last executing test programs: 9.995012497s ago: executing program 1: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='jbd2_update_log_tail\x00', r3}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000280)='jbd2_update_log_tail\x00', r2}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x40086607, 0x20001419) 9.493877984s ago: executing program 1: r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) set_robust_list(&(0x7f0000000300), 0x18) 9.386879871s ago: executing program 1: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x6, 0xb, &(0x7f0000000840)=ANY=[@ANYBLOB="180300000000000000000000000000001801000020646c250000000000202020db13f8fff1000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000180)='syzkaller\x00', 0x5, 0xa7, &(0x7f00000008c0)=""/167}, 0x90) 9.258056101s ago: executing program 1: bpf$MAP_CREATE(0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x0, 0x4, 0x0, &(0x7f0000000140)='GPL\x00'}, 0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) r0 = userfaultfd(0x80001) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x2, 0x2000000000000017, &(0x7f0000000440)=ANY=[], 0x0, 0x12, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r3}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000001c0)={0xffffffffffffffff, &(0x7f0000000140), &(0x7f0000000080)=@udp6}, 0x20) getsockopt$WPAN_SECURITY_LEVEL(0xffffffffffffffff, 0x0, 0x2, &(0x7f0000000080), &(0x7f0000000180)=0x4) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000400)='itimer_state\x00', r2}, 0x10) setitimer(0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa07, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="000000001900000227bd7000fddbdf251d010100000002000200002004010000c9fc6c0d304546ef03000000e50991cb736c6a464cb16520c10fb2e04ae12c83420919f9b46887e7959e0d1f0ee50cbce4fb9791070aabee1c780b0c55502b1c247ca28940a6de215ff9e3bc"], 0x94}}, 0x4c015) 9.105411614s ago: executing program 1: r0 = socket$packet(0x11, 0x3, 0x300) syz_emit_ethernet(0xbe, &(0x7f00000000c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x88, 0x0, @empty, @empty}, {0x0, 0x0, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, '\x00', '\x00', '\x00', {'\x00', "00000000100000000000000000000001"}}}}}}}, 0x0) setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0xfc, 0xfdce) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r0, 0x0, r1, 0x0, 0xa, 0x0) 8.895597707s ago: executing program 1: futex(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, 0x1) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000600)={0x0, 0x0}) ptrace$cont(0x1f, r1, 0x0, 0x10000000000) 3.668070594s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0xc, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x0) 3.534329734s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) 3.335557775s ago: executing program 3: bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000000)={0xffffffffffffffff, 0xe0, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdb4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x24, 0x0}}, 0x10) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0x14, &(0x7f0000001080)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000c00000085000000030000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000740)={r0, &(0x7f0000000000), &(0x7f00000000c0)=""/109}, 0x20) 3.201980035s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f50850000000400000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000003c0)={&(0x7f0000000540)='task_rename\x00', r0}, 0x11) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x10, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000240)=r1}, 0x20) 3.068170306s ago: executing program 3: pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000000)="fc0000001d000724ab09254ec100070007ab08001b000000f0ffff002100057e0000000000000e000039000000039815fad151ba0101099cecb94b46fe0000000a00020025", 0xffffff0c) r2 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) pipe(&(0x7f0000000300)={0xffffffffffffffff, 0xffffffffffffffff}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) splice(r3, 0x0, r1, 0x0, 0xffffffffffff8000, 0x0) close(r4) close(r2) socket(0x400000000000010, 0x802, 0x0) splice(r0, 0x0, r2, 0x0, 0x1100000000f336, 0x0) 2.00398222s ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000008"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f00000004c0)={r0, &(0x7f0000000340), &(0x7f00000005c0)=""/155}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000540)='kfree\x00', r1}, 0x10) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) 519.494299ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0x3, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000c40)={{r0}, &(0x7f0000000bc0), &(0x7f0000000c00)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='sys_enter\x00', r1}, 0x10) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) 503.343602ms ago: executing program 2: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_aout(r0, &(0x7f00000002c0)=ANY=[], 0xc1) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x3000005, 0x13, r0, 0x0) r1 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) getsockopt$WPAN_WANTACK(r1, 0x0, 0x3, 0x0, &(0x7f0000000180)) 493.131673ms ago: executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 482.234635ms ago: executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 471.313547ms ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0x8, &(0x7f0000005c00)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546000677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5467a932b77674e802a0d42bc6099ad238af770b5ed8925161729298700000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3ac3209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b135ab6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809b5b9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed3957f813567f7a95435ac15fc0288d9b2a169cdcacc413b48dafb7a2c8cb482bac0ac559eaf39027ceb379a902d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385beef3282830689da6b53b263339863297771429d120000003341bf4abacac94500fca0493cf29b33dcc9ffffffffffffffd39f6ce0c6ff01589646efd1cf870cd7bb2366fdf870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1293b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd000c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301fb997316dbf17866fb84d4173731efe895ff2e1c55ef08235a0126e01254c44060926e90109b598502d3e959efc71f665c4d75cf2458e3542c9062ece84c99a861887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc74aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7ad333545794f37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea139376f24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8e3070000001e48418046c216c1f895778cb25122a2a998de0842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec84ac3571f02f647b3385b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba2f58ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df986741517abf11389b751f4e109b60000000000000000d6d5210d7560eb92d6a97a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750890ae71555b3228b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288d139bd3da230ed05a8fe64680b0a3f9f2dd704e4214de5946912d6c98cd1a9fbe1e7d58c08acaf30235b9100000000a55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c776f4b4ce07e1c6fa66fcfc7a228805f76785efc0ceb1c8e5729c66418d169fc03aa18854693ad2a182068e1e3a0e2505bc7f41019645466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1f68df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7e478950aa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab848753203b458b97ec1afb079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7db3c4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6c30ebc660309e1e245b0fdf9743af932cd6db49a47613808bad959719c0000000000378ac2e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6ca0400966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e3030108000000000000c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bffef97dcecc467ace456597685c5870d25f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c0000000000000000000000bfb0bba79344643b1d8daa9f38e4b62c1e2af68c6f5054b078acd74b4a9c944e4505da485a3a4154387a0a88372091cd397b09c5888a06431df3f68abf0b366c4d5f8bea7b29c257ed756dff7a21c6b661cbdd43de65afd7f661d5c84f915c90e3d6ea012b68b787eb01d8320000000000000060176dacba0ec503a37fae6b472ec369c79ee6a420c0fd8d8d82fe136d5af6c30bfeb0a7275babfdb96a127aa9386e0671c6454245a18c1c8c49552cff5d27b547cdc34c0858c77a47a9ff86ee9fbd9ceda428716a4218821176d8067997527230fa67d26950d3e4f2750fa7c872874ad3a2d11f9f6eb08e6d7b6fa257b04d8ce36360f524e3dfd2211641f3d2637d86b80681eca50ce0eecafdd22d41fa515c15591e70ded4b70efac3cb42fb352d82e8f7573e8ed8248da356fa91a252976d3a4d8c1843a8d5bb7f5f1028453a0562a3ea93117076dd4940b7df50d78289fe66197525f6095f8662d232970bef61b03fa83027963a1a2e07cfee30c0d0b4c5877f93b3637ca21eab5afcf5d4638dfe8f9202aaad51c979049dd76d65368cbd4187d9f74257c7c4a23ac4a34eec5aa17e78c5167216f5e72138d20f8325dd5f8f96c32189c904eaef580987f1ce601a7cdc35461db9981ac42f9e24b0699bbe4e3d986e38952b0b7938eefd9e7a292bbb66367ad77045fdc18855c81c031dedd185c723238373fc698d676791d04f1ff5f0825a6619e844882f31ed190233d58ecee949e310bf2b1a51b8a33ae65a06d2b6ad386bf8dc49dd328bcd75d1843a13d68560175a18af7efc3c0f20e32f84f6aaaf000000000000000000000013a6c66bce74a8fb9092023df695da2714a7933d699d42de2bc4a85e0a0e22228290a7a7553ab93a16e42453ed86869a02df2f47d4088fac1772d3cd955c81cbf91c2ca7942942f61723b558079b82547844f92df2499c4b2c2ef2539e5daa8d8727baaa6b5755e6f83bbfca00000000000000000000007925d0f1256330b9e2aa9a18cea8e009116f63c6c7d8f7f95bf0f6731e5eb1dcdc534f357b9f08e7a9a3aebeca145d695053b5bef004ca24e6c57ed10f01488d38b8b0b68d93e3cf630837915d518fde2115e66615786fe7b9216de958119cf762cac77ac829a02f48e72c0d2841880b2c"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xffffffffffffff7e}, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3) write$binfmt_elf64(r2, &(0x7f0000000180)=ANY=[], 0x78) sendfile(r1, r2, &(0x7f00000001c0), 0x8) fcntl$addseals(r2, 0x409, 0x8) fallocate(r2, 0x0, 0x0, 0x3) 381.417611ms ago: executing program 0: r0 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r0, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) readv(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000280)=""/144, 0x28}], 0x300) r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) ioctl$FS_IOC_GETFSLABEL(r2, 0x800452d2, &(0x7f0000000100)) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000000)={0x42, 0x1}, 0x10) r3 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r3, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000800000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) bind$tipc(r0, 0x0, 0x0) setsockopt(0xffffffffffffffff, 0xff, 0x1, &(0x7f0000000100)='O', 0x7) syz_emit_ethernet(0x3e, &(0x7f0000000140)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @private, @local}, @time_exceeded={0x3, 0x0, 0x0, 0x3, 0x0, 0x3f18, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @local, @dev}}}}}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={0x0}, 0x10) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) bind$tipc(r0, 0x0, 0x0) 344.908296ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 324.334769ms ago: executing program 0: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x2, 0x0, {0x42}}, 0x10, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 312.707241ms ago: executing program 0: r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0}, 0xa6) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x17, 0x8, &(0x7f0000000000)=@framed={{0x18, 0x6}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0xba}}]}, &(0x7f0000000f00)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 300.921783ms ago: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x10001, 0x9, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r0}, &(0x7f0000000280), &(0x7f00000002c0)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000300)='fib_table_lookup\x00', r1}, 0x10) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r2, &(0x7f0000000280)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) 286.557685ms ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x1, 0x1268, &(0x7f0000002500)="$eJzs3U9rI2UcB/Bf2vTv2qbquroL4oNeFCFue/DkpcguiAWl2gUVhFmbamialCYUIuLWkyfBlyHq0ZsgvoFevHgWBJFePO5BHGmT1aZJu7ptU5HP5zIPzzzfeWYyzMCE+TF7L32+sb7WLK9lrRgpFKK4ORbFuylSjMRodOzEc7d+/OnJN956+9XFpaUbyyndXHxz/sWU0uxT373z0ddPf9+6dOub2W8nYnfu3b3fFn7evbJ7de+Pr6LaTNVmqjdaKUu3G41WdrtWSavV5no5pddrlaxZSdV6s7LVs36t1tjcbKesvjozvblVaTZTVm+n9Uo7tQqptdVO2ftZtZ7K5XKamQ5OY+XLu3meR+T5WIxHnuf5VEzHpXgoZmI2SjEXD8cj8WhcjsfiSjweT8TVg1EXvd8AAAAAAAAAAAAAAAAAAADw/3Kf+v+C+n8AAAAAAAAAAAAAAAAAAAA4f0fr/4sRvv8PAAAAAAAAAAAAAAAAAAAAQ3af7/8fqf9/Xv0/AAAAAAAAAAAAAAAAAAAAnIfJzmI5pcmIjU+3V7ZXOstO/+JaVKMWlbgepfg9Dqr/Ozrtm68s3bieDszFCxt3uvk72yujvfn5sVLMFQbm5zv51JufiOnD+YUoxeXB8y8MzE/Gs8/s5z/p5MtRih/ei0bUYjWi0D36g/zH8ym9/NrSVG/+2v64Y42e82kBAACAs1ROf+l/ft/pDhq4vrOq+3yeuiMLJ/w/cOT5vBjXihd11NzTbH+4ntVqla0HbIwfv53x0225r1GIiCwO98xO/7K8P/mZTfGgjdGhTjp28phTnNMo/gd+zDNo/PrFoZ7JGO7sI91LIqvt3z//WSp28vxcd2zgxThxUur4e0ZhCPclhuPvk37RewIAAAAAAAAAAMC/MfDtv6mI6Hsf8IO+nnuvh/fG+7d8/OyfDeEIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mQHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFcBAAD///ME0UM=") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r0, &(0x7f0000000180)='./bus\x00', 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000000)='ext4_mark_inode_dirty\x00'}, 0x10) renameat2(r0, &(0x7f0000000380)='./file0\x00', r0, &(0x7f0000000200)='./bus/file0\x00', 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x24c41, 0x0) writev(r3, &(0x7f0000000000)=[{&(0x7f0000000cc0)="e1", 0x56000}], 0x2) ioctl$FS_IOC_RESVSP(r2, 0x40305828, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000440), 0x208e24b) 264.715408ms ago: executing program 4: bpf$MAP_CREATE(0x0, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3a, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r1}, 0xc) 251.478181ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=@base={0x9, 0x18, 0x8, 0x40, 0x0, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000001600)={r0, &(0x7f0000000580), 0x0}, 0x20) 242.984972ms ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.sectors\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1, 0x10012, r0, 0x0) ftruncate(r0, 0x9) futex(&(0x7f0000000000), 0x8c, 0x1, 0x0, 0x0, 0x0) 230.838554ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000002700)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0x1}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800007f0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) setresgid(0x0, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r1}, 0x10) userfaultfd(0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000)) mount$tmpfs(0x0, &(0x7f0000000380)='./file0\x00', &(0x7f0000001440), 0x0, 0x0) chdir(&(0x7f0000000140)='./file0\x00') r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000080), 0x208e24b) lseek(r2, 0x0, 0x4) 210.463457ms ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb7020000080000", @ANYRES32, @ANYBLOB="0000000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000074c7b4206d04f6088a810009000109021200010000000009040000000e01"], 0x0) 123.38224ms ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 0s ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0xfffffffd}}, 0x10) r2 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r2, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x2, 0x0, {0x42}}, 0x10, 0x0}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) kernel console output (not intermixed with test programs): superblock [ 847.977371][T24635] F2FS-fs (loop4): invalid crc value [ 847.988712][T24635] F2FS-fs (loop4): Found nat_bits in checkpoint [ 848.036363][T24635] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 848.043285][T24635] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 848.458493][T24646] overlayfs: failed to resolve './file0': -2 [ 848.726546][ T409] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 848.735710][ T409] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 848.789863][ T314] keytouch 0003:0926:3333.008F: fixing up Keytouch IEC report descriptor [ 848.799362][ T314] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.008F/input/input143 [ 848.888755][ T314] keytouch 0003:0926:3333.008F: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 849.041013][ T2439] usb 3-1: USB disconnect, device number 61 [ 849.065876][T24660] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 849.961370][T24693] A link change request failed with some changes committed already. Interface veth1_to_batadv may have been left with an inconsistent configuration, please check. [ 850.013663][ T230] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 850.284499][ T230] usb 4-1: Using ep0 maxpacket: 16 [ 850.385453][T24708] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.1'. [ 850.436234][ T230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 850.447128][ T2439] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 850.454861][ T230] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 850.464883][ T230] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 850.478478][ T230] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 850.487459][ T230] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 850.496110][ T230] usb 4-1: config 0 descriptor?? [ 850.728674][ T2439] usb 3-1: Using ep0 maxpacket: 16 [ 850.902110][ T2439] usb 3-1: config index 0 descriptor too short (expected 42672, got 176) [ 850.910713][ T2439] usb 3-1: config 201 has too many interfaces: 77, using maximum allowed: 32 [ 850.919534][ T2439] usb 3-1: config 201 has an invalid descriptor of length 0, skipping remainder of the config [ 850.929673][ T2439] usb 3-1: config 201 has 0 interfaces, different from the descriptor's value: 77 [ 851.085245][T24726] tipc: Failed to remove unknown binding: 66,1,1/0:907781021/907781023 [ 851.095955][T24726] tipc: Failed to remove unknown binding: 66,1,1/0:907781021/907781023 [ 851.238669][ T2439] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 851.248089][ T230] microsoft 0003:045E:07DA.0090: No inputs registered, leaving [ 851.256179][ T230] microsoft 0003:045E:07DA.0090: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 851.267407][ T2439] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 851.275226][ T2439] usb 3-1: Product: syz [ 851.279233][ T230] microsoft 0003:045E:07DA.0090: no inputs found [ 851.285432][ T2439] usb 3-1: Manufacturer: syz [ 851.289830][ T2439] usb 3-1: SerialNumber: syz [ 851.294229][ T230] microsoft 0003:045E:07DA.0090: could not initialize ff, continuing anyway [ 851.455985][ T230] usb 4-1: USB disconnect, device number 71 [ 851.639282][ T2439] usb 3-1: USB disconnect, device number 62 [ 851.747962][T24739] loop1: detected capacity change from 0 to 40427 [ 851.758880][T24722] tipc: Failed to remove unknown binding: 66,1,1/0:907781021/907781023 [ 851.766942][T24722] tipc: Failed to remove unknown binding: 66,1,1/0:907781021/907781023 [ 851.778985][T24739] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 851.786676][T24739] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 851.795543][T24739] F2FS-fs (loop1): invalid crc value [ 851.802327][T24739] F2FS-fs (loop1): Found nat_bits in checkpoint [ 851.840756][T24739] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 851.847750][T24739] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 852.095202][T24749] overlayfs: failed to resolve './file0': -2 [ 852.719494][ T409] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 852.728745][ T409] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 852.860479][T24763] loop3: detected capacity change from 0 to 256 [ 852.923650][ T28] kauditd_printk_skb: 6 callbacks suppressed [ 852.923665][ T28] audit: type=1400 audit(1717794837.415:68135): avc: denied { remount } for pid=24761 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 853.130115][T24772] loop3: detected capacity change from 0 to 512 [ 853.136806][T24772] EXT4-fs: Ignoring removed bh option [ 853.142763][T24772] EXT4-fs (sda1): changing journal_checksum during remount not supported; ignoring [ 853.152527][T24772] EXT4-fs (sda1): re-mounted. Quota mode: journalled. [ 853.229654][T24776] erspan0: refused to change device tx_queue_len [ 853.708181][T24791] loop3: detected capacity change from 0 to 256 [ 853.831044][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.838679][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.846275][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.854063][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.861638][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.868880][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.876653][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.879375][T24787] loop4: detected capacity change from 0 to 40427 [ 853.884031][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.897321][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.904533][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.907618][T24787] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 853.911794][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.919424][T24787] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 853.926611][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.936098][T24787] F2FS-fs (loop4): invalid crc value [ 853.941809][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.949888][T24787] F2FS-fs (loop4): Found nat_bits in checkpoint [ 853.954657][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.967386][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.977197][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.984490][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.991676][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 853.999005][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.006406][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.014251][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.016084][T24787] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 854.021521][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.030233][T24787] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 854.035576][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.063079][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.075038][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.089510][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.104851][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.137304][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.144860][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.152146][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.159336][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.166486][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.173673][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.181036][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.188296][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.305708][T24811] overlayfs: failed to resolve './file0': -2 [ 854.453097][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.460341][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.467717][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.475238][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.482654][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.489874][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.497031][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.504265][ T314] hid-generic 0000:0000:0000.0091: unknown main item tag 0x0 [ 854.512186][ T314] hid-generic 0000:0000:0000.0091: hidraw0: HID v0.00 Device [syz0] on syz0 [ 854.637506][T24817] fuse: Unknown parameter 'GPL' [ 854.643227][T16774] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 854.652918][T16774] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 855.492836][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.501168][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.510066][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.619000][T24848] tipc: Failed to remove unknown binding: 66,1,1/0:1122460680/1122460682 [ 855.629540][T24848] tipc: Failed to remove unknown binding: 66,1,1/0:1122460680/1122460682 [ 855.746493][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.755369][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.763642][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.771855][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.780374][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.788765][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 855.797053][T24846] netlink: 'syz-executor.0': attribute type 28 has an invalid length. [ 856.262165][T24864] syz-executor.3[24864] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 856.262224][T24864] syz-executor.3[24864] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 856.284875][T24838] tipc: Failed to remove unknown binding: 66,1,1/0:1122460680/1122460682 [ 856.304918][T24838] tipc: Failed to remove unknown binding: 66,1,1/0:1122460680/1122460682 [ 856.904301][ T2439] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 856.947559][ T314] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 857.196662][ T2439] usb 3-1: Using ep0 maxpacket: 16 [ 857.207573][ T314] usb 2-1: Using ep0 maxpacket: 16 [ 857.216495][T24895] syz-executor.4[24895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 857.216557][T24895] syz-executor.4[24895] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 857.337589][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 857.348425][ T314] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 857.357903][ T314] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 857.359239][ T2439] usb 3-1: config index 0 descriptor too short (expected 42672, got 176) [ 857.370558][ T314] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 857.382566][ T2439] usb 3-1: config 201 has too many interfaces: 77, using maximum allowed: 32 [ 857.388199][ T314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 857.396370][ T2439] usb 3-1: config 201 has an invalid descriptor of length 0, skipping remainder of the config [ 857.404798][ T314] usb 2-1: config 0 descriptor?? [ 857.414789][ T2439] usb 3-1: config 201 has 0 interfaces, different from the descriptor's value: 77 [ 857.662595][ T2439] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 857.671519][ T2439] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 857.679352][ T2439] usb 3-1: Product: syz [ 857.683300][ T2439] usb 3-1: Manufacturer: syz [ 857.687821][ T2439] usb 3-1: SerialNumber: syz [ 857.935312][ T314] microsoft 0003:045E:07DA.0092: No inputs registered, leaving [ 857.943696][ T314] microsoft 0003:045E:07DA.0092: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 857.954958][ T314] microsoft 0003:045E:07DA.0092: no inputs found [ 857.961219][ T314] microsoft 0003:045E:07DA.0092: could not initialize ff, continuing anyway [ 857.977957][ T2439] usb 3-1: USB disconnect, device number 63 [ 858.099940][T24923] syz-executor.3[24923] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 858.100037][T24923] syz-executor.3[24923] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 858.157123][T20586] usb 2-1: USB disconnect, device number 70 [ 858.673017][T24936] overlayfs: './file0' not a directory [ 858.838773][T24938] fuse: Unknown parameter 'GPL' [ 859.125387][ T2439] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 859.396084][ T2439] usb 3-1: Using ep0 maxpacket: 16 [ 859.558609][ T2439] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 859.569579][ T2439] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 859.579204][ T2439] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.40 [ 859.588171][ T2439] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 859.596659][ T2439] usb 3-1: config 0 descriptor?? [ 859.670612][ T28] audit: type=1400 audit(1717794843.645:68136): avc: denied { bind } for pid=24961 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 860.155193][ T2439] cp2112 0003:10C4:EA90.0093: unknown main item tag 0x0 [ 860.162245][ T2439] cp2112 0003:10C4:EA90.0093: unknown main item tag 0x0 [ 860.169625][ T2439] cp2112 0003:10C4:EA90.0093: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 860.338613][ T314] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 860.382137][ T2439] cp2112 0003:10C4:EA90.0093: Part Number: 0xA7 Device Version: 0x96 [ 860.543389][T24981] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 860.620423][ T2439] cp2112 0003:10C4:EA90.0093: error requesting SMBus config [ 860.628085][ T2439] cp2112: probe of 0003:10C4:EA90.0093 failed with error -5 [ 860.772019][ T314] usb 2-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 860.781990][ T314] usb 2-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 860.790846][ T314] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 860.799714][ T314] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 860.838267][ T2439] usb 3-1: USB disconnect, device number 64 [ 860.858691][ T356] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 861.151147][ T356] usb 1-1: Using ep0 maxpacket: 16 [ 861.203817][T24996] bridge0: port 1(bridge_slave_0) entered disabled state [ 861.292093][ T356] usb 1-1: config index 0 descriptor too short (expected 42672, got 176) [ 861.300352][ T356] usb 1-1: config 201 has too many interfaces: 77, using maximum allowed: 32 [ 861.308988][ T356] usb 1-1: config 201 has an invalid descriptor of length 0, skipping remainder of the config [ 861.319030][ T356] usb 1-1: config 201 has 0 interfaces, different from the descriptor's value: 77 [ 861.519626][ T356] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 861.528592][ T356] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 861.536601][ T356] usb 1-1: Product: syz [ 861.540625][ T356] usb 1-1: Manufacturer: syz [ 861.545076][ T356] usb 1-1: SerialNumber: syz [ 861.573900][ T314] usb 2-1: string descriptor 0 read error: -32 [ 861.829252][T25015] loop2: detected capacity change from 0 to 512 [ 861.845555][ T356] usb 1-1: USB disconnect, device number 78 [ 861.855739][T25015] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 861.864691][T25015] ext4 filesystem being mounted at /root/syzkaller-testdir1512132667/syzkaller.W7WkkS/48/file0 supports timestamps until 2038 (0x7fffffff) [ 861.884920][T25015] EXT4-fs warning (device loop2): verify_group_input:151: Cannot add at group 8 (only 1 groups) [ 861.932630][T25019] bridge0: port 1(bridge_slave_0) entered blocking state [ 861.939508][T25019] bridge0: port 1(bridge_slave_0) entered disabled state [ 861.946709][T25019] device bridge_slave_0 entered promiscuous mode [ 861.953757][T25019] bridge0: port 2(bridge_slave_1) entered blocking state [ 861.956370][T24111] EXT4-fs (loop2): unmounting filesystem. [ 861.960602][T25019] bridge0: port 2(bridge_slave_1) entered disabled state [ 861.973412][T25019] device bridge_slave_1 entered promiscuous mode [ 862.028866][T25019] bridge0: port 2(bridge_slave_1) entered blocking state [ 862.035722][T25019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 862.042823][T25019] bridge0: port 1(bridge_slave_0) entered blocking state [ 862.049597][T25019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 862.073686][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 862.081033][ T2439] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.088379][ T2439] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.096105][T12244] usb 2-1: USB disconnect, device number 71 [ 862.112391][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 862.121288][ T2439] bridge0: port 1(bridge_slave_0) entered blocking state [ 862.128135][ T2439] bridge0: port 1(bridge_slave_0) entered forwarding state [ 862.135767][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 862.143697][ T2439] bridge0: port 2(bridge_slave_1) entered blocking state [ 862.150525][ T2439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 862.157704][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 862.165477][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 862.179233][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 862.190140][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 862.198037][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 862.205322][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 862.213412][T25019] device veth0_vlan entered promiscuous mode [ 862.224129][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 862.234460][T25019] device veth1_macvtap entered promiscuous mode [ 862.244092][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 862.254280][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 862.268826][ T409] device bridge_slave_1 left promiscuous mode [ 862.274825][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 862.282559][ T409] device bridge_slave_0 left promiscuous mode [ 862.288555][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 862.296845][ T409] device veth1_macvtap left promiscuous mode [ 862.303735][ T409] device veth0_vlan left promiscuous mode [ 862.381934][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.390127][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.397415][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.404569][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.411844][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.419152][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.426404][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.433628][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.440884][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.448067][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.455405][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.463014][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.470375][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.477614][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.484827][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.492065][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.499306][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.506480][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.513636][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.520907][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.528108][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.535337][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.542633][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.550026][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.557833][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.565105][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.572286][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.579488][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.586707][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.593965][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.601096][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.608402][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.615603][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.622756][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.631230][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.638511][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.645646][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.652882][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.660084][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.667295][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.674565][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.681899][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.689124][T20586] hid-generic 0000:0000:0000.0094: unknown main item tag 0x0 [ 862.699420][T20586] hid-generic 0000:0000:0000.0094: hidraw0: HID v0.00 Device [syz0] on syz0 [ 863.219946][T25059] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 863.591307][T25081] loop4: detected capacity change from 0 to 256 [ 863.621430][ T5782] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 863.799280][ T28] audit: type=1326 audit(1717794847.457:68137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 863.823952][ T28] audit: type=1326 audit(1717794847.457:68138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 863.848224][ T28] audit: type=1326 audit(1717794847.457:68139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 863.872222][ T28] audit: type=1326 audit(1717794847.457:68140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 863.897673][ T28] audit: type=1326 audit(1717794847.457:68141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 863.921749][ T28] audit: type=1326 audit(1717794847.457:68142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 863.924762][ T5782] usb 2-1: Using ep0 maxpacket: 16 [ 863.945786][ T28] audit: type=1326 audit(1717794847.475:68143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 863.974730][ T28] audit: type=1326 audit(1717794847.475:68144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efe5c07a6e7 code=0x7ffc0000 [ 863.999022][ T28] audit: type=1326 audit(1717794847.475:68145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25084 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efe5c0403b9 code=0x7ffc0000 [ 864.098134][ T5782] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 864.109053][ T5782] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 864.118537][ T5782] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 864.131187][ T5782] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 864.139961][ T5782] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 864.148279][ T5782] usb 2-1: config 0 descriptor?? [ 864.219921][T25093] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 864.242067][T25095] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 864.356064][T25101] loop3: detected capacity change from 0 to 256 [ 864.662557][ T5782] microsoft 0003:045E:07DA.0095: No inputs registered, leaving [ 864.670286][ T5782] microsoft 0003:045E:07DA.0095: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 864.681700][ T5782] microsoft 0003:045E:07DA.0095: no inputs found [ 864.687860][ T5782] microsoft 0003:045E:07DA.0095: could not initialize ff, continuing anyway [ 864.698906][T25118] EXT4-fs warning (device sda1): ext4_block_to_path:107: block 1090519040 > max in inode 1935 [ 864.884423][T20586] usb 2-1: USB disconnect, device number 72 [ 865.214378][ T24] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 865.244030][T25139] loop2: detected capacity change from 0 to 16 [ 865.258298][T25139] erofs: (device loop2): mounted with root inode @ nid 36. [ 865.495721][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 865.626077][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 865.752992][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 865.764395][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 865.777255][ T24] usb 4-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 865.789991][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 865.799824][ T24] usb 4-1: config 0 descriptor?? [ 866.375430][T25165] loop1: detected capacity change from 0 to 40427 [ 866.385340][T25167] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'raw' [ 866.396868][T25165] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 866.405837][T25165] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 866.408345][ T24] ryos 0003:1E7D:31CE.0096: unknown main item tag 0x0 [ 866.417534][T25165] F2FS-fs (loop1): invalid crc value [ 866.421581][ T24] ryos 0003:1E7D:31CE.0096: unbalanced collection at end of report description [ 866.427986][T25165] F2FS-fs (loop1): Found nat_bits in checkpoint [ 866.434767][ T24] ryos 0003:1E7D:31CE.0096: parse failed [ 866.446229][ T24] ryos: probe of 0003:1E7D:31CE.0096 failed with error -22 [ 866.474137][T25165] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 866.481097][T25165] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 866.710657][T25175] overlayfs: failed to resolve './file0': -2 [ 866.888256][T12244] usb 4-1: USB disconnect, device number 72 [ 867.088976][T25184] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.4'. [ 867.204870][T16774] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 867.213983][T16774] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 867.346610][T25192] validate_nla: 17 callbacks suppressed [ 867.346627][T25192] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 867.361887][T25192] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 867.469716][ T28] kauditd_printk_skb: 29 callbacks suppressed [ 867.469732][ T28] audit: type=1326 audit(1717794850.844:68175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 867.499782][ T28] audit: type=1326 audit(1717794850.844:68176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 867.524011][ T28] audit: type=1326 audit(1717794850.844:68177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 867.548339][ T28] audit: type=1326 audit(1717794850.844:68178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 867.572364][ T28] audit: type=1326 audit(1717794850.844:68179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 867.596387][ T28] audit: type=1326 audit(1717794850.844:68180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 867.620591][ T28] audit: type=1326 audit(1717794850.900:68181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 867.644754][ T28] audit: type=1326 audit(1717794850.927:68182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f16ab27a6e7 code=0x7ffc0000 [ 867.668583][ T28] audit: type=1326 audit(1717794850.927:68183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ab2403b9 code=0x7ffc0000 [ 867.692461][ T28] audit: type=1326 audit(1717794850.927:68184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25198 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f16ab27a6e7 code=0x7ffc0000 [ 868.582130][T25224] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 868.745972][ T24] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 868.854383][T20586] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 869.006058][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 869.085909][T25239] loop2: detected capacity change from 0 to 256 [ 869.105275][ T5782] kernel write not supported for file bpf-prog (pid: 5782 comm: kworker/0:7) [ 869.136104][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 869.146839][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 869.156362][ T24] usb 5-1: New USB device found, idVendor=056a, idProduct=00fa, bcdDevice= 0.00 [ 869.165439][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.174379][ T24] usb 5-1: config 0 descriptor?? [ 869.244425][T20586] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 869.265235][T20586] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 869.287598][T20586] usb 4-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 869.296519][T20586] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 869.308437][T20586] usb 4-1: config 0 descriptor?? [ 869.601134][T25251] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.1'. [ 869.618093][T25251] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=25251 comm=syz-executor.1 [ 869.631665][T25251] overlayfs: unrecognized mount option "\" or missing value [ 869.701200][ T24] wacom 0003:056A:00FA.0097: hidraw0: USB HID v0.00 Device [HID 056a:00fa] on usb-dummy_hcd.4-1/input0 [ 869.875335][T20586] hid-led 0003:1D34:000A.0098: unknown main item tag 0x0 [ 869.890978][T25257] 9pnet_fd: Insufficient options for proto=fd [ 869.919485][ T24] usb 5-1: USB disconnect, device number 65 [ 870.073103][T20586] hid-led 0003:1D34:000A.0098: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.3-1/input0 [ 870.096145][T20586] hid-led 0003:1D34:000A.0098: Dream Cheeky Webmail Notifier initialized [ 870.286000][ T5782] usb 4-1: USB disconnect, device number 73 [ 870.476124][T25273] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=25273 comm=syz-executor.0 [ 870.771983][T12244] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 870.793518][T25282] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 870.804227][T25282] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=25282 comm=syz-executor.4 [ 870.818101][T25282] overlayfs: unrecognized mount option "\" or missing value [ 871.042870][T12244] usb 3-1: Using ep0 maxpacket: 32 [ 871.389552][T12244] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 871.400525][T12244] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 871.484686][T25303] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=25303 comm=syz-executor.0 [ 871.552088][T12244] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 871.561014][T12244] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 871.569179][T12244] usb 3-1: Product: syz [ 871.573160][T12244] usb 3-1: Manufacturer: syz [ 871.622313][T25307] loop4: detected capacity change from 0 to 512 [ 871.628902][T12244] hub 3-1:4.0: USB hub found [ 871.643748][T25307] EXT4-fs (loop4): orphan cleanup on readonly fs [ 871.650793][T25307] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 64: padding at end of block bitmap is not set [ 871.665344][T25307] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 871.674213][T25307] EXT4-fs (loop4): 1 orphan inode deleted [ 871.681964][T25307] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 871.743589][T25019] EXT4-fs (loop4): unmounting filesystem. [ 871.806912][T25314] loop4: detected capacity change from 0 to 256 [ 871.822361][T25314] FAT-fs (loop4): IO charset macgr not found [ 871.877148][T12244] hub 3-1:4.0: 2 ports detected [ 871.879057][T25316] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 871.897580][T25316] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=25316 comm=syz-executor.0 [ 871.911033][T25316] overlayfs: unrecognized mount option "\" or missing value [ 872.017904][T20586] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 872.407979][T20586] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 872.418681][T20586] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 872.428384][T20586] usb 2-1: New USB device found, idVendor=1d34, idProduct=000a, bcdDevice= 0.00 [ 872.437696][T20586] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 872.446098][T20586] usb 2-1: config 0 descriptor?? [ 872.770300][T25337] tipc: Failed to remove unknown binding: 66,1,1/0:3131821677/3131821679 [ 872.781069][T25337] tipc: Failed to remove unknown binding: 66,1,1/0:3131821677/3131821679 [ 872.971336][ T24] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 873.003093][ T28] kauditd_printk_skb: 71 callbacks suppressed [ 873.003110][ T28] audit: type=1326 audit(1717794855.949:68250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25338 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f16ab27cf69 code=0x0 [ 873.048392][T20586] hid-led 0003:1D34:000A.0099: unknown main item tag 0x0 [ 873.286202][T20586] hid-led 0003:1D34:000A.0099: hidraw0: USB HID v0.00 Device [HID 1d34:000a] on usb-dummy_hcd.1-1/input0 [ 873.297958][T20586] hid-led 0003:1D34:000A.0099: Dream Cheeky Webmail Notifier initialized [ 873.372226][T12244] hub 3-1:4.0: activate --> -90 [ 873.372237][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 873.387633][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 873.397153][ T24] usb 1-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 873.406004][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 873.414375][ T24] usb 1-1: config 0 descriptor?? [ 873.465819][T25332] tipc: Failed to remove unknown binding: 66,1,1/0:3131821677/3131821679 [ 873.474190][T25332] tipc: Failed to remove unknown binding: 66,1,1/0:3131821677/3131821679 [ 873.507340][T20586] usb 2-1: USB disconnect, device number 73 [ 873.827732][ T356] usb 3-1: USB disconnect, device number 65 [ 873.936389][ T24] arvo 0003:1E7D:30D4.009A: unknown main item tag 0x0 [ 873.943049][ T24] arvo 0003:1E7D:30D4.009A: unknown main item tag 0x0 [ 873.950191][ T24] arvo 0003:1E7D:30D4.009A: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.0-1/input0 [ 874.109020][T12244] usb 3-1-port2: config error [ 874.174028][ T24] arvo 0003:1E7D:30D4.009A: couldn't init struct arvo_device [ 874.181533][ T24] arvo 0003:1E7D:30D4.009A: couldn't install keyboard [ 874.188727][ T24] arvo: probe of 0003:1E7D:30D4.009A failed with error -5 [ 874.392352][ T356] usb 1-1: USB disconnect, device number 79 [ 874.765130][T25368] overlayfs: invalid redirect ((null)) [ 875.326181][T25387] loop3: detected capacity change from 0 to 16 [ 875.354616][T25387] erofs: (device loop3): erofs_init_device: empty device tag @ pos 0 [ 875.546534][T25395] loop1: detected capacity change from 0 to 512 [ 875.559103][T25395] EXT4-fs (loop1): orphan cleanup on readonly fs [ 875.565435][T25395] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor.1: corrupted in-inode xattr [ 875.578031][T25395] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 875.590199][T25395] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 875.602706][T25395] EXT4-fs (loop1): unmounting filesystem. [ 875.613006][T25395] 9pnet_fd: Insufficient options for proto=fd [ 875.624506][T25395] loop1: detected capacity change from 0 to 512 [ 875.631086][T25395] EXT4-fs: Ignoring removed nomblk_io_submit option [ 875.638944][T25395] EXT4-fs (sda1): can't mount with journal_async_commit in data=ordered mode [ 875.645434][T25401] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=129 sclass=netlink_route_socket pid=25401 comm=syz-executor.0 [ 875.661914][T25393] bridge0: port 3(gretap0) entered blocking state [ 875.671742][T25393] bridge0: port 3(gretap0) entered disabled state [ 875.678864][T25393] device gretap0 entered promiscuous mode [ 875.684837][T25393] bridge0: port 3(gretap0) entered blocking state [ 875.691095][T25393] bridge0: port 3(gretap0) entered forwarding state [ 875.698396][T25393] device gretap0 left promiscuous mode [ 875.704295][T25393] bridge0: port 3(gretap0) entered disabled state [ 875.951594][T25406] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 876.164220][T25412] loop2: detected capacity change from 0 to 256 [ 876.180129][T25412] FAT-fs (loop2): IO charset macgr not found [ 876.362523][ T2439] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 876.752531][ T2439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 876.763353][ T2439] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 876.772940][ T2439] usb 2-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 876.782156][ T2439] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 876.788290][T25432] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=129 sclass=netlink_route_socket pid=25432 comm=syz-executor.4 [ 876.790736][ T2439] usb 2-1: config 0 descriptor?? [ 877.113023][T25443] loop3: detected capacity change from 0 to 128 [ 877.128280][T25443] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1) [ 877.522407][ T2439] arvo 0003:1E7D:30D4.009B: unknown main item tag 0x0 [ 877.529036][ T2439] arvo 0003:1E7D:30D4.009B: unknown main item tag 0x0 [ 877.536519][ T2439] arvo 0003:1E7D:30D4.009B: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.1-1/input0 [ 877.760155][ T2439] arvo 0003:1E7D:30D4.009B: couldn't init struct arvo_device [ 877.767450][ T2439] arvo 0003:1E7D:30D4.009B: couldn't install keyboard [ 877.777166][ T2439] arvo: probe of 0003:1E7D:30D4.009B failed with error -5 [ 877.960799][T25454] overlayfs: failed to resolve './file0': -2 [ 877.985329][ T356] usb 2-1: USB disconnect, device number 74 [ 878.229884][T25467] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=129 sclass=netlink_route_socket pid=25467 comm=syz-executor.4 [ 878.449466][T25475] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 878.519151][T25482] loop4: detected capacity change from 0 to 256 [ 878.686486][ T28] audit: type=1326 audit(1717794861.191:68251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25491 comm="syz-executor.4" exe="/root/syz-executor.4" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f16ab27cf69 code=0x0 [ 878.769245][T25497] geneve1: tun_chr_ioctl cmd 10 [ 878.809377][T25500] device syzkaller0 entered promiscuous mode [ 878.826830][T25501] syz-executor.1[25501] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 878.826908][T25501] syz-executor.1[25501] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 879.363613][ T24] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 879.634516][T20586] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 879.700927][T25530] syz-executor.4[25530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 879.701010][T25530] syz-executor.4[25530] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 879.764466][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 879.786870][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 879.796443][ T24] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 879.805364][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 879.813958][ T24] usb 4-1: config 0 descriptor?? [ 879.916082][T20586] usb 3-1: Using ep0 maxpacket: 32 [ 880.046130][T20586] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 880.057091][T20586] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 880.086700][T25537] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 880.187010][T20586] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 880.195955][T20586] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 880.204245][T20586] usb 3-1: Product: syz [ 880.208271][T20586] usb 3-1: Manufacturer: syz [ 880.220551][T25539] loop4: detected capacity change from 0 to 2048 [ 880.252284][T20586] hub 3-1:4.0: USB hub found [ 880.268536][T25539] loop4: p2 p3 p7 [ 880.347505][ T24] arvo 0003:1E7D:30D4.009C: unknown main item tag 0x0 [ 880.354182][ T24] arvo 0003:1E7D:30D4.009C: unknown main item tag 0x0 [ 880.361788][ T24] arvo 0003:1E7D:30D4.009C: hidraw0: USB HID v0.00 Device [HID 1e7d:30d4] on usb-dummy_hcd.3-1/input0 [ 880.631679][ T24] arvo 0003:1E7D:30D4.009C: couldn't init struct arvo_device [ 880.639912][ T24] arvo 0003:1E7D:30D4.009C: couldn't install keyboard [ 880.647319][T20586] hub 3-1:4.0: 2 ports detected [ 880.699046][ T24] arvo: probe of 0003:1E7D:30D4.009C failed with error -5 [ 880.859307][ T356] usb 4-1: USB disconnect, device number 74 [ 881.766809][T25558] loop4: detected capacity change from 0 to 128 [ 881.796336][T25558] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 882.150014][T20586] hub 3-1:4.0: activate --> -90 [ 882.232117][T25570] loop3: detected capacity change from 0 to 256 [ 882.604540][ T2439] usb 3-1: USB disconnect, device number 66 [ 882.815432][T25577] overlayfs: failed to resolve './file0': -2 [ 882.884696][T20586] usb 3-1-port2: config error [ 882.978332][ T28] audit: type=1326 audit(1717794865.151:68252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 883.002413][ T28] audit: type=1326 audit(1717794865.151:68253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 883.026545][ T28] audit: type=1326 audit(1717794865.151:68254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 883.050628][ T28] audit: type=1326 audit(1717794865.151:68255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 883.074628][ T28] audit: type=1326 audit(1717794865.151:68256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 883.098672][ T28] audit: type=1326 audit(1717794865.179:68257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 883.122697][ T28] audit: type=1326 audit(1717794865.179:68258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7efe5c07a6e7 code=0x7ffc0000 [ 883.147337][ T28] audit: type=1326 audit(1717794865.179:68259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7efe5c0403b9 code=0x7ffc0000 [ 883.171829][ T28] audit: type=1326 audit(1717794865.179:68260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25580 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe5c07cf69 code=0x7ffc0000 [ 883.520730][T25597] loop4: detected capacity change from 0 to 256 [ 883.956037][T25609] bridge0: port 1(bridge_slave_0) entered blocking state [ 883.963944][T25609] bridge0: port 1(bridge_slave_0) entered disabled state [ 883.971523][T25609] device bridge_slave_0 entered promiscuous mode [ 883.978260][T25609] bridge0: port 2(bridge_slave_1) entered blocking state [ 883.985157][T25609] bridge0: port 2(bridge_slave_1) entered disabled state [ 883.992410][T25609] device bridge_slave_1 entered promiscuous mode [ 884.005250][T25617] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.012305][T25617] bridge0: port 2(bridge_slave_1) entered blocking state [ 884.019138][T25617] bridge0: port 2(bridge_slave_1) entered forwarding state [ 884.069350][T25609] bridge0: port 2(bridge_slave_1) entered blocking state [ 884.076192][T25609] bridge0: port 2(bridge_slave_1) entered forwarding state [ 884.083285][T25609] bridge0: port 1(bridge_slave_0) entered blocking state [ 884.090080][T25609] bridge0: port 1(bridge_slave_0) entered forwarding state [ 884.112336][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 884.119674][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 884.127193][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.139903][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 884.148153][T12244] bridge0: port 1(bridge_slave_0) entered blocking state [ 884.155013][T12244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 884.165106][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 884.173332][T20586] bridge0: port 2(bridge_slave_1) entered blocking state [ 884.180195][T20586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 884.207368][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 884.215982][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 884.224007][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 884.235385][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 884.243851][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 884.251373][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 884.258648][T25609] device veth0_vlan entered promiscuous mode [ 884.274052][T25609] device veth1_macvtap entered promiscuous mode [ 884.281037][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 884.296361][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 884.305327][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 884.315692][T16774] device bridge_slave_1 left promiscuous mode [ 884.321760][T16774] bridge0: port 2(bridge_slave_1) entered disabled state [ 884.329072][T16774] device bridge_slave_0 left promiscuous mode [ 884.335070][T16774] bridge0: port 1(bridge_slave_0) entered disabled state [ 884.342774][T16774] device veth1_macvtap left promiscuous mode [ 884.348710][T16774] device veth0_vlan left promiscuous mode [ 884.440022][T25629] loop2: detected capacity change from 0 to 512 [ 884.468663][T25629] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 884.479655][T25629] ext4 filesystem being mounted at /root/syzkaller-testdir1512132667/syzkaller.W7WkkS/97/file0 supports timestamps until 2038 (0x7fffffff) [ 884.501861][T25629] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #2: comm syz-executor.2: corrupted inode contents [ 884.514066][T25629] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor.2: mark_inode_dirty error [ 884.526079][T25629] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #2: comm syz-executor.2: corrupted inode contents [ 884.529372][T25637] loop4: detected capacity change from 0 to 256 [ 884.538904][T25629] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #2: comm syz-executor.2: mark_inode_dirty error [ 884.565474][T25637] FAT-fs (loop4): Directory bread(block 64) failed [ 884.571811][T25637] FAT-fs (loop4): Directory bread(block 65) failed [ 884.578492][T25637] FAT-fs (loop4): Directory bread(block 66) failed [ 884.584806][T25637] FAT-fs (loop4): Directory bread(block 67) failed [ 884.591182][T25637] FAT-fs (loop4): Directory bread(block 68) failed [ 884.597603][T25637] FAT-fs (loop4): Directory bread(block 69) failed [ 884.604916][T25637] FAT-fs (loop4): Directory bread(block 70) failed [ 884.611823][T25637] FAT-fs (loop4): Directory bread(block 71) failed [ 884.618281][T25637] FAT-fs (loop4): Directory bread(block 72) failed [ 884.620635][T25640] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 884.624663][T25637] FAT-fs (loop4): Directory bread(block 73) failed [ 884.643580][T25640] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 884.701308][T24111] EXT4-fs (loop2): unmounting filesystem. [ 885.314893][T25672] loop1: detected capacity change from 0 to 256 [ 885.335094][T25672] FAT-fs (loop1): Directory bread(block 64) failed [ 885.341483][T25672] FAT-fs (loop1): Directory bread(block 65) failed [ 885.348468][ T28] kauditd_printk_skb: 5032 callbacks suppressed [ 885.348482][ T28] audit: type=1326 audit(1717794867.348:73293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 885.378457][T25672] FAT-fs (loop1): Directory bread(block 66) failed [ 885.378483][T25672] FAT-fs (loop1): Directory bread(block 67) failed [ 885.378516][T25672] FAT-fs (loop1): Directory bread(block 68) failed [ 885.378534][T25672] FAT-fs (loop1): Directory bread(block 69) failed [ 885.405065][T25672] FAT-fs (loop1): Directory bread(block 70) failed [ 885.411473][T25672] FAT-fs (loop1): Directory bread(block 71) failed [ 885.417818][T25672] FAT-fs (loop1): Directory bread(block 72) failed [ 885.424225][T25672] FAT-fs (loop1): Directory bread(block 73) failed [ 885.450853][ T28] audit: type=1326 audit(1717794867.348:73294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 885.475381][ T28] audit: type=1326 audit(1717794867.348:73295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 885.499459][ T28] audit: type=1326 audit(1717794867.348:73296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 885.523693][ T28] audit: type=1326 audit(1717794867.348:73297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 885.547914][ T28] audit: type=1326 audit(1717794867.348:73298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 885.573277][ T28] audit: type=1326 audit(1717794867.403:73299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 885.597311][ T28] audit: type=1326 audit(1717794867.403:73300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f16ab27a6e7 code=0x7ffc0000 [ 885.621264][ T28] audit: type=1326 audit(1717794867.403:73301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ab2403b9 code=0x7ffc0000 [ 885.645256][ T28] audit: type=1326 audit(1717794867.403:73302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25669 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 886.169265][T25697] loop1: detected capacity change from 0 to 1024 [ 886.204518][T25697] EXT4-fs: Ignoring removed nomblk_io_submit option [ 886.212178][T25697] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 886.226055][T25697] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 886.253547][T25690] loop2: detected capacity change from 0 to 40427 [ 886.273315][T25690] F2FS-fs (loop2): Found nat_bits in checkpoint [ 886.310053][T25690] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 886.361535][T24111] syz-executor.2: attempt to access beyond end of device [ 886.361535][T24111] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 886.558126][T25714] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 886.931902][T25728] loop4: detected capacity change from 0 to 256 [ 886.955293][T25728] FAT-fs (loop4): Directory bread(block 64) failed [ 886.961829][T25728] FAT-fs (loop4): Directory bread(block 65) failed [ 886.968430][T25728] FAT-fs (loop4): Directory bread(block 66) failed [ 886.974786][T25728] FAT-fs (loop4): Directory bread(block 67) failed [ 886.981311][T25728] FAT-fs (loop4): Directory bread(block 68) failed [ 886.987695][T25728] FAT-fs (loop4): Directory bread(block 69) failed [ 886.994108][T25728] FAT-fs (loop4): Directory bread(block 70) failed [ 887.000453][T25728] FAT-fs (loop4): Directory bread(block 71) failed [ 887.006855][T25728] FAT-fs (loop4): Directory bread(block 72) failed [ 887.013296][T25728] FAT-fs (loop4): Directory bread(block 73) failed [ 887.079312][T16774] kworker/u4:1: attempt to access beyond end of device [ 887.079312][T16774] loop4: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 887.079876][T25609] EXT4-fs (loop1): unmounting filesystem. [ 887.347350][T25736] loop1: detected capacity change from 0 to 40427 [ 887.366023][T25736] F2FS-fs (loop1): Found nat_bits in checkpoint [ 887.414041][T25736] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 887.447081][T25745] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 887.481989][T25609] syz-executor.1: attempt to access beyond end of device [ 887.481989][T25609] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 887.706695][T25761] loop2: detected capacity change from 0 to 256 [ 887.725872][T25761] FAT-fs (loop2): Directory bread(block 64) failed [ 887.733016][T25761] FAT-fs (loop2): Directory bread(block 65) failed [ 887.739465][T25761] FAT-fs (loop2): Directory bread(block 66) failed [ 887.745832][T25761] FAT-fs (loop2): Directory bread(block 67) failed [ 887.752257][T25761] FAT-fs (loop2): Directory bread(block 68) failed [ 887.758792][T25761] FAT-fs (loop2): Directory bread(block 69) failed [ 887.765197][T25761] FAT-fs (loop2): Directory bread(block 70) failed [ 887.771472][T25761] FAT-fs (loop2): Directory bread(block 71) failed [ 887.777819][T25761] FAT-fs (loop2): Directory bread(block 72) failed [ 887.784375][T25761] FAT-fs (loop2): Directory bread(block 73) failed [ 887.861727][ T409] kworker/u4:5: attempt to access beyond end of device [ 887.861727][ T409] loop2: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 888.505367][T25785] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 888.514733][T25785] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.2'. [ 890.425984][T25862] device pim6reg1 entered promiscuous mode [ 891.086206][T12244] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 891.756440][T12244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 891.767165][T12244] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 891.776715][T12244] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 891.785549][T12244] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 891.794566][T12244] usb 3-1: config 0 descriptor?? [ 891.945267][ T28] kauditd_printk_skb: 2937 callbacks suppressed [ 891.945281][ T28] audit: type=1326 audit(1717794873.430:76240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=25883 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7fc00000 [ 892.289015][T12244] hid (null): bogus close delimiter [ 892.470598][T25928] loop3: detected capacity change from 0 to 512 [ 892.488187][T25928] EXT4-fs (loop3): Test dummy encryption mode enabled [ 892.496512][T25928] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.3: inline data xattr refers to an external xattr inode [ 892.511750][T25928] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 12 (err -117) [ 892.524032][T25928] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 892.576225][T24039] EXT4-fs (loop3): unmounting filesystem. [ 892.830488][T12244] usb 3-1: string descriptor 0 read error: -71 [ 892.852852][T12244] uclogic 0003:256C:006D.009D: failed retrieving string descriptor #200: -71 [ 892.866835][T12244] uclogic 0003:256C:006D.009D: failed retrieving pen parameters: -71 [ 892.875165][T12244] uclogic 0003:256C:006D.009D: failed probing pen v2 parameters: -71 [ 892.885419][T12244] uclogic 0003:256C:006D.009D: failed probing parameters: -71 [ 892.893615][T12244] uclogic: probe of 0003:256C:006D.009D failed with error -71 [ 892.901720][T12244] usb 3-1: USB disconnect, device number 67 [ 893.014754][ T5782] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 893.037153][T25952] bridge0: port 1(bridge_slave_0) entered blocking state [ 893.043986][T25952] bridge0: port 1(bridge_slave_0) entered disabled state [ 893.051688][T25952] device bridge_slave_0 entered promiscuous mode [ 893.058466][T25952] bridge0: port 2(bridge_slave_1) entered blocking state [ 893.065304][T25952] bridge0: port 2(bridge_slave_1) entered disabled state [ 893.072619][T25952] device bridge_slave_1 entered promiscuous mode [ 893.126138][T25952] bridge0: port 2(bridge_slave_1) entered blocking state [ 893.132978][T25952] bridge0: port 2(bridge_slave_1) entered forwarding state [ 893.140068][T25952] bridge0: port 1(bridge_slave_0) entered blocking state [ 893.146878][T25952] bridge0: port 1(bridge_slave_0) entered forwarding state [ 893.173090][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 893.180685][ T314] bridge0: port 1(bridge_slave_0) entered disabled state [ 893.187743][ T314] bridge0: port 2(bridge_slave_1) entered disabled state [ 893.199811][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 893.208044][T20586] bridge0: port 1(bridge_slave_0) entered blocking state [ 893.214924][T20586] bridge0: port 1(bridge_slave_0) entered forwarding state [ 893.223916][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 893.232232][T20586] bridge0: port 2(bridge_slave_1) entered blocking state [ 893.239066][T20586] bridge0: port 2(bridge_slave_1) entered forwarding state [ 893.256533][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 893.264730][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 893.281213][T25952] device veth0_vlan entered promiscuous mode [ 893.290334][ T230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 893.296336][ T5782] usb 4-1: Using ep0 maxpacket: 8 [ 893.298665][ T230] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 893.312000][ T230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 893.319278][ T230] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 893.333217][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 893.342196][T25952] device veth1_macvtap entered promiscuous mode [ 893.351484][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 893.362070][T20586] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 893.437217][ T5782] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 893.447951][ T5782] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 893.457494][ T5782] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.00 [ 893.466350][ T5782] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 893.474663][ T5782] usb 4-1: config 0 descriptor?? [ 893.525123][T16774] device bridge_slave_1 left promiscuous mode [ 893.531125][T16774] bridge0: port 2(bridge_slave_1) entered disabled state [ 893.538523][T16774] device bridge_slave_0 left promiscuous mode [ 893.544509][T16774] bridge0: port 1(bridge_slave_0) entered disabled state [ 893.552454][T16774] device veth1_macvtap left promiscuous mode [ 893.843283][T25972] loop1: detected capacity change from 0 to 512 [ 893.860167][T25972] EXT4-fs (loop1): Test dummy encryption mode enabled [ 894.060350][T25972] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.1: inline data xattr refers to an external xattr inode [ 894.079434][T25972] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 12 (err -117) [ 894.104329][ T5782] ryos 0003:1E7D:3232.009E: unknown main item tag 0x0 [ 894.104578][T25972] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 894.111481][ T5782] ryos 0003:1E7D:3232.009E: unknown main item tag 0x0 [ 894.126270][ T5782] ryos 0003:1E7D:3232.009E: unknown main item tag 0x0 [ 894.132865][ T5782] ryos 0003:1E7D:3232.009E: unknown main item tag 0x0 [ 894.139426][ T5782] ryos 0003:1E7D:3232.009E: unknown main item tag 0x0 [ 894.146710][ T5782] ryos 0003:1E7D:3232.009E: hidraw0: USB HID v0.00 Device [HID 1e7d:3232] on usb-dummy_hcd.3-1/input0 [ 894.176224][T25609] EXT4-fs (loop1): unmounting filesystem. [ 894.208176][ T2439] usb 4-1: USB disconnect, device number 75 [ 894.626948][T25991] loop2: detected capacity change from 0 to 2048 [ 894.663108][T25991] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 894.674043][T25991] EXT4-fs error (device loop2): ext4_ext_precache:627: inode #2: comm syz-executor.2: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 894.691904][T25991] EXT4-fs (loop2): Remounting filesystem read-only [ 894.748737][T24111] EXT4-fs (loop2): unmounting filesystem. [ 895.853226][ T314] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 896.145754][ T314] usb 3-1: Using ep0 maxpacket: 32 [ 896.201837][T26052] loop1: detected capacity change from 0 to 2048 [ 896.252672][T26052] loop1: p2 p3 p7 [ 896.286656][ T314] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 896.297814][ T314] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 896.658457][ T314] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 896.667425][ T314] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 896.676135][ T314] usb 3-1: Product: syz [ 896.680159][ T314] usb 3-1: Manufacturer: syz [ 896.722215][ T314] hub 3-1:4.0: USB hub found [ 896.724719][T26059] loop3: detected capacity change from 0 to 2048 [ 896.754364][T26059] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 896.765573][T26059] EXT4-fs error (device loop3): ext4_ext_precache:627: inode #2: comm syz-executor.3: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 896.783581][T26059] EXT4-fs (loop3): Remounting filesystem read-only [ 896.838504][T24039] EXT4-fs (loop3): unmounting filesystem. [ 896.958393][ T314] hub 3-1:4.0: 2 ports detected [ 897.107066][T26068] loop3: detected capacity change from 0 to 40427 [ 897.138587][T26068] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 897.146269][T26068] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 897.157064][T26068] F2FS-fs (loop3): Found nat_bits in checkpoint [ 897.193700][ T314] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 897.199903][T26068] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 897.208656][ T314] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 897.222778][T26068] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 897.229652][T26068] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 897.257673][ T314] usb 3-1: USB disconnect, device number 68 [ 898.077326][T24039] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 898.077348][T24039] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 898.084746][T24039] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 898.092168][T24039] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 898.099643][T24039] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 898.107279][T24039] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 898.114682][T24039] F2FS-fs (loop3): invalid namelen(0), ino:0, run fsck to fix. [ 898.307522][T26087] loop2: detected capacity change from 0 to 512 [ 898.353043][T26087] EXT4-fs (loop2): Test dummy encryption mode enabled [ 898.361333][T26087] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode [ 898.376523][T26087] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 12 (err -117) [ 898.388650][T26087] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 898.437665][T24111] EXT4-fs (loop2): unmounting filesystem. [ 899.276924][T20586] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 899.536890][T20586] usb 3-1: Using ep0 maxpacket: 32 [ 899.666917][T20586] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 899.677769][T20586] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 899.807782][T20586] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 899.817043][T20586] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 899.825377][T20586] usb 3-1: Product: syz [ 899.829488][T20586] usb 3-1: Manufacturer: syz [ 899.873178][T20586] hub 3-1:4.0: USB hub found [ 899.994175][T26163] loop1: detected capacity change from 0 to 256 [ 900.027449][T26163] FAT-fs (loop1): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 900.111140][T20586] hub 3-1:4.0: 2 ports detected [ 900.338655][T20586] hub 3-1:4.0: hub_hub_status failed (err = -71) [ 900.345107][T20586] hub 3-1:4.0: config failed, can't get hub status (err -71) [ 900.382109][T20586] usb 3-1: USB disconnect, device number 69 [ 900.717821][ T28] audit: type=1400 audit(1717794881.516:76241): avc: denied { nlmsg_read } for pid=26197 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 900.773867][T26192] loop4: detected capacity change from 0 to 40427 [ 900.788640][T26192] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 900.796304][T26192] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 900.819049][T26198] loop1: detected capacity change from 0 to 2048 [ 900.826880][T26192] F2FS-fs (loop4): Found nat_bits in checkpoint [ 900.867535][T26192] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 900.880875][T26192] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 900.887864][T26192] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 901.567022][T25019] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 901.567046][T25019] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 901.577589][T25019] F2FS-fs (loop4): invalid namelen(0), ino:0, run fsck to fix. [ 901.732366][T26219] loop2: detected capacity change from 0 to 16 [ 901.776255][T26219] erofs: (device loop2): mounted with root inode @ nid 36. [ 901.928967][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.937001][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.945013][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.953062][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.960950][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.968872][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.977295][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.985464][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 901.993710][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.001930][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.011070][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.020619][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.028763][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.029272][T26224] device syzkaller0 entered promiscuous mode [ 902.037189][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.051134][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.059412][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.067815][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.083413][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.091719][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.099813][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.108116][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.116125][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.124061][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.132082][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.140110][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.148448][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.156585][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.165016][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.173050][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.181361][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.189357][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.197850][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.206009][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.214026][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.222019][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.230019][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.237973][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.246028][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.253974][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.261910][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.273331][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.281335][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.296243][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.308447][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.317134][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.325220][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.333264][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.341217][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.349465][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.358229][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.366626][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.374772][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.382911][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.391279][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.399514][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.407520][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.416716][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.424776][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.432835][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.440907][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.448979][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.458551][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.467296][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.475564][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.483574][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.491591][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.500151][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.508322][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.522428][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.535335][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.544778][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.553071][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.561356][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.569810][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.577956][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.587556][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.595682][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.603983][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.612235][ T28] audit: type=1326 audit(1717794883.269:76242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 902.612778][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.644790][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.655087][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.658038][ T28] audit: type=1326 audit(1717794883.269:76243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 902.666106][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.695135][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.703252][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.711540][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.719535][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.720175][ T28] audit: type=1326 audit(1717794883.306:76244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 902.727620][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.751376][ T28] audit: type=1326 audit(1717794883.306:76245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 902.783503][ T28] audit: type=1326 audit(1717794883.306:76246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 902.796325][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.819664][ T28] audit: type=1326 audit(1717794883.306:76247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 902.829528][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.851716][ T28] audit: type=1326 audit(1717794883.306:76248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f16ab27cf69 code=0x7ffc0000 [ 902.861227][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.875771][ T28] audit: type=1326 audit(1717794883.306:76249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f16ab27a6e7 code=0x7ffc0000 [ 902.895653][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.916981][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.927710][ T28] audit: type=1326 audit(1717794883.306:76250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26248 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f16ab2403b9 code=0x7ffc0000 [ 902.931773][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.971562][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.980206][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.988733][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 902.997032][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.005735][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.008334][T26245] loop3: detected capacity change from 0 to 40427 [ 903.013791][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.027854][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.032257][T26245] F2FS-fs (loop3): invalid crc value [ 903.035988][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.042297][T26245] F2FS-fs (loop3): Wrong journal entry on segno 65538 [ 903.048831][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.055936][T26245] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117) [ 903.063209][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.078831][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.086840][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.094900][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.102992][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.111052][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.119420][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.127447][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.135484][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.143875][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.152058][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.160416][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.168479][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.176490][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.185238][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.193424][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.201685][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.209825][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.217886][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.226608][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.235283][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.243834][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.252215][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.260450][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.271728][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.280168][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.288600][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.296631][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.304621][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.312683][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.320719][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.328692][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.336754][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.345283][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.353463][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.361488][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.369448][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.377436][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.385603][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.393761][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.402075][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.410253][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.418410][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.427072][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.435201][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.443430][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.451566][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.459838][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.467767][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.476035][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.484246][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.492246][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.500282][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.508258][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.516329][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.524346][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.532510][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.540581][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.548676][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.556909][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.565097][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.573637][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.581641][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.590037][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.597981][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.606207][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.614206][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.622207][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.630181][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.638115][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.646101][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.654038][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.661988][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.665628][T26261] loop1: detected capacity change from 0 to 2048 [ 903.670160][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.683922][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.691885][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.700223][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.708403][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.716387][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.724863][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.728703][T26261] loop1: p2 p3 p7 [ 903.733109][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.744203][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.752204][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.760340][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.768266][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.776225][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.785189][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.793188][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.801264][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.819077][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.827811][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.835810][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.844355][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.852493][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.860600][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.883327][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.891422][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.899949][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.916220][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 903.931231][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.296036][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.315234][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.578770][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.630221][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.763433][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.780065][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.791713][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.799745][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.810112][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.818169][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.826194][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.834183][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.842214][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.850268][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.858366][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.866364][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.874369][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.882448][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.890493][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.898504][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.906617][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.914621][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.922697][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.930716][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.938795][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.946802][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.955102][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.963618][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.971641][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.979637][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.987598][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 904.995858][T24111] erofs: (device loop2): erofs_fill_dentries: bogus dirent @ nid 36 [ 905.105683][T26283] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 905.300800][ T5782] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 905.309829][T26291] bridge0: port 1(bridge_slave_0) entered blocking state [ 905.316981][T26291] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.324361][T26291] device bridge_slave_0 entered promiscuous mode [ 905.331217][T26291] bridge0: port 2(bridge_slave_1) entered blocking state [ 905.338339][T26291] bridge0: port 2(bridge_slave_1) entered disabled state [ 905.345702][T26291] device bridge_slave_1 entered promiscuous mode [ 905.402093][T26291] bridge0: port 2(bridge_slave_1) entered blocking state [ 905.408979][T26291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 905.416030][T26291] bridge0: port 1(bridge_slave_0) entered blocking state [ 905.422846][T26291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 905.446509][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 905.454762][ T314] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.461811][ T314] bridge0: port 2(bridge_slave_1) entered disabled state [ 905.473242][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 905.481247][ T314] bridge0: port 1(bridge_slave_0) entered blocking state [ 905.488092][ T314] bridge0: port 1(bridge_slave_0) entered forwarding state [ 905.496955][ T2439] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 905.504918][ T2439] bridge0: port 2(bridge_slave_1) entered blocking state [ 905.511773][ T2439] bridge0: port 2(bridge_slave_1) entered forwarding state [ 905.528758][ T409] device bridge_slave_1 left promiscuous mode [ 905.534743][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 905.541910][ T409] device bridge_slave_0 left promiscuous mode [ 905.547871][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 905.571549][ T5782] usb 4-1: Using ep0 maxpacket: 8 [ 905.645997][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 905.653985][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 905.667071][T26291] device veth0_vlan entered promiscuous mode [ 905.674358][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 905.682872][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 905.695228][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 905.887945][ T5782] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 905.906502][ T5782] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 905.916589][ T356] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 905.923930][ T5782] usb 4-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.00 [ 905.933667][T26291] device veth1_macvtap entered promiscuous mode [ 905.939784][ T5782] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 905.948229][ T5782] usb 4-1: config 0 descriptor?? [ 905.955212][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 905.963433][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 905.971801][ T314] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 906.461381][ T5782] ryos 0003:1E7D:3232.009F: unknown main item tag 0x0 [ 906.468168][ T5782] ryos 0003:1E7D:3232.009F: unknown main item tag 0x0 [ 906.474804][ T5782] ryos 0003:1E7D:3232.009F: unknown main item tag 0x0 [ 906.492851][ T5782] ryos 0003:1E7D:3232.009F: unknown main item tag 0x0 [ 906.499483][ T5782] ryos 0003:1E7D:3232.009F: unknown main item tag 0x0 [ 906.506800][ T5782] ryos 0003:1E7D:3232.009F: hidraw0: USB HID v0.00 Device [HID 1e7d:3232] on usb-dummy_hcd.3-1/input0 [ 906.679566][ T5782] usb 4-1: USB disconnect, device number 76 [ 906.787677][T26327] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 907.873192][T26365] device syzkaller0 entered promiscuous mode [ 907.982411][T26372] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 908.038466][T26376] loop1: detected capacity change from 0 to 512 [ 908.312727][ T24] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 908.583467][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 908.685191][T26394] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 908.713512][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 908.724355][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 908.733948][ T24] usb 5-1: New USB device found, idVendor=1e7d, idProduct=3232, bcdDevice= 0.00 [ 908.742889][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 908.752921][ T24] usb 5-1: config 0 descriptor?? [ 909.281825][ T24] ryos 0003:1E7D:3232.00A0: unknown main item tag 0x0 [ 909.289832][ T24] ryos 0003:1E7D:3232.00A0: unknown main item tag 0x0 [ 909.297185][ T24] ryos 0003:1E7D:3232.00A0: unknown main item tag 0x0 [ 909.308651][ T24] ryos 0003:1E7D:3232.00A0: unknown main item tag 0x0 [ 909.315980][ T24] ryos 0003:1E7D:3232.00A0: unknown main item tag 0x0 [ 909.336143][ T24] ryos 0003:1E7D:3232.00A0: hidraw0: USB HID v0.00 Device [HID 1e7d:3232] on usb-dummy_hcd.4-1/input0 [ 909.498692][ T314] usb 5-1: USB disconnect, device number 66 [ 909.549913][T26418] loop1: detected capacity change from 0 to 512 [ 909.564716][T26418] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 909.575235][T26418] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz-executor.1: bg 0: block 216: padding at end of block bitmap is not set [ 910.337800][T25609] EXT4-fs (loop1): unmounting filesystem. [ 910.372113][T26438] bridge0: port 1(bridge_slave_0) entered blocking state [ 910.378983][T26438] bridge0: port 1(bridge_slave_0) entered disabled state [ 910.386624][T26438] device bridge_slave_0 entered promiscuous mode [ 910.397978][T26438] bridge0: port 2(bridge_slave_1) entered blocking state [ 910.404908][T26438] bridge0: port 2(bridge_slave_1) entered disabled state [ 910.412249][T26438] device bridge_slave_1 entered promiscuous mode [ 910.468808][T26438] bridge0: port 2(bridge_slave_1) entered blocking state [ 910.468840][T26444] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'. [ 910.475686][T26438] bridge0: port 2(bridge_slave_1) entered forwarding state [ 910.475788][T26438] bridge0: port 1(bridge_slave_0) entered blocking state [ 910.498757][T26438] bridge0: port 1(bridge_slave_0) entered forwarding state [ 910.525682][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 910.533166][ T5782] bridge0: port 1(bridge_slave_0) entered disabled state [ 910.540248][ T5782] bridge0: port 2(bridge_slave_1) entered disabled state [ 910.556238][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 910.564353][ T5782] bridge0: port 1(bridge_slave_0) entered blocking state [ 910.571216][ T5782] bridge0: port 1(bridge_slave_0) entered forwarding state [ 910.578392][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 910.586388][ T5782] bridge0: port 2(bridge_slave_1) entered blocking state [ 910.593240][ T5782] bridge0: port 2(bridge_slave_1) entered forwarding state [ 910.624596][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 910.632391][ T5782] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 910.650516][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 910.658982][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 910.667106][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 910.674890][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 910.686255][T26438] device veth0_vlan entered promiscuous mode [ 910.697504][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 910.706621][T26438] device veth1_macvtap entered promiscuous mode [ 910.716581][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 910.727937][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 910.984421][T26463] loop4: detected capacity change from 0 to 256 [ 910.991485][ T347] device bridge_slave_1 left promiscuous mode [ 910.997448][ T347] bridge0: port 2(bridge_slave_1) entered disabled state [ 911.004799][ T347] device bridge_slave_0 left promiscuous mode [ 911.010949][ T347] bridge0: port 1(bridge_slave_0) entered disabled state [ 911.015395][T26463] FAT-fs (loop4): Directory bread(block 64) failed [ 911.024242][T26463] FAT-fs (loop4): Directory bread(block 65) failed [ 911.030653][T26463] FAT-fs (loop4): Directory bread(block 66) failed [ 911.030687][ T347] device veth1_macvtap left promiscuous mode [ 911.037019][T26463] FAT-fs (loop4): Directory bread(block 67) failed [ 911.049245][T26463] FAT-fs (loop4): Directory bread(block 68) failed [ 911.055691][T26463] FAT-fs (loop4): Directory bread(block 69) failed [ 911.062097][T26463] FAT-fs (loop4): Directory bread(block 70) failed [ 911.068610][T26463] FAT-fs (loop4): Directory bread(block 71) failed [ 911.074978][T26463] FAT-fs (loop4): Directory bread(block 72) failed [ 911.081618][T26463] FAT-fs (loop4): Directory bread(block 73) failed [ 911.274250][T26469] device syzkaller0 entered promiscuous mode [ 911.624596][T26486] EXT4-fs (sda1): re-mounted. Quota mode: journalled. [ 911.815199][T26495] device pim6reg1 entered promiscuous mode [ 912.110196][T26509] netlink: 'syz-executor.0': attribute type 30 has an invalid length. [ 912.149883][T26510] SELinux: security_context_str_to_sid (ramfs) failed with errno=-22 [ 912.417783][T26522] loop4: detected capacity change from 0 to 2048 [ 912.433100][T26520] loop3: detected capacity change from 0 to 256 [ 912.455926][T26520] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d) [ 912.472251][T26520] 9pnet_fd: Insufficient options for proto=fd [ 912.491766][T26522] loop4: p2 p3 p7 [ 913.396626][T26537] loop2: detected capacity change from 0 to 131072 [ 913.415710][T26537] F2FS-fs (loop2): Test dummy encryption mode enabled [ 913.424938][T26537] F2FS-fs (loop2): Found nat_bits in checkpoint [ 913.468508][T26537] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 913.592259][T26563] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 913.775491][T26569] EXT4-fs (sda1): re-mounted. Quota mode: journalled. [ 914.037065][T26580] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 914.151516][T26587] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.0'. [ 914.806553][T26611] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 914.927513][T26613] netlink: 'syz-executor.2': attribute type 27 has an invalid length. [ 914.949667][T26613] bridge0: port 2(bridge_slave_1) entered disabled state [ 914.956648][T26613] bridge0: port 1(bridge_slave_0) entered disabled state [ 915.220693][T26626] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.0'. [ 915.539754][T26643] netlink: 'syz-executor.4': attribute type 27 has an invalid length. [ 915.575234][T26643] bridge0: port 2(bridge_slave_1) entered disabled state [ 915.582253][T26643] bridge0: port 1(bridge_slave_0) entered disabled state [ 915.631608][T26656] loop2: detected capacity change from 0 to 16 [ 915.648983][T26656] erofs: (device loop2): erofs_read_superblock: dirblkbits 255 isn't supported [ 915.887073][ T24] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 916.193092][T26666] netlink: 23 bytes leftover after parsing attributes in process `syz-executor.2'. [ 916.286588][ T24] usb 1-1: config index 0 descriptor too short (expected 53, got 18) [ 916.460027][ T24] usb 1-1: New USB device found, idVendor=04e6, idProduct=000c, bcdDevice= 1.00 [ 916.468944][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 916.476942][ T24] usb 1-1: Product: syz [ 916.480975][ T24] usb 1-1: Manufacturer: syz [ 916.485409][ T24] usb 1-1: SerialNumber: syz [ 916.490687][ T24] usb 1-1: config 0 descriptor?? [ 916.536331][ T24] usb-storage 1-1:0.0: USB Mass Storage device detected [ 916.544055][ T24] usb-storage 1-1:0.0: Quirks match for vid 04e6 pid 000c: 4 [ 916.695372][T26683] incfs_lookup_dentry err:-5 [ 916.699865][T26683] incfs: Can't find or create .index dir in ./file0 [ 916.706308][T26683] incfs: mount failed -5 [ 916.753885][T12244] usb 1-1: USB disconnect, device number 80 [ 917.207484][ T24] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 917.597624][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 55, changing to 9 [ 917.608635][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 10039, setting to 1024 [ 917.619576][ T24] usb 4-1: New USB device found, idVendor=07fd, idProduct=0001, bcdDevice= 9.99 [ 917.628389][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 917.636938][ T24] usb 4-1: config 0 descriptor?? [ 917.662610][T26691] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 917.967801][ T24] usb 4-1: USB disconnect, device number 77 [ 918.051743][T26725] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 918.793600][T26751] overlayfs: statfs failed on './file0' [ 919.669990][T26774] overlayfs: missing 'lowerdir' [ 919.822891][T26781] loop2: detected capacity change from 0 to 128 [ 919.830309][T26774] loop3: detected capacity change from 0 to 40427 [ 919.840848][T26774] F2FS-fs (loop3): Invalid segment/section count (458776 != 24 * 1) [ 919.842491][T26781] xt_bpf: check failed: parse error [ 919.848718][T26774] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 919.862469][T26774] F2FS-fs (loop3): invalid crc value [ 919.869619][T26774] F2FS-fs (loop3): Found nat_bits in checkpoint [ 919.911557][T26774] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 919.918485][T26774] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 920.046895][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x1 [ 920.054162][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.061738][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.069108][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.076337][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.083640][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.090823][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x4 [ 920.098014][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.105305][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x2 [ 920.112584][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.120080][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.127369][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.134626][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.141790][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x4 [ 920.149065][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.156300][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.163570][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.170774][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.177983][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.185216][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.192457][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.199773][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.207032][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.214250][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.221505][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.228697][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.235921][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.243704][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.250927][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.258158][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.265391][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.272612][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.279821][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.287017][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.294694][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.301951][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.309157][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.316361][T26651] hid-generic 0000:0000:0000.00A1: unknown main item tag 0x0 [ 920.324658][T26651] hid-generic 0000:0000:0000.00A1: hidraw0: HID v0.00 Device [syz0] on syz0 [ 920.613329][T26809] syz-executor.1[26809] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 920.613399][T26809] syz-executor.1[26809] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 921.633862][T26842] loop3: detected capacity change from 0 to 256 [ 921.634053][T26824] loop2: detected capacity change from 0 to 131072 [ 921.700417][ T28] kauditd_printk_skb: 20 callbacks suppressed [ 921.700434][ T28] audit: type=1400 audit(1717794900.862:76271): avc: denied { mounton } for pid=26841 comm="syz-executor.3" path="/root/syzkaller-testdir1357062990/syzkaller.mZHn4l/35/file0/file0" dev="devpts" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:devpts_t tclass=dir permissive=1 [ 921.733858][T26824] F2FS-fs (loop2): Test dummy encryption mode enabled [ 921.745025][T26824] F2FS-fs (loop2): Found nat_bits in checkpoint [ 921.800179][T26824] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 921.964143][T26438] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 921.971855][T26438] FAT-fs (loop3): Filesystem has been set read-only [ 921.978600][T26438] FAT-fs (loop3): error, corrupted directory (invalid entries) [ 922.069333][T26859] tipc: Failed to remove unknown binding: 66,1,1/0:3375039477/3375039479 [ 922.093970][T26859] tipc: Failed to remove unknown binding: 66,1,1/0:3375039477/3375039479 [ 922.115675][T26857] tipc: Failed to remove unknown binding: 66,1,1/0:3375039477/3375039479 [ 922.123917][T26857] tipc: Failed to remove unknown binding: 66,1,1/0:3375039477/3375039479 [ 922.396206][T26866] bridge0: port 1(bridge_slave_0) entered blocking state [ 922.403550][T26866] bridge0: port 1(bridge_slave_0) entered disabled state [ 922.411012][T26866] device bridge_slave_0 entered promiscuous mode [ 922.419606][T26866] bridge0: port 2(bridge_slave_1) entered blocking state [ 922.426561][T26866] bridge0: port 2(bridge_slave_1) entered disabled state [ 922.434539][T26866] device bridge_slave_1 entered promiscuous mode [ 922.572580][ T409] device bridge_slave_1 left promiscuous mode [ 922.579073][ T409] bridge0: port 2(bridge_slave_1) entered disabled state [ 922.586861][ T409] device bridge_slave_0 left promiscuous mode [ 922.594368][ T409] bridge0: port 1(bridge_slave_0) entered disabled state [ 922.602662][ T409] device veth1_macvtap left promiscuous mode [ 922.609196][ T409] device veth0_vlan left promiscuous mode [ 922.742706][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 922.750389][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 922.758477][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 922.766952][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 922.775446][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 922.782320][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 922.789917][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 922.799225][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 922.807716][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 922.814581][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 922.832337][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 922.839889][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 922.848466][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 922.863933][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 922.876989][T26866] device veth0_vlan entered promiscuous mode [ 922.884768][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 922.892627][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 922.900312][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 922.912921][T26866] device veth1_macvtap entered promiscuous mode [ 922.924097][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 922.937788][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 922.946531][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 923.920669][T26919] loop4: detected capacity change from 0 to 128 [ 923.988604][T26919] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 923.997110][T26919] ext4 filesystem being mounted at /root/syzkaller-testdir1958427876/syzkaller.JWYcj7/160/mnt supports timestamps until 2038 (0x7fffffff) [ 924.162133][T25019] EXT4-fs (loop4): unmounting filesystem. [ 924.555336][T26946] incfs: Error accessing: ./file0. [ 924.560355][T26946] incfs: mount failed -2 [ 924.565153][T26944] bridge0: port 1(bridge_slave_0) entered blocking state [ 924.572491][T26944] bridge0: port 1(bridge_slave_0) entered disabled state [ 924.579918][T26944] device bridge_slave_0 entered promiscuous mode [ 924.587020][T26944] bridge0: port 2(bridge_slave_1) entered blocking state [ 924.593899][T26944] bridge0: port 2(bridge_slave_1) entered disabled state [ 924.601277][T26944] device bridge_slave_1 entered promiscuous mode [ 924.657099][T26944] bridge0: port 2(bridge_slave_1) entered blocking state [ 924.664107][T26944] bridge0: port 2(bridge_slave_1) entered forwarding state [ 924.671176][T26944] bridge0: port 1(bridge_slave_0) entered blocking state [ 924.677990][T26944] bridge0: port 1(bridge_slave_0) entered forwarding state [ 924.686699][ T356] bridge0: port 1(bridge_slave_0) entered disabled state [ 924.693764][ T356] bridge0: port 2(bridge_slave_1) entered disabled state [ 924.715516][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 924.722968][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 924.738582][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 924.746666][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 924.754708][T12244] bridge0: port 1(bridge_slave_0) entered blocking state [ 924.761556][T12244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 924.768728][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 924.776896][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 924.785644][T12244] bridge0: port 2(bridge_slave_1) entered blocking state [ 924.792489][T12244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 924.799629][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 924.807437][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 924.815247][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 924.823104][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 924.845764][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 924.853939][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 924.865670][T26944] device veth0_vlan entered promiscuous mode [ 924.873394][ T43] device bridge_slave_1 left promiscuous mode [ 924.879497][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 924.886765][ T43] device bridge_slave_0 left promiscuous mode [ 924.892981][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 924.999300][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 925.007462][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 925.015601][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 925.023035][T12244] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 925.025495][T26962] binder: Bad value for 'stats' [ 925.039844][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 925.050558][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 925.059250][T26944] device veth1_macvtap entered promiscuous mode [ 925.069233][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 925.076848][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 925.085277][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 925.100069][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 925.108908][T26649] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 925.389114][T26975] tipc: Failed to remove unknown binding: 66,1,1/0:1242013546/1242013548 [ 925.397895][T26975] tipc: Failed to remove unknown binding: 66,1,1/0:1242013546/1242013548 [ 925.686931][T26992] can0: slcan on pts0. [ 925.734562][T26989] can0 (unregistered): slcan off pts0. [ 925.845527][T26998] incfs: Error accessing: ./file0. [ 925.851002][T26998] incfs: mount failed -2 [ 926.018649][T27006] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 926.491821][T27019] loop2: detected capacity change from 0 to 1024 [ 926.591502][T27019] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 926.697255][T26291] EXT4-fs (loop2): unmounting filesystem. [ 927.203462][T27037] loop2: detected capacity change from 0 to 256 [ 927.398821][T27049] bridge: RTM_NEWNEIGH bridge0 with NTF_USE is not supported [ 927.848452][T27075] netlink: 176 bytes leftover after parsing attributes in process `syz-executor.3'. [ 928.023792][T27080] can0: slcan on pts0. [ 928.074628][T27077] can0 (unregistered): slcan off pts0. [ 928.129753][T27083] EXT4-fs (sda1): re-mounted. Quota mode: journalled. [ 928.207021][T27095] incfs: Options parsing error. -22 [ 928.212154][T27095] incfs: mount failed -22 [ 928.999144][T27123] loop2: detected capacity change from 0 to 40427 [ 929.008116][T27123] F2FS-fs (loop2): Found nat_bits in checkpoint [ 929.040215][T27131] incfs: Options parsing error. -22 [ 929.045295][T27131] incfs: mount failed -22 [ 929.048615][T27123] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 929.075736][T26291] syz-executor.2: attempt to access beyond end of device [ 929.075736][T26291] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 929.084359][T27136] netlink: 'syz-executor.4': attribute type 1 has an invalid length. [ 929.164796][ T19] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 929.299997][T27151] incfs: Options parsing error. -22 [ 929.305146][T27151] incfs: mount failed -22 [ 929.318739][T27155] loop2: detected capacity change from 0 to 256 [ 929.450175][ T19] usb 4-1: Using ep0 maxpacket: 8 [ 929.771060][T27159] loop2: detected capacity change from 0 to 40427 [ 929.882347][T27159] F2FS-fs (loop2): Found nat_bits in checkpoint [ 929.916143][ T19] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 929.920479][T27159] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 929.979390][T26291] syz-executor.2: attempt to access beyond end of device [ 929.979390][T26291] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 930.109597][T27182] incfs: Options parsing error. -22 [ 930.114897][T27182] incfs: mount failed -22 [ 930.208970][ T19] usb 4-1: string descriptor 0 read error: -22 [ 930.215107][ T19] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 930.226520][ T19] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 930.275886][T27202] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 930.300124][T27205] tipc: Failed to remove unknown binding: 66,1,1/0:3329949941/3329949943 [ 930.308993][T27205] tipc: Failed to remove unknown binding: 66,1,1/0:3329949941/3329949943 [ 930.515620][ T19] usb 4-1: USB disconnect, device number 78 [ 930.597011][T27232] loop4: detected capacity change from 0 to 1024 [ 930.603683][T27232] EXT4-fs: Ignoring removed orlov option [ 930.609208][T27232] EXT4-fs: Ignoring removed nomblk_io_submit option [ 930.622359][T27232] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 930.640996][T27232] EXT4-fs error (device loop4): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.4: corrupt xattr in inline inode [ 930.654960][T27232] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.4: corrupted in-inode xattr [ 930.676016][T26944] ================================================================== [ 930.683894][T26944] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 930.691708][T26944] Read of size 4 at addr ffff888141aaf000 by task syz-executor.4/26944 [ 930.699859][T26944] [ 930.702033][T26944] CPU: 0 PID: 26944 Comm: syz-executor.4 Tainted: G W 6.1.78-syzkaller-00164-gac9706483e98 #0 [ 930.713486][T26944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 930.723380][T26944] Call Trace: [ 930.726502][T26944] [ 930.729283][T26944] dump_stack_lvl+0x151/0x1b7 [ 930.733814][T26944] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 930.739086][T26944] ? _printk+0xd1/0x111 [ 930.743080][T26944] ? __virt_addr_valid+0x242/0x2f0 [ 930.748034][T26944] print_report+0x158/0x4e0 [ 930.752374][T26944] ? __virt_addr_valid+0x242/0x2f0 [ 930.757319][T26944] ? kasan_addr_to_slab+0xd/0x80 [ 930.762091][T26944] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 930.767557][T26944] kasan_report+0x13c/0x170 [ 930.771903][T26944] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 930.777367][T26944] __asan_report_load4_noabort+0x14/0x20 [ 930.782836][T26944] ext4_xattr_delete_inode+0xcd0/0xce0 [ 930.788132][T26944] ? sb_end_intwrite+0x130/0x130 [ 930.792903][T26944] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 930.798805][T26944] ? __kasan_check_read+0x11/0x20 [ 930.803662][T26944] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 930.809391][T26944] ? ext4_evict_inode+0xbc2/0x1550 [ 930.814343][T26944] ext4_evict_inode+0xef9/0x1550 [ 930.819112][T26944] ? _raw_spin_unlock+0x4c/0x70 [ 930.823820][T26944] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 930.829530][T26944] ? _raw_spin_unlock+0x4c/0x70 [ 930.834220][T26944] ? inode_io_list_del+0x18b/0x1a0 [ 930.839163][T26944] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 930.844892][T26944] evict+0x2a3/0x630 [ 930.848628][T26944] iput+0x642/0x870 [ 930.852271][T26944] vfs_rmdir+0x3c2/0x500 [ 930.856347][T26944] do_rmdir+0x3ab/0x630 [ 930.860345][T26944] ? d_delete_notify+0x160/0x160 [ 930.865118][T26944] __x64_sys_unlinkat+0xdf/0xf0 [ 930.869800][T26944] do_syscall_64+0x3d/0xb0 [ 930.874053][T26944] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 930.879780][T26944] RIP: 0033:0x7fb64c87c747 [ 930.884039][T26944] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 930.903478][T26944] RSP: 002b:00007ffe3178c558 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 930.911724][T26944] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007fb64c87c747 [ 930.919532][T26944] RDX: 0000000000000200 RSI: 00007ffe3178d700 RDI: 00000000ffffff9c [ 930.927345][T26944] RBP: 00007fb64c8d9636 R08: 0000000000000000 R09: 0000000000000000 [ 930.935157][T26944] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffe3178d700 [ 930.942967][T26944] R13: 00007fb64c8d9636 R14: 00000000000d94d8 R15: 0000000000000009 [ 930.950782][T26944] [ 930.953645][T26944] [ 930.955812][T26944] The buggy address belongs to the physical page: [ 930.962081][T26944] page:ffffea000506abc0 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x141aaf [ 930.972132][T26944] flags: 0x4000000000000000(zone=1) [ 930.977168][T26944] raw: 4000000000000000 ffffea0004e39988 ffffea0004dd2b88 0000000000000000 [ 930.985588][T26944] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 930.994003][T26944] page dumped because: kasan: bad access detected [ 931.000273][T26944] page_owner tracks the page as freed [ 931.005457][T26944] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 27231, tgid 27231 (syz-executor.4), ts 930631084751, free_ts 930671060849 [ 931.025421][T26944] post_alloc_hook+0x213/0x220 [ 931.030019][T26944] prep_new_page+0x1b/0x110 [ 931.034361][T26944] get_page_from_freelist+0x27ea/0x2870 [ 931.039740][T26944] __alloc_pages+0x3a1/0x780 [ 931.044169][T26944] __folio_alloc+0x15/0x40 [ 931.048424][T26944] wp_page_copy+0x23b/0x1690 [ 931.052845][T26944] do_wp_page+0xc25/0xdf0 [ 931.057015][T26944] handle_mm_fault+0x15a2/0x2f40 [ 931.061785][T26944] exc_page_fault+0x3b3/0x700 [ 931.066302][T26944] asm_exc_page_fault+0x27/0x30 [ 931.070986][T26944] page last free stack trace: [ 931.075502][T26944] free_unref_page_prepare+0x83d/0x850 [ 931.080796][T26944] free_unref_page_list+0xf1/0x7b0 [ 931.085743][T26944] release_pages+0xf7f/0xfe0 [ 931.090170][T26944] free_pages_and_swap_cache+0x8a/0xa0 [ 931.095463][T26944] tlb_finish_mmu+0x1e0/0x3f0 [ 931.099978][T26944] exit_mmap+0x421/0x940 [ 931.104058][T26944] __mmput+0x95/0x310 [ 931.107874][T26944] mmput+0x56/0x170 [ 931.111523][T26944] do_exit+0xb29/0x2b80 [ 931.115514][T26944] do_group_exit+0x21a/0x2d0 [ 931.119937][T26944] get_signal+0x169d/0x1820 [ 931.124279][T26944] arch_do_signal_or_restart+0xb0/0x16f0 [ 931.129754][T26944] exit_to_user_mode_loop+0x74/0xa0 [ 931.134785][T26944] exit_to_user_mode_prepare+0x5a/0xa0 [ 931.140079][T26944] syscall_exit_to_user_mode+0x26/0x140 [ 931.145455][T26944] do_syscall_64+0x49/0xb0 [ 931.149710][T26944] [ 931.151879][T26944] Memory state around the buggy address: [ 931.157353][T26944] ffff888141aaef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 931.165250][T26944] ffff888141aaef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 931.173150][T26944] >ffff888141aaf000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 931.181043][T26944] ^ [ 931.184964][T26944] ffff888141aaf080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 2024/06/07 21:15:09 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 931.192858][T26944] ffff888141aaf100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 931.200746][T26944] ================================================================== [ 931.228339][T26944] Disabling lock debugging due to kernel taint [ 931.292002][T12244] usb 3-1: new high-speed USB device number 70 using dummy_hcd