last executing test programs: 4.629034581s ago: executing program 0 (id=1584): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000500)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000000e2020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r1}, 0x18) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r2, @ANYBLOB="8b330022004ad20000000500"], 0x20}}, 0x0) 4.420872085s ago: executing program 0 (id=1586): r0 = socket$inet6(0xa, 0x3, 0x5) syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAP(r1, 0x4b67, &(0x7f00000006c0)={0x2, &(0x7f0000000000)=[{0xfff, 0x3}, {0x87f, 0x7}]}) futex(&(0x7f0000000100), 0x5, 0x2, &(0x7f0000000180), &(0x7f0000000200), 0x2) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r2, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) r4 = syz_io_uring_setup(0x49b, &(0x7f0000000000)={0x0, 0x600d, 0x1, 0x3, 0x37d}, &(0x7f0000001e40)=0x0, &(0x7f0000000340)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x104, &(0x7f0000000080)=0xfffffffb, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x18) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc9ffb}]}) clock_settime(0xfffffff8, &(0x7f0000000140)={0x0, 0x989680}) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000000)=0xffffffc3, 0x4) sendmmsg(r0, &(0x7f0000000500)=[{{&(0x7f0000000040)=@x25, 0x80, 0x0, 0x39}}], 0x1, 0x0) 4.243156828s ago: executing program 0 (id=1588): r0 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6) getsockopt$sock_int(r0, 0x1, 0x10, 0x0, &(0x7f0000000100)) 4.016942223s ago: executing program 0 (id=1590): prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000ed074479000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b70800000000396f7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0xc, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$caif_stream(0x25, 0x1, 0x1) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x2501, 0x0) ioctl$SNAPSHOT_FREE(r0, 0x3305) 3.716927128s ago: executing program 3 (id=1593): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x5, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, 0x0) write$tun(r2, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000240)="ed"}) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x10000000000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="20010000", @ANYRES16, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r7, @ANYBLOB="47000e00800000000802110000000802110000015050505050500000000000000000000064000000000602020202020204060000000000000602000025030034003c040106b80400080026006c09000008000c006400000008000d0000000000a2000f0032"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0) 2.761382406s ago: executing program 0 (id=1602): r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x88040, 0x0) fcntl$setlease(r0, 0x400, 0x0) lchown(&(0x7f0000000080)='./file1\x00', 0xee01, 0xffffffffffffffff) 2.658542709s ago: executing program 0 (id=1603): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000000000000"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x18) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x80) bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) syz_genetlink_get_family_id$wireguard(&(0x7f0000000440), r2) sendmsg$WG_CMD_SET_DEVICE(r2, 0x0, 0x20008081) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="54000000020603000000000000000000000000000d000300686173683a6e65740000000005000400000000000900020073797a31000000000c000780080008400000007005000500020300000500010006"], 0x54}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @loopback}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0x10040047}, 0x240008c4) 2.657941328s ago: executing program 3 (id=1604): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r0, &(0x7f00000003c0)={0x24, @none={0x0, 0x2}}, 0x14) 2.533976631s ago: executing program 3 (id=1606): syz_read_part_table(0x611, &(0x7f0000000280)="$eJzs3D9olGccB/DvJbmcUTAdnFxqHDoJRXE0Q5XkqlgIp1IIDvYfIs0UIXDSwytxaDMoZpCOXaRwHTROxgxOikLnIg4WIYNLwS5SO+TK3b0kd1CKpZa2+PkM93vu5cfzfX/w3Phc+F8bSrlYtSvd8u7Hf9rfHt9aN3OqNTV9tN1ut08mpZxOORPlnStJRjK4a/YmGe3b5/q329e+/uX9cuvxiRfvnLm3NLS5ZyVvJdnR35yxP3qVyl+blH/Cjcn744uX5quXO1+qjfWND5Obz6dqq8eXlleOlY982nl+MXlQ9PcOxljOp54L+Twfjbxy1Jdby9JAfrOTX58896jaWP+m9XT/xu7q8O2zh17uWbty90Cy0ImYSfewbxn9m4P35S/25S9MXJ1dbhzed2vXtYP1Ow9rz4Z/bfcUkcXPrdTcfAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH/Ijc7Hpfnq5frkuUfVxvpXP/7wwc3nU7XV40vLK8dGjzwp+h4UdaSo51PPhZSTzGUun2X+1SNnS/35k/fHFzfzf9uePN2/sbvaun320MvptSt3D3S7SpnplKHXMfGgwfzG+sLE1dnlxuF9t3ZdO1i/87D2bLjXN1fJJ91xk1Re/2sAAAAAAAAAAAAAAAAAAADwhpuaPrpn5r3ayaSU09uS/PxF95Z9uzL2fbo373v2FvVJJdmZ5Pq23n8BtB6feDF65t7ST8Wl+GYqaSbZ8d3qqeTtzZyLg7HlrZ35N/0eAAD//1mrmWE=") r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0xb, '\x00', 0x0, 0x2}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r2, &(0x7f0000005f40)=[{{&(0x7f0000000d00)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f0000003400)=ANY=[@ANYBLOB="20000000000000000000000007000000440cd1700000000700000e0f940401001400000000000000000600000200000002000000000000001100000000000000000000000100000009000000000000001400000000000000eaffffff0100000006000000000000001400000000000000000000000200000006"], 0x80}}, {{&(0x7f00000010c0)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f00000012c0)=ANY=[], 0x28}}], 0x2, 0x4000004) r3 = creat(&(0x7f0000000040)='./file1\x00', 0x5) io_setup(0x202, &(0x7f0000000200)=0x0) io_submit(r4, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r3, &(0x7f0000000000), 0x4000, 0xa00}]) r5 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) io_submit(r4, 0x3, &(0x7f0000000a00)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x7, 0x7, r1, &(0x7f0000000140)="bb59dc616e38385cee4ea27293c5b54dd26f14f857b3b8f0ef99c6c01d7eedd34803d07a8f84d3a190e5dcd71ca4ab9c8ca5f5509c45c664603eda44fb3d51ba8421a12adfdbc19fd603", 0x4a, 0x6, 0x0, 0x1, r3}, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x3, 0xfffd, r2, &(0x7f00000008c0)="e587b430d5d2ec3bba774cfb20479adf62d5b9e72336648539776c3cab6508ef26e81ab9d3a6cd15865c6b7f83f3c71ced09899ecaccf8ab5fcb48cc6e908c927e2553560ce8e7771191fc203390e8a218bb628591db9343dd4f52fcf98960dd94048e9e2026b496f7f08df7994dd65bac1bacc2f3a03ea2b898f816b9bb75626de25ef3e422bc8376db00fe9b0e3594de4e2b8ed868099538ba34d809e56b64dff156ddc87b977b76586d7f49069250e89b0f60839239b85c12a43dcfffafd3b798f2d22a5a88ca4e9d7015aad662f53aa79500d63c44f2d62afaf11be249fb50faf4", 0xe3, 0x3, 0x0, 0x0, r3}, &(0x7f00000009c0)={0x0, 0x0, 0x0, 0x7, 0x8000, r5, &(0x7f00000001c0)="7eaf42d0ee44d1cbb07e8ddb3dd1f9601999812d7cd7ae1c4aad1a3d57b842a7778690", 0x23, 0x100000001, 0x0, 0x1}]) 2.144428168s ago: executing program 3 (id=1610): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10) r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc1}, &(0x7f0000000080)={0x0, "69dcaf20127e9a854529f45826cb35be51682e30944313e2ca73845d177d601880221daeccfda56b75cfe2bad94f000066b2ddab614fec2236da7d88ea07c9ee"}, 0x48, 0xfffffffffffffffe) keyctl$search(0xa, r1, &(0x7f0000000180)='asymmetric\x00', &(0x7f0000000100)={'syz', 0x0}, 0x0) 1.943686032s ago: executing program 2 (id=1612): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000940)=ANY=[@ANYBLOB="070000000400000008000000d9"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000001000080000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='kfree\x00', r1}, 0x18) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f00000003c0)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000380)={0xffffffffffffffff}, 0x2, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000200)={0x3, 0x40, 0xfa00, {{0xa, 0xfffe, 0x0, @empty, 0x4}, {0xa, 0x0, 0x0, @loopback, 0xfffffffc}, r3, 0x400}}, 0x48) write$RDMA_USER_CM_CMD_JOIN_MCAST(r2, &(0x7f0000000d40)={0x16, 0x98, 0xfa00, {0x0, 0x2, r3, 0x30, 0x1, @ib={0x1b, 0x8000, 0xfff, {"3f8c0d6cf777eaa6ace6d3ec00ed4771"}, 0x500e, 0x0, 0x5}}}, 0xa0) 1.923185532s ago: executing program 3 (id=1613): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$unix(0x1, 0x5, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r3 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r3, 0x8914, 0x0) write$tun(r2, 0x0, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000400), 0x0, 0x0, 0x0}) r6 = dup3(r5, r4, 0x0) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, &(0x7f0000000240)="ed"}) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, 0xffffffffffffffff, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000fc0)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x48, 0x18, &(0x7f0000000300)={@flat=@weak_binder={0x77622a85, 0x100a, 0x8000000000}, @flat=@weak_binder={0x77622a85, 0x1100, 0x3}}, &(0x7f0000000200)={0x0, 0x18, 0x30}}}], 0x0, 0x0, 0x0}) mmap$binder(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, 0x11, r4, 0x10000000000) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, 0x0, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="20010000", @ANYRES16, @ANYBLOB="050000000000000000000f00000008000300", @ANYRES32=r7, @ANYBLOB="47000e00800000000802110000000802110000015050505050500000000000000000000064000000000602020202020204060000000000000602000025030034003c040106b80400080026006c09000008000c006400000008000d0000000000a2000f0032"], 0x120}, 0x1, 0x0, 0x0, 0x90}, 0x0) 1.795539695s ago: executing program 2 (id=1614): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, 0x0) ioctl$TCSBRKP(0xffffffffffffffff, 0x5425, 0x80000000) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='pagemap\x00') pread64(r0, &(0x7f0000000200)=""/102400, 0x19000, 0x1000000000) 1.605356109s ago: executing program 2 (id=1616): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="010000000400000008000000"], 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0xf, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000003000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) socket$inet6_tcp(0xa, 0x1, 0x0) eventfd2(0x0, 0x0) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000007c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000030000008500000084000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000140)='sys_enter\x00', r3}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x2, 0x0, 0x3, 0xfffffffffffffffd, 0x3, 0x0, 0x0, 0xe}, 0x0, &(0x7f0000000300)={0x3ff, 0x7e7, 0x0, 0x9, 0x4, 0x0, 0x7fffffff, 0x3f8}, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) 1.066221639s ago: executing program 1 (id=1619): bpf$PROG_LOAD(0x5, &(0x7f0000000b80)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x1, 0x0, 0x0, 0x41100, 0x4d, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r0}, 0x10) r1 = syz_open_dev$tty1(0xc, 0x4, 0x3) ioctl$KDFONTOP_SET(r1, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x8, 0x1b, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"}) 948.476431ms ago: executing program 1 (id=1620): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x1, 0xc, 0x9}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='kfree\x00', r1}, 0x9) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="300000000101010300000000000000000a0000030c0019"], 0x30}, 0x1, 0x0, 0x0, 0x8008001}, 0x24008854) 872.968183ms ago: executing program 3 (id=1621): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x50) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000001740)={r0, 0x0, &(0x7f0000001700)=""/53}, 0x20) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000500)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a00)={&(0x7f0000000d00)='sched_switch\x00', r2}, 0x10) syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000680)={[{@nodioread_nolock}, {@journal_dev={'journal_dev', 0x3d, 0xff}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x5c}}, {@nouid32}, {@resgid}, {@acl}, {@init_itable_val={'init_itable', 0x3d, 0x8d55}}]}, 0x0, 0x473, &(0x7f0000000bc0)="$eJzs281rHOUfAPDvTF7a/vqS/Gp9aa0aLUJQTJq0ag9eFAWRioIe6jEm2xK6baSJYmuxqYgnQQp6Fo+if4E3EUQ9CV49eZJC0V7aeorM7Ey62WYTazaZ2P18YLPPM/PszvebeXv2eXYD6FpD2Z8kYkdE/BoRA43q0gZDjafrV89P3rh6fjKJhYXX/kjydteunp8sm5av215UhtOI9MOk2MhSs2fPnZyo12tnivro3Km3RmfPnnvinVMTJ2onaqfHjxw5fGjs6afGn+xInlle1/a9P7N/74tvXHp58tilN3/8Oot3R7G+OY9OGcoS/3Mh17ru0U5vrGI7m8pJb4WBcFt6IiLbXX35+T8QPXFz5w3ECx9UGhywrrJ705b2q+cXgDtYElVHAFSjvNFnn3/LxwZ1PTaFK882PgBleV8vHo01vZEWbfpaPt920lBEHJv/6/PsEes0DgEA0Ozjyc+O9kfEeze+einrewwsrknjnvz5t/zvrmIOZTAi/h8RuyPirojYExF3R+Rt742I+9YYz639n/TyGt9yRVn/75libmtp/6/s/cVgT1HbmefflxyfrtcOFv+T4ejbktXHVtjGt8//8km7dc39v+yRbb/sCxZxXO5tGaCbmpibyDulHXDlYsS+3uXyTxZnApKI2BsR+27vrXeVhenHvtzfrtHq+a+gA/NMC19k6c1n+c9HS/6lpHl+cvqW+cnRrVGvHRwtj4pb/fTzR6+22/6a8u+AK7XGc9P+b20ymDTP1852dvv/8vhP+5PX83nm/mLZuxNzc2fGIvqTo3l9yfLxm68t62X77PgfPrD8+b+7eE2W//0RkR3ED0TEgxHxUBH7wxHxSEQcWCHHH55bPf9IK9r/FyOmlr3+LR7/Lfv/9gs9J7//pt32/9n+P5yXhosl+fVvFcuFk10uWgNcy/8OAAAA/ivS/DvwSTqyWE7TkZHGd/j3xP/S+szs3OPHZ94+PdX4rvxg9KXlSNdAMR5an67XxpL54h0b46PjxVhxOV56qBg3/rRnW14fmZypT1WcO3S77W3O/8zvPVVHB6yzbcsuHe/f8ECACrTOo6dLqxdeCRcDuFP5vTZ0r1XO/3Sj4gA2nvs/dK/lzv8LLXVzAXBncv+H7uX8hy6Vfld1BECF3P+hK63ld/3rWNi6OcKoprBZd0peiCgL6aaIR2GdClVfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrj7wAAAP//KFzmgQ==") 700.957276ms ago: executing program 1 (id=1622): r0 = socket$kcm(0x10, 0x2, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='kfree\x00', r2, 0x0, 0x2}, 0x18) sendmsg$kcm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000002c0)="d80000001c0081064e81f782db44b9040a1d08040e00000000000aa1180002000600142603600e1208000f0000810401a8001605200001400200000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a985162756aa5e8d7ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x48090) 565.136308ms ago: executing program 2 (id=1623): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a000000040000000800000008"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000580)='syzkaller\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x7, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5e, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c636865636b3d7374726963742c756d61736b3d30303030303030303030303030303030303133363033302c756e695f786c6174653d312c756e695f786c6174653d302c666d61736b3d30303030303030303030303030303030303030303034302c757466383d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c73686f72746e616d653d6c6f7765722c73686f72746e616d653d77696e6e742c756e695f786c6174653d312c74696d655f6f66667365743d3078303030303030303030303030303166622c666c7573682c756e695f786c6174653d302c73686f72746e616d653d77696e39352c00208893fdd4787adad4209069"], 0x6, 0x2b0, &(0x7f0000000280)="$eJzs3T9vI0UYB+B3E3vtg8IuqBASK0FBdbpcS+MI5aQIVyAXQAEn7k5CsYV0J0XijzBX0dJQ8gmQkOj4EjQU9Ei0SHRccdKi9e7GTlg72QgnwD1Pk8ns/Gbe3YwTpfD4g5dmR/eyePD481+j309iZxSjeJLEMHai9mWcMvo6AID/sid5Hn/kpTa5JCL62ysLANiilb//Ny4U+GHrJQEAW/b2O+++uT8eH7yVZf24M/vqeFL8Z198La/vP4iPYhr341YM4mlEfqJs38nzfN7JCsN4dTY/nhTJ2fs/VfPv/x6xyO/FIIaLrtP5w/HBXlZayc+LOp6r1h8V+dsxiBca1j8cH9xuyMckjddeWan/Zgzi5w/j45jGvUURy/wXe1n2Rv7Nn5+9V5RX5JP58aS3GLeU717xjwYAAAAAAAAAAAAAAAAAAAAAgP+xm9XZOb1YnN9TdFXn7+w+Lb7pRlYbnj6fp8wn9URnzgea5/Ftfb7OrSzL8mrgMt+JFzvRuZ67BgAAAAAAAAAAAAAAAAAAgH+XR598enR3Or3/8B9p1KcB1G/rv+w8o5Wel6NhzDBOenrLJXeqZTfMHLv1mCRiYxnFjK2K756/+prGjXWp775v++j654/pXqLClo16dx3dTZqfYS/qnn69SX5cHZPGBddK113KW22/tPFS2voFkj6/aMw3jIlkU2Gv/1Y+uaonOXsX6eKpNsa7VaN8LTTtjVb7+e+/KxKndQAAAAAAAAAAAAAAAAAAwFYt3/TbcPHxmtAvh+WH/Mdwy9UBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNVYfv5/i8a8Cl9gcBoPH13zLQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAM+CsAAP//yylfnw==") openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x101042, 0x0) 552.994028ms ago: executing program 1 (id=1624): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = io_uring_setup(0xd4d, &(0x7f0000000240)={0x0, 0xdb60, 0x40, 0x0, 0x12f}) io_uring_register$IORING_REGISTER_RESTRICTIONS(r1, 0xb, &(0x7f0000000480), 0x0) 289.260914ms ago: executing program 2 (id=1625): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000048000000030a0101000000000000000001000000090003001e007a3200000000080007006e6174000900010073797a310000000014000480080002407c40280f080001"], 0xb8}, 0x1, 0x0, 0x0, 0x20004000}, 0x0) 282.849564ms ago: executing program 1 (id=1626): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000208e052500000000040000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000040000008500000006000000850000005000000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0500000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x17, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b704"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x64, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000400)='virtio_transport_alloc_pkt\x00', r1}, 0x18) r2 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r2, &(0x7f00000002c0)={0x28, 0x0, 0x2710, @local}, 0x10) 105.282497ms ago: executing program 1 (id=1627): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c0000000706010800000000000000000000000005000100b6"], 0x1c}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=1628): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x2}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TUNSETSNDBUF(r0, 0x400454d4, &(0x7f0000000380)=0x2) pselect6(0x40, &(0x7f0000000040)={0xc}, 0x0, 0x0, 0x0, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000100)={'pim6reg1\x00', @broadcast}) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r2, 0x1, &(0x7f0000000040), 0x0) kernel console output (not intermixed with test programs): my_hcd [ 167.510881][ T27] audit: type=1326 audit(1757551657.629:711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7832 comm="syz.3.733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 167.551317][ T27] audit: type=1326 audit(1757551657.629:712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7832 comm="syz.3.733" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 167.561952][ T7844] loop2: detected capacity change from 0 to 512 [ 167.602338][ T7844] EXT4-fs: Ignoring removed orlov option [ 167.615298][ T9] usb 1-1: device descriptor read/64, error -71 [ 167.660479][ T7844] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 167.697065][ T7844] EXT4-fs (loop2): 1 truncate cleaned up [ 167.705909][ T7844] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 167.749417][ T7853] netlink: 14 bytes leftover after parsing attributes in process `syz.1.739'. [ 167.755229][ T9] usb usb1-port1: attempt power cycle [ 167.786820][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 167.964979][ T5106] Bluetooth: hci3: command 0x0c1a tx timeout [ 167.997560][ T7859] bond0: (slave bond_slave_0): Releasing backup interface [ 168.023309][ T7859] bond0: (slave bond_slave_1): Releasing backup interface [ 168.045445][ T5106] Bluetooth: hci0: command 0x0c1a tx timeout [ 168.101813][ T7859] team0: Port device team_slave_0 removed [ 168.125043][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 168.128061][ T7859] team0: Port device team_slave_1 removed [ 168.168101][ T7859] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 168.178414][ T7859] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 168.188342][ T7859] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 168.195920][ T7859] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 168.214947][ T9] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 168.231084][ T7862] netlink: 'syz.3.743': attribute type 10 has an invalid length. [ 168.240051][ T7862] netlink: 40 bytes leftover after parsing attributes in process `syz.3.743'. [ 168.252597][ T7862] batman_adv: batadv0: Adding interface: virt_wifi0 [ 168.259543][ T7862] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 168.267005][ T9] usb 1-1: device descriptor read/8, error -71 [ 168.289427][ T7862] batman_adv: batadv0: Interface activated: virt_wifi0 [ 168.531604][ T7847] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 168.595301][ T9] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 168.611010][ T7847] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 168.669945][ T7847] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 168.742175][ T7847] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 169.302507][ T9] usb 1-1: device descriptor read/8, error -71 [ 169.402540][ T7877] loop2: detected capacity change from 0 to 512 [ 169.416602][ T7877] EXT4-fs: Ignoring removed orlov option [ 169.435104][ T9] usb usb1-port1: unable to enumerate USB device [ 169.457814][ T7877] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 169.500551][ T7877] EXT4-fs (loop2): 1 truncate cleaned up [ 169.528369][ T7877] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 169.672346][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 169.811052][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 170.684897][ T5106] Bluetooth: hci0: command 0x0c1a tx timeout [ 170.691010][ T5106] Bluetooth: hci3: command 0x0c1a tx timeout [ 170.765106][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 170.936768][ T7915] netlink: 14 bytes leftover after parsing attributes in process `syz.0.759'. [ 171.125024][ T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 171.284962][ T9] usb 2-1: device descriptor read/64, error -71 [ 171.569831][ T9] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 171.681974][ T27] kauditd_printk_skb: 73 callbacks suppressed [ 171.681988][ T27] audit: type=1326 audit(1757551662.719:786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 171.710738][ T7911] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 171.717099][ T7911] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 171.723229][ T7911] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 171.730251][ T27] audit: type=1326 audit(1757551662.739:787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 171.742191][ T7919] loop2: detected capacity change from 0 to 512 [ 171.756148][ T7911] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 171.774819][ T27] audit: type=1326 audit(1757551662.739:788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 171.775003][ T9] usb 2-1: device descriptor read/64, error -71 [ 171.805814][ T27] audit: type=1326 audit(1757551662.739:789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 171.828076][ T27] audit: type=1326 audit(1757551662.739:790): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 171.838851][ T7919] EXT4-fs: Ignoring removed orlov option [ 171.857591][ T27] audit: type=1326 audit(1757551662.739:791): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 171.921967][ T27] audit: type=1326 audit(1757551662.739:792): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc28358ebe3 code=0x7ffc0000 [ 171.948198][ T7919] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 171.967645][ T9] usb usb2-port1: attempt power cycle [ 171.989668][ T27] audit: type=1326 audit(1757551662.739:793): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc28358d65f code=0x7ffc0000 [ 172.016564][ T27] audit: type=1326 audit(1757551662.749:794): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc28358ec37 code=0x7ffc0000 [ 172.047177][ T7919] EXT4-fs (loop2): 1 truncate cleaned up [ 172.063574][ T7919] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 172.085481][ T27] audit: type=1326 audit(1757551662.779:795): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7918 comm="syz.2.763" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc28358d510 code=0x7ffc0000 [ 172.181469][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 172.405988][ T9] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 173.004948][ T5791] Bluetooth: hci2: command 0x0c1a tx timeout [ 173.227594][ T9] usb 2-1: device descriptor read/8, error -71 [ 173.328809][ T7942] bridge_slave_0: left allmulticast mode [ 173.334518][ T7942] bridge_slave_0: left promiscuous mode [ 173.343073][ T7942] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.361681][ T7942] bridge_slave_1: left allmulticast mode [ 173.368951][ T7942] bridge_slave_1: left promiscuous mode [ 173.375299][ T7942] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.389877][ T7942] bond0: (slave bond_slave_0): Releasing backup interface [ 173.398683][ T7942] bond_slave_0: left promiscuous mode [ 173.421964][ T7942] bond0: (slave bond_slave_1): Releasing backup interface [ 173.430645][ T7942] bond_slave_1: left promiscuous mode [ 173.476430][ T7942] team0: Port device team_slave_0 removed [ 173.494088][ T7942] team0: Port device team_slave_1 removed [ 173.505952][ T9] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 173.506650][ T7942] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.522009][ T7942] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 173.530645][ T7942] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.538298][ T7942] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 173.546797][ T9] usb 2-1: device descriptor read/8, error -71 [ 173.558316][ T7947] netlink: 'syz.2.772': attribute type 10 has an invalid length. [ 173.573782][ T7947] netlink: 40 bytes leftover after parsing attributes in process `syz.2.772'. [ 173.607140][ T7947] batman_adv: batadv0: Adding interface: virt_wifi0 [ 173.613795][ T7947] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 173.647496][ T7947] batman_adv: batadv0: Interface activated: virt_wifi0 [ 173.666119][ T9] usb usb2-port1: unable to enumerate USB device [ 173.804934][ T5791] Bluetooth: hci3: command 0x0c1a tx timeout [ 173.804976][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 173.810997][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout [ 175.081114][ T7978] loop2: detected capacity change from 0 to 512 [ 175.098426][ T7973] lo speed is unknown, defaulting to 1000 [ 175.104675][ T7978] EXT4-fs: Ignoring removed orlov option [ 175.113092][ T7978] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 175.155046][ T7978] EXT4-fs (loop2): 1 truncate cleaned up [ 175.195496][ T7978] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 175.287439][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 175.855970][ T7997] loop1: detected capacity change from 0 to 4096 [ 175.889670][ T7997] EXT4-fs: Ignoring removed nomblk_io_submit option [ 175.905845][ T7999] netlink: 10 bytes leftover after parsing attributes in process `syz.3.793'. [ 175.916759][ T7999] loop2: detected capacity change from 0 to 7 [ 175.948528][ T7999] Dev loop2: unable to read RDB block 7 [ 175.995635][ T7999] loop2: AHDI p1 p2 p3 [ 176.039701][ T7999] loop2: partition table partially beyond EOD, truncated [ 176.156712][ T7999] loop2: p1 start 1601398130 is beyond EOD, truncated [ 176.199290][ T7997] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 176.258532][ T7999] loop2: p2 start 1702059890 is beyond EOD, truncated [ 176.791058][ T27] kauditd_printk_skb: 89 callbacks suppressed [ 176.791073][ T27] audit: type=1326 audit(1757551667.829:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 176.829146][ T8005] loop2: detected capacity change from 0 to 512 [ 176.837624][ T8005] EXT4-fs: Ignoring removed orlov option [ 176.875415][ T27] audit: type=1326 audit(1757551667.869:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 176.898249][ T27] audit: type=1326 audit(1757551667.869:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 176.927004][ T27] audit: type=1326 audit(1757551667.869:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 176.953462][ T27] audit: type=1326 audit(1757551667.869:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 176.980272][ T8005] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 177.015620][ T8005] EXT4-fs (loop2): 1 truncate cleaned up [ 177.022600][ T8005] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 177.036477][ T27] audit: type=1326 audit(1757551667.869:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 177.101386][ T27] audit: type=1326 audit(1757551667.869:891): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc28358ebe3 code=0x7ffc0000 [ 177.168636][ T27] audit: type=1326 audit(1757551667.869:892): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fc28358d65f code=0x7ffc0000 [ 177.198901][ T27] audit: type=1326 audit(1757551667.869:893): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fc28358ec37 code=0x7ffc0000 [ 177.227864][ T27] audit: type=1326 audit(1757551667.869:894): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8004 comm="syz.2.795" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc28358d510 code=0x7ffc0000 [ 177.294020][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 178.141140][ T8026] syz.2.799[8026] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 178.141263][ T8026] syz.2.799[8026] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 178.181142][ T8027] vlan2: entered allmulticast mode [ 178.205328][ T8027] dummy0: entered allmulticast mode [ 178.546633][ T8039] loop3: detected capacity change from 0 to 128 [ 178.576002][ T8039] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 178.591603][ T8039] ext4 filesystem being mounted at /232/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 179.248207][ T5786] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 179.529287][ T8044] loop2: detected capacity change from 0 to 512 [ 179.533362][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 179.537244][ T8044] EXT4-fs: Ignoring removed orlov option [ 179.588615][ T8044] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 179.703688][ T8044] EXT4-fs (loop2): 1 truncate cleaned up [ 179.780975][ T8044] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 180.123608][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 180.312126][ T8063] netlink: 12 bytes leftover after parsing attributes in process `syz.3.812'. [ 181.717528][ T8068] netlink: 14 bytes leftover after parsing attributes in process `syz.3.814'. [ 181.810616][ T8080] netlink: 10 bytes leftover after parsing attributes in process `syz.0.818'. [ 181.822338][ T8080] loop2: detected capacity change from 0 to 7 [ 181.830872][ T8080] Dev loop2: unable to read RDB block 7 [ 181.836751][ T8080] loop2: AHDI p1 p2 p3 [ 181.841254][ T8080] loop2: partition table partially beyond EOD, truncated [ 181.849062][ T8080] loop2: p1 start 1601398130 is beyond EOD, truncated [ 181.856105][ T8080] loop2: p2 start 1702059890 is beyond EOD, truncated [ 181.929187][ T8073] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 181.946198][ T8073] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 181.961278][ T8073] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 181.968294][ T8073] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 182.058394][ T27] kauditd_printk_skb: 47 callbacks suppressed [ 182.058409][ T27] audit: type=1326 audit(1757551673.099:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 182.089044][ T27] audit: type=1326 audit(1757551673.109:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 182.100411][ T8090] loop3: detected capacity change from 0 to 512 [ 182.132336][ T27] audit: type=1326 audit(1757551673.109:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 182.148817][ T8090] EXT4-fs: Ignoring removed orlov option [ 182.161440][ T27] audit: type=1326 audit(1757551673.109:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 182.190922][ T8090] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 182.221346][ T8093] loop2: detected capacity change from 0 to 1024 [ 182.225945][ T27] audit: type=1326 audit(1757551673.109:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 182.251479][ T27] audit: type=1326 audit(1757551673.119:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 182.258881][ T8090] EXT4-fs (loop3): 1 truncate cleaned up [ 182.274645][ T27] audit: type=1326 audit(1757551673.119:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fdf7b78ebe3 code=0x7ffc0000 [ 182.303456][ T27] audit: type=1326 audit(1757551673.119:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fdf7b78d65f code=0x7ffc0000 [ 182.323420][ T8090] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 182.326106][ T27] audit: type=1326 audit(1757551673.119:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fdf7b78ec37 code=0x7ffc0000 [ 182.360005][ T27] audit: type=1326 audit(1757551673.129:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8089 comm="syz.3.821" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdf7b78d510 code=0x7ffc0000 [ 182.373720][ T8093] EXT4-fs (loop2): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none. [ 182.399110][ T8093] ext4 filesystem being mounted at /218/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 182.436835][ T8093] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 3: comm syz.2.822: lblock 3 mapped to illegal pblock 3 (length 3) [ 182.468473][ T8093] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117 [ 182.482943][ T8093] EXT4-fs (loop2): This should not happen!! Data will be lost [ 182.482943][ T8093] [ 182.502108][ T8099] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #15: block 3: comm syz.2.822: lblock 3 mapped to illegal pblock 3 (length 1) [ 182.519849][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 182.681453][ T8093] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #15: block 7: comm syz.2.822: lblock 7 mapped to illegal pblock 7 (length 9) [ 182.727304][ T8093] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 7 with max blocks 9 with error 117 [ 182.740571][ T8093] EXT4-fs (loop2): This should not happen!! Data will be lost [ 182.740571][ T8093] [ 183.802865][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0006-0000-000000000000. [ 183.814831][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 183.965445][ T5106] Bluetooth: hci0: command 0x0c1a tx timeout [ 183.971611][ T5798] Bluetooth: hci3: command 0x0c1a tx timeout [ 184.033807][ T8124] loop1: detected capacity change from 0 to 512 [ 184.044516][ T8125] netlink: 14 bytes leftover after parsing attributes in process `syz.2.829'. [ 184.055000][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 184.067595][ T8124] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.832: casefold flag without casefold feature [ 184.087125][ T8124] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.832: couldn't read orphan inode 15 (err -117) [ 184.104039][ T8124] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 184.350883][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 184.807101][ T8116] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 184.814104][ T8116] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 184.831367][ T8116] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 184.837729][ T8116] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 184.856032][ T8138] loop3: detected capacity change from 0 to 4096 [ 184.877997][ T8138] EXT4-fs: Ignoring removed nomblk_io_submit option [ 184.905873][ T8138] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 185.114808][ T9] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 185.323241][ T9] usb 2-1: config 0 has an invalid interface number: 29 but max is 0 [ 185.344936][ T9] usb 2-1: config 0 has no interface number 0 [ 185.385225][ T9] usb 2-1: config 0 interface 29 has no altsetting 0 [ 185.447369][ T9] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 185.535662][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.620059][ T9] usb 2-1: Product: syz [ 185.664519][ T9] usb 2-1: Manufacturer: syz [ 185.709937][ T9] usb 2-1: SerialNumber: syz [ 185.841768][ T9] usb 2-1: config 0 descriptor?? [ 186.052848][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 186.214028][ T9] peak_usb 2-1:0.29 can0: unable to request usb[type=0 value=1] err=-71 [ 186.256573][ T9] peak_usb 2-1:0.29: unable to read PCAN-USB X6 firmware info (err -71) [ 186.366437][ T9] peak_usb: probe of 2-1:0.29 failed with error -71 [ 186.394207][ T9] usb 2-1: USB disconnect, device number 9 [ 186.845211][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 186.851279][ T5106] Bluetooth: hci0: command 0x0c1a tx timeout [ 186.857639][ T5798] Bluetooth: hci3: command 0x0c1a tx timeout [ 186.904970][ T8163] netlink: 10 bytes leftover after parsing attributes in process `syz.1.844'. [ 186.948570][ T8163] loop2: detected capacity change from 0 to 7 [ 186.961993][ T8163] Dev loop2: unable to read RDB block 7 [ 186.968026][ T8163] loop2: AHDI p1 p2 p3 [ 186.972654][ T8163] loop2: partition table partially beyond EOD, truncated [ 186.984418][ T8163] loop2: p1 start 1601398130 is beyond EOD, truncated [ 186.993835][ T8163] loop2: p2 start 1702059890 is beyond EOD, truncated [ 187.002506][ T8172] netlink: 14 bytes leftover after parsing attributes in process `syz.0.845'. [ 188.092197][ T8166] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 188.115266][ T8166] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 188.125278][ T8166] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 188.142904][ T8166] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 188.191021][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 188.358349][ T8189] program syz.0.852 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 188.390768][ T8189] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 188.433594][ T27] kauditd_printk_skb: 44 callbacks suppressed [ 188.433608][ T27] audit: type=1326 audit(1757551679.469:996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 188.544420][ T27] audit: type=1326 audit(1757551679.499:997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 188.623355][ T27] audit: type=1326 audit(1757551679.499:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 188.651752][ T27] audit: type=1326 audit(1757551679.499:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 188.967835][ T27] audit: type=1326 audit(1757551679.499:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=29 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 189.091766][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 189.287593][ T27] audit: type=1326 audit(1757551679.509:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 189.449706][ T27] audit: type=1326 audit(1757551679.509:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 189.473185][ T27] audit: type=1326 audit(1757551679.509:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8193 comm="syz.2.853" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 189.660236][ T27] audit: type=1326 audit(1757551680.699:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8209 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 189.727565][ T27] audit: type=1326 audit(1757551680.699:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8209 comm="syz.1.860" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 190.138230][ T5106] Bluetooth: hci3: command 0x0c1a tx timeout [ 190.219135][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 190.227664][ T5798] Bluetooth: hci0: command 0x0c1a tx timeout [ 191.407291][ T8244] usb usb1: usbfs: process 8244 (syz.1.877) did not claim interface 0 before use [ 191.470406][ T8243] loop2: detected capacity change from 0 to 512 [ 191.528614][ T8243] EXT4-fs error (device loop2): ext4_orphan_get:1399: inode #15: comm syz.2.869: casefold flag without casefold feature [ 191.592288][ T8243] EXT4-fs error (device loop2): ext4_orphan_get:1404: comm syz.2.869: couldn't read orphan inode 15 (err -117) [ 191.655832][ T8243] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 192.005843][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 193.585655][ T27] kauditd_printk_skb: 44 callbacks suppressed [ 193.585671][ T27] audit: type=1326 audit(1757551684.629:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.2.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 193.644498][ T27] audit: type=1326 audit(1757551684.629:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.2.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 193.732801][ T27] audit: type=1326 audit(1757551684.629:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.2.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 193.786952][ T27] audit: type=1326 audit(1757551684.629:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8290 comm="syz.2.885" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 194.546627][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.553060][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.632753][ T28] IPVS: starting estimator thread 0... [ 194.651734][ T8305] netlink: 8 bytes leftover after parsing attributes in process `syz.2.889'. [ 194.682713][ T8305] netlink: 24 bytes leftover after parsing attributes in process `syz.2.889'. [ 194.734972][ T8309] IPVS: using max 22 ests per chain, 52800 per kthread [ 194.961716][ T8323] netlink: 14 bytes leftover after parsing attributes in process `syz.3.890'. [ 195.635731][ T8314] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 195.656367][ T8314] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 195.662509][ T8314] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 195.676965][ T8331] usb usb1: usbfs: process 8331 (syz.0.891) did not claim interface 0 before use [ 195.693830][ T8314] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 195.851896][ T27] audit: type=1326 audit(1757551686.889:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.3.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 195.902970][ T8340] netlink: 16 bytes leftover after parsing attributes in process `syz.0.895'. [ 195.905070][ T27] audit: type=1326 audit(1757551686.889:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.3.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 195.972885][ T27] audit: type=1326 audit(1757551686.889:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.3.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 196.029028][ T27] audit: type=1326 audit(1757551686.889:1057): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8337 comm="syz.3.894" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 196.088389][ T27] audit: type=1326 audit(1757551687.069:1058): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8342 comm="syz.3.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 196.138390][ T27] audit: type=1326 audit(1757551687.069:1059): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8342 comm="syz.3.897" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 196.224640][ T8350] netlink: 104 bytes leftover after parsing attributes in process `syz.3.899'. [ 196.353269][ T8347] loop2: detected capacity change from 0 to 8192 [ 196.609578][ T7636] IPVS: starting estimator thread 0... [ 196.611849][ T8360] netlink: 8 bytes leftover after parsing attributes in process `syz.0.903'. [ 196.615680][ T5877] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 196.640183][ T8360] netlink: 24 bytes leftover after parsing attributes in process `syz.0.903'. [ 196.726384][ T8363] IPVS: using max 19 ests per chain, 45600 per kthread [ 196.742423][ T8368] netlink: 14 bytes leftover after parsing attributes in process `syz.1.904'. [ 196.837388][ T5877] usb 4-1: Using ep0 maxpacket: 8 [ 196.848116][ T5877] usb 4-1: config 0 has an invalid descriptor of length 63, skipping remainder of the config [ 196.870571][ T5877] usb 4-1: config 0 interface 0 altsetting 196 has 0 endpoint descriptors, different from the interface descriptor's value: 26 [ 196.907632][ T5877] usb 4-1: config 0 interface 0 has no altsetting 0 [ 196.931572][ T5877] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 196.947784][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.964269][ T5877] usb 4-1: config 0 descriptor?? [ 197.454446][ T8362] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 197.461685][ T8362] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 197.468011][ T8362] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 197.478336][ T8362] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 197.704936][ T5877] usb 4-1: string descriptor 0 read error: -71 [ 197.725220][ T5877] iowarrior 4-1:0.0: no interrupt-in endpoint found [ 197.748310][ T5877] usb 4-1: USB disconnect, device number 5 [ 198.438694][ T9] IPVS: starting estimator thread 0... [ 198.447000][ T8404] netlink: 8 bytes leftover after parsing attributes in process `syz.3.916'. [ 198.456896][ T8404] netlink: 24 bytes leftover after parsing attributes in process `syz.3.916'. [ 198.534888][ T8405] IPVS: using max 18 ests per chain, 43200 per kthread [ 198.765082][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 198.876730][ T8423] IPv6: NLM_F_CREATE should be specified when creating new route [ 199.485200][ T5798] Bluetooth: hci0: command 0x0c1a tx timeout [ 199.485232][ T5791] Bluetooth: hci3: command 0x0c1a tx timeout [ 199.498962][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 199.792826][ T8418] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 199.835202][ T8418] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 199.878126][ T8418] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 199.902409][ T8418] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 200.214884][ T9] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 200.414860][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 200.434902][ T9] usb 1-1: config 0 has an invalid descriptor of length 63, skipping remainder of the config [ 200.464928][ T9] usb 1-1: config 0 interface 0 altsetting 196 has 0 endpoint descriptors, different from the interface descriptor's value: 26 [ 200.488143][ T9] usb 1-1: config 0 interface 0 has no altsetting 0 [ 200.497152][ T9] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 200.506326][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 200.532675][ T9] usb 1-1: config 0 descriptor?? [ 200.557809][ T8449] loop3: detected capacity change from 0 to 512 [ 200.588029][ T8449] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended [ 200.661099][ T8449] __quota_error: 18 callbacks suppressed [ 200.661115][ T8449] Quota error (device loop3): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5 [ 200.694407][ T8449] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota [ 200.725884][ T8449] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.930: Failed to acquire dquot type 1 [ 200.762565][ T8449] EXT4-fs (loop3): 1 truncate cleaned up [ 200.771302][ T8449] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 200.822677][ T8456] lo speed is unknown, defaulting to 1000 [ 200.844520][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.004948][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 201.073429][ T8460] loop3: detected capacity change from 0 to 4096 [ 201.083387][ T8460] EXT4-fs: Ignoring removed nomblk_io_submit option [ 201.114577][ T8460] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 201.270080][ T9] usb 1-1: string descriptor 0 read error: -71 [ 201.312103][ T9] iowarrior 1-1:0.0: no interrupt-in endpoint found [ 201.324572][ T9] usb 1-1: USB disconnect, device number 13 [ 201.423030][ T8469] __nla_validate_parse: 1 callbacks suppressed [ 201.423046][ T8469] netlink: 14 bytes leftover after parsing attributes in process `syz.2.935'. [ 201.885246][ T5106] Bluetooth: hci0: command 0x0c1a tx timeout [ 201.891438][ T5106] Bluetooth: hci3: command 0x0c1a tx timeout [ 201.916656][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 201.965172][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 202.043386][ T8480] loop1: detected capacity change from 0 to 8192 [ 202.196709][ T8464] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 202.242754][ T8464] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 202.274368][ T8464] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 202.285460][ T8464] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 202.848378][ T27] audit: type=1800 audit(1757551693.879:1078): pid=8484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.939" name="file1" dev="loop1" ino=1048594 res=0 errno=0 [ 202.913517][ T27] audit: type=1804 audit(1757551693.889:1079): pid=8485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.939" name="/newroot/222/bus/file1" dev="loop1" ino=1048594 res=1 errno=0 [ 203.334826][ T9] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 203.513350][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 203.544907][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 203.553628][ T9] usb 3-1: config 0 has an invalid descriptor of length 63, skipping remainder of the config [ 203.570360][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 203.612071][ T9] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 203.645375][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.668580][ T9] usb 3-1: config 0 descriptor?? [ 203.959379][ T8516] lo speed is unknown, defaulting to 1000 [ 204.012718][ T27] audit: type=1326 audit(1757551695.049:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 204.089890][ T27] audit: type=1326 audit(1757551695.049:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 204.161617][ T27] audit: type=1326 audit(1757551695.049:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 204.207803][ T27] audit: type=1326 audit(1757551695.049:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 204.267483][ T27] audit: type=1326 audit(1757551695.049:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 204.290719][ T5106] Bluetooth: hci0: command 0x0c1a tx timeout [ 204.291348][ T5791] Bluetooth: hci3: command 0x0c1a tx timeout [ 204.325320][ T27] audit: type=1326 audit(1757551695.049:1085): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8519 comm="syz.1.951" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 204.365478][ T5791] Bluetooth: hci1: command 0x0c1a tx timeout [ 204.416807][ T9] usb 3-1: string descriptor 0 read error: -71 [ 204.427757][ T9] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 204.445294][ T9] usb 3-1: USB disconnect, device number 15 [ 204.686913][ T8511] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 204.703686][ T8511] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 204.716072][ T8511] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 204.724218][ T8511] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 205.137566][ T8530] loop3: detected capacity change from 0 to 8192 [ 205.779270][ T8529] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 205.786349][ T8529] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 205.792495][ T8529] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 205.813644][ T8529] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 205.903879][ T27] kauditd_printk_skb: 2 callbacks suppressed [ 205.903892][ T27] audit: type=1800 audit(1757551696.939:1088): pid=8541 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.955" name="file1" dev="loop3" ino=1048595 res=0 errno=0 [ 205.951907][ T27] audit: type=1804 audit(1757551696.939:1089): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.955" name="/newroot/260/bus/file1" dev="loop3" ino=1048595 res=1 errno=0 [ 206.012055][ T27] audit: type=1800 audit(1757551696.939:1090): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.955" name="file1" dev="loop3" ino=1048595 res=0 errno=0 [ 206.381705][ T27] audit: type=1326 audit(1757551697.419:1091): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.2.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 206.437251][ T27] audit: type=1326 audit(1757551697.449:1092): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.2.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 206.534036][ T27] audit: type=1326 audit(1757551697.449:1093): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.2.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 206.561067][ T27] audit: type=1326 audit(1757551697.449:1094): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.2.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 206.634867][ T27] audit: type=1326 audit(1757551697.449:1095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.2.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 206.674869][ T27] audit: type=1326 audit(1757551697.449:1096): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.2.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 206.763512][ T27] audit: type=1326 audit(1757551697.449:1097): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.2.961" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 206.788804][ T8561] loop2: detected capacity change from 0 to 8192 [ 206.807273][ T8561] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 207.165072][ T5791] Bluetooth: hci2: command 0x0c1a tx timeout [ 207.454983][ T5877] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 207.634949][ T5877] usb 3-1: Using ep0 maxpacket: 8 [ 207.642317][ T5877] usb 3-1: config 0 has an invalid descriptor of length 63, skipping remainder of the config [ 207.652791][ T5877] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 207.665978][ T5877] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 207.675211][ T5877] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.687326][ T5877] usb 3-1: config 0 descriptor?? [ 207.805024][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout [ 207.805123][ T5106] Bluetooth: hci3: command 0x0c1a tx timeout [ 207.885238][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 207.992207][ T8565] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 208.000470][ T8565] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 208.006804][ T8565] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 208.013058][ T8565] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 208.236152][ T8591] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.420246][ T8591] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 208.435016][ T5877] usb 3-1: string descriptor 0 read error: -71 [ 208.449687][ T5877] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 208.502912][ T5877] usb 3-1: USB disconnect, device number 16 [ 209.235126][ T8591] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.349965][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 209.390820][ T8600] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 209.464636][ T8591] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.531114][ T8605] tipc: Enabled bearer , priority 0 [ 209.548878][ T8605] syzkaller0: entered promiscuous mode [ 209.554856][ T8605] syzkaller0: entered allmulticast mode [ 209.621613][ T8605] tipc: Resetting bearer [ 209.639498][ T8604] tipc: Resetting bearer [ 209.662183][ T8604] tipc: Disabling bearer [ 209.690299][ T8591] netdevsim netdevsim1 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.743076][ T8591] netdevsim netdevsim1 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.822136][ T8591] netdevsim netdevsim1 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.878305][ T8591] netdevsim netdevsim1 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.044960][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 210.051039][ T5106] Bluetooth: hci3: command 0x0c1a tx timeout [ 210.057330][ T5106] Bluetooth: hci0: command 0x0c1a tx timeout [ 211.079047][ T8612] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 211.086478][ T8612] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 211.092532][ T8612] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 211.099362][ T8612] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 211.374861][ T5877] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 211.482831][ T8638] loop2: detected capacity change from 0 to 4096 [ 211.509103][ T8638] EXT4-fs: Ignoring removed nomblk_io_submit option [ 211.523794][ T8638] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 211.584799][ T5877] usb 2-1: Using ep0 maxpacket: 8 [ 211.611193][ T5877] usb 2-1: config 0 has an invalid descriptor of length 63, skipping remainder of the config [ 211.666998][ T5877] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 211.693640][ T5877] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 211.708806][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.731933][ T5877] usb 2-1: config 0 descriptor?? [ 212.465468][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 212.522834][ T5877] usb 2-1: string descriptor 0 read error: -71 [ 212.558940][ T5877] iowarrior 2-1:0.0: no interrupt-in endpoint found [ 212.590636][ T5877] usb 2-1: USB disconnect, device number 10 [ 212.968133][ T8669] hub 9-0:1.0: USB hub found [ 212.985489][ T8669] hub 9-0:1.0: 1 port detected [ 213.122983][ T8655] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 213.145066][ T8655] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 213.151389][ T8655] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 213.164926][ T5791] Bluetooth: hci1: command 0x0c1a tx timeout [ 213.175260][ T8655] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 213.343331][ T8673] loop1: detected capacity change from 0 to 764 [ 213.383208][ T8673] rock: directory entry would overflow storage [ 213.400461][ T8673] rock: sig=0x4f50, size=4, remaining=3 [ 213.414801][ T8673] iso9660: Corrupted directory entry in block 6 of inode 1792 [ 213.938956][ C0] IPv4: Oversized IP packet from 127.0.0.1 [ 214.119291][ T8685] loop2: detected capacity change from 0 to 4096 [ 214.133991][ T8685] EXT4-fs: Ignoring removed nomblk_io_submit option [ 214.186265][ T8685] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 214.206764][ T8692] tipc: Enabled bearer , priority 0 [ 214.230416][ T8692] syzkaller0: entered promiscuous mode [ 214.249204][ T8692] syzkaller0: entered allmulticast mode [ 214.295600][ T8692] tipc: Resetting bearer [ 214.314581][ T8691] tipc: Resetting bearer [ 214.354620][ T8691] tipc: Disabling bearer [ 214.364927][ T5791] Bluetooth: hci2: command 0x0c1a tx timeout [ 214.414878][ T7636] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 214.614974][ T7636] usb 4-1: Using ep0 maxpacket: 8 [ 214.623217][ C0] vxcan0: j1939_tp_rxtimer: 0xffff88802e091c00: rx timeout, send abort [ 214.626922][ T7636] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 56805, setting to 64 [ 214.634219][ C0] vxcan0: j1939_xtp_rx_abort_one: 0xffff88802e091c00: 0x40000: (3) A timeout occurred and this is the connection abort to close the session. [ 214.657224][ T7636] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 214.657253][ T7636] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.692072][ T7636] usb 4-1: config 0 descriptor?? [ 214.707416][ T7636] iowarrior 4-1:0.0: no interrupt-in endpoint found [ 215.165661][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout [ 215.171858][ T5791] Bluetooth: hci3: command 0x0c1a tx timeout [ 215.248226][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 215.360891][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 215.746531][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 216.232239][ T8737] loop2: detected capacity change from 0 to 4096 [ 216.260335][ T8737] EXT4-fs: Ignoring removed nomblk_io_submit option [ 216.318864][ T8737] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 216.667775][ C1] IPv4: Oversized IP packet from 127.0.0.1 [ 217.180896][ T8] usb 4-1: USB disconnect, device number 6 [ 217.446760][ T8760] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1034'. [ 217.541133][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 217.950758][ T8769] netlink: 'syz.0.1037': attribute type 10 has an invalid length. [ 218.043812][ T8769] team0: Port device dummy0 added [ 218.054830][ T8772] netlink: 'syz.0.1037': attribute type 10 has an invalid length. [ 218.073599][ T8772] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 218.106308][ T8772] team0: Failed to send options change via netlink (err -105) [ 218.114001][ T8772] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 218.125978][ T8772] team0: Port device dummy0 removed [ 218.146164][ T8772] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 218.503783][ T8787] loop2: detected capacity change from 0 to 1024 [ 218.543895][ T8787] __quota_error: 8 callbacks suppressed [ 218.543909][ T8787] Quota error (device loop2): do_check_range: Getting block 64 out of range 1-5 [ 218.561259][ T8787] Quota error (device loop2): qtree_read_dquot: Can't read quota structure for id 0 [ 218.571859][ T8787] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.1044: Failed to acquire dquot type 0 [ 218.590972][ T8787] EXT4-fs error (device loop2): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 218.611125][ T8787] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1044: corrupted inode contents [ 218.627456][ T8787] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #13: comm syz.2.1044: mark_inode_dirty error [ 218.628946][ T8795] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1045'. [ 218.648736][ T8787] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1044: corrupted inode contents [ 218.649169][ T8787] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #13: comm syz.2.1044: mark_inode_dirty error [ 218.650759][ T8787] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1044: corrupted inode contents [ 218.665732][ T5873] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 218.702526][ T8787] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 218.717845][ T8787] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1044: corrupted inode contents [ 218.733446][ T8787] EXT4-fs error (device loop2): ext4_truncate:4288: inode #13: comm syz.2.1044: mark_inode_dirty error [ 218.750945][ T8787] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 218.763305][ T8787] EXT4-fs (loop2): 1 truncate cleaned up [ 218.779135][ T8787] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 218.890452][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 219.030499][ T5873] usb 4-1: Using ep0 maxpacket: 8 [ 219.038527][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 56805, setting to 64 [ 219.072879][ T5873] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 219.082178][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.095971][ T5873] usb 4-1: config 0 descriptor?? [ 219.277559][ T8807] tipc: Enabling of bearer rejected, failed to enable media [ 219.377445][ T8790] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 219.392208][ T5873] iowarrior 4-1:0.0: no interrupt-in endpoint found [ 219.411929][ T8790] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 219.418240][ T8790] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 219.424459][ T8790] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 219.842048][ T8820] loop1: detected capacity change from 0 to 512 [ 219.888790][ T8820] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 219.932268][ T8820] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 219.949202][ T8820] System zones: 0-2, 18-18, 34-34 [ 219.962955][ T8820] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.007012][ T8820] ext4 filesystem being mounted at /255/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 220.052125][ T8820] netlink: 'syz.1.1053': attribute type 10 has an invalid length. [ 220.085751][ T8820] team0: Port device  added [ 220.103050][ T8820] netlink: 'syz.1.1053': attribute type 10 has an invalid length. [ 220.111628][ T8820] team0: Failed to send port change of device  via netlink (err -105) [ 220.136991][ T8820] team0: Failed to send options change via netlink (err -105) [ 220.144808][ T8820] team0: Failed to send port change of device  via netlink (err -105) [ 220.154622][ T8820] team0: Port device  removed [ 220.165402][ T8820] bond0: (slave ): Enslaving as an active interface with an up link [ 220.214780][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 220.270461][ T8834] tipc: Enabled bearer , priority 0 [ 220.278361][ T8834] syzkaller0: entered promiscuous mode [ 220.285393][ T8834] syzkaller0: entered allmulticast mode [ 220.320374][ T8834] tipc: Resetting bearer [ 220.337673][ T8833] tipc: Resetting bearer [ 220.369644][ T8833] tipc: Disabling bearer [ 220.394664][ T8838] loop1: detected capacity change from 0 to 1024 [ 220.418636][ T8838] Quota error (device loop1): do_check_range: Getting block 64 out of range 1-5 [ 220.460772][ T8838] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 220.479074][ T8838] EXT4-fs error (device loop1): ext4_acquire_dquot:6940: comm syz.1.1058: Failed to acquire dquot type 0 [ 220.498741][ T8838] EXT4-fs error (device loop1): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 220.531075][ T8838] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1058: corrupted inode contents [ 220.558982][ T8838] EXT4-fs error (device loop1): ext4_dirty_inode:6106: inode #13: comm syz.1.1058: mark_inode_dirty error [ 220.572924][ T8838] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1058: corrupted inode contents [ 220.591830][ T8838] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #13: comm syz.1.1058: mark_inode_dirty error [ 220.605511][ T8838] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1058: corrupted inode contents [ 220.619541][ T8838] EXT4-fs error (device loop1) in ext4_orphan_del:305: Corrupt filesystem [ 220.629005][ T8838] EXT4-fs error (device loop1): ext4_do_update_inode:5230: inode #13: comm syz.1.1058: corrupted inode contents [ 220.641431][ T8838] EXT4-fs error (device loop1): ext4_truncate:4288: inode #13: comm syz.1.1058: mark_inode_dirty error [ 220.653464][ T8838] EXT4-fs error (device loop1) in ext4_process_orphan:347: Corrupt filesystem [ 220.664226][ T8838] EXT4-fs (loop1): 1 truncate cleaned up [ 220.673469][ T8838] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 220.692620][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 220.828365][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.152130][ T8861] tipc: Enabled bearer , priority 0 [ 221.166189][ T8861] syzkaller0: entered promiscuous mode [ 221.173313][ T8861] syzkaller0: entered allmulticast mode [ 221.211119][ T8861] tipc: Resetting bearer [ 221.219980][ T8860] tipc: Resetting bearer [ 221.241514][ T8860] tipc: Disabling bearer [ 221.484946][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 221.484978][ T5798] Bluetooth: hci3: command 0x0c1a tx timeout [ 221.485038][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout [ 221.514168][ T9] usb 4-1: USB disconnect, device number 7 [ 221.585772][ T8873] loop3: detected capacity change from 0 to 1024 [ 221.609424][ T8873] Quota error (device loop3): do_check_range: Getting block 64 out of range 1-5 [ 221.621215][ T8873] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 221.632676][ T8873] EXT4-fs error (device loop3): ext4_acquire_dquot:6940: comm syz.3.1075: Failed to acquire dquot type 0 [ 221.659811][ T8873] EXT4-fs error (device loop3): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 221.682037][ T8873] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.1075: corrupted inode contents [ 221.704622][ T8873] EXT4-fs error (device loop3): ext4_dirty_inode:6106: inode #13: comm syz.3.1075: mark_inode_dirty error [ 221.734639][ T8873] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.1075: corrupted inode contents [ 221.748259][ T8873] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #13: comm syz.3.1075: mark_inode_dirty error [ 221.765047][ T8873] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.1075: corrupted inode contents [ 221.781845][ T8873] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem [ 221.793307][ T8873] EXT4-fs error (device loop3): ext4_do_update_inode:5230: inode #13: comm syz.3.1075: corrupted inode contents [ 221.808741][ T8873] EXT4-fs error (device loop3): ext4_truncate:4288: inode #13: comm syz.3.1075: mark_inode_dirty error [ 221.821763][ T8873] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem [ 221.833264][ T8873] EXT4-fs (loop3): 1 truncate cleaned up [ 221.840458][ T8873] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 221.874829][ T5877] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 221.927379][ T27] audit: type=1326 audit(1757551712.969:1106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8884 comm="syz.2.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 221.957466][ T27] audit: type=1326 audit(1757551712.999:1107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8884 comm="syz.2.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 221.985720][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 221.990415][ T27] audit: type=1326 audit(1757551712.999:1108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8884 comm="syz.2.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 222.017354][ T27] audit: type=1326 audit(1757551712.999:1109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8884 comm="syz.2.1079" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 222.072841][ T5877] usb 1-1: Using ep0 maxpacket: 8 [ 222.080020][ T5877] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xC has invalid maxpacket 56805, setting to 64 [ 222.091267][ T5877] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 222.105029][ T5877] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.117440][ T5877] usb 1-1: config 0 descriptor?? [ 222.136530][ T5877] iowarrior 1-1:0.0: no interrupt-in endpoint found [ 222.400910][ T8898] tipc: Enabled bearer , priority 0 [ 222.409450][ T8898] syzkaller0: entered promiscuous mode [ 222.415354][ T8898] syzkaller0: entered allmulticast mode [ 222.448026][ T8898] tipc: Resetting bearer [ 222.491879][ T8897] tipc: Resetting bearer [ 222.573438][ T8897] tipc: Disabling bearer [ 223.029804][ T8920] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1092'. [ 223.757225][ T8914] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 223.766109][ T8914] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 223.772290][ T8914] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 223.784492][ T8914] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 224.061383][ T8931] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1097'. [ 224.179839][ T8935] tipc: Enabled bearer , priority 0 [ 224.197853][ T8935] syzkaller0: entered promiscuous mode [ 224.203367][ T8935] syzkaller0: entered allmulticast mode [ 224.252660][ T8935] tipc: Resetting bearer [ 224.282076][ T8934] tipc: Resetting bearer [ 224.331776][ T8934] tipc: Disabling bearer [ 224.650763][ T5877] usb 1-1: USB disconnect, device number 14 [ 224.730002][ T8948] loop1: detected capacity change from 0 to 512 [ 224.779508][ T8948] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 224.842013][ T8948] ext4 filesystem being mounted at /268/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 224.879137][ T8957] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1105'. [ 224.929061][ T8948] EXT4-fs error (device loop1): ext4_readdir:263: inode #12: block 32: comm syz.1.1104: path /268/bus/file0: bad entry in directory: rec_len is too small for name_len - offset=0, inode=12, rec_len=12, size=2048 fake=0 [ 224.997723][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 225.541002][ T8975] tipc: Enabling of bearer rejected, failed to enable media [ 225.591988][ T8950] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 225.598220][ T8950] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 225.604308][ T8950] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 225.612180][ T8950] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 226.059491][ T28] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 226.245979][ T28] usb 3-1: Using ep0 maxpacket: 8 [ 226.260049][ T28] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 56805, setting to 64 [ 226.295098][ T28] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 226.324033][ T28] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.347859][ T28] usb 3-1: config 0 descriptor?? [ 226.360926][ T28] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 226.620496][ T9006] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1123'. [ 227.018615][ T9013] loop1: detected capacity change from 0 to 2048 [ 227.066650][ T9013] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none. [ 227.196243][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900. [ 227.387309][ T9002] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 227.398110][ T9002] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 227.404555][ T9002] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 227.420365][ T9002] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 227.504633][ T9022] tipc: New replicast peer: 255.255.255.255 [ 227.511955][ T9022] tipc: Enabled bearer , priority 10 [ 227.535278][ T9022] syz.3.1128[9022] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 227.562786][ T9024] tipc: Enabled bearer , priority 0 [ 227.589636][ T9024] syzkaller0: entered promiscuous mode [ 227.597099][ T9024] syzkaller0: entered allmulticast mode [ 227.630262][ T9024] tipc: Resetting bearer [ 227.658693][ T9023] tipc: Resetting bearer [ 227.666860][ T27] kauditd_printk_skb: 12 callbacks suppressed [ 227.666874][ T27] audit: type=1326 audit(1757551718.709:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9025 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 227.727083][ T27] audit: type=1326 audit(1757551718.739:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9025 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 227.756002][ T9023] tipc: Disabling bearer [ 227.782035][ T27] audit: type=1326 audit(1757551718.739:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9025 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 227.808370][ T27] audit: type=1326 audit(1757551718.739:1125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9025 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 227.832172][ T27] audit: type=1326 audit(1757551718.739:1126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9025 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=102 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 227.861437][ T27] audit: type=1326 audit(1757551718.739:1127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9025 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 227.910675][ T27] audit: type=1326 audit(1757551718.739:1128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9025 comm="syz.3.1129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 228.177804][ T9045] loop1: detected capacity change from 0 to 512 [ 228.198428][ T9045] EXT4-fs error (device loop1): ext4_orphan_get:1399: inode #15: comm syz.1.1137: casefold flag without casefold feature [ 228.218501][ T9045] EXT4-fs error (device loop1): ext4_orphan_get:1404: comm syz.1.1137: couldn't read orphan inode 15 (err -117) [ 228.252204][ T9049] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 228.252204][ T9049] program syz.3.1138 not setting count and/or reply_len properly [ 228.260002][ T9047] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1136'. [ 228.287662][ T9045] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 228.341159][ T9045] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz.1.1137: bg 0: block 508: padding at end of block bitmap is not set [ 228.397623][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 228.448359][ T27] audit: type=1326 audit(1757551719.479:1129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 228.520096][ T27] audit: type=1326 audit(1757551719.479:1130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 228.605520][ T27] audit: type=1326 audit(1757551719.499:1131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9050 comm="syz.3.1139" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 228.615885][ T28] usb 3-1: USB disconnect, device number 17 [ 228.818956][ T9066] tipc: Enabling of bearer rejected, failed to enable media [ 228.977494][ T9040] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 228.991593][ T9040] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 229.000624][ T9040] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 229.011001][ T9040] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 229.484991][ T28] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 229.576654][ T9099] netlink: 14 bytes leftover after parsing attributes in process `syz.2.1157'. [ 229.685091][ T28] usb 4-1: Using ep0 maxpacket: 8 [ 229.692285][ T28] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 56805, setting to 64 [ 229.704344][ T28] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 229.713513][ T28] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.723325][ T28] usb 4-1: config 0 descriptor?? [ 229.733269][ T28] iowarrior 4-1:0.0: no interrupt-in endpoint found [ 230.314475][ T9092] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 230.328736][ T9092] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 230.337028][ T9092] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 230.343323][ T9092] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 230.371617][ T9105] tipc: Started in network mode [ 230.384845][ T9105] tipc: Node identity fa7f957fd2ca, cluster identity 4711 [ 230.397525][ T9105] tipc: Enabled bearer , priority 0 [ 230.408179][ T9105] syzkaller0: entered promiscuous mode [ 230.422069][ T9105] syzkaller0: entered allmulticast mode [ 230.471090][ T9105] tipc: Resetting bearer [ 230.496043][ T9104] tipc: Resetting bearer [ 230.501420][ T9109] loop1: detected capacity change from 0 to 512 [ 230.520999][ T9109] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.1162: invalid block [ 230.539755][ T9109] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1162: invalid indirect mapped block 4294967295 (level 1) [ 230.556331][ T9104] tipc: Disabling bearer [ 230.566048][ T9109] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.1162: invalid indirect mapped block 4294967295 (level 1) [ 230.589704][ T9109] EXT4-fs (loop1): 2 truncates cleaned up [ 230.602190][ T9109] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 230.703839][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 230.714400][ T9114] 9p: Unknown Cache mode or invalid value fscachx]ame=@ [ 230.725214][ T9116] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1164'. [ 231.161201][ T9137] netlink: 14 bytes leftover after parsing attributes in process `syz.0.1169'. [ 231.904211][ T9130] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 231.913536][ T9130] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 231.926280][ T9130] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 231.932343][ T9130] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 232.067598][ T9147] tipc: Enabled bearer , priority 0 [ 232.085335][ T9147] syzkaller0: entered promiscuous mode [ 232.102146][ T9147] syzkaller0: entered allmulticast mode [ 232.133368][ T9147] tipc: Resetting bearer [ 232.163486][ T9146] tipc: Resetting bearer [ 232.251955][ T9146] tipc: Disabling bearer [ 232.280224][ T9] usb 4-1: USB disconnect, device number 8 [ 232.646629][ T9167] 9pnet_fd: Insufficient options for proto=fd [ 232.677619][ T9167] loop2: detected capacity change from 0 to 512 [ 233.165137][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 233.322400][ T9176] netlink: 14 bytes leftover after parsing attributes in process `syz.1.1183'. [ 233.965108][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout [ 233.971565][ T5798] Bluetooth: hci3: command 0x0c1a tx timeout [ 233.976247][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 234.060746][ T9172] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 234.067495][ T9172] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 234.077611][ T9172] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 234.084387][ T9172] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 234.271097][ T9194] tipc: Enabled bearer , priority 0 [ 234.277561][ T9196] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1189'. [ 234.284294][ T9194] syzkaller0: entered promiscuous mode [ 234.288580][ T9196] netlink: 'syz.0.1189': attribute type 1 has an invalid length. [ 234.292335][ T9194] syzkaller0: entered allmulticast mode [ 234.331704][ T9194] tipc: Resetting bearer [ 234.340000][ T9193] tipc: Resetting bearer [ 234.372061][ T9193] tipc: Disabling bearer [ 234.474906][ T8] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 234.674850][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 234.690418][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 56805, setting to 64 [ 234.702213][ T8] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 234.712431][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 234.751105][ T8] usb 3-1: config 0 descriptor?? [ 234.771106][ T8] iowarrior 3-1:0.0: no interrupt-in endpoint found [ 235.324829][ T5106] Bluetooth: hci2: command 0x0c1a tx timeout [ 235.821445][ T9224] tipc: Enabled bearer , priority 0 [ 235.848577][ T9224] syzkaller0: entered promiscuous mode [ 235.854187][ T9224] syzkaller0: entered allmulticast mode [ 235.871949][ T9224] tipc: Resetting bearer [ 235.880375][ T9223] tipc: Resetting bearer [ 235.905765][ T9223] tipc: Disabling bearer [ 236.124982][ T5106] Bluetooth: hci1: command 0x0c1a tx timeout [ 236.125006][ T5791] Bluetooth: hci0: command 0x0c1a tx timeout [ 236.131151][ T5106] Bluetooth: hci3: command 0x0c1a tx timeout [ 237.224181][ T8] usb 3-1: USB disconnect, device number 18 [ 237.364317][ T9254] tipc: Enabled bearer , priority 0 [ 237.398842][ T9254] syzkaller0: entered promiscuous mode [ 237.407495][ T9254] syzkaller0: entered allmulticast mode [ 237.445711][ T9254] tipc: Resetting bearer [ 237.479157][ T9253] tipc: Resetting bearer [ 237.566007][ T9253] tipc: Disabling bearer [ 237.781699][ T9266] loop3: detected capacity change from 0 to 1024 [ 237.830388][ T9266] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 237.872489][ T27] kauditd_printk_skb: 17 callbacks suppressed [ 237.872504][ T27] audit: type=1800 audit(1757551728.909:1149): pid=9266 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1216" name="file1" dev="loop3" ino=15 res=0 errno=0 [ 238.049522][ T9266] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4031: comm syz.3.1216: Allocating blocks 497-513 which overlap fs metadata [ 238.079432][ T9266] EXT4-fs (loop3): pa ffff88805de140e8: logic 256, phys. 385, len 8 [ 238.088049][ T9266] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 1 [ 238.168120][ T9278] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1218'. [ 238.961079][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 239.224564][ T9292] usb usb8: usbfs: process 9292 (syz.0.1225) did not claim interface 0 before use [ 239.496071][ T5877] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 239.588407][ T9308] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1230'. [ 240.294820][ T5877] usb 4-1: Using ep0 maxpacket: 8 [ 240.368137][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 234, changing to 11 [ 240.391865][ T5877] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50661, setting to 1024 [ 240.413654][ T5877] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 240.424118][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.442294][ T5877] usb 4-1: config 0 descriptor?? [ 240.448762][ T9290] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 240.670799][ T5877] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 241.142067][ T9339] netlink: 228 bytes leftover after parsing attributes in process `syz.2.1242'. [ 241.327021][ T9342] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1243'. [ 241.655297][ T5873] usb 4-1: USB disconnect, device number 9 [ 242.274799][ T9349] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1252'. [ 243.155582][ T27] audit: type=1326 audit(1757551734.199:1150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.178672][ T27] audit: type=1326 audit(1757551734.209:1151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.216177][ T27] audit: type=1326 audit(1757551734.219:1152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.261764][ T27] audit: type=1326 audit(1757551734.219:1153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.349788][ T27] audit: type=1326 audit(1757551734.219:1154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.429604][ T27] audit: type=1326 audit(1757551734.219:1155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.468103][ T27] audit: type=1326 audit(1757551734.219:1156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.502843][ T27] audit: type=1326 audit(1757551734.219:1157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7febc178d417 code=0x7ffc0000 [ 243.531388][ T27] audit: type=1326 audit(1757551734.219:1158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.560606][ T27] audit: type=1326 audit(1757551734.219:1159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9356 comm="syz.1.1250" exe="/root/syz-executor" sig=0 arch=c000003e syscall=194 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 243.774803][ T5873] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 243.966937][ T5873] usb 1-1: Using ep0 maxpacket: 8 [ 243.975953][ T5873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 234, changing to 11 [ 243.987256][ T5873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50661, setting to 1024 [ 244.001384][ T5873] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 244.010562][ T5873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.030228][ T5873] usb 1-1: config 0 descriptor?? [ 244.040110][ T9370] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 244.261547][ T5873] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 245.300338][ C0] iowarrior 1-1:0.0: iowarrior_callback - usb_submit_urb failed with result -1 [ 245.333138][ T5873] usb 1-1: USB disconnect, device number 15 [ 247.060650][ T9410] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1270'. [ 247.070152][ T9410] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1270'. [ 247.150244][ T9410] loop2: detected capacity change from 0 to 1024 [ 247.175205][ T9410] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (4096), stripe is disabled [ 247.237089][ T9410] EXT4-fs error (device loop2): ext4_map_blocks:718: inode #3: block 1: comm syz.2.1270: lblock 1 mapped to illegal pblock 1 (length 1) [ 247.274333][ T9410] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.1270: Failed to acquire dquot type 0 [ 247.290327][ T9410] EXT4-fs error (device loop2): ext4_free_blocks:6676: comm syz.2.1270: Freeing blocks not in datazone - block = 0, count = 4096 [ 247.338315][ T9410] EXT4-fs error (device loop2): ext4_read_inode_bitmap:140: comm syz.2.1270: Invalid inode bitmap blk 0 in block_group 0 [ 247.360334][ T1089] EXT4-fs error (device loop2): ext4_map_blocks:608: inode #3: block 1: comm kworker/u4:5: lblock 1 mapped to illegal pblock 1 (length 1) [ 247.371804][ T9410] EXT4-fs error (device loop2) in ext4_free_inode:363: Corrupt filesystem [ 247.390620][ T9410] EXT4-fs (loop2): 1 orphan inode deleted [ 247.403740][ T1089] EXT4-fs error (device loop2): ext4_release_dquot:6976: comm kworker/u4:5: Failed to release dquot type 0 [ 247.404895][ T9410] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 247.504867][ T7636] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 247.715007][ T7636] usb 2-1: Using ep0 maxpacket: 8 [ 247.765401][ T7636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 234, changing to 11 [ 247.846762][ T7636] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50661, setting to 1024 [ 247.913399][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 247.931866][ T7636] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 247.989797][ T7636] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 248.149030][ T7636] usb 2-1: config 0 descriptor?? [ 248.259081][ T9417] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 248.591675][ T7636] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 249.319093][ T5873] usb 2-1: USB disconnect, device number 11 [ 249.510586][ T9440] loop3: detected capacity change from 0 to 2048 [ 249.557642][ T9440] EXT4-fs (loop3): failed to initialize system zone (-117) [ 249.588299][ T9440] EXT4-fs (loop3): mount failed [ 250.887378][ T9461] process 'syz.2.1291' launched '/dev/fd/7' with NULL argv: empty string added [ 251.182547][ T9476] netlink: 'syz.1.1299': attribute type 3 has an invalid length. [ 251.247686][ T9478] loop1: detected capacity change from 0 to 512 [ 251.256358][ T9478] journal_path: Lookup failure for './file0' [ 251.262411][ T9478] EXT4-fs: error: could not find journal device path [ 251.374835][ T5873] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 251.635226][ T5873] usb 3-1: Using ep0 maxpacket: 8 [ 251.686974][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 234, changing to 11 [ 251.764468][ T5873] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50661, setting to 1024 [ 251.860327][ T5873] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 251.966882][ T5873] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.140856][ T5873] usb 3-1: config 0 descriptor?? [ 252.195168][ T9474] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 252.438880][ T9491] loop1: detected capacity change from 0 to 512 [ 252.463695][ T5873] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 252.486996][ T9491] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 252.532213][ T9491] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1215: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 252.553164][ T9491] EXT4-fs (loop1): 1 truncate cleaned up [ 252.564445][ T9491] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 253.226637][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 253.235370][ T5776] usb 3-1: USB disconnect, device number 19 [ 253.486168][ T9508] loop3: detected capacity change from 0 to 2048 [ 253.510853][ T9508] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 253.523342][ T9508] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 253.658362][ T48] EXT4-fs error (device loop3): ext4_validate_block_bitmap:439: comm kworker/u4:3: bg 0: block 345: padding at end of block bitmap is not set [ 253.677015][ T48] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 79 with max blocks 1 with error 117 [ 253.689838][ T48] EXT4-fs (loop3): This should not happen!! Data will be lost [ 253.689838][ T48] [ 253.702371][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 254.735847][ T9520] loop2: detected capacity change from 0 to 2048 [ 254.771122][ T9524] loop1: detected capacity change from 0 to 128 [ 254.803768][ T9522] wg2: entered promiscuous mode [ 254.805959][ T9524] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 254.815181][ T9520] EXT4-fs (loop2): failed to initialize system zone (-117) [ 254.825697][ T9522] wg2: entered allmulticast mode [ 254.844952][ T9520] EXT4-fs (loop2): mount failed [ 255.110558][ T27] kauditd_printk_skb: 74 callbacks suppressed [ 255.110571][ T27] audit: type=1800 audit(1757551746.149:1231): pid=9524 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1317" name="bus" dev="loop1" ino=1048599 res=0 errno=0 [ 255.160199][ T9524] syz.1.1317: attempt to access beyond end of device [ 255.160199][ T9524] loop1: rw=34817, sector=97, nr_sectors = 120 limit=128 [ 255.174806][ T27] audit: type=1804 audit(1757551746.169:1232): pid=9531 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1317" name="/newroot/330/file2/bus" dev="loop1" ino=1048599 res=1 errno=0 [ 255.257091][ T42] kworker/u4:2: attempt to access beyond end of device [ 255.257091][ T42] loop1: rw=1, sector=217, nr_sectors = 824 limit=128 [ 255.271189][ T42] FAT-fs (loop1): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 255.426488][ T5873] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 255.625121][ T5873] usb 4-1: Using ep0 maxpacket: 8 [ 255.682190][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 234, changing to 11 [ 255.750580][ T5873] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50661, setting to 1024 [ 255.862587][ T5873] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 255.937957][ T5873] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.980756][ T1277] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.988627][ T1277] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.112580][ T5873] usb 4-1: config 0 descriptor?? [ 256.194622][ T9535] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 256.528141][ T5873] iowarrior 4-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 256.688342][ T9556] loop2: detected capacity change from 0 to 8192 [ 256.755300][ T27] audit: type=1326 audit(1757551747.789:1233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 256.790077][ T27] audit: type=1326 audit(1757551747.789:1234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 256.850354][ T27] audit: type=1326 audit(1757551747.789:1235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 256.878739][ T27] audit: type=1326 audit(1757551747.789:1236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 256.908597][ T27] audit: type=1326 audit(1757551747.789:1237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 256.939658][ T27] audit: type=1326 audit(1757551747.789:1238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 257.012632][ T27] audit: type=1326 audit(1757551747.789:1239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 257.070608][ T27] audit: type=1326 audit(1757551747.829:1240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9555 comm="syz.2.1332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 257.297225][ T5873] usb 4-1: USB disconnect, device number 10 [ 257.767448][ T9572] capability: warning: `syz.0.1334' uses deprecated v2 capabilities in a way that may be insecure [ 258.039357][ T9574] debugfs: Directory 'ttyS3' with parent 'caif_serial' already present! [ 259.698520][ T9612] lo speed is unknown, defaulting to 1000 [ 261.612407][ T9624] loop1: detected capacity change from 0 to 128 [ 261.645026][ T9624] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 261.689580][ T9624] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 261.719618][ T9626] loop3: detected capacity change from 0 to 512 [ 261.759414][ T9626] journal_path: Lookup failure for './bus' [ 261.786191][ T9626] EXT4-fs: error: could not find journal device path [ 261.825009][ T7636] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 262.035258][ T7636] usb 1-1: Using ep0 maxpacket: 8 [ 262.063815][ T7636] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 234, changing to 11 [ 262.087733][ T7636] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 50661, setting to 1024 [ 262.115032][ T7636] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 262.164879][ T7636] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.194359][ T7636] usb 1-1: config 0 descriptor?? [ 262.213017][ T9621] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 262.454046][ T7636] iowarrior 1-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 262.634510][ T27] kauditd_printk_skb: 69 callbacks suppressed [ 262.634524][ T27] audit: type=1326 audit(1757551753.669:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 262.732332][ T27] audit: type=1326 audit(1757551753.669:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 262.856958][ T27] audit: type=1326 audit(1757551753.689:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 262.930396][ T27] audit: type=1326 audit(1757551753.689:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 263.024240][ T27] audit: type=1326 audit(1757551753.689:1314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=187 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 263.048994][ T27] audit: type=1326 audit(1757551753.689:1315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 263.089308][ T27] audit: type=1326 audit(1757551753.689:1316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9643 comm="syz.2.1355" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 263.239240][ T8] usb 1-1: USB disconnect, device number 16 [ 264.333147][ T9687] loop2: detected capacity change from 0 to 128 [ 264.357410][ T9687] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none. [ 264.383237][ T9687] ext4 filesystem being mounted at /360/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 264.479033][ T5785] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09. [ 264.569558][ T27] audit: type=1326 audit(1757551755.599:1317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9694 comm="syz.2.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 264.618799][ T27] audit: type=1326 audit(1757551755.599:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9694 comm="syz.2.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 264.672687][ T27] audit: type=1326 audit(1757551755.609:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9694 comm="syz.2.1378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 265.164673][ T9712] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1386'. [ 265.278180][ T9715] loop3: detected capacity change from 0 to 128 [ 265.732887][ T9726] loop2: detected capacity change from 0 to 128 [ 265.798274][ T9726] syz.2.1392: attempt to access beyond end of device [ 265.798274][ T9726] loop2: rw=2049, sector=145, nr_sectors = 896 limit=128 [ 265.904577][ T9729] loop2: detected capacity change from 0 to 1024 [ 265.946281][ T9729] EXT4-fs error (device loop2): ext4_acquire_dquot:6940: comm syz.2.1393: Failed to acquire dquot type 0 [ 265.970642][ T9729] EXT4-fs error (device loop2): mb_free_blocks:1938: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt. [ 266.016618][ T9729] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1393: corrupted inode contents [ 266.030302][ T9729] EXT4-fs error (device loop2): ext4_dirty_inode:6106: inode #13: comm syz.2.1393: mark_inode_dirty error [ 266.048742][ T9729] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1393: corrupted inode contents [ 266.069567][ T9729] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #13: comm syz.2.1393: mark_inode_dirty error [ 266.082373][ T9729] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1393: corrupted inode contents [ 266.099022][ T9729] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 266.108307][ T9729] EXT4-fs error (device loop2): ext4_do_update_inode:5230: inode #13: comm syz.2.1393: corrupted inode contents [ 266.125953][ T9729] EXT4-fs error (device loop2): ext4_truncate:4288: inode #13: comm syz.2.1393: mark_inode_dirty error [ 266.139607][ T9729] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 266.153624][ T9729] EXT4-fs (loop2): 1 truncate cleaned up [ 266.163142][ T9729] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 266.237005][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 266.819965][ T9753] netlink: 'syz.2.1397': attribute type 4 has an invalid length. [ 268.284189][ T9788] loop1: detected capacity change from 0 to 512 [ 268.303133][ T9790] loop2: detected capacity change from 0 to 1024 [ 268.353626][ T9788] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 268.374148][ T9790] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 268.398597][ T9788] ext4 filesystem being mounted at /356/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 268.461275][ T27] kauditd_printk_skb: 15 callbacks suppressed [ 268.461289][ T27] audit: type=1800 audit(1757551759.499:1333): pid=9790 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1416" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 268.508198][ T9790] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4031: comm syz.2.1416: Allocating blocks 385-513 which overlap fs metadata [ 268.537818][ T9790] EXT4-fs (loop2): pa ffff88805ba3d488: logic 16, phys. 129, len 24 [ 268.546601][ T9790] EXT4-fs error (device loop2): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 268.606800][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.750914][ T5785] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 268.789852][ T27] audit: type=1326 audit(1757551759.829:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 268.873416][ T27] audit: type=1326 audit(1757551759.859:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 268.936419][ T27] audit: type=1326 audit(1757551759.859:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 268.971817][ T9810] netlink: 100 bytes leftover after parsing attributes in process `syz.2.1419'. [ 268.981058][ T27] audit: type=1326 audit(1757551759.859:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 268.981102][ T27] audit: type=1326 audit(1757551759.859:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 268.981139][ T27] audit: type=1326 audit(1757551759.859:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 268.981172][ T27] audit: type=1326 audit(1757551759.859:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 268.981206][ T27] audit: type=1326 audit(1757551759.859:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9803 comm="syz.3.1420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdf7b78eba9 code=0x7ffc0000 [ 269.239651][ T9813] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1423'. [ 269.332949][ T9814] loop3: detected capacity change from 0 to 8192 [ 269.353844][ T9814] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 269.380455][ T9814] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 269.393616][ T9814] FAT-fs (loop3): Filesystem has been set read-only [ 269.481192][ T5786] FAT-fs (loop3): error, invalid access to FAT (entry 0x00000001) [ 269.592211][ T9825] loop3: detected capacity change from 0 to 1024 [ 269.610736][ T9825] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 269.652911][ T9825] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4031: comm syz.3.1429: Allocating blocks 385-513 which overlap fs metadata [ 269.740009][ T9825] EXT4-fs (loop3): pa ffff88805b9e5488: logic 16, phys. 129, len 24 [ 269.749357][ T9825] EXT4-fs error (device loop3): ext4_mb_release_inode_pa:5372: group 0, free 0, pa_free 8 [ 269.848386][ T5786] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 269.973430][ T9833] loop3: detected capacity change from 0 to 2048 [ 270.067897][ T9833] loop3: p2 p3 p7 [ 270.375144][ T5792] udevd[5792]: inotify_add_watch(7, /dev/loop3p3, 10) failed: No such file or directory [ 270.384550][ T5777] udevd[5777]: inotify_add_watch(7, /dev/loop3p2, 10) failed: No such file or directory [ 270.399754][ T5779] udevd[5779]: inotify_add_watch(7, /dev/loop3p7, 10) failed: No such file or directory [ 270.688241][ T9841] geneve2: entered promiscuous mode [ 270.693651][ T9841] geneve2: entered allmulticast mode [ 270.744900][ T27] audit: type=1326 audit(1757551761.759:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9842 comm="syz.0.1435" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 271.527129][ T9858] loop9: detected capacity change from 0 to 7 [ 271.539507][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.549007][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.558205][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.567388][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.576585][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.585761][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.593852][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.603134][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.611469][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.620655][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.629141][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.638323][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.646834][ C1] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.656023][ C1] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.663886][ T9858] ldm_validate_partition_table(): Disk read failed. [ 271.672840][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.682107][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.695013][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.704230][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.712858][ C0] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 271.722121][ C0] Buffer I/O error on dev loop9, logical block 0, async page read [ 271.736047][ T9858] Dev loop9: unable to read RDB block 0 [ 271.742699][ T9858] loop9: unable to read partition table [ 271.752222][ T9858] loop9: partition table beyond EOD, truncated [ 271.759772][ T9858] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 271.759772][ T9858] ) failed (rc=-5) [ 272.414029][ T9872] lo speed is unknown, defaulting to 1000 [ 272.921637][ T9876] loop2: detected capacity change from 0 to 128 [ 272.956417][ T9876] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 273.006945][ T9876] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 273.181487][ T9876] 8021q: adding VLAN 0 to HW filter on device bond1 [ 273.189103][ T9876] bridge0: port 1(bond1) entered blocking state [ 273.195959][ T9876] bridge0: port 1(bond1) entered disabled state [ 273.202414][ T9876] bond1: entered allmulticast mode [ 273.209947][ T9876] bond1: entered promiscuous mode [ 273.217617][ T9876] bridge0: port 1(bond1) entered blocking state [ 273.224044][ T9876] bridge0: port 1(bond1) entered forwarding state [ 273.271248][ T1316] bridge0: port 1(bond1) entered disabled state [ 275.136028][ T9928] syz.0.1468[9928] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 275.136103][ T9928] syz.0.1468[9928] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 275.864427][ T9957] syz.1.1476[9957] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 275.882117][ T9957] syz.1.1476[9957] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 276.004092][ T9959] netlink: 264 bytes leftover after parsing attributes in process `syz.0.1477'. [ 276.065669][ T9961] loop1: detected capacity change from 0 to 512 [ 276.083492][ T9961] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 276.133881][ T9961] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a843c018, mo2=0002] [ 276.156016][ T9961] System zones: 0-2, 18-18, 34-34 [ 276.179837][ T9961] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 276.202153][ T9961] ext4 filesystem being mounted at /376/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 276.244560][ T9961] netlink: 'syz.1.1478': attribute type 10 has an invalid length. [ 276.270116][ T9961] bond0: (slave ): Releasing backup interface [ 276.302243][ T9961] team0: Failed to send port change of device  via netlink (err -105) [ 276.326438][ T9961] team0: Failed to send options change via netlink (err -105) [ 276.334321][ T9961] team0: Port device  added [ 276.342863][ T9972] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1482'. [ 276.594015][ T9972] infiniband syz!: set down [ 276.600315][ T9972] team0 (unregistering): Port device team_slave_0 removed [ 276.619192][ T9972] team0 (unregistering): Port device team_slave_1 removed [ 276.647533][ T9973] netlink: 'syz.1.1478': attribute type 10 has an invalid length. [ 276.656469][ T9973] team0: Failed to send port change of device  via netlink (err -105) [ 276.680529][ T9973] team0: Failed to send options change via netlink (err -105) [ 276.689778][ T9973] team0: Failed to send port change of device  via netlink (err -105) [ 276.699344][ T9973] team0: Port device  removed [ 276.710989][ T9973] bond0: (slave ): Enslaving as an active interface with an up link [ 276.759902][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 277.291291][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 277.291305][ T27] audit: type=1326 audit(1757551768.329:1362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10000 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 277.328856][ T27] audit: type=1326 audit(1757551768.329:1363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10000 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 277.357442][ T27] audit: type=1326 audit(1757551768.329:1364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10000 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 277.430718][ T27] audit: type=1326 audit(1757551768.329:1365): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10000 comm="syz.1.1493" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7febc178eba9 code=0x7ffc0000 [ 277.747088][T10011] program syz.3.1498 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 277.765573][T10011] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 277.840342][T10013] IPVS: stopping master sync thread 10014 ... [ 277.847831][T10014] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 278.057214][T10021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1502'. [ 278.103337][T10021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1502'. [ 278.515465][T10039] loop1: detected capacity change from 0 to 512 [ 278.524498][T10039] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 278.549670][T10039] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.1509: corrupted in-inode xattr: e_name out of bounds [ 278.573549][T10039] EXT4-fs (loop1): 1 truncate cleaned up [ 278.580355][T10039] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none. [ 278.621471][T10039] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2244: inode #15: comm syz.1.1509: corrupted in-inode xattr: e_name out of bounds [ 278.660378][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 278.829751][T10044] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1511'. [ 278.839249][T10044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 278.847023][T10044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 278.858941][T10044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 278.866645][T10044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 279.231297][T10053] lo speed is unknown, defaulting to 1000 [ 279.995795][T10061] IPv6: Can't replace route, no match found [ 280.707823][T10083] IPv6: NLM_F_CREATE should be specified when creating new route [ 280.716847][T10083] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 280.724101][T10083] IPv6: NLM_F_CREATE should be set when creating new route [ 281.171152][T10093] loop1: detected capacity change from 0 to 512 [ 281.194217][T10093] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 281.216621][T10093] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 281.373109][T10093] EXT4-fs (loop1): 1 truncate cleaned up [ 281.385959][T10093] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback. [ 281.484966][ T27] audit: type=1804 audit(1757551772.519:1366): pid=10093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1532" name="/newroot/403/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 281.530958][ T27] audit: type=1804 audit(1757551772.529:1367): pid=10093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1532" name="/newroot/403/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 281.595250][ T27] audit: type=1804 audit(1757551772.559:1368): pid=10093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.1532" name="/newroot/403/bus/bus" dev="loop1" ino=18 res=1 errno=0 [ 281.652580][ T27] audit: type=1326 audit(1757551772.609:1369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10106 comm="syz.2.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 281.717303][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000. [ 281.732656][ T27] audit: type=1326 audit(1757551772.609:1370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10106 comm="syz.2.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 281.793219][ T27] audit: type=1326 audit(1757551772.609:1371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10106 comm="syz.2.1537" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 281.965184][T10119] serio: Serial port ptm1 [ 282.944965][ T27] kauditd_printk_skb: 8 callbacks suppressed [ 282.944977][ T27] audit: type=1326 audit(1757551773.989:1380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 282.983597][ T27] audit: type=1326 audit(1757551773.989:1381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 283.023833][ T27] audit: type=1326 audit(1757551773.989:1382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 283.057006][ T5880] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 283.061158][ T27] audit: type=1326 audit(1757551773.989:1383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=200 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 283.074860][ T5880] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 283.087563][ T27] audit: type=1326 audit(1757551773.989:1384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 283.112413][ T5880] hid-generic 0000:0004:0000.0003: unknown main item tag 0x0 [ 283.126937][ T27] audit: type=1326 audit(1757552030.040:1385): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10131 comm="syz.0.1546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 283.177381][ T5880] hid-generic 0000:0004:0000.0003: hidraw0: HID v0.00 Device [syz0] on syz0 [ 283.344657][T10137] fido_id[10137]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 283.578161][T10151] syz.1.1553[10151] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 283.578282][T10151] syz.1.1553[10151] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 283.719617][T10158] usb usb1: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 283.867900][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.878733][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.886739][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.894343][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.902892][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.911858][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.920211][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.928105][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.937104][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.946548][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.954188][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.966065][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.973723][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.985443][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 283.993045][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.004578][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.013838][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.026065][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.033561][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.041625][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.049503][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.057302][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.065068][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.072571][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.081188][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.092242][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.101120][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.112179][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.121087][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.135980][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.146901][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.154396][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.167853][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.176777][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.185882][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.193374][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.202501][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.214381][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.223859][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.234309][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.242085][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.249960][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.259360][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.283210][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.300476][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.310408][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.318235][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.326089][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.333941][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.341875][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.351742][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.361468][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.362054][T10170] netlink: 'syz.0.1563': attribute type 12 has an invalid length. [ 284.369075][ T8] hid-generic 0000:0006:0007.0004: unknown main item tag 0x0 [ 284.391159][ T8] hid-generic 0000:0006:0007.0004: hidraw0: HID v0.0b Device [syz1] on syz1 [ 284.402619][T10170] netlink: 'syz.0.1563': attribute type 21 has an invalid length. [ 284.505073][T10171] fido_id[10171]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 285.740237][T10212] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1579'. [ 285.929982][T10216] lo speed is unknown, defaulting to 1000 [ 286.338933][T10223] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1584'. [ 286.545142][ T27] audit: type=1326 audit(1757552033.580:1386): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10226 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 286.596955][ T27] audit: type=1326 audit(1757552033.580:1387): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10226 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 286.661241][ T27] audit: type=1326 audit(1757552033.610:1388): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10226 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 286.725559][ T27] audit: type=1326 audit(1757552033.610:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10226 comm="syz.0.1586" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f421c38eba9 code=0x7ffc0000 [ 287.258779][T10248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'. [ 287.281652][T10248] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'. [ 287.400267][T10251] usb usb1: usbfs: process 10251 (syz.1.1597) did not claim interface 4 before use [ 287.439215][T10238] random: crng reseeded on system resumption [ 288.322488][T10269] Unsupported ieee802154 address type: 0 [ 288.326487][T10267] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1603'. [ 288.461364][T10273] loop3: detected capacity change from 0 to 2048 [ 288.497130][T10273] loop3: p1 < > p4 [ 288.516404][T10273] loop3: p4 size 8388608 extends beyond EOD, truncated [ 288.825966][T10280] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 288.988203][T10284] loop1: detected capacity change from 0 to 164 [ 289.182065][ T27] kauditd_printk_skb: 19 callbacks suppressed [ 289.182079][ T27] audit: type=1326 audit(1757552036.220:1409): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.262835][ T27] audit: type=1326 audit(1757552036.260:1410): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.316254][ T27] audit: type=1326 audit(1757552036.260:1411): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.378118][ T27] audit: type=1326 audit(1757552036.260:1412): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.422922][ T27] audit: type=1326 audit(1757552036.260:1413): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.422963][ T27] audit: type=1326 audit(1757552036.260:1414): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.422997][ T27] audit: type=1326 audit(1757552036.260:1415): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.423030][ T27] audit: type=1326 audit(1757552036.260:1416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.460254][ T27] audit: type=1326 audit(1757552036.260:1417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc28358eba9 code=0x7ffc0000 [ 289.460296][ T27] audit: type=1326 audit(1757552036.260:1418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10290 comm="syz.2.1614" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc28358d510 code=0x7ffc0000 [ 290.088450][T10307] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1620'. [ 290.269728][T10311] netlink: 132 bytes leftover after parsing attributes in process `syz.1.1622'. [ 290.413140][T10313] loop2: detected capacity change from 0 to 256 [ 290.749069][T10309] loop3: detected capacity change from 0 to 512 [ 290.858893][T10309] ------------[ cut here ]------------ [ 290.864900][T10309] EA inode 11 i_nlink=2 [ 290.879178][T10309] WARNING: CPU: 0 PID: 10309 at fs/ext4/xattr.c:1070 ext4_xattr_inode_update_ref+0x521/0x580 [ 290.894058][T10309] Modules linked in: [ 290.898705][T10309] CPU: 0 PID: 10309 Comm: syz.3.1621 Not tainted syzkaller #0 [ 290.906312][T10309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 290.917491][T10309] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 290.924138][T10309] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 cf be 8a 44 89 f2 e8 0f 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 290.945329][T10309] RSP: 0018:ffffc9001a5a7220 EFLAGS: 00010246 [ 290.951435][T10309] RAX: 314917277619c400 RBX: 0000000000000001 RCX: 0000000000080000 [ 290.959851][T10309] RDX: ffffc9000d2db000 RSI: 0000000000026230 RDI: 0000000000026231 [ 290.967891][T10309] RBP: ffffc9001a5a7318 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 290.976080][T10309] R10: dffffc0000000000 R11: ffffed10171c5183 R12: ffff888077bbb4b0 [ 290.984080][T10309] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888077bbb500 [ 290.992147][T10309] FS: 00007fdf7c6786c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000 [ 291.001161][T10309] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 291.007857][T10309] CR2: ffffffffffffffe8 CR3: 0000000078134000 CR4: 00000000003506f0 [ 291.015919][T10309] Call Trace: [ 291.019224][T10309] [ 291.022183][T10309] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 291.027900][T10309] ? ext4_xattr_inode_iget+0x3df/0x600 [ 291.033397][T10309] ext4_xattr_set_entry+0xcda/0x1e90 [ 291.038789][T10309] ext4_xattr_ibody_set+0x254/0x6a0 [ 291.044781][T10309] ext4_expand_extra_isize_ea+0x113a/0x19e0 [ 291.050911][T10309] __ext4_expand_extra_isize+0x306/0x400 [ 291.056709][T10309] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 291.062216][T10309] ext4_evict_inode+0x7ed/0xea0 [ 291.067126][T10309] ? _raw_spin_unlock+0x28/0x40 [ 291.072011][T10309] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 291.077991][T10309] ? do_raw_spin_unlock+0x121/0x230 [ 291.083223][T10309] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 291.089270][T10309] evict+0x486/0x870 [ 291.093196][T10309] ? __lock_acquire+0x7c80/0x7c80 [ 291.098293][T10309] ? proc_nr_inodes+0x230/0x230 [ 291.103185][T10309] ? do_raw_spin_unlock+0x121/0x230 [ 291.108452][T10309] ? _raw_spin_unlock+0x28/0x40 [ 291.113335][T10309] ? iput+0x70a/0x920 [ 291.117410][T10309] ext4_orphan_cleanup+0xbd4/0x1400 [ 291.122657][T10309] ? ext4_orphan_del+0xba0/0xba0 [ 291.127689][T10309] ? ext4_register_li_request+0x183/0x940 [ 291.133442][T10309] ? errseq_check_and_advance+0x66/0x120 [ 291.139158][T10309] ext4_fill_super+0x5de7/0x66c0 [ 291.144849][T10309] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 291.151129][T10309] ? vscnprintf+0x80/0x80 [ 291.155723][T10309] ? down_read_killable+0x340/0x340 [ 291.160962][T10309] ? setup_bdev_super+0x56b/0x660 [ 291.166194][T10309] get_tree_bdev+0x3e4/0x510 [ 291.170829][T10309] ? vfs_parse_fs_string+0x160/0x160 [ 291.176228][T10309] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 291.182503][T10309] ? setup_bdev_super+0x660/0x660 [ 291.187612][T10309] ? apparmor_capable+0x137/0x1a0 [ 291.192663][T10309] ? bpf_lsm_capable+0x9/0x10 [ 291.197426][T10309] ? security_capable+0x89/0xb0 [ 291.202330][T10309] vfs_get_tree+0x8c/0x280 [ 291.206842][T10309] do_new_mount+0x24b/0xa40 [ 291.211395][T10309] __se_sys_mount+0x2da/0x3c0 [ 291.216165][T10309] ? __x64_sys_mount+0xc0/0xc0 [ 291.220964][T10309] ? lockdep_hardirqs_on+0x98/0x150 [ 291.226244][T10309] ? __x64_sys_mount+0x20/0xc0 [ 291.231051][T10309] do_syscall_64+0x55/0xb0 [ 291.235569][T10309] ? clear_bhb_loop+0x40/0x90 [ 291.240286][T10309] ? clear_bhb_loop+0x40/0x90 [ 291.245634][T10309] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.251573][T10309] RIP: 0033:0x7fdf7b79034a [ 291.256309][T10309] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.276008][T10309] RSP: 002b:00007fdf7c677e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 291.284628][T10309] RAX: ffffffffffffffda RBX: 00007fdf7c677ef0 RCX: 00007fdf7b79034a [ 291.292632][T10309] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fdf7c677eb0 [ 291.300701][T10309] RBP: 0000200000000180 R08: 00007fdf7c677ef0 R09: 0000000000800700 [ 291.308737][T10309] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 291.316788][T10309] R13: 00007fdf7c677eb0 R14: 0000000000000473 R15: 0000200000000680 [ 291.324874][T10309] [ 291.327929][T10309] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 291.335217][T10309] CPU: 0 PID: 10309 Comm: syz.3.1621 Not tainted syzkaller #0 [ 291.342671][T10309] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 291.352723][T10309] Call Trace: [ 291.355997][T10309] [ 291.358922][T10309] dump_stack_lvl+0x16c/0x230 [ 291.363598][T10309] ? show_regs_print_info+0x20/0x20 [ 291.368792][T10309] ? load_image+0x3b0/0x3b0 [ 291.373293][T10309] panic+0x2c0/0x710 [ 291.377186][T10309] ? bpf_jit_dump+0xd0/0xd0 [ 291.381693][T10309] __warn+0x2e0/0x470 [ 291.385666][T10309] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 291.391644][T10309] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 291.397616][T10309] report_bug+0x2be/0x4f0 [ 291.401935][T10309] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 291.407908][T10309] ? ext4_xattr_inode_update_ref+0x521/0x580 [ 291.413880][T10309] ? ext4_xattr_inode_update_ref+0x523/0x580 [ 291.419853][T10309] handle_bug+0xcf/0x120 [ 291.424090][T10309] exc_invalid_op+0x1a/0x50 [ 291.428587][T10309] asm_exc_invalid_op+0x1a/0x20 [ 291.433422][T10309] RIP: 0010:ext4_xattr_inode_update_ref+0x521/0x580 [ 291.440007][T10309] Code: 24 50 4c 89 f8 48 c1 e8 03 42 80 3c 28 00 74 08 4c 89 ff e8 31 43 9a ff 49 8b 37 48 c7 c7 00 cf be 8a 44 89 f2 e8 0f 74 0d ff <0f> 0b 4c 8b 64 24 18 48 8b 5c 24 10 4c 8d 7c 24 60 e9 1f fe ff ff [ 291.459611][T10309] RSP: 0018:ffffc9001a5a7220 EFLAGS: 00010246 [ 291.465672][T10309] RAX: 314917277619c400 RBX: 0000000000000001 RCX: 0000000000080000 [ 291.473632][T10309] RDX: ffffc9000d2db000 RSI: 0000000000026230 RDI: 0000000000026231 [ 291.481592][T10309] RBP: ffffc9001a5a7318 R08: ffff8880b8e28c13 R09: 1ffff110171c5182 [ 291.489551][T10309] R10: dffffc0000000000 R11: ffffed10171c5183 R12: ffff888077bbb4b0 [ 291.497508][T10309] R13: dffffc0000000000 R14: 0000000000000002 R15: ffff888077bbb500 [ 291.505490][T10309] ? ext4_xattr_list_entries+0x3d0/0x3d0 [ 291.511120][T10309] ? ext4_xattr_inode_iget+0x3df/0x600 [ 291.516578][T10309] ext4_xattr_set_entry+0xcda/0x1e90 [ 291.521874][T10309] ext4_xattr_ibody_set+0x254/0x6a0 [ 291.527071][T10309] ext4_expand_extra_isize_ea+0x113a/0x19e0 [ 291.532975][T10309] __ext4_expand_extra_isize+0x306/0x400 [ 291.538606][T10309] __ext4_mark_inode_dirty+0x45d/0x6e0 [ 291.544067][T10309] ext4_evict_inode+0x7ed/0xea0 [ 291.548997][T10309] ? _raw_spin_unlock+0x28/0x40 [ 291.553851][T10309] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 291.559740][T10309] ? do_raw_spin_unlock+0x121/0x230 [ 291.564930][T10309] ? ext4_inode_is_fast_symlink+0x390/0x390 [ 291.570810][T10309] evict+0x486/0x870 [ 291.574692][T10309] ? __lock_acquire+0x7c80/0x7c80 [ 291.579706][T10309] ? proc_nr_inodes+0x230/0x230 [ 291.584547][T10309] ? do_raw_spin_unlock+0x121/0x230 [ 291.589744][T10309] ? _raw_spin_unlock+0x28/0x40 [ 291.594580][T10309] ? iput+0x70a/0x920 [ 291.598551][T10309] ext4_orphan_cleanup+0xbd4/0x1400 [ 291.603751][T10309] ? ext4_orphan_del+0xba0/0xba0 [ 291.608683][T10309] ? ext4_register_li_request+0x183/0x940 [ 291.614394][T10309] ? errseq_check_and_advance+0x66/0x120 [ 291.620021][T10309] ext4_fill_super+0x5de7/0x66c0 [ 291.624964][T10309] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 291.631195][T10309] ? vscnprintf+0x80/0x80 [ 291.635515][T10309] ? down_read_killable+0x340/0x340 [ 291.640709][T10309] ? setup_bdev_super+0x56b/0x660 [ 291.645721][T10309] get_tree_bdev+0x3e4/0x510 [ 291.650314][T10309] ? vfs_parse_fs_string+0x160/0x160 [ 291.655675][T10309] ? ext4_parse_test_dummy_encryption+0xb0/0xb0 [ 291.661903][T10309] ? setup_bdev_super+0x660/0x660 [ 291.666924][T10309] ? apparmor_capable+0x137/0x1a0 [ 291.671939][T10309] ? bpf_lsm_capable+0x9/0x10 [ 291.676608][T10309] ? security_capable+0x89/0xb0 [ 291.681456][T10309] vfs_get_tree+0x8c/0x280 [ 291.685862][T10309] do_new_mount+0x24b/0xa40 [ 291.690366][T10309] __se_sys_mount+0x2da/0x3c0 [ 291.695032][T10309] ? __x64_sys_mount+0xc0/0xc0 [ 291.699785][T10309] ? lockdep_hardirqs_on+0x98/0x150 [ 291.704972][T10309] ? __x64_sys_mount+0x20/0xc0 [ 291.709723][T10309] do_syscall_64+0x55/0xb0 [ 291.714123][T10309] ? clear_bhb_loop+0x40/0x90 [ 291.718793][T10309] ? clear_bhb_loop+0x40/0x90 [ 291.723464][T10309] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 291.729384][T10309] RIP: 0033:0x7fdf7b79034a [ 291.733790][T10309] Code: d8 64 89 02 48 c7 c0 ff ff ff ff eb a6 e8 de 1a 00 00 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 49 89 ca b8 a5 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 291.753388][T10309] RSP: 002b:00007fdf7c677e68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 291.761792][T10309] RAX: ffffffffffffffda RBX: 00007fdf7c677ef0 RCX: 00007fdf7b79034a [ 291.769754][T10309] RDX: 0000200000000180 RSI: 00002000000001c0 RDI: 00007fdf7c677eb0 [ 291.777715][T10309] RBP: 0000200000000180 R08: 00007fdf7c677ef0 R09: 0000000000800700 [ 291.785673][T10309] R10: 0000000000800700 R11: 0000000000000246 R12: 00002000000001c0 [ 291.793632][T10309] R13: 00007fdf7c677eb0 R14: 0000000000000473 R15: 0000200000000680 [ 291.801604][T10309] [ 291.804850][T10309] Kernel Offset: disabled [ 291.809284][T10309] Rebooting in 86400 seconds..