, &(0x7f0000000680)=@framed={{0x18, 0x8}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1f000000}, @generic={0x2c}, @map_fd={0x18, 0x0, 0x1, 0x0, r0}, @exit]}, &(0x7f0000000000)='GPL\x00', 0x4, 0xee, &(0x7f0000000340)=""/238}, 0x80) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) socketpair$nbd(0x1, 0x1, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8946, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$ITER_CREATE(0xb, 0x0, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) close(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='percpu_alloc_percpu\x00', r2}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000040)={r1, 0x609, 0xe, 0xd, &(0x7f0000000140)="dd80000000000000000400000000", 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48) 584.94954ms ago: executing program 4: r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$inet(0x2, 0x2, 0x0) mlockall(0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r2, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = dup3(r2, r1, 0x0) accept(r3, 0x0, 0x0) 533.906877ms ago: executing program 4: syz_usb_connect(0x1, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1a0100005c6b4408070a64006e40010203030902240001a82300000904000002ca744d00090503034d00ff99090805848f"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$hiddev(0x0, 0x0, 0x0) write$char_usb(r0, 0x0, 0x3) 471.143577ms ago: executing program 3: mkdir(&(0x7f0000000000)='./file0\x00', 0x0) readlink(&(0x7f00000001c0)='./file0\x00', 0x0, 0x0) 329.071189ms ago: executing program 3: r0 = socket$inet(0x2, 0x2, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) bind$inet(r1, &(0x7f0000000040), 0x10) connect$inet(r1, &(0x7f0000000000), 0x10) sendto$inet(r1, &(0x7f0000000080)="0c0100000010005d41a915cc545747116bd4d8e60c1f877d030140d82e0a7414bc4cb184d63a1135817b0d47e3813c6e2ffec6984bc59868c783b2acf0d0672eaa2f290dbfa845abbdda4d7baf85146e70850833fb771d960aa19603000e5da70a13b6d0552dc96f", 0xfe86, 0xe, 0x0, 0x0) fcntl$lock(r0, 0xa, 0x0) 273.372508ms ago: executing program 3: symlink(&(0x7f0000000080)='.\x00', &(0x7f0000000240)='./file0\x00') setreuid(0x0, 0xee01) r0 = open(&(0x7f0000000500)='./file0\x00', 0x0, 0x0) fcntl$lock(r0, 0x8, &(0x7f0000000300)={0x0, 0x2, 0xc, 0x269000000, 0xffffffffffffffff}) 212.869997ms ago: executing program 3: socket$inet_udp(0x2, 0x2, 0x0) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'sha1-avx\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x0) ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, 0x0) syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udplite(0x2, 0x2, 0x88) socket$kcm(0x10, 0x400000002, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x9, 0x1, 0x4, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) socket(0x10, 0x3, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) socket$nl_rdma(0x10, 0x3, 0x14) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x12, 0xa, 0x4, 0x3}, 0x48) socket$inet_tcp(0x2, 0x1, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="4000000010003b15000000000000000000004888", @ANYRES32=0x0, @ANYBLOB="d530d995212cf95a2000128008000100687372001400028008000200", @ANYRES32=r4, @ANYBLOB="08000100", @ANYRES64=r3], 0x40}}, 0x0) 208.662068ms ago: executing program 1: r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r2) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x38, r4, 0x1, 0x0, 0x0, {{}, {}, {0x1c, 0x17, {0x0, 0x0, @l2={'eth', 0x3a, 'syzkaller0\x00'}}}}}, 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r2, 0x8923, &(0x7f0000002280)={'syzkaller0\x00', @link_local}) getsockopt$bt_hci(r0, 0x84, 0xd, &(0x7f0000001f00)=""/4062, &(0x7f00000004c0)=0x744) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x6, 0x4, &(0x7f0000000300)=ANY=[@ANYBLOB="18020000000000000000000000000030850000002c00000095000000000000002b4003fe37a077ae55f52c0d80a2649baca85309be96d5a45bbbdb5ff7ffffffd075b3eee14473f51be98db7efbb059842ba4470e8e04acb807fbbabc68abdcce9f672b6bb61c302dfd5c11071adac29fd64d33a3502fbeb1ed99dd0e792f24c420bfcc2635421d339ad521d6953b1137850d9e9ebf65ee988ea2dbee528678eb47efb7b3f19046c6f1bd1bf56e5853ed96137f95b3a11954ed1c8a8676468cf2405e48723d4b1ff"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x1000, &(0x7f0000001400)=""/4106}, 0x18) r5 = socket(0x10, 0x3, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) r7 = socket$nl_route(0x10, 0x3, 0x0) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) sendto$packet(r8, &(0x7f0000000180)="05030404d3fc02000000ab5d71acedd7c9560385dcb1894f84d7dc049806c52405ce811cc352", 0xff88, 0x0, &(0x7f0000000140)={0x11, 0x0, r9, 0x1, 0x0, 0x6, @broadcast}, 0x14) ioctl$ifreq_SIOCGIFINDEX_team(r6, 0x8933, &(0x7f0000000580)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x70, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x44, 0x2, [@TCA_TBF_RATE64={0xc, 0x4, 0x7b1dbce28e3a2179}, @TCA_TBF_PRATE64={0xc, 0x5, 0xfe7e7e479535f307}, @TCA_TBF_PARMS={0x28, 0x1, {{}, {0x0, 0x2, 0x0, 0x0, 0x0, 0x9}, 0x0, 0x8000, 0x406f}}]}}]}, 0x70}, 0x1, 0x8100000018000000}, 0x0) r11 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000003c0)={'lo\x00'}) sendmsg$nl_route_sched(r11, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r12 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r12) bind$inet6(0xffffffffffffffff, 0x0, 0x0) 0s ago: executing program 3: sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)=[{0x0}, {&(0x7f0000000580)="d4fa0c511aad03aa5ed217677bc41c027d9c830c439c7f821ddd78b6915cb170e7603acf9e433c2903bb6773f4b0130668a1e5b5e08d21d0b69c28ca3455aed65855c86f3d1e5789d26375a0d85eaf5e92e19c9affcf76e7a94e76556d2b104ebf645747fadc91460f4b3c94e1a89b51be4a6aa4c65285f988329a8163b69c51b801500a5bacd0463976e2960e2679ef2feee5e6ce6bb78a51fb0e15820d13e4a5aa9e0742a6f8d677ad28fea356657bb550c8311b682d9003c82267a15aa7334bc53b65b9119a1a7d905c7dd365b85c230bbad0d5d0a79819e112637819d9a187cfdf782c6127d2d4281926ab0e22f7346b616fe28ed0b9f4a0c9fdac6d3a90a9c38b5e31448a45546388c95045bc22fe88c43b82a0a5d3eb61c238a5159ea98db9c00aeef644ae98a8cb8dffff3b7ba14d7971910b559623af8295", 0x13c}], 0x2}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000000)={'pim6reg1\x00'}) r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8b18, &(0x7f0000000000)={'wlan1\x00'}) kernel console output (not intermixed with test programs): T3571] Bluetooth: hci2: command 0x0419 tx timeout [ 60.587850][ T3571] Bluetooth: hci3: command 0x0419 tx timeout [ 60.597292][ T3624] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 60.876350][ T3624] usb 4-1: Using ep0 maxpacket: 16 [ 60.980898][ T3648] loop2: detected capacity change from 0 to 32768 [ 61.020692][ T3624] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 61.041566][ T3624] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 61.109956][ T3624] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 61.147024][ T3624] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 61.193788][ T3624] usb 4-1: config 0 descriptor?? [ 61.228556][ T3648] XFS (loop2): Mounting V5 Filesystem [ 61.259771][ T3624] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 61.381472][ T3648] XFS (loop2): Ending clean mount [ 61.402245][ T3648] XFS (loop2): Quotacheck needed: Please wait. [ 61.601515][ T3648] XFS (loop2): Quotacheck: Done. [ 61.939319][ T3694] device pim6reg1 entered promiscuous mode [ 61.951390][ T26] audit: type=1804 audit(1718956852.794:2): pid=3648 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2995304261/syzkaller.WEzOFs/6/file0/bus" dev="loop2" ino=1067 res=1 errno=0 [ 62.320205][ T3530] XFS (loop2): Unmounting Filesystem [ 62.751375][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 63.907587][ T3570] usb 4-1: USB disconnect, device number 2 [ 64.099409][ T3733] device pim6reg1 entered promiscuous mode [ 65.035435][ T3769] device pim6reg1 entered promiscuous mode [ 65.129777][ T3735] loop3: detected capacity change from 0 to 32768 [ 65.256391][ T3735] XFS (loop3): Mounting V5 Filesystem [ 65.372920][ T3735] XFS (loop3): Ending clean mount [ 65.399997][ T3735] XFS (loop3): Quotacheck needed: Please wait. [ 65.497222][ T3735] XFS (loop3): Quotacheck: Done. [ 65.692840][ T26] audit: type=1804 audit(1718956856.534:3): pid=3735 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1758286413/syzkaller.loawNy/1/file0/bus" dev="loop3" ino=1067 res=1 errno=0 [ 65.867511][ T3806] loop4: detected capacity change from 0 to 512 [ 65.973384][ T3735] syz-executor.3 (3735) used greatest stack depth: 19832 bytes left [ 65.995634][ T3806] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 66.003755][ T3529] XFS (loop3): Unmounting Filesystem [ 66.041729][ T3806] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 66.081121][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #100!!! [ 66.090194][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #302!!! [ 66.099271][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 66.108259][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 66.117245][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 66.126338][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 66.135319][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #382!!! [ 66.230580][ T3806] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 66.294691][ T3806] System zones: 0-2, 18-18, 34-34 [ 66.359457][ T3806] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 66.408087][ T3806] EXT4-fs (loop4): 1 truncate cleaned up [ 66.414235][ T3806] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 66.763237][ T3833] futex_wake_op: syz-executor.1 tries to shift op by -1; fix this program [ 66.782498][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 66.800522][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 67.947784][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 68.014705][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 69.001651][ T3951] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program [ 69.369685][ T3968] bridge0: port 3(vlan2) entered blocking state [ 69.394215][ T3968] bridge0: port 3(vlan2) entered disabled state [ 69.415560][ T3968] device vlan2 entered promiscuous mode [ 69.432368][ T3968] bridge0: adding interface vlan2 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 70.046375][ T3982] netlink: 'syz-executor.3': attribute type 3 has an invalid length. [ 70.109291][ T3984] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 70.308722][ T3994] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 70.369600][ T3999] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.1'. [ 70.558531][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 70.694712][ T23] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 70.724046][ T4017] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 70.955913][ T23] usb 3-1: Using ep0 maxpacket: 8 [ 71.094840][ T23] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 71.146947][ T4034] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 71.198251][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 71.206862][ T23] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 71.209340][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 71.244491][ T23] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 71.267635][ T23] usb 3-1: SerialNumber: syz [ 71.306506][ T4004] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 71.311162][ T4038] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 71.336724][ T23] cdc_ether: probe of 3-1:1.0 failed with error -22 [ 71.552876][ T3570] usb 3-1: USB disconnect, device number 2 [ 71.600528][ T4047] TCP: request_sock_subflow_v6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 72.243341][ T4066] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.1'. [ 72.462544][ T4071] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 72.648362][ T4073] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.3'. [ 72.762280][ T4066] infiniband A: set active [ 72.819374][ T4066] infiniband A: added bridge_slave_0 [ 72.847594][ T4075] futex_wake_op: syz-executor.3 tries to shift op by -1; fix this program [ 73.060497][ T4066] RDS/IB: A: added [ 73.078377][ T4078] loop0: detected capacity change from 0 to 512 [ 73.114118][ T4066] smc: adding ib device A with port count 1 [ 73.156520][ T4087] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 73.163020][ T4066] smc: ib device A port 1 has pnetid [ 73.224739][ T4078] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 73.234110][ T4078] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 73.348930][ T4078] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 73.394518][ T4078] System zones: 0-2, 18-18, 34-34 [ 73.408641][ T4098] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 73.461770][ T4078] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 73.483594][ T4103] netlink: 6 bytes leftover after parsing attributes in process `syz-executor.2'. [ 73.518655][ T4078] EXT4-fs (loop0): 1 truncate cleaned up [ 73.528549][ T4078] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 73.607888][ T4095] dccp_close: ABORT with 60 bytes unread [ 74.567529][ T4149] loop0: detected capacity change from 0 to 512 [ 74.682009][ T4149] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 74.694753][ T4149] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 74.748862][ T4149] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 74.764858][ T4149] System zones: 0-2, 18-18, 34-34 [ 74.777734][ T4149] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 74.877439][ T4149] EXT4-fs (loop0): 1 truncate cleaned up [ 74.913925][ T4149] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 76.047349][ T4200] ptrace attach of "/root/syz-executor.1 exec"[3532] was attempted by "/root/syz-executor.1 exec"[4200] [ 76.318501][ T1282] cfg80211: failed to load regulatory.db [ 76.354590][ T3566] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 76.784754][ T3566] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 76.815331][ T3566] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 76.841142][ T3566] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 76.890719][ T3566] usb 4-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.10 [ 76.917924][ T3566] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 76.954229][ T3566] usb 4-1: config 0 descriptor?? [ 77.492975][ T3566] prodikeys 0003:041E:2801.0001: item fetching failed at offset 4/5 [ 77.512887][ T3566] prodikeys 0003:041E:2801.0001: hid parse failed [ 77.527403][ T3566] prodikeys: probe of 0003:041E:2801.0001 failed with error -22 [ 77.681631][ T4212] __nla_validate_parse: 1 callbacks suppressed [ 77.681658][ T4212] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 77.709173][ T3570] usb 4-1: USB disconnect, device number 3 [ 77.864777][ T4214] loop0: detected capacity change from 0 to 512 [ 77.925714][ T4214] ======================================================= [ 77.925714][ T4214] WARNING: The mand mount option has been deprecated and [ 77.925714][ T4214] and is ignored by this kernel. Remove the mand [ 77.925714][ T4214] option from the mount to silence this warning. [ 77.925714][ T4214] ======================================================= [ 78.010607][ T4209] loop1: detected capacity change from 0 to 40427 [ 78.128057][ T4214] EXT4-fs (loop0): 1 orphan inode deleted [ 78.167878][ T4209] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 78.197898][ T4214] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,nodiscard,noquota,init_itable,stripe=0x0000000000000079,resgid=0x0000000000000000,sysvgroups,delalloc,usrquota,. Quota mode: writeback. [ 78.220418][ T26] audit: type=1326 audit(1718956869.074:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4218 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 78.246091][ T4209] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 78.270851][ T4209] F2FS-fs (loop1): invalid crc value [ 78.287110][ T26] audit: type=1326 audit(1718956869.114:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4218 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 78.314793][ T4214] ext4 filesystem being mounted at /root/syzkaller-testdir2374675193/syzkaller.r8PP3o/46/file1 supports timestamps until 2038 (0x7fffffff) [ 78.351785][ T4209] F2FS-fs (loop1): Found nat_bits in checkpoint [ 78.469167][ T4228] loop2: detected capacity change from 0 to 512 [ 78.680816][ T4209] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 78.723598][ T4209] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 78.743688][ T4228] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended [ 79.083896][ T4237] syz-executor.0[4237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.084001][ T4237] syz-executor.0[4237] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 79.132548][ T4228] EXT4-fs (loop2): orphan cleanup on readonly fs [ 79.332395][ T4228] EXT4-fs (loop2): 1 truncate cleaned up [ 79.370225][ T1239] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5) [ 79.413438][ T1239] EXT4-fs error (device loop2): ext4_release_dquot:6219: comm kworker/u4:5: Failed to release dquot type 1 [ 79.503490][ T4228] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,barrier=0x0000000000000003,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 79.811205][ T4248] ptrace attach of "/root/syz-executor.2 exec"[3530] was attempted by "/root/syz-executor.2 exec"[4248] [ 80.257887][ T4258] syz-executor.0[4258] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 80.257987][ T4258] syz-executor.0[4258] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 81.792440][ T3532] attempt to access beyond end of device [ 81.792440][ T3532] loop1: rw=2049, want=45104, limit=40427 [ 82.668696][ T26] audit: type=1804 audit(1718956873.514:6): pid=4288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir1028277822/syzkaller.7RUF7z/45/bus" dev="sda1" ino=1954 res=1 errno=0 [ 82.770306][ T26] audit: type=1804 audit(1718956873.554:7): pid=4288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.1" name="/root/syzkaller-testdir1028277822/syzkaller.7RUF7z/45/bus" dev="sda1" ino=1954 res=1 errno=0 [ 83.470320][ T4299] loop4: detected capacity change from 0 to 512 [ 83.578336][ T4299] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 83.613472][ T4302] loop1: detected capacity change from 0 to 512 [ 83.636259][ T4299] EXT4-fs (loop4): orphan cleanup on readonly fs [ 83.651955][ T4290] loop3: detected capacity change from 0 to 40427 [ 83.667798][ T4299] EXT4-fs (loop4): 1 truncate cleaned up [ 83.675017][ T156] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5) [ 83.699841][ T156] EXT4-fs error (device loop4): ext4_release_dquot:6219: comm kworker/u4:3: Failed to release dquot type 1 [ 83.719490][ T4302] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 83.741290][ T4299] EXT4-fs (loop4): mounted filesystem without journal. Opts: grpjquota=,noblock_validity,discard,barrier=0x0000000000000003,noinit_itable,noinit_itable,noauto_da_alloc,resgid=0x0000000000000000,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 83.780285][ T4290] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 83.800024][ T4290] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 83.825465][ T4290] F2FS-fs (loop3): invalid crc value [ 83.857324][ T4302] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 83.887376][ T4302] EXT4-fs (loop1): 1 truncate cleaned up [ 83.893057][ T4302] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodelalloc,block_validity,sysvgroups,,errors=continue. Quota mode: writeback. [ 83.928864][ T4290] F2FS-fs (loop3): Found nat_bits in checkpoint [ 84.040457][ T4290] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 84.054522][ T4290] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 84.315659][ T26] audit: type=1800 audit(1718956875.154:8): pid=4315 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 84.972238][ T3529] attempt to access beyond end of device [ 84.972238][ T3529] loop3: rw=2049, want=45104, limit=40427 [ 86.560232][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 86.717125][ T26] audit: type=1800 audit(1718956877.564:9): pid=4363 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1954 res=0 errno=0 [ 87.981280][ T4374] loop4: detected capacity change from 0 to 512 [ 88.099053][ T4374] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 88.142676][ T26] audit: type=1326 audit(1718956878.984:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4384 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 88.190527][ T26] audit: type=1326 audit(1718956879.014:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4384 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 88.217701][ T26] audit: type=1326 audit(1718956879.014:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4384 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 88.249020][ T26] audit: type=1326 audit(1718956879.014:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4384 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 88.296336][ T4374] EXT4-fs error (device loop4): ext4_do_update_inode:5160: inode #3: comm syz-executor.4: corrupted inode contents [ 88.338678][ T4374] EXT4-fs error (device loop4): ext4_dirty_inode:5993: inode #3: comm syz-executor.4: mark_inode_dirty error [ 88.340410][ T3570] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 88.363410][ T4374] EXT4-fs error (device loop4): ext4_do_update_inode:5160: inode #3: comm syz-executor.4: corrupted inode contents [ 88.364754][ T26] audit: type=1326 audit(1718956879.014:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4384 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=306 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 88.415180][ T4374] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #3: comm syz-executor.4: mark_inode_dirty error [ 88.440862][ T4374] Quota error (device loop4): write_blk: dquota write failed [ 88.450529][ T4374] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota [ 88.461936][ T4374] EXT4-fs error (device loop4): ext4_acquire_dquot:6196: comm syz-executor.4: Failed to acquire dquot type 0 [ 88.496466][ T4374] EXT4-fs error (device loop4): ext4_do_update_inode:5160: inode #16: comm syz-executor.4: corrupted inode contents [ 88.515095][ T4374] EXT4-fs error (device loop4): ext4_dirty_inode:5993: inode #16: comm syz-executor.4: mark_inode_dirty error [ 88.540118][ T4374] EXT4-fs error (device loop4): ext4_do_update_inode:5160: inode #16: comm syz-executor.4: corrupted inode contents [ 88.560759][ T4374] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #16: comm syz-executor.4: mark_inode_dirty error [ 88.574063][ T4374] EXT4-fs error (device loop4): ext4_do_update_inode:5160: inode #16: comm syz-executor.4: corrupted inode contents [ 88.599006][ T4374] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 88.615725][ T4374] EXT4-fs error (device loop4): ext4_do_update_inode:5160: inode #16: comm syz-executor.4: corrupted inode contents [ 88.633210][ T4374] EXT4-fs error (device loop4): ext4_truncate:4261: inode #16: comm syz-executor.4: mark_inode_dirty error [ 88.651093][ T4374] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 88.662889][ T4374] EXT4-fs (loop4): 1 truncate cleaned up [ 88.675408][ T4374] EXT4-fs (loop4): mounted filesystem without journal. Opts: dioread_lock,resuid=0x0000000000000000,user_xattr,barrier,usrquota,usrquota,resuid=0x0000000000000000,,errors=continue. Quota mode: writeback. [ 88.701722][ T4374] ext4 filesystem being mounted at /root/syzkaller-testdir1375406343/syzkaller.aZKSRw/47/file1 supports timestamps until 2038 (0x7fffffff) [ 88.725550][ T3570] usb 1-1: Using ep0 maxpacket: 16 [ 88.804303][ T4374] syz-executor.4 (4374) used greatest stack depth: 19160 bytes left [ 88.844696][ T3570] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 88.892848][ T3570] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 88.913261][ T3570] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 89.325204][ T4403] loop1: detected capacity change from 0 to 512 [ 89.444300][ T4403] EXT4-fs (loop1): Ignoring removed bh option [ 89.497778][ T4403] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz-executor.1: inode #11614: comm syz-executor.1: iget: illegal inode # [ 89.603494][ T4403] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz-executor.1: error while reading EA inode 11614 err=-117 [ 89.681300][ T4403] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2809: Unable to expand inode 12. Delete some EAs or run e2fsck. [ 89.705378][ T3570] usb 1-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 89.714545][ T3570] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 89.742381][ T3570] usb 1-1: config 0 descriptor?? [ 89.749953][ T4403] EXT4-fs (loop1): 1 truncate cleaned up [ 89.769290][ T4403] EXT4-fs (loop1): mounted filesystem without journal. Opts: bh,noinit_itable,debug_want_extra_isize=0x000000000000005e,barrier=0x0000000000000008,delalloc,noload,nojournal_checksum,,errors=continue. Quota mode: none. [ 90.207774][ T3570] ryos 0003:1E7D:31CE.0002: unknown main item tag 0x0 [ 90.234501][ T3570] ryos 0003:1E7D:31CE.0002: unbalanced delimiter at end of report description [ 90.264965][ T3570] ryos 0003:1E7D:31CE.0002: parse failed [ 90.270832][ T3570] ryos: probe of 0003:1E7D:31CE.0002 failed with error -22 [ 90.409384][ T1066] usb 1-1: USB disconnect, device number 2 [ 90.541742][ T4415] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 91.596783][ T4420] loop3: detected capacity change from 0 to 40427 [ 91.648337][ T4420] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 91.659556][ T4420] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 91.692416][ T4420] F2FS-fs (loop3): invalid crc value [ 91.729034][ T4420] F2FS-fs (loop3): Found nat_bits in checkpoint [ 91.843479][ T4420] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 91.855791][ T4420] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 92.991419][ T3529] attempt to access beyond end of device [ 92.991419][ T3529] loop3: rw=2049, want=45104, limit=40427 [ 94.500703][ T4509] loop4: detected capacity change from 0 to 1024 [ 94.526563][ T26] kauditd_printk_skb: 2 callbacks suppressed [ 94.526585][ T26] audit: type=1326 audit(1718956885.374:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4504 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3627345f29 code=0x0 [ 94.624326][ T4509] EXT4-fs (loop4): revision level too high, forcing read-only mode [ 94.648779][ T4509] EXT4-fs (loop4): orphan cleanup on readonly fs [ 94.687541][ T4509] Quota error (device loop4): v2_read_file_info: Free block number too big (0 >= 0). [ 94.729097][ T4509] EXT4-fs warning (device loop4): ext4_enable_quotas:6431: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix. [ 94.744045][ T4509] EXT4-fs (loop4): Cannot turn on quotas: error -117 [ 94.766353][ T4509] EXT4-fs error (device loop4): ext4_free_blocks:6226: comm syz-executor.4: Freeing blocks not in datazone - block = 0, count = 4096 [ 94.793490][ T4509] EXT4-fs (loop4): Remounting filesystem read-only [ 94.807818][ T4509] EXT4-fs (loop4): 1 truncate cleaned up [ 94.829370][ T4509] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000000015,stripe=0x0000000000000059,grpid,errors=remount-ro,data_err=ignore,noblock_validity,minixdf,min_batch_time=0x0000000000000013,. Quota mode: writeback. [ 95.058873][ T4527] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 95.168776][ T26] audit: type=1326 audit(1718956886.014:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4528 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f576a754f29 code=0x0 [ 95.493369][ T4548] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 95.525656][ T4547] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'. [ 95.641393][ T4552] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 95.672634][ T26] audit: type=1326 audit(1718956886.514:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 95.728779][ T4506] loop0: detected capacity change from 0 to 40427 [ 95.761937][ T26] audit: type=1326 audit(1718956886.524:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 95.785994][ T26] audit: type=1326 audit(1718956886.524:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 95.816728][ T26] audit: type=1326 audit(1718956886.524:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 95.828829][ T4506] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 95.855120][ T4556] dccp_close: ABORT with 60 bytes unread [ 95.872513][ T4506] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 95.925649][ T4506] F2FS-fs (loop0): invalid crc value [ 95.928840][ T26] audit: type=1326 audit(1718956886.524:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4553 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 95.938860][ T4569] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 95.961424][ T4569] IPv6: NLM_F_CREATE should be set when creating new route [ 96.012531][ T4506] F2FS-fs (loop0): Found nat_bits in checkpoint [ 96.167636][ T4580] ebtables: ebtables: counters copy to user failed while replacing table [ 96.201861][ T4506] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 96.215494][ T4506] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 96.248613][ T4590] loop4: detected capacity change from 0 to 256 [ 96.425842][ T4597] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 97.379300][ T3531] attempt to access beyond end of device [ 97.379300][ T3531] loop0: rw=2049, want=45104, limit=40427 [ 97.423221][ T4609] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.440898][ T4610] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 97.480408][ C0] vxcan0: j1939_xtp_rx_dpo: no connection found [ 97.487131][ C0] vxcan0: j1939_xtp_rx_dpo: no connection found [ 97.493514][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 97.500097][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 97.506728][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.514838][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.515507][ T3570] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.522821][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.538221][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.546257][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.554165][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.562206][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.570154][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.578180][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.586124][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.594114][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.602632][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.610679][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.618644][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.626749][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.634710][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.642689][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.650656][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.658731][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.666703][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.674707][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.682710][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.690745][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.698690][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.706724][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.714666][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.722646][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.730617][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.738660][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.746641][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.754679][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.762592][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.770631][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.778573][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.786605][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.794556][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.796717][ T3570] usb 2-1: Using ep0 maxpacket: 32 [ 97.802531][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.802552][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.823608][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.831577][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.839649][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.847622][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.855643][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.863566][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.871598][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.879542][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.887567][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.895513][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.903495][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.911451][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.919455][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.927415][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.935421][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.943333][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.944842][ T3570] usb 2-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=e7.87 [ 97.951354][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.968253][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 97.976283][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found [ 97.977543][ T3570] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 97.984190][ C0] vxcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found [ 98.012933][ T3570] usb 2-1: config 0 descriptor?? [ 98.086971][ T3570] usb 2-1: probing VID:PID(2201:012C) [ 98.094242][ T3570] usb 2-1: Could not find two sets of bulk-in/out endpoint pairs [ 98.202150][ T3570] vub300: probe of 2-1:0.0 failed with error -22 [ 98.287872][ T1282] usb 2-1: USB disconnect, device number 2 [ 98.477939][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 98.613175][ T4636] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 98.956423][ T4645] kvm: emulating exchange as write [ 99.064533][ T1066] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 99.325418][ T4660] kvm: pic: non byte read [ 99.436367][ T4676] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 99.460220][ T1066] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 99.480571][ T1066] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 99.500838][ T1066] usb 4-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 99.520904][ T1066] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.529228][ T3570] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 99.534900][ T4679] loop4: detected capacity change from 0 to 2048 [ 99.553027][ T1066] usb 4-1: config 0 descriptor?? [ 99.626013][ T4679] EXT4-fs (loop4): cluster size (2048) smaller than block size (4096) [ 99.700200][ T4683] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.0'. [ 99.884733][ T3570] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 99.915974][ T3570] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 99.939475][ T3570] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 99.959709][ T3570] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.971229][ T3570] usb 3-1: config 0 descriptor?? [ 100.017798][ T3570] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 100.151291][ T4697] loop1: detected capacity change from 0 to 512 [ 100.237213][ T4697] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 100.248134][ T4697] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 100.266684][ T4697] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 100.275519][ T4697] System zones: 0-2, 18-18, 34-34 [ 100.284204][ T4697] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 100.299847][ T3569] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 100.308295][ T4697] EXT4-fs (loop1): 1 truncate cleaned up [ 100.314052][ T4697] EXT4-fs (loop1): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 100.544566][ T3569] usb 5-1: Using ep0 maxpacket: 8 [ 100.664675][ T3569] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 100.676190][ T3569] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 100.685903][ T3569] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 100.696186][ T3569] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 100.706237][ T3569] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 100.716164][ T3569] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 100.725502][ T3569] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.735207][ T3569] usb 5-1: config 0 descriptor?? [ 100.796045][ T3528] Bluetooth: hci5: urb ffff88801fb21e00 submission failed (90) [ 100.994640][ T7] usb 5-1: USB disconnect, device number 2 [ 101.232281][ T4719] syz-executor.0 (4719): attempted to duplicate a private mapping with mremap. This is not supported. [ 101.285244][ T4722] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 101.379680][ T4725] loop0: detected capacity change from 0 to 256 [ 101.458183][ T4725] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 101.488213][ T4727] loop1: detected capacity change from 0 to 4096 [ 101.751462][ T3570] usb 4-1: USB disconnect, device number 4 [ 101.892293][ T4736] loop0: detected capacity change from 0 to 512 [ 101.904740][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #12!!! [ 101.923521][ T4736] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 101.934041][ T4736] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 101.957951][ T4736] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 101.972342][ T4736] System zones: 0-2, 18-18, 34-34 [ 101.983209][ T4736] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 102.008429][ T4736] EXT4-fs (loop0): 1 truncate cleaned up [ 102.014304][ T4736] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 102.267978][ T3570] usb 3-1: USB disconnect, device number 3 [ 102.634607][ T21] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 102.874668][ T21] usb 2-1: Using ep0 maxpacket: 16 [ 102.894729][ T1282] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 102.943142][ T4764] loop0: detected capacity change from 0 to 512 [ 102.994742][ T21] usb 2-1: config 0 has an invalid interface number: 48 but max is 0 [ 103.004122][ T21] usb 2-1: config 0 has no interface number 0 [ 103.099332][ T4764] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 103.157477][ T4764] ext4 filesystem being mounted at /root/syzkaller-testdir2374675193/syzkaller.r8PP3o/83/bus supports timestamps until 2038 (0x7fffffff) [ 103.184590][ T1282] usb 5-1: Using ep0 maxpacket: 8 [ 103.195845][ T21] usb 2-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice= d.d5 [ 103.218382][ T4764] capability: warning: `syz-executor.0' uses deprecated v2 capabilities in a way that may be insecure [ 103.239789][ T21] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.258642][ T21] usb 2-1: Product: syz [ 103.268582][ T21] usb 2-1: Manufacturer: syz [ 103.311345][ T21] usb 2-1: SerialNumber: syz [ 103.334726][ T1282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 103.352807][ T21] usb 2-1: config 0 descriptor?? [ 103.389106][ T1282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 103.408966][ T21] usb 2-1: can't set first interface for hiFace device. [ 103.431534][ T21] snd-usb-hiface: probe of 2-1:0.48 failed with error -5 [ 103.439028][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #08!!! [ 103.448748][ T1282] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 103.477090][ T1282] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 103.496424][ T4761] loop3: detected capacity change from 0 to 32768 [ 103.537485][ T1282] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 103.556631][ T4761] XFS: noikeep mount option is deprecated. [ 103.624477][ T1282] usb 5-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 103.686020][ T1282] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.695366][ T1282] usb 5-1: config 0 descriptor?? [ 103.697650][ T3566] usb 2-1: USB disconnect, device number 3 [ 103.722025][ T4761] XFS (loop3): Mounting V5 Filesystem [ 103.758326][ T3526] Bluetooth: hci5: urb ffff8880190e7400 submission failed (90) [ 103.838907][ T4761] XFS (loop3): Ending clean mount [ 103.871571][ T4761] XFS (loop3): Quotacheck needed: Please wait. [ 103.934788][ T4761] XFS (loop3): Quotacheck: Done. [ 103.960449][ T1282] usb 5-1: USB disconnect, device number 3 [ 104.098553][ T3529] XFS (loop3): Unmounting Filesystem [ 104.397988][ T4785] loop1: detected capacity change from 0 to 256 [ 104.435847][ T4785] exfat: Deprecated parameter 'utf8' [ 104.444687][ T7] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 104.450578][ T4785] exfat: Bad value for 'errors' [ 104.547887][ T4787] loop3: detected capacity change from 0 to 1024 [ 104.684435][ T0] NOHZ tick-stop error: Non-RCU local softirq work is pending, handler #82!!! [ 104.980856][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 105.024690][ T26] audit: type=1800 audit(1718956895.874:24): pid=4792 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="file1" dev="sda1" ino=1969 res=0 errno=0 [ 105.074720][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 105.126169][ T7] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 105.169219][ T7] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 105.181747][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.209955][ T7] usb 3-1: config 0 descriptor?? [ 105.232611][ T156] hfsplus: b-tree write err: -5, ino 4 [ 105.330398][ T3570] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0 [ 105.356467][ T3570] Bluetooth: hci3: Injecting HCI hardware error event [ 105.368110][ T3528] Bluetooth: hci3: hardware error 0x00 [ 105.565697][ T4797] capability: warning: `syz-executor.3' uses 32-bit capabilities (legacy support in use) [ 105.784847][ T7] usbhid 3-1:0.0: can't add hid device: -71 [ 106.226573][ T7] usbhid: probe of 3-1:0.0 failed with error -71 [ 106.484595][ T4700] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 106.523646][ T7] usb 3-1: USB disconnect, device number 4 [ 106.557865][ T4803] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 106.605119][ T4805] loop4: detected capacity change from 0 to 512 [ 106.610865][ T4806] loop1: detected capacity change from 0 to 256 [ 106.706179][ T4806] exfat: Deprecated parameter 'utf8' [ 106.723596][ T4805] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 106.762446][ T4806] exfat: Bad value for 'errors' [ 106.769370][ T4805] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 106.854741][ T4805] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 106.984996][ T4805] System zones: 0-2, 18-18, 34-34 [ 107.038503][ T4805] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 107.107435][ T4805] EXT4-fs (loop4): 1 truncate cleaned up [ 107.116732][ T4805] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 107.185629][ T4810] kvm [4809]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc1 data 0x9cb1 [ 107.196995][ T4810] kvm [4809]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc2 data 0x9e2 [ 107.210683][ T4810] kvm [4809]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc2 data 0xb0c8 [ 107.222825][ T4810] kvm [4809]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc2 data 0x6027 [ 107.247049][ T4810] kvm [4809]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc1 data 0x3452 [ 107.262746][ T4810] kvm [4809]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc2 data 0x4920 [ 107.283339][ T4810] kvm [4809]: vcpu0, guest rIP: 0x20e disabled perfctr wrmsr: 0xc1 data 0x9860 [ 107.404772][ T21] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 107.444545][ T3566] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 107.547930][ T4826] loop3: detected capacity change from 0 to 512 [ 107.694680][ T21] usb 1-1: Using ep0 maxpacket: 16 [ 107.847358][ T4826] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 107.859419][ T4826] ext4 filesystem being mounted at /root/syzkaller-testdir1758286413/syzkaller.loawNy/82/file0 supports timestamps until 2038 (0x7fffffff) [ 107.927798][ T21] usb 1-1: config 0 has an invalid interface number: 48 but max is 0 [ 107.960160][ T4826] EXT4-fs error (device loop3): ext4_do_update_inode:5160: inode #2: comm syz-executor.3: corrupted inode contents [ 107.985861][ T4826] EXT4-fs error (device loop3): ext4_dirty_inode:5993: inode #2: comm syz-executor.3: mark_inode_dirty error [ 108.001103][ T4826] EXT4-fs error (device loop3): ext4_do_update_inode:5160: inode #2: comm syz-executor.3: corrupted inode contents [ 108.018243][ T4826] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #2: comm syz-executor.3: mark_inode_dirty error [ 108.210537][ T21] usb 1-1: config 0 has no interface number 0 [ 108.399664][ T4832] loop1: detected capacity change from 0 to 1024 [ 108.535945][ T21] usb 1-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice= d.d5 [ 108.554623][ T21] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.567957][ T21] usb 1-1: Product: syz [ 108.585761][ T21] usb 1-1: Manufacturer: syz [ 108.590501][ T21] usb 1-1: SerialNumber: syz [ 108.620672][ T21] usb 1-1: config 0 descriptor?? [ 108.691950][ T21] usb 1-1: can't set first interface for hiFace device. [ 108.699140][ T21] snd-usb-hiface: probe of 1-1:0.48 failed with error -5 [ 108.845001][ T3566] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 109.120122][ T3566] usb 3-1: can't read configurations, error -61 [ 109.129852][ T3639] hfsplus: b-tree write err: -5, ino 4 [ 109.146196][ T4834] loop4: detected capacity change from 0 to 1024 [ 109.163858][ T26] audit: type=1800 audit(1718956900.004:25): pid=4838 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1947 res=0 errno=0 [ 109.170837][ T3570] usb 1-1: USB disconnect, device number 3 [ 109.204675][ T4834] hfsplus: invalid catalog btree flag [ 109.210544][ T4834] hfsplus: failed to load catalog file [ 109.344685][ T3566] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 109.804868][ T3566] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 109.817542][ T3566] usb 3-1: can't read configurations, error -61 [ 109.840327][ T4854] netlink: 'syz-executor.1': attribute type 2 has an invalid length. [ 109.863000][ T4854] netlink: 'syz-executor.1': attribute type 1 has an invalid length. [ 109.866805][ T4855] loop0: detected capacity change from 0 to 512 [ 109.885271][ T3566] usb usb3-port1: attempt power cycle [ 110.176703][ T4863] loop1: detected capacity change from 0 to 512 [ 110.213212][ T4855] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 110.240009][ T4855] ext4 filesystem being mounted at /root/syzkaller-testdir2374675193/syzkaller.r8PP3o/86/bus supports timestamps until 2038 (0x7fffffff) [ 110.270425][ T4865] loop3: detected capacity change from 0 to 512 [ 110.306845][ T26] audit: type=1804 audit(1718956901.154:26): pid=4866 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir2995304261/syzkaller.WEzOFs/70/file0" dev="sda1" ino=1949 res=1 errno=0 [ 110.340287][ T4865] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 110.351546][ T4865] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 110.383285][ T4863] EXT4-fs (loop1): 1 orphan inode deleted [ 110.394085][ T4863] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 110.431685][ T4863] ext4 filesystem being mounted at /root/syzkaller-testdir1028277822/syzkaller.7RUF7z/87/file1 supports timestamps until 2038 (0x7fffffff) [ 110.459301][ T4865] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 110.534713][ T4865] System zones: 0-2, 18-18, 34-34 [ 110.663362][ T4865] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 111.514112][ T4865] EXT4-fs (loop3): 1 truncate cleaned up [ 111.515611][ T4862] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 111.520462][ T4865] EXT4-fs (loop3): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 112.950193][ T26] audit: type=1800 audit(1718956903.794:27): pid=4903 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1961 res=0 errno=0 [ 112.974569][ T23] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 113.214594][ T23] usb 2-1: Using ep0 maxpacket: 16 [ 113.264484][ T3565] usb 5-1: new full-speed USB device number 4 using dummy_hcd [ 113.334821][ T23] usb 2-1: config 0 has an invalid interface number: 48 but max is 0 [ 113.347690][ T23] usb 2-1: config 0 has no interface number 0 [ 113.524683][ T23] usb 2-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice= d.d5 [ 113.624565][ T3565] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 113.635182][ T23] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.643294][ T23] usb 2-1: Product: syz [ 113.648189][ T3565] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 113.657431][ T23] usb 2-1: Manufacturer: syz [ 113.662131][ T23] usb 2-1: SerialNumber: syz [ 113.667481][ T3565] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26984, setting to 64 [ 114.642369][ T23] usb 2-1: config 0 descriptor?? [ 114.674919][ T3565] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 114.768551][ T23] usb 2-1: can't set first interface for hiFace device. [ 115.222886][ T3565] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.267677][ T23] snd-usb-hiface: probe of 2-1:0.48 failed with error -5 [ 115.286438][ T4918] loop3: detected capacity change from 0 to 1024 [ 115.326140][ T4901] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 115.345944][ T3565] hub 5-1:1.0: bad descriptor, ignoring hub [ 115.378871][ T23] usb 2-1: USB disconnect, device number 4 [ 115.387311][ T4918] hfsplus: invalid catalog btree flag [ 115.392858][ T4918] hfsplus: failed to load catalog file [ 115.404623][ T3565] hub: probe of 5-1:1.0 failed with error -5 [ 115.426030][ T3565] cdc_wdm 5-1:1.0: skipping garbage [ 115.432997][ T3565] cdc_wdm 5-1:1.0: skipping garbage [ 115.471171][ T3565] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 115.530072][ T3565] cdc_wdm 5-1:1.0: Unknown control protocol [ 115.584452][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 115.591511][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 115.597706][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 115.760807][ T4901] udc-core: couldn't find an available UDC or it's busy [ 115.789719][ T4901] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 115.835524][ T4901] udc-core: couldn't find an available UDC or it's busy [ 115.842510][ T4901] misc raw-gadget: fail, usb_gadget_probe_driver returned -16 [ 115.873122][ T4926] loop0: detected capacity change from 0 to 512 [ 115.883713][ T4928] loop1: detected capacity change from 0 to 1024 [ 115.890376][ T3569] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 115.924697][ T4926] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 115.933759][ T4926] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 115.990824][ T4926] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 116.023873][ T4926] System zones: 0-2, 18-18, 34-34 [ 116.032719][ T4928] EXT4-fs (loop1): mounted filesystem without journal. Opts: user_xattr,init_itable=0x0000000000000003,discard,max_batch_time=0x0000000000000000,block_validity,i_version,noinit_itable,min_batch_time=0x0000000000000008,max_batch_time=0x0000000000000006,noquota,stripe=0x00000000000000ff,errors=continue. Quota mode: none. [ 116.094171][ T4926] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 116.100790][ T4934] loop3: detected capacity change from 0 to 4096 [ 116.123024][ T4926] EXT4-fs (loop0): 1 truncate cleaned up [ 116.131980][ T4926] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 116.234291][ T4934] ntfs3: loop3: Different NTFS' sector size (1024) and media sector size (512) [ 116.249868][ T3570] usb 5-1: USB disconnect, device number 4 [ 116.264728][ T3569] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 116.308586][ T3569] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.356935][ T3569] usb 3-1: config 0 descriptor?? [ 116.409197][ T3569] cp210x 3-1:0.0: cp210x converter detected [ 116.738878][ T3569] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 116.747295][ T3569] cp210x 3-1:0.0: querying part number failed [ 116.758488][ T3569] usb 3-1: cp210x converter now attached to ttyUSB0 [ 116.777647][ T3569] usb 3-1: USB disconnect, device number 8 [ 117.619843][ T3569] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 117.678758][ T3569] cp210x 3-1:0.0: device disconnected [ 117.854354][ T4947] loop4: detected capacity change from 0 to 32768 [ 117.884461][ T4949] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 117.983634][ T4947] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (4947) [ 119.023171][ T4947] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 119.032459][ T4947] BTRFS info (device loop4): using free space tree [ 119.039498][ T4947] BTRFS info (device loop4): has skinny extents [ 119.132120][ T4967] loop3: detected capacity change from 0 to 512 [ 119.196568][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 119.392969][ T4947] BTRFS info (device loop4): enabling ssd optimizations [ 119.750129][ T4995] dlm: no local IP address has been set [ 119.756121][ T4995] dlm: cannot start dlm midcomms -107 [ 120.221770][ T4967] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 120.410802][ T4967] ext4 filesystem being mounted at /root/syzkaller-testdir1758286413/syzkaller.loawNy/90/bus supports timestamps until 2038 (0x7fffffff) [ 121.407265][ T5001] loop1: detected capacity change from 0 to 512 [ 121.499253][ T5001] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 121.575053][ T5001] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 121.683513][ T5001] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 121.694729][ T5001] System zones: 0-2, 18-18, 34-34 [ 121.708521][ T5001] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 121.783215][ T5001] EXT4-fs (loop1): 1 truncate cleaned up [ 121.793590][ T5001] EXT4-fs (loop1): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 122.154649][ T4991] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 124.780707][ T5031] loop0: detected capacity change from 0 to 2048 [ 125.556853][ T5027] sched: RT throttling activated [ 125.828232][ T5038] loop1: detected capacity change from 0 to 1024 [ 125.883050][ T5038] hfsplus: extend alloc file! (8192,65536,366) [ 126.678062][ T26] audit: type=1326 audit(1718956917.514:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5037 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3627345f29 code=0x0 [ 127.217295][ T5053] loop1: detected capacity change from 0 to 512 [ 127.349800][ T5056] loop0: detected capacity change from 0 to 512 [ 128.283566][ T5056] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 128.316632][ T5056] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 128.443609][ T5056] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 128.452690][ T5056] System zones: 0-2, 18-18, 34-34 [ 128.462237][ T5053] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nobarrier,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 128.504558][ T5053] ext4 filesystem being mounted at /root/syzkaller-testdir1028277822/syzkaller.7RUF7z/104/bus supports timestamps until 2038 (0x7fffffff) [ 128.550331][ T5056] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 128.669574][ T5056] EXT4-fs (loop0): 1 truncate cleaned up [ 128.720896][ T5056] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 130.307984][ T5086] loop4: detected capacity change from 0 to 128 [ 130.344471][ T5083] loop3: detected capacity change from 0 to 1024 [ 130.438091][ T5086] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 130.465502][ T5083] hfsplus: extend alloc file! (8192,65536,366) [ 130.700470][ T26] audit: type=1326 audit(1718956921.544:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5082 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f576a754f29 code=0x0 [ 131.770880][ T5097] loop4: detected capacity change from 0 to 512 [ 132.922738][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.930204][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.234515][ T5097] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback. [ 133.796267][ T5097] ext4 filesystem being mounted at /root/syzkaller-testdir1375406343/syzkaller.aZKSRw/97/file0 supports timestamps until 2038 (0x7fffffff) [ 133.911228][ T5120] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 133.972017][ T5118] loop0: detected capacity change from 0 to 512 [ 134.740055][ T5118] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 134.781377][ T5118] ext4 filesystem being mounted at /root/syzkaller-testdir2374675193/syzkaller.r8PP3o/96/bus supports timestamps until 2038 (0x7fffffff) [ 135.454323][ T5144] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 135.617208][ T5125] Zero length message leads to an empty skb [ 135.645130][ T1066] usb 5-1: new low-speed USB device number 5 using dummy_hcd [ 136.193199][ T1066] usb 5-1: config 1 interface 0 altsetting 11 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 136.480573][ T1066] usb 5-1: config 1 interface 0 altsetting 11 endpoint 0x81 has invalid maxpacket 1023, setting to 8 [ 136.506368][ T5114] fuse: Bad value for 'fd' [ 136.515534][ T1066] usb 5-1: config 1 interface 0 altsetting 11 endpoint 0x2 has invalid wMaxPacketSize 0 [ 136.526514][ T1066] usb 5-1: config 1 interface 0 has no altsetting 0 [ 136.836557][ T5159] loop0: detected capacity change from 0 to 512 [ 136.956083][ T5159] EXT4-fs (loop0): Mount option "data_err=abort" incompatible with ext2 [ 137.278501][ T5170] loop0: detected capacity change from 0 to 512 [ 137.312257][ T5170] EXT4-fs (loop0): Ignoring removed mblk_io_submit option [ 137.420876][ T5170] EXT4-fs error (device loop0): ext4_find_inline_data_nolock:163: inode #12: comm syz-executor.0: inline data xattr refers to an external xattr inode [ 137.467333][ T5170] EXT4-fs error (device loop0): ext4_orphan_get:1402: comm syz-executor.0: couldn't read orphan inode 12 (err -117) [ 137.488523][ T5177] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 137.549243][ T5170] EXT4-fs (loop0): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,mblk_io_submit,grpjquota=,resuid=0x0000000000000000,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000100409e,max_dir_size_kb=0x0000000000000002,,errors=continue. Quota mode: writeback. [ 137.916595][ T1066] usb 5-1: New USB device found, idVendor=048d, idProduct=8595, bcdDevice= 0.40 [ 138.051481][ T1066] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.142847][ T1066] usb 5-1: can't set config #1, error -71 [ 138.195717][ T1066] usb 5-1: USB disconnect, device number 5 [ 138.289315][ T5190] loop1: detected capacity change from 0 to 512 [ 138.771771][ T5190] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 139.098815][ T5190] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters [ 139.225058][ T5190] Quota error (device loop1): write_blk: dquota write failed [ 139.232467][ T5190] Quota error (device loop1): find_free_dqentry: Can't write quota data block 5 [ 139.248008][ T5200] loop0: detected capacity change from 0 to 512 [ 139.271691][ T5190] Quota error (device loop1): write_blk: dquota write failed [ 139.364763][ T5190] Quota error (device loop1): qtree_write_dquot: Error -28 occurred while creating quota [ 139.424579][ T5190] EXT4-fs error (device loop1): ext4_acquire_dquot:6196: comm syz-executor.1: Failed to acquire dquot type 1 [ 139.447081][ T5190] EXT4-fs (loop1): 1 truncate cleaned up [ 139.468507][ T5190] EXT4-fs (loop1): mounted filesystem without journal. Opts: usrjquota=,noblock_validity,max_dir_size_kb=0x000000000181fffc,barrier=0x0000000000000003,journal_ioprio=0x0000000000000007,discard,nobarrier,dioread_nolock,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 139.506218][ T5200] EXT4-fs (loop0): mounted filesystem without journal. Opts: grpquota,inode_readahead_blks=0x0000000000000800,minixdf,,errors=continue. Quota mode: writeback. [ 139.530315][ T5200] ext4 filesystem being mounted at /root/syzkaller-testdir2374675193/syzkaller.r8PP3o/99/bus supports timestamps until 2038 (0x7fffffff) [ 140.046545][ T5210] loop4: detected capacity change from 0 to 512 [ 140.167678][ T5210] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 140.218761][ T5210] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 140.275073][ T5212] loop1: detected capacity change from 0 to 1024 [ 140.308788][ T5210] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 140.351904][ T5212] hfsplus: extend alloc file! (8192,65536,366) [ 140.393159][ T5210] System zones: 0-2, 18-18, 34-34 [ 140.482784][ T5210] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 140.625596][ T26] audit: type=1326 audit(1718956931.474:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5211 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3627345f29 code=0x0 [ 140.665406][ T5210] EXT4-fs (loop4): 1 truncate cleaned up [ 140.686284][ T5220] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 140.723299][ T5210] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 140.964632][ T5134] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 345: padding at end of block bitmap is not set [ 141.390153][ T5239] loop3: detected capacity change from 0 to 512 [ 141.949118][ T5239] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 142.102474][ T5239] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 18 vs 41 free clusters [ 142.160631][ T5239] Quota error (device loop3): write_blk: dquota write failed [ 142.176764][ T5239] Quota error (device loop3): find_free_dqentry: Can't write quota data block 5 [ 142.186274][ T5239] Quota error (device loop3): write_blk: dquota write failed [ 142.194108][ T5239] Quota error (device loop3): qtree_write_dquot: Error -28 occurred while creating quota [ 142.215421][ T5239] EXT4-fs error (device loop3): ext4_acquire_dquot:6196: comm syz-executor.3: Failed to acquire dquot type 1 [ 142.297868][ T5239] EXT4-fs (loop3): 1 truncate cleaned up [ 142.303554][ T5239] EXT4-fs (loop3): mounted filesystem without journal. Opts: usrjquota=,noblock_validity,max_dir_size_kb=0x000000000181fffc,barrier=0x0000000000000003,journal_ioprio=0x0000000000000007,discard,nobarrier,dioread_nolock,resgid=0x000000000000ee002,errors=continue. Quota mode: writeback. [ 142.459452][ T5249] loop4: detected capacity change from 0 to 32768 [ 142.570080][ T5249] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (5249) [ 142.624604][ T5249] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 142.633392][ T5249] BTRFS info (device loop4): using free space tree [ 142.646597][ T5249] BTRFS info (device loop4): has skinny extents [ 142.788113][ T156] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.019128][ T5280] loop3: detected capacity change from 0 to 512 [ 143.066487][ T156] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 143.088531][ T5249] BTRFS info (device loop4): enabling ssd optimizations [ 143.139969][ T5280] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 143.219047][ T5280] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 143.413457][ T5290] dlm: no local IP address has been set [ 143.419158][ T5290] dlm: cannot start dlm midcomms -107 [ 143.569325][ T5280] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 144.044600][ T5280] System zones: 0-2, 18-18, 34-34 [ 144.099258][ T156] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.120024][ T5280] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 144.149584][ T5280] EXT4-fs (loop3): 1 truncate cleaned up [ 144.160262][ T5280] EXT4-fs (loop3): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 144.384198][ T156] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.562595][ T5302] Bluetooth: hci4: command 0x0409 tx timeout [ 144.954212][ T5247] chnl_net:caif_netlink_parms(): no params data found [ 145.489999][ T5247] bridge0: port 1(bridge_slave_0) entered blocking state [ 145.512409][ T5247] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.549953][ T5247] device bridge_slave_0 entered promiscuous mode [ 145.587649][ T5247] bridge0: port 2(bridge_slave_1) entered blocking state [ 145.611512][ T5247] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.643567][ T5247] device bridge_slave_1 entered promiscuous mode [ 145.821132][ T5247] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 145.890340][ T5247] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 146.076766][ T5247] team0: Port device team_slave_0 added [ 146.128701][ T5247] team0: Port device team_slave_1 added [ 146.286348][ T5247] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 146.293528][ T5247] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.376991][ T5247] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 146.487250][ T5247] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 146.507210][ T5247] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 146.550195][ T5247] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 146.634664][ T3569] Bluetooth: hci4: command 0x041b tx timeout [ 146.738646][ T5247] device hsr_slave_0 entered promiscuous mode [ 146.759162][ T5247] device hsr_slave_1 entered promiscuous mode [ 146.776223][ T5247] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 146.822197][ T5247] Cannot create hsr debugfs directory [ 147.514493][ T4938] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 147.682827][ T156] device hsr_slave_0 left promiscuous mode [ 147.693462][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 147.754936][ T156] device hsr_slave_1 left promiscuous mode [ 147.763306][ T156] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 147.782003][ T156] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 147.808538][ T156] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 147.834007][ T156] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 147.871452][ T156] device bridge_slave_1 left promiscuous mode [ 147.884695][ T156] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.899195][ T4938] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 147.914676][ T4938] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 147.956293][ T4938] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 147.974585][ T4938] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.007377][ T4938] usb 5-1: config 0 descriptor?? [ 148.026383][ T156] device bridge_slave_0 left promiscuous mode [ 148.032638][ T156] bridge0: port 1(bridge_slave_0) entered disabled state [ 148.055107][ T4938] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 148.113953][ T156] rdma_rxe: ignoring netdev event = 26 for bridge_slave_0 [ 148.127843][ T156] rdma_rxe: ignoring netdev event = 21 for bridge_slave_0 [ 148.151502][ T156] rdma_rxe: ignoring netdev event = 10 for bridge_slave_0 [ 148.175979][ T156] device veth1_macvtap left promiscuous mode [ 148.182774][ T156] device veth0_macvtap left promiscuous mode [ 148.214668][ T156] device veth1_vlan left promiscuous mode [ 148.220790][ T156] device veth0_vlan left promiscuous mode [ 148.612690][ T156] infiniband A: set down [ 148.714495][ T21] Bluetooth: hci4: command 0x040f tx timeout [ 149.692067][ T156] team0 (unregistering): Port device team_slave_1 removed [ 149.741402][ T156] team0 (unregistering): Port device team_slave_0 removed [ 149.788141][ T156] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 149.822912][ T156] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 149.888291][ T154] smc: removing ib device A [ 150.018669][ T156] bond0 (unregistering): Released all slaves [ 150.216214][ T3570] infiniband A: ib_query_port failed (-19) [ 150.242050][ T5302] usb 5-1: USB disconnect, device number 6 [ 150.794581][ T3569] Bluetooth: hci4: command 0x0419 tx timeout [ 150.824742][ T5247] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 150.902125][ T5247] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 150.958844][ T5247] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 151.028763][ T5247] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 151.249496][ T5601] process 'syz-executor.2' launched './file0' with NULL argv: empty string added [ 151.409749][ T5247] 8021q: adding VLAN 0 to HW filter on device bond0 [ 151.483013][ T5300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 151.517730][ T5300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 151.553262][ T5247] 8021q: adding VLAN 0 to HW filter on device team0 [ 151.585576][ T5300] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 151.599219][ T5300] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 151.619082][ T5300] bridge0: port 1(bridge_slave_0) entered blocking state [ 151.626325][ T5300] bridge0: port 1(bridge_slave_0) entered forwarding state [ 151.712523][ T5301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 151.730152][ T5301] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 151.779285][ T5301] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 151.820646][ T5301] bridge0: port 2(bridge_slave_1) entered blocking state [ 151.827784][ T5301] bridge0: port 2(bridge_slave_1) entered forwarding state [ 151.872367][ T5301] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 151.913460][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 151.945118][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 151.991950][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 152.080596][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 152.117506][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 152.168929][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 152.216590][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 152.285155][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 152.293680][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 152.330320][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 152.360224][ T5247] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 152.762675][ T5247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 152.791764][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 152.803153][ T1066] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 152.858968][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 152.876174][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 152.942579][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 152.957763][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 152.990422][ T5247] device veth0_vlan entered promiscuous mode [ 153.005725][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 153.030487][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 153.090186][ T5247] device veth1_vlan entered promiscuous mode [ 153.170044][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 153.188831][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 153.212369][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 153.250093][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 153.271293][ T5247] device veth0_macvtap entered promiscuous mode [ 153.309360][ T5247] device veth1_macvtap entered promiscuous mode [ 153.396375][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.423970][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.460546][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.491609][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.554536][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.592408][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.622993][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 153.715328][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 153.780171][ T5247] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 153.790562][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 153.808331][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 153.820576][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 153.874595][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 154.622328][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.659131][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.669125][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.679747][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.718149][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.768714][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.834512][ T5247] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 154.894520][ T5247] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 154.949559][ T5247] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 154.967693][ T5300] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 155.012161][ T5300] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 155.049845][ T5247] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.124724][ T5247] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.133457][ T5247] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.170595][ T5247] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.332774][ T3639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.359810][ T3639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.380287][ T4829] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 155.382719][ T5301] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 155.435619][ T4829] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 155.475916][ T3569] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 155.902046][ T5751] loop3: detected capacity change from 0 to 64 [ 156.182811][ T5756] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 156.434486][ T5301] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 156.473854][ T5768] loop1: detected capacity change from 0 to 512 [ 156.606084][ T5773] loop4: detected capacity change from 0 to 1024 [ 156.637390][ T5768] EXT4-fs (loop1): mounted filesystem without journal. Opts: nodelalloc,grpid,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 156.649716][ T5764] loop0: detected capacity change from 0 to 4096 [ 156.653422][ T5768] ext4 filesystem being mounted at /root/syzkaller-testdir2952645170/syzkaller.rQGNG6/2/file1 supports timestamps until 2038 (0x7fffffff) [ 156.936028][ T5301] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 160.020251][ T5301] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 160.061974][ T5301] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 160.093957][ T5301] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.174604][ T5301] usb 3-1: can't set config #27, error -71 [ 160.197700][ T5301] usb 3-1: USB disconnect, device number 9 [ 161.237069][ T5793] loop4: detected capacity change from 0 to 512 [ 161.315184][ T5793] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 161.334703][ T5793] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 161.403009][ T5793] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 161.423282][ T5793] System zones: 0-2, 18-18, 34-34 [ 161.468891][ T5793] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 163.453041][ T5793] EXT4-fs (loop4): 1 truncate cleaned up [ 163.954517][ T5793] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 163.955866][ T5301] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 164.163340][ T5817] kvm: pic: non byte read [ 164.177495][ T5817] kvm: pic: level sensitive irq not supported [ 164.178228][ T5817] kvm: pic: non byte read [ 164.204836][ T5817] kvm: pic: level sensitive irq not supported [ 164.204907][ T5817] kvm: pic: non byte read [ 164.215638][ T5301] usb 3-1: Using ep0 maxpacket: 8 [ 164.236218][ T5817] kvm: pic: level sensitive irq not supported [ 164.236286][ T5817] kvm: pic: non byte read [ 164.269617][ T5817] kvm: pic: level sensitive irq not supported [ 164.269691][ T5817] kvm: pic: non byte read [ 164.315198][ T5817] kvm: pic: level sensitive irq not supported [ 164.315269][ T5817] kvm: pic: non byte read [ 164.403424][ T5817] kvm: pic: level sensitive irq not supported [ 164.403499][ T5817] kvm: pic: non byte read [ 164.484748][ T5817] kvm: pic: level sensitive irq not supported [ 164.484824][ T5817] kvm: pic: non byte read [ 164.552035][ T5817] kvm: pic: level sensitive irq not supported [ 164.552117][ T5817] kvm: pic: non byte read [ 164.635096][ T5817] kvm: pic: level sensitive irq not supported [ 164.635171][ T5817] kvm: pic: non byte read [ 164.650979][ T5825] loop3: detected capacity change from 0 to 65536 [ 164.677461][ T5817] kvm: pic: level sensitive irq not supported [ 164.704732][ T5301] usb 3-1: device descriptor read/all, error -71 [ 164.850696][ T5825] XFS (loop3): Mounting V5 Filesystem [ 164.900942][ T5837] loop0: detected capacity change from 0 to 512 [ 164.961197][ T5825] XFS (loop3): Ending clean mount [ 164.969360][ T5825] XFS (loop3): Quotacheck needed: Please wait. [ 165.087559][ T5837] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,grpid,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 165.103366][ T5841] device vlan2 entered promiscuous mode [ 165.122299][ T5825] XFS (loop3): Quotacheck: Done. [ 165.130652][ T5841] device macvtap0 entered promiscuous mode [ 165.136720][ T5837] ext4 filesystem being mounted at /root/syzkaller-testdir2374675193/syzkaller.r8PP3o/133/file1 supports timestamps until 2038 (0x7fffffff) [ 165.237591][ T5841] team0: Port device vlan2 added [ 165.494261][ T5846] tmpfs: Unknown parameter 'nr_blo' [ 166.298722][ T3529] XFS (loop3): Unmounting Filesystem [ 166.966596][ T5832] loop4: detected capacity change from 0 to 32768 [ 167.017545][ T5827] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 168.790355][ T5871] loop0: detected capacity change from 0 to 512 [ 169.789179][ T5871] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 169.804465][ T5871] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 169.821458][ T5871] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 169.874525][ T5871] System zones: 0-2, 18-18, 34-34 [ 169.880025][ T5877] loop3: detected capacity change from 0 to 512 [ 169.921537][ T5871] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 169.957348][ T5871] EXT4-fs (loop0): 1 truncate cleaned up [ 169.963022][ T5871] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 172.194994][ T5877] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:163: inode #12: comm syz-executor.3: inline data xattr refers to an external xattr inode [ 172.222955][ T5877] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz-executor.3: couldn't read orphan inode 12 (err -117) [ 172.239512][ T5877] EXT4-fs (loop3): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000000200000,user_xattr,grpjquota=,sysvgroups,prjquota,usrjquota=,usrjquota=,min_batch_time=0x000000000000409e,nodiscard,,errors=continue. Quota mode: writeback. [ 172.303934][ T26] audit: type=1326 audit(1718956963.144:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 172.497207][ T5898] device bridge1 entered promiscuous mode [ 172.578467][ T3565] Bluetooth: hci0: command 0x2016 tx timeout [ 172.982952][ T26] audit: type=1326 audit(1718956963.184:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 173.098956][ T26] audit: type=1326 audit(1718956963.184:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 173.204197][ T26] audit: type=1326 audit(1718956963.184:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 173.233545][ T26] audit: type=1326 audit(1718956963.184:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 173.368394][ T26] audit: type=1326 audit(1718956963.184:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 173.786547][ T26] audit: type=1326 audit(1718956963.184:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 174.512169][ T5928] loop4: detected capacity change from 0 to 8 [ 174.556370][ T26] audit: type=1326 audit(1718956963.184:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 175.056188][ T5928] Can't find a SQUASHFS superblock on loop4 [ 175.107244][ T26] audit: type=1326 audit(1718956963.184:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 175.115721][ T5929] loop3: detected capacity change from 0 to 32768 [ 175.142168][ T3570] Bluetooth: hci0: command 0x0406 tx timeout [ 175.180189][ T5929] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (5929) [ 175.197672][ T26] audit: type=1326 audit(1718956963.184:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5875 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f576a754f29 code=0x7ffc0000 [ 176.085482][ T5929] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 176.094266][ T5929] BTRFS info (device loop3): doing ref verification [ 176.100951][ T5929] BTRFS info (device loop3): use zlib compression, level 3 [ 176.108191][ T5929] BTRFS info (device loop3): using free space tree [ 176.114719][ T5929] BTRFS info (device loop3): has skinny extents [ 176.145445][ T5297] Bluetooth: hci2: command 0x0406 tx timeout [ 176.196799][ T5297] Bluetooth: hci1: command 0x0406 tx timeout [ 176.274455][ T3570] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 176.343299][ T5942] can: request_module (can-proto-0) failed. [ 176.388709][ T5960] netlink: 341 bytes leftover after parsing attributes in process `syz-executor.1'. [ 176.492167][ T5929] BTRFS info (device loop3): enabling ssd optimizations [ 176.644764][ T3570] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 176.663291][ T3570] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 176.695257][ T3570] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 176.734246][ T3570] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.805080][ T5935] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 177.213176][ T5296] Bluetooth: hci0: command 0x0406 tx timeout [ 177.341402][ T5984] netlink: 'syz-executor.1': attribute type 12 has an invalid length. [ 178.197346][ T3570] usb 3-1: USB disconnect, device number 12 [ 178.445085][ T6000] picdev_read: 4 callbacks suppressed [ 178.445101][ T6000] kvm: pic: non byte read [ 178.490084][ T6000] pic_ioport_write: 3 callbacks suppressed [ 178.490102][ T6000] kvm: pic: level sensitive irq not supported [ 178.521590][ T6000] kvm: pic: non byte read [ 178.575179][ T6000] kvm: pic: level sensitive irq not supported [ 178.575253][ T6000] kvm: pic: non byte read [ 178.638327][ T6000] kvm: pic: level sensitive irq not supported [ 178.638401][ T6000] kvm: pic: non byte read [ 178.704956][ T6000] kvm: pic: level sensitive irq not supported [ 178.705026][ T6000] kvm: pic: non byte read [ 178.724044][ T5973] loop0: detected capacity change from 0 to 32768 [ 178.765911][ T6000] kvm: pic: level sensitive irq not supported [ 178.765965][ T6000] kvm: pic: non byte read [ 178.781949][ T6000] kvm: pic: level sensitive irq not supported [ 178.782019][ T6000] kvm: pic: non byte read [ 178.803822][ T5973] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz-executor.0 (5973) [ 178.853607][ T6000] kvm: pic: level sensitive irq not supported [ 178.853678][ T6000] kvm: pic: non byte read [ 178.927878][ T6000] kvm: pic: level sensitive irq not supported [ 178.927951][ T6000] kvm: pic: non byte read [ 178.944022][ T5973] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm [ 178.973358][ T5973] BTRFS info (device loop0): enabling disk space caching [ 178.988364][ T6000] kvm: pic: level sensitive irq not supported [ 178.988434][ T6000] kvm: pic: non byte read [ 179.009276][ T5973] BTRFS info (device loop0): setting nodatacow, compression disabled [ 179.032081][ T6000] kvm: pic: level sensitive irq not supported [ 179.032846][ T5973] BTRFS info (device loop0): turning off barriers [ 179.098504][ T5973] BTRFS info (device loop0): use no compression [ 179.114534][ T5973] BTRFS info (device loop0): disabling disk space caching [ 179.139112][ T5973] BTRFS warning (device loop0): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 179.163731][ T5973] BTRFS info (device loop0): trying to use backup root at mount time [ 179.213153][ T5973] BTRFS error (device loop0): cannot disable free space tree [ 179.214229][ T6008] loop3: detected capacity change from 0 to 128 [ 179.296376][ T5973] BTRFS error (device loop0): open_ctree failed [ 179.399139][ T6010] loop1: detected capacity change from 0 to 512 [ 179.456661][ T6010] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 179.508811][ T6010] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 179.630848][ T6010] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 179.640166][ T6010] System zones: 0-2, 18-18, 34-34 [ 179.660458][ T6010] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 179.739869][ T6010] EXT4-fs (loop1): 1 truncate cleaned up [ 179.754896][ T6010] EXT4-fs (loop1): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 179.781994][ T6022] loop0: detected capacity change from 0 to 512 [ 180.986731][ T6022] EXT4-fs (loop0): mounted filesystem without journal. Opts: nodelalloc,grpid,auto_da_alloc,,errors=continue. Quota mode: writeback. [ 181.072800][ T6022] ext4 filesystem being mounted at /root/syzkaller-testdir2374675193/syzkaller.r8PP3o/141/file1 supports timestamps until 2038 (0x7fffffff) [ 181.464868][ T6037] loop3: detected capacity change from 0 to 512 [ 184.202535][ T6037] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 184.242921][ T6037] UDF-fs: Scanning with blocksize 512 failed [ 184.264521][ T6037] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 184.280997][ T6037] UDF-fs: Scanning with blocksize 1024 failed [ 184.283557][ T6044] bridge0: port 3(vlan3) entered blocking state [ 184.346418][ T6044] bridge0: port 3(vlan3) entered disabled state [ 184.384092][ T6044] device vlan3 entered promiscuous mode [ 184.415863][ T6037] UDF-fs: warning (device loop3): udf_load_vrs: No VRS found [ 184.462925][ T6037] UDF-fs: Scanning with blocksize 2048 failed [ 184.494331][ T6044] bridge0: adding interface vlan3 with same address as a received packet (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 184.520603][ T6037] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=256, location=256 [ 184.587527][ T6045] picdev_read: 59 callbacks suppressed [ 184.587546][ T6045] kvm: pic: non byte read [ 184.601870][ T6037] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 184.668075][ T6045] pic_ioport_write: 58 callbacks suppressed [ 184.668092][ T6045] kvm: pic: level sensitive irq not supported [ 184.682305][ T6045] kvm: pic: non byte read [ 184.722201][ T6045] kvm: pic: level sensitive irq not supported [ 184.722276][ T6045] kvm: pic: non byte read [ 184.751078][ T6045] kvm: pic: level sensitive irq not supported [ 184.751150][ T6045] kvm: pic: non byte read [ 184.773012][ T6059] loop0: detected capacity change from 0 to 1024 [ 184.781391][ T6060] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 184.791394][ T6045] kvm: pic: level sensitive irq not supported [ 184.800642][ T6045] kvm: pic: non byte read [ 184.830554][ T6045] kvm: pic: level sensitive irq not supported [ 184.830626][ T6045] kvm: pic: non byte read [ 184.885273][ T6045] kvm: pic: level sensitive irq not supported [ 184.885342][ T6045] kvm: pic: non byte read [ 184.951332][ T6045] kvm: pic: level sensitive irq not supported [ 184.951405][ T6045] kvm: pic: non byte read [ 185.020474][ T6045] kvm: pic: level sensitive irq not supported [ 185.020547][ T6045] kvm: pic: non byte read [ 185.057633][ T6045] kvm: pic: level sensitive irq not supported [ 185.057704][ T6045] kvm: pic: non byte read [ 185.108382][ T6070] hfsplus: cannot replace xattr [ 185.181536][ T6072] loop3: detected capacity change from 0 to 512 [ 185.283403][ T6049] loop4: detected capacity change from 0 to 32768 [ 185.336842][ T6072] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 185.373048][ T6072] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 185.404257][ T6049] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz-executor.4 (6049) [ 185.438479][ T6072] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 185.446668][ T6072] System zones: 0-2, 18-18, 34-34 [ 185.467320][ T6072] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 185.496332][ T6072] EXT4-fs (loop3): 1 truncate cleaned up [ 185.502188][ T6072] EXT4-fs (loop3): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 186.314051][ T6049] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm [ 186.384159][ T6049] BTRFS info (device loop4): turning on flush-on-commit [ 186.405586][ T6049] BTRFS info (device loop4): turning off barriers [ 186.443479][ T6049] BTRFS info (device loop4): doing ref verification [ 186.463395][ T6049] BTRFS info (device loop4): force clearing of disk cache [ 186.487952][ T6049] BTRFS info (device loop4): enabling disk space caching [ 186.516879][ T6049] BTRFS info (device loop4): turning on sync discard [ 186.537074][ T6049] BTRFS info (device loop4): using default commit interval 30s [ 186.576798][ T6049] BTRFS info (device loop4): disk space caching is enabled [ 186.586286][ T6069] loop1: detected capacity change from 0 to 32768 [ 186.608229][ T6049] BTRFS info (device loop4): has skinny extents [ 187.729503][ T6113] loop3: detected capacity change from 0 to 256 [ 187.792692][ T6069] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz-executor.1 (6069) [ 187.872056][ T6069] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm [ 187.882086][ T6113] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x905a013b, utbl_chksum : 0xe619d30d) [ 187.902175][ T6069] BTRFS info (device loop1): use zlib compression, level 3 [ 187.925954][ T6069] BTRFS info (device loop1): using free space tree [ 187.934136][ T26] kauditd_printk_skb: 47 callbacks suppressed [ 187.934150][ T26] audit: type=1326 audit(1718956978.784:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 187.934864][ T6049] BTRFS error (device loop4): open_ctree failed [ 187.953415][ T26] audit: type=1326 audit(1718956978.784:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.034607][ T6069] BTRFS info (device loop1): has skinny extents [ 188.036019][ T26] audit: type=1326 audit(1718956978.784:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.064608][ T26] audit: type=1326 audit(1718956978.784:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.088152][ T26] audit: type=1326 audit(1718956978.784:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.155966][ T26] audit: type=1326 audit(1718956978.784:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.293690][ T26] audit: type=1326 audit(1718956978.784:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.371823][ T26] audit: type=1326 audit(1718956978.784:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.476812][ T6069] BTRFS error (device loop1): open_ctree failed [ 188.714847][ T6153] loop0: detected capacity change from 0 to 512 [ 188.721327][ T26] audit: type=1326 audit(1718956978.854:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 188.771880][ T26] audit: type=1326 audit(1718956978.854:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6122 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6e48d31f29 code=0x7ffc0000 [ 189.778884][ T6153] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 189.820022][ T6153] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 189.854120][ C1] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 189.885618][ T6165] loop3: detected capacity change from 0 to 32768 [ 189.919051][ T6165] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 scanned by syz-executor.3 (6165) [ 190.048415][ T5297] Bluetooth: hci4: command 0x0405 tx timeout [ 190.075323][ T6153] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 190.110842][ T6165] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm [ 190.116160][ T6153] System zones: [ 190.119684][ T6165] BTRFS info (device loop3): doing ref verification [ 190.130001][ T6165] BTRFS info (device loop3): use zlib compression, level 3 [ 190.136285][ T6153] 0-2, 18-18, 34-34 [ 190.137352][ T6165] BTRFS info (device loop3): using free space tree [ 190.141179][ T6165] BTRFS info (device loop3): has skinny extents [ 190.209347][ T6153] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 190.313166][ T6153] EXT4-fs (loop0): 1 truncate cleaned up [ 190.372488][ T6153] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 190.584615][ T3569] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 190.643328][ T6165] BTRFS info (device loop3): enabling ssd optimizations [ 190.894598][ T3569] usb 3-1: Using ep0 maxpacket: 8 [ 191.014702][ T3569] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 191.032992][ T3569] usb 3-1: config 179 has no interface number 0 [ 191.066051][ T3569] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 191.108168][ T3569] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 191.148445][ T3569] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 191.211568][ T3569] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 191.239882][ T3569] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 191.284141][ T3569] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 191.310159][ T3569] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.364805][ T6184] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 191.386494][ T3569] xpad: probe of 3-1:179.65 failed with error -5 [ 191.514088][ T6213] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 191.567158][ T6210] kvm: pic: non byte read [ 191.578836][ T6210] kvm: pic: level sensitive irq not supported [ 191.578910][ T6210] kvm: pic: non byte read [ 191.604872][ T6210] kvm: pic: level sensitive irq not supported [ 191.604939][ T6210] kvm: pic: non byte read [ 191.635424][ T6210] kvm: pic: level sensitive irq not supported [ 191.635498][ T6210] kvm: pic: non byte read [ 191.655400][ T6210] kvm: pic: level sensitive irq not supported [ 191.655472][ T6210] kvm: pic: non byte read [ 191.677744][ T6210] kvm: pic: level sensitive irq not supported [ 191.677813][ T6210] kvm: pic: non byte read [ 191.689760][ T6210] kvm: pic: level sensitive irq not supported [ 191.689831][ T6210] kvm: pic: non byte read [ 191.714767][ T6210] kvm: pic: level sensitive irq not supported [ 191.714838][ T6210] kvm: pic: non byte read [ 191.756120][ T6210] kvm: pic: level sensitive irq not supported [ 191.756191][ T6210] kvm: pic: non byte read [ 191.768182][ T6210] kvm: pic: level sensitive irq not supported [ 191.768249][ T6210] kvm: pic: non byte read [ 191.779639][ T6210] kvm: pic: level sensitive irq not supported [ 192.041469][ T6238] loop0: detected capacity change from 0 to 512 [ 192.163396][ T6238] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 192.187763][ T6238] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 192.243620][ T6238] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 192.270469][ T6238] System zones: 0-2, 18-18, 34-34 [ 192.289781][ T6238] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 192.290204][ T6252] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 192.323643][ T6252] device macvtap0 entered promiscuous mode [ 192.338785][ T6238] EXT4-fs (loop0): 1 truncate cleaned up [ 192.342654][ T6252] device macvtap0 left promiscuous mode [ 192.364613][ T6238] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 192.471207][ T6252] netlink: 'syz-executor.4': attribute type 10 has an invalid length. [ 192.572209][ T6252] team0: Port device netdevsim0 added [ 193.244486][ T26] kauditd_printk_skb: 1 callbacks suppressed [ 193.244512][ T26] audit: type=1800 audit(1718956983.904:99): pid=6262 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1965 res=0 errno=0 [ 193.537051][ T3573] usb 3-1: USB disconnect, device number 13 [ 194.081314][ T3569] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 194.454973][ T3569] usb 1-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 194.477117][ T3569] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 194.526129][ T3569] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 194.650701][ T3569] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.935874][ T3569] usb 1-1: config 0 descriptor?? [ 194.949065][ T1378] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.956651][ T1378] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.996731][ T3569] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 195.150488][ T6292] loop1: detected capacity change from 0 to 512 [ 195.266950][ T6292] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 195.316153][ T6292] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 195.374080][ T6292] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 195.390318][ T6292] System zones: 0-2, 18-18, 34-34 [ 195.424315][ T6292] EXT4-fs warning (device loop1): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 195.472073][ T6292] EXT4-fs (loop1): 1 truncate cleaned up [ 195.493631][ T6292] EXT4-fs (loop1): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 196.034775][ T21] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 196.309422][ T3569] usb 1-1: USB disconnect, device number 4 [ 196.369589][ T21] usb 3-1: device descriptor read/64, error -71 [ 196.914498][ T21] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 197.124525][ T21] usb 3-1: device descriptor read/64, error -71 [ 197.244672][ T21] usb usb3-port1: attempt power cycle [ 197.270541][ T6345] loop4: detected capacity change from 0 to 512 [ 197.473249][ T6345] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 197.512256][ T6345] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 197.673766][ T6345] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 197.684638][ T6345] System zones: 0-2, 18-18, 34-34 [ 197.705808][ T6345] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 197.724431][ T21] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 197.769704][ T6345] EXT4-fs (loop4): 1 truncate cleaned up [ 197.782862][ T6345] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 197.838246][ T21] usb 3-1: device descriptor read/8, error -71 [ 198.124473][ T21] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 198.232032][ T21] usb 3-1: device descriptor read/8, error -71 [ 198.360430][ T21] usb usb3-port1: unable to enumerate USB device [ 198.901265][ T6392] loop0: detected capacity change from 0 to 512 [ 199.053518][ T6392] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 199.105938][ T6392] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 199.251201][ T6392] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 199.274742][ T6392] System zones: 0-2, 18-18, 34-34 [ 199.287041][ T6392] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 199.387149][ T6392] EXT4-fs (loop0): 1 truncate cleaned up [ 199.396424][ T6392] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 200.436377][ T6451] loop3: detected capacity change from 0 to 512 [ 200.603283][ T6451] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 200.654420][ T6451] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 200.695773][ T6451] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 200.703866][ T6451] System zones: 0-2, 18-18, 34-34 [ 200.730983][ T6451] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 200.766045][ T6451] EXT4-fs (loop3): 1 truncate cleaned up [ 200.774816][ T6451] EXT4-fs (loop3): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 203.956011][ C1] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 205.604780][ C0] bridge0: received packet on bridge_slave_0 with own address as source address (addr:aa:aa:aa:aa:aa:1b, vlan:0) [ 207.366752][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 208.791291][ T6554] loop0: detected capacity change from 0 to 512 [ 208.872232][ T6554] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 208.926102][ T6554] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 208.966220][ T6554] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 208.994520][ T6554] System zones: 0-2, 18-18, 34-34 [ 209.057936][ T6554] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 209.094000][ T6554] EXT4-fs (loop0): 1 truncate cleaned up [ 209.110182][ T6554] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 211.250093][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 211.312220][ C0] TCP: request_sock_TCP: Possible SYN flooding on port 2. Sending cookies. Check SNMP counters. [ 211.610127][ T26] audit: type=1800 audit(1718957002.454:100): pid=6694 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="sda1" ino=1965 res=0 errno=0 [ 211.869226][ T6704] loop4: detected capacity change from 0 to 512 [ 211.956778][ T6704] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 211.972809][ T6704] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 212.053488][ T6704] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 212.076985][ T6704] System zones: 0-2, 18-18, 34-34 [ 212.153305][ T6704] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 212.247558][ T6704] EXT4-fs (loop4): 1 truncate cleaned up [ 212.253373][ T6704] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 213.415078][ T6789] loop0: detected capacity change from 0 to 512 [ 213.491108][ T6789] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 213.507912][ T6789] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem [ 213.527342][ T6789] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 213.561733][ T6789] System zones: 0-2, 18-18, 34-34 [ 213.575108][ T6789] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 213.597018][ T6789] EXT4-fs (loop0): 1 truncate cleaned up [ 213.608567][ T6789] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 215.423822][ T6850] loop4: detected capacity change from 0 to 512 [ 215.488381][ T6850] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 215.514866][ T6850] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 215.591280][ T6850] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 215.606995][ T6850] System zones: 0-2, 18-18, 34-34 [ 215.613712][ T6850] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 215.637112][ T6850] EXT4-fs (loop4): 1 truncate cleaned up [ 215.643590][ T6850] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 216.365034][ T6895] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 216.991738][ T6923] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 217.126567][ T6925] loop4: detected capacity change from 0 to 512 [ 217.142473][ T6911] infiniband syz0: set active [ 217.147680][ T6911] infiniband syz0: added veth0_vlan [ 217.184564][ T6925] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 217.194864][ T6925] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 217.221219][ T6911] RDS/IB: syz0: added [ 217.258211][ T6911] smc: adding ib device syz0 with port count 1 [ 217.268096][ T6925] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 217.288375][ T6925] System zones: 0-2, 18-18, 34-34 [ 217.293869][ T6911] smc: ib device syz0 port 1 has pnetid [ 217.340282][ T6925] EXT4-fs warning (device loop4): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 217.399771][ T6925] EXT4-fs (loop4): 1 truncate cleaned up [ 217.405986][ T6925] EXT4-fs (loop4): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 218.251282][ T6962] device dummy0 entered promiscuous mode [ 218.270001][ T6962] device batadv0 entered promiscuous mode [ 218.332367][ T6962] hsr1: Slave B (batadv0) is not up; please bring it up to get a fully working HSR network [ 218.360270][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 218.447973][ T6970] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 218.658524][ T6979] loop3: detected capacity change from 0 to 512 [ 218.774479][ T3565] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 218.786663][ T7] usb 2-1: new low-speed USB device number 5 using dummy_hcd [ 218.786688][ T6979] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 218.804833][ T6979] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 218.836332][ T6979] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 218.844756][ T21] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 218.853763][ T6979] System zones: 0-2, 18-18, 34-34 [ 218.862142][ T6979] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 218.886299][ T6979] EXT4-fs (loop3): 1 truncate cleaned up [ 218.892070][ T6979] EXT4-fs (loop3): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 219.104808][ T21] usb 3-1: Using ep0 maxpacket: 32 [ 219.151563][ T3565] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 219.164566][ T3565] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 219.179857][ T3565] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 219.194701][ T7] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 219.203880][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 219.224914][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 219.246472][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 219.314748][ T21] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 219.324139][ T21] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 219.340926][ T21] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 219.344742][ T7] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 219.357487][ T3565] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 219.365183][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 219.378328][ T3565] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.383528][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 219.388024][ T3565] usb 1-1: Product: syz [ 219.402275][ T3565] usb 1-1: Manufacturer: syz [ 219.406805][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 219.407976][ T3565] usb 1-1: SerialNumber: syz [ 219.444530][ T3567] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 219.504712][ T21] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 219.504886][ T7] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 219.520040][ T21] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.521600][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 77, setting to 8 [ 219.530331][ T21] usb 3-1: Product: syz [ 219.540269][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 219.550892][ T21] usb 3-1: Manufacturer: syz [ 219.556349][ T7] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 219.560739][ T21] usb 3-1: SerialNumber: syz [ 219.689109][ T3565] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 5 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 219.708102][ T3567] usb 4-1: Using ep0 maxpacket: 32 [ 219.728442][ T5300] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 219.835370][ T7] usb 2-1: string descriptor 0 read error: -22 [ 219.841705][ T3567] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 219.855114][ T7] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 219.864168][ T7] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.890530][ T3565] usb 1-1: USB disconnect, device number 5 [ 219.898675][ T3565] usblp0: removed [ 219.904849][ T21] usb 3-1: 0:2 : does not exist [ 219.908582][ T7] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 219.942312][ T21] usb 3-1: USB disconnect, device number 18 [ 220.044903][ T3567] usb 4-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.40 [ 220.054092][ T3567] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.062136][ T3567] usb 4-1: Product: syz [ 220.066468][ T3567] usb 4-1: SerialNumber: syz [ 220.113274][ T7] usb 2-1: USB disconnect, device number 5 [ 220.134634][ T5300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 1023, setting to 64 [ 220.147605][ T3567] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 220.162275][ T5300] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 14129, setting to 64 [ 220.334569][ T5300] usb 5-1: New USB device found, idVendor=1803, idProduct=5510, bcdDevice=7c.1b [ 220.338860][ T21] usb 4-1: USB disconnect, device number 5 [ 220.349941][ T5300] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.380195][ T5300] usb 5-1: Product: syz [ 220.388157][ T5300] usb 5-1: Manufacturer: syz [ 220.396258][ T5300] usb 5-1: SerialNumber: syz [ 220.424763][ T5300] usb 5-1: config 0 descriptor?? [ 220.674571][ T3573] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 220.725383][ T5300] cxacru 5-1:0.0: submit of read urb for cm 0x90 failed (-8) [ 220.749171][ T6999] cxacru 5-1:0.0: Direct firmware load for cxacru-fw.bin failed with error -2 [ 220.760156][ T5300] usb 5-1: USB disconnect, device number 8 [ 220.770022][ T6999] cxacru 5-1:0.0: Falling back to sysfs fallback for: cxacru-fw.bin [ 220.802551][ T7001] device dummy0 entered promiscuous mode [ 220.811665][ T7001] device batadv0 entered promiscuous mode [ 220.818640][ T7001] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 220.828005][ T7001] Cannot create hsr debugfs directory [ 220.834777][ T7] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 220.893875][ T7003] rdma_rxe: rxe_register_device failed with error -23 [ 220.911641][ T7003] rdma_rxe: failed to add veth0_vlan [ 220.954588][ T3573] usb 3-1: Using ep0 maxpacket: 32 [ 221.015171][ T7007] loop3: detected capacity change from 0 to 512 [ 221.079861][ T7007] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 221.090388][ T7007] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem [ 221.107539][ T3573] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 221.126542][ T7007] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c01c, mo2=0002] [ 221.137008][ T3573] usb 3-1: config 1 has no interface number 1 [ 221.148782][ T7007] System zones: 0-2, 18-18, 34-34 [ 221.156225][ T3573] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 221.175185][ T3573] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 221.200063][ T7007] EXT4-fs warning (device loop3): ext4_update_dynamic_rev:1061: updating to rev 1 because of new feature flag, running e2fsck is recommended [ 221.231917][ T3573] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 221.285510][ T7007] EXT4-fs (loop3): 1 truncate cleaned up [ 221.291194][ T7007] EXT4-fs (loop3): mounted filesystem without journal. Opts: block_validity,,errors=continue. Quota mode: none. [ 221.500331][ T3573] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 221.509813][ T3573] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 221.520945][ T3573] usb 3-1: Product: syz [ 221.526625][ T3573] usb 3-1: Manufacturer: syz [ 221.539096][ T3573] usb 3-1: SerialNumber: syz [ 221.818285][ T7031] device dummy0 entered promiscuous mode [ 221.839936][ T7031] device batadv0 entered promiscuous mode [ 221.854986][ T7031] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 221.862714][ T7031] Cannot create hsr debugfs directory [ 221.878436][ T21] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready [ 221.905941][ T7033] tipc: Started in network mode [ 221.911393][ T7033] tipc: Node identity 2ecd49a51bbd, cluster identity 4711 [ 221.954069][ T3573] usb 3-1: USB disconnect, device number 19 [ 221.961109][ T7033] tipc: Enabled bearer , priority 0 [ 222.019432][ T7034] €Â: renamed from syzkaller0 [ 222.050569][ T7034] tipc: Disabling bearer [ 222.069874][ T7036] ================================================================== [ 222.078564][ T7036] BUG: KASAN: slab-out-of-bounds in cfg80211_wext_freq+0x1f1/0x230 [ 222.086522][ T7036] Read of size 2 at addr ffff88805ee79d40 by task syz-executor.3/7036 [ 222.094744][ T7036] [ 222.097090][ T7036] CPU: 1 PID: 7036 Comm: syz-executor.3 Not tainted 5.15.161-syzkaller #0 [ 222.105604][ T7036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024 [ 222.115872][ T7036] Call Trace: [ 222.119359][ T7036] [ 222.122310][ T7036] dump_stack_lvl+0x1e3/0x2d0 [ 222.127025][ T7036] ? io_uring_drop_tctx_refs+0x1a0/0x1a0 [ 222.132678][ T7036] ? _printk+0xd1/0x120 [ 222.136864][ T7036] ? __wake_up_klogd+0xcc/0x100 [ 222.141728][ T7036] ? panic+0x860/0x860 [ 222.145806][ T7036] ? _raw_spin_lock_irqsave+0xdd/0x120 2024/06/21 08:03:32 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 222.151301][ T7036] print_address_description+0x63/0x3b0 [ 222.156880][ T7036] ? cfg80211_wext_freq+0x1f1/0x230 [ 222.162102][ T7036] kasan_report+0x16b/0x1c0 [ 222.166623][ T7036] ? cfg80211_wext_freq+0x1f1/0x230 [ 222.171868][ T7036] cfg80211_wext_freq+0x1f1/0x230 [ 222.176916][ T7036] cfg80211_wext_siwscan+0x4fd/0xfc0 [ 222.182274][ T7036] ioctl_standard_iw_point+0x781/0xca0 [ 222.187790][ T7036] ? cmp_bss+0xde0/0xde0 [ 222.192063][ T7036] ? iw_handler_get_iwstats+0x240/0x240 [ 222.197630][ T7036] ? wext_ioctl_dispatch+0xb9/0x460 [ 222.202859][ T7036] ? mutex_lock_io_nested+0x60/0x60 [ 222.208086][ T7036] ? apparmor_capable+0x12e/0x190 [ 222.213137][ T7036] ? full_name_hash+0x8f/0xe0 [ 222.217848][ T7036] ioctl_standard_call+0xc3/0x280 [ 222.222898][ T7036] ? cmp_bss+0xde0/0xde0 [ 222.227171][ T7036] ? cmp_bss+0xde0/0xde0 [ 222.231437][ T7036] wext_ioctl_dispatch+0x16f/0x460 [ 222.236572][ T7036] ? wext_ioctl_dispatch+0x460/0x460 [ 222.241892][ T7036] ? iw_handler_get_private+0x1e0/0x1e0 [ 222.247474][ T7036] wext_handle_ioctl+0x15b/0x260 [ 222.252442][ T7036] ? call_commit_handler+0xf0/0xf0 [ 222.257597][ T7036] sock_ioctl+0x13b/0x770 [ 222.261956][ T7036] ? sock_poll+0x410/0x410 [ 222.266397][ T7036] ? __fget_files+0x413/0x480 [ 222.271110][ T7036] ? bpf_lsm_file_ioctl+0x5/0x10 [ 222.276072][ T7036] ? security_file_ioctl+0x7d/0xa0 [ 222.281205][ T7036] ? sock_poll+0x410/0x410 [ 222.285649][ T7036] __se_sys_ioctl+0xf1/0x160 [ 222.290290][ T7036] do_syscall_64+0x3b/0xb0 [ 222.294814][ T7036] ? clear_bhb_loop+0x15/0x70 [ 222.299512][ T7036] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 222.305438][ T7036] RIP: 0033:0x7f576a754f29 [ 222.309873][ T7036] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 222.329505][ T7036] RSP: 002b:00007f57692ce0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 222.338037][ T7036] RAX: ffffffffffffffda RBX: 00007f576a88bf80 RCX: 00007f576a754f29 [ 222.346036][ T7036] RDX: 0000000020000000 RSI: 0000000000008b18 RDI: 0000000000000003 [ 222.354029][ T7036] RBP: 00007f576a7c4074 R08: 0000000000000000 R09: 0000000000000000 [ 222.362026][ T7036] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 222.370013][ T7036] R13: 000000000000000b R14: 00007f576a88bf80 R15: 00007ffd536deaf8 [ 222.378024][ T7036] [ 222.381056][ T7036] [ 222.383383][ T7036] Allocated by task 7036: [ 222.387711][ T7036] ____kasan_kmalloc+0xba/0xf0 [ 222.392574][ T7036] __kmalloc+0x168/0x300 [ 222.396825][ T7036] ioctl_standard_iw_point+0x4aa/0xca0 [ 222.402304][ T7036] ioctl_standard_call+0xc3/0x280 [ 222.407338][ T7036] wext_ioctl_dispatch+0x16f/0x460 [ 222.412470][ T7036] wext_handle_ioctl+0x15b/0x260 [ 222.417420][ T7036] sock_ioctl+0x13b/0x770 [ 222.421769][ T7036] __se_sys_ioctl+0xf1/0x160 [ 222.426375][ T7036] do_syscall_64+0x3b/0xb0 [ 222.430811][ T7036] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 222.436719][ T7036] [ 222.439051][ T7036] The buggy address belongs to the object at ffff88805ee79c00 [ 222.439051][ T7036] which belongs to the cache kmalloc-512 of size 512 [ 222.453110][ T7036] The buggy address is located 320 bytes inside of [ 222.453110][ T7036] 512-byte region [ffff88805ee79c00, ffff88805ee79e00) [ 222.466598][ T7036] The buggy address belongs to the page: [ 222.472262][ T7036] page:ffffea00017b9e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x5ee78 [ 222.482432][ T7036] head:ffffea00017b9e00 order:2 compound_mapcount:0 compound_pincount:0 [ 222.490767][ T7036] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 222.498780][ T7036] raw: 00fff00000010200 ffffea00007dd600 0000000700000007 ffff888011c41c80 [ 222.507384][ T7036] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 222.515978][ T7036] page dumped because: kasan: bad access detected [ 222.522405][ T7036] page_owner tracks the page as allocated [ 222.528126][ T7036] page last allocated via order 2, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 3531, ts 57961486501, free_ts 57929837639 [ 222.547379][ T7036] get_page_from_freelist+0x322a/0x33c0 [ 222.552957][ T7036] __alloc_pages+0x272/0x700 [ 222.557561][ T7036] new_slab+0xbb/0x4b0 [ 222.561643][ T7036] ___slab_alloc+0x6f6/0xe10 [ 222.566248][ T7036] __kmalloc+0x1c9/0x300 [ 222.570501][ T7036] fib6_info_alloc+0x2c/0xd0 [ 222.575103][ T7036] ip6_route_info_create+0x446/0x12c0 [ 222.580490][ T7036] ip6_route_add+0x22/0x120 [ 222.585106][ T7036] addrconf_prefix_route+0x325/0x500 [ 222.590405][ T7036] inet6_addr_add+0x516/0x9a0 [ 222.595093][ T7036] inet6_rtm_newaddr+0x892/0x2540 [ 222.600128][ T7036] rtnetlink_rcv_msg+0x993/0xee0 [ 222.605265][ T7036] netlink_rcv_skb+0x1cf/0x410 [ 222.610053][ T7036] netlink_unicast+0x7b6/0x980 [ 222.614839][ T7036] netlink_sendmsg+0xa30/0xd60 [ 222.619629][ T7036] __sys_sendto+0x564/0x720 [ 222.624159][ T7036] page last free stack trace: [ 222.628842][ T7036] free_unref_page_prepare+0xc34/0xcf0 [ 222.634318][ T7036] free_unref_page+0x95/0x2d0 [ 222.639005][ T7036] stack_depot_save+0x3ef/0x440 [ 222.643876][ T7036] ____kasan_kmalloc+0xd1/0xf0 [ 222.648656][ T7036] __kmalloc+0x168/0x300 [ 222.