last executing test programs: 43.111245643s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x2000000000000067, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000b2e900007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000cc0)='mmap_lock_acquire_returned\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r2}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x100002, 0x0) 43.091772486s ago: executing program 1: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$cont(0x420a, r1, 0x0, 0x0) 19.700957975s ago: executing program 1: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000800)=""/204, 0x26, 0xcc, 0x1}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x2}, 0x48) 19.073060703s ago: executing program 1: r0 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000540)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, &(0x7f0000000800)=""/204, 0x26, 0xcc, 0x1}, 0x20) bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x4, 0x4, 0x4, 0xa, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, r0, 0x0, 0x2}, 0x48) 19.055789035s ago: executing program 1: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) ioctl$TUNATTACHFILTER(r0, 0x401054d5, 0x0) 18.973866118s ago: executing program 1: ptrace(0x10, 0x1) r0 = inotify_init1(0x0) fcntl$setown(r0, 0x8, 0xffffffffffffffff) fcntl$getownex(r0, 0x10, &(0x7f0000000380)={0x0, 0x0}) ptrace$cont(0x420a, r1, 0x0, 0x0) 1.60497402s ago: executing program 2: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000011c0)={0x2c, &(0x7f0000000fc0)=ANY=[@ANYBLOB="0024a5"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000080000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) 1.357927809s ago: executing program 4: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000042020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) mount$incfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x880064, &(0x7f0000000580)=ANY=[@ANYBLOB='r']) 1.338314542s ago: executing program 4: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = io_uring_setup(0x5807, &(0x7f0000000140)) dup3(r0, r1, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffe1) futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, &(0x7f0000edfff0)={0x0, 0x989680}, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 1.282179641s ago: executing program 4: syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x204092, &(0x7f0000000180), 0x7, 0x50d, &(0x7f00000006c0)="$eJzs3U1vI3cZAPBnHLubbQNOWw6lEtvQF2URrJM0fYk4lEbi5VQJUe7ZkDhRFCdeJU67iVaQfgIQqgCJC5y4IPEBkFA/AkKqBDcOnEAVZOmBCzIae9xNHDs4Wsezm/x+0mT+8//Hfp7HiSfzFk8AV9ZURLwdEWMR8UpElLP+QjbFYXtKv+/+0b2VdEqi2Xz3n0kkWV/3cz6VPSz1ve9E/CA5HXd3/2BzuVar7pzsPri1sbW8Xl2vbs/Pz72x8ObC6wuzA1aSFM8aTet665uf/uzHv/n2W3/42vt/W/rHzR+mad3OxnvVMQzt0ksxfmL58kh/b4qtCgEAeBw8GxHPRMSLEfGVKMdYnLkZDQAAADyGmt+YuNZpAgAAAJdTISImIilUsut9J6JQqFTa1/B+IZ4s1Oq7ja+u1fe2V9OxiMkoFdY2atXZ7JraySgl6fJcq/1g+dWu5fmIeDoiPixfT5dbYwAAAMBoLHbt/39abu//AwAAAJdM75PxYyPPAwAAALg4LsYHAACAy8/+PwAAAFxq333nnXRq3j+617oPwOp7+3ub9fdurVZ3NytbeyuVlfrOncp6vb5eq1YG+I+AWr1+57XY3rs70yjuNmZ29w+Wtup7242l1n29l6rPjKAmAAAA4KSnX/joL0lEHH79emtKPZGNlXLNDHiEJMWujttfzikTYCjO/SE/U3sXkwgwct1/04Grwz4+kHR3dG0YjPfbVPhjd8eN/xvLNgcAAORj+ovO/8NVVcg7ASA3P8k7ASA3Ax+Ln7rYPIDRK7nNH1x5p87/dxnvN3Dq/H8/zea5EgIAAIZuoj07jOxc4EQUCpXKZ6cFk7WNWnU2Ij4fEX8ul66ly3M55gsAAAAAAAAAAAAAAAAAAAAAAAAAj6NmM4kmAAAAcKlFFP6eZPf/mi6/PNF9fOCJ5D/l1jwi3v/luz+/u9xo7Myl/f/6rL/xi6z/1TyOYAAAAMBVVDpztLOf3tmPBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBhun90b6UzjTLuJ4txPSZ7xS/GeGs+HqWIePLfSRSPPS6JiLEhxD/8ICKe6xU/SdOKySyL7viFiLiec/ynhhAfrrKPFiPi7V7vv0JMtea933/FbHpYnyy23uQ943fWf2N91n+fGzDG8x//bqZv/A8ini/2Xv904id94r80YPzb3z846DfW/HXEdM+/P0l7Vsi+sbF1Z2Z3/+DWxtbyenW9uj0/P/fGwpsLry/Mzqxt1KrZ154xfvql3x9+2Lf+doDj8Tt1TrYz/FG/+l8esP7/fnz36Nl2s3Q6fsTNl3r//J9rzXu//unvxCvZy5OOT3fah+32cTd++6cb/XJL46/2ef3bP/9y80H84on6bw5W/vGafzXYQwCAi7S7f7C5XKtVd0bQePG14T1h0mqkW0EjSj7vRudgx6OSz3g+0a9FvrV/66Gfp7M5/DDP89eh1ZXuM/QeynGlBAAAXIgHG/15ZwIAAAAAAAAAAAAAAAAAAABXV+v//8fO+UGAL5zvk8a6Yx7mUyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJn+FwAA//9M3sFA") quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f0000000040)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000100)) 1.204708163s ago: executing program 4: lsetxattr$system_posix_acl(&(0x7f0000000400)='.\x00', &(0x7f0000000440)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="02000000010000000000000002000000", @ANYRES32=0xee01, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0xee00, @ANYBLOB="02000000", @ANYRES32=0x0, @ANYBLOB="040000000000800008000000", @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB='\b\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="100000000000000020"], 0x5c, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x103042, 0x0) ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x100000001}) setxattr$trusted_overlay_upper(&(0x7f0000000200)='./file1\x00', &(0x7f0000000240), &(0x7f0000001400)=ANY=[], 0x835, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) ftruncate(0xffffffffffffffff, 0x0) socket(0x0, 0x0, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_buf(0xffffffffffffffff, 0x29, 0x0, 0x0, 0x22) 1.139264423s ago: executing program 0: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8040, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000f40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000700000095000000000000009500a5050000000077d8f3b423cdacc4c0fe2d8524e719105e6d018d80000000000000002be16ad10a48c941ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d7525f7866907dc6751dfb2cf9f8bf97b755f8f6965a060499800006953649c1cfd7587d452d66b7cc9d7d77578f4c35235138d5521f9453559c3421eed73d5661cfe6c20c3b3ffe1b4ce25d7c983c044c03bf3a48dfe3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36ea3792e2f6418f163d1a13ed38ae89d24e1cebfba2f87925bfacba800000000bc6f7d6dd4aed4af7588c8e1b4e810879b70a7000000000000000000d7900a820b5a038f4e9a217b98000000002a92895614cd50cbe43a1ed25268815a00000000000009d27d753a30a147b24a48435bd8a568669596e9e086cab3ce48e90defb6670c3df2624fad0a97aec70700000000000000148871c8d31d24291cf9e326e827e513e96068fd1e8a43e89f9c85c822297b7bd3d420b4ebff1432d08806bc376e3e49eeff182e1f24ed200ada12f7a15a5320e71666f472a97214d0b256596842f3725e18c073a579fb9e0bd4d377f2df5b2d72078e9f40b4ae7dc3b2ae00009474beda25f2e72eab5e188c46425678f8df0b94a0c918fb90862a004dfe2e684dae14babedfb3d7f70d183cd4aa50eca289e7baf8bee3254ba7da679daa84afbf8991fc05b0c7b590994647c30e71ceef8b82ca3d5650b22fad90fa7aa73b5155b9f5a661eea46383c2463d6e950af96a41c14afd7e28bd9a977aa79c6e5848b30bd0f54438d5f7a15712482ad55155d767404f00a6ac86735aa18d6f5d8d56bedb2d463f6c733a182e796a3a2ac8e2cccbd50e682f7f8b71cabe96da5b967410324c13fdc44467b5a47b885f09e5ba8f8a2da165ebcc9c013dbf41c35e5e445071b8c94da8aebe0294ea324858a65ccfdef5e45258e1691bb99b935ac05da6baae4079778787e400e6ed76c42b216ba01e2e71302680ee2b387a8139c894dae9aa7f9b6012e4454a84037a84b314618769e3155ad6301bc1df93a6c03a348105ffe4b6866fdf2cc18c035c013e97e8447468f05129df19207e9d3107bc762e3292220df88f85496587b505817d89ab13f7130db3d845b749a12f4f1b05951c00000000000000ad5ae950eea63d118794860b912044a4918e34e9c903b901a151f13882d7aa7bd3e297a7f241ba0c25a84e72e437d110345538fb2f7d507d3aedab70b6cfeb534b876e165d71d15464f2b24a1fb5c15ed43603d188f9f9e2d54614208a10bd122ca0eaba4d355ddd96c2ad8e85acdbb85ea91c1b37a31c1b14060c3d63d8cfec1765f53f73bff2f99cb9bc4fd994ce7a955bc622f110884f78352ebe4e5d00b7ed86890000000000000000bdd324d660a6ed0160f575651d11573c6463864f142d5f57ddea7a9f5760956469795ca490eadd1b817165acfcf750e814b2ece31b0fc2d755077792308cfadc98de651df8225d81f04da27b3ccfd19517c0a8f5c99499e5be79e5a289bf7b6e876ca212491de9008230654313697a6f8e5642aadf71066ee213c2f1117f0bb3861a5c8f3dad5ad49dff6598da1ea08c1e87336794006cc61b9ec8e2d992aa7d197861ead071dce2ecc27f87d6409f74989ee0faeaea6cfb09101642675f39dd601e4d104443ad362f1f01ad4cd295524b3a2489518e1a90e81bfeace473c4ea3c58343a6c8c3a00"/1280], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) fcntl$setlease(r0, 0x400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='leases_conflict\x00', r1}, 0x10) unlink(&(0x7f0000000000)='./file1\x00') 1.120931805s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) getrandom(&(0x7f0000000600)=""/274, 0xffffff4f, 0x0) 1.113208967s ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000300)={{r1}, &(0x7f0000000280), &(0x7f0000000380)=r2}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000300)='sched_switch\x00', r3}, 0x10) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x9, 0x6, 0x6, 0x8001, 0x0, 0x1}, 0x48) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000001380)={0x0, 0x0, 0x0, 0x0, 0xffff, r4}, 0x38) dup(0xffffffffffffffff) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600016, 0x15) 1.110774227s ago: executing program 0: mkdir(&(0x7f0000000080)='./file0\x00', 0x0) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15) r2 = dup(r1) write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0) write$FUSE_GETXATTR(r2, &(0x7f00000000c0)={0x18}, 0x18) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r4}, 0x10) mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000280), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_fscache}]}}) utime(&(0x7f0000000200)='./file0\x00', 0x0) chown(&(0x7f0000000040)='./file0\x00', 0x0, 0xffffffffffffffff) 805.955575ms ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x9, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000711222000000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xd}, 0x90) 792.896917ms ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000042020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000002d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) mount$incfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x880064, &(0x7f0000000580)=ANY=[@ANYBLOB='r']) 764.708001ms ago: executing program 0: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = io_uring_setup(0x5807, &(0x7f0000000140)) dup3(r0, r1, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffe1) futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, &(0x7f0000edfff0)={0x0, 0x989680}, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 694.821632ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, 0xffffffffffffffff}, &(0x7f0000000b00), &(0x7f0000000300)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bind$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @local}, 0x10) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7b, 0x4) bind$inet(r2, &(0x7f0000000000)={0x2, 0x4e23, @broadcast}, 0x10) mkdir(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r6}, 0x0, &(0x7f00000002c0)}, 0x20) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r7}, 0x10) mount$incfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) syz_init_net_socket$nfc_llcp(0x27, 0x1, 0x1) sendto$inet(r2, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r2, &(0x7f00000012c0)="0c268a927f1f6588b967481241ba78600a34f65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03859bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b037511bf746bec66ba", 0x2acf, 0x11, 0x0, 0x27) pipe2(&(0x7f00000001c0), 0xc00) 218.527326ms ago: executing program 3: bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e8500000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000200)='ext4_sync_file_enter\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events\x00', 0x100002, 0x0) write$cgroup_int(r2, &(0x7f0000000680), 0x12) 209.339817ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = open(&(0x7f0000000040)='./bus\x00', 0x1451c2, 0x0) ftruncate(r1, 0x2007ffb) sendfile(r1, r1, 0x0, 0x800000009) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10) lseek(r1, 0x0, 0x3) 192.50768ms ago: executing program 3: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='ext4_evict_inode\x00', r1}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000003c0)='ext4_evict_inode\x00', r0}, 0x10) unlink(&(0x7f0000000000)='./cgroup\x00') 175.645513ms ago: executing program 3: r0 = socket(0xa, 0x2, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000380)={'team0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f00000003c0)={'team0\x00', 0x0}) getsockname$packet(r0, &(0x7f0000000400)={0x11, 0x0, 0x0}, &(0x7f0000000440)=0x14) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f0000000500)={0xffffffffffffffff, 0x58, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0}}, 0x10) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000540)={'dvmrp0\x00', 0x0}) r6 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080), 0x68}}, 0x0) r7 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_msfilter(r7, 0x0, 0x8, &(0x7f00000000c0)=ANY=[@ANYBLOB="3706ea"], 0x1) getsockopt$inet_pktinfo(r7, 0x0, 0x8, &(0x7f0000000080)={0x0, @local, @local}, &(0x7f0000000040)=0xc) r9 = socket$igmp6(0xa, 0x3, 0x2) ioctl$sock_inet6_SIOCSIFADDR(r9, 0x8916, &(0x7f0000000000)={@remote, 0x20, r8}) sendmsg$nl_route_sched(r6, &(0x7f00000003c0)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x20}, 0xc, &(0x7f0000000380)={&(0x7f00000001c0)=@gettfilter={0x3c, 0x2e, 0x100, 0x70bd2b, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0xf, 0xffff}, {0xffe0, 0x5}, {0xc, 0xfff2}}, [{0x8, 0xb, 0x7fffffff}, {0x8, 0xb, 0x6}, {0x8, 0xb, 0x3}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000600)={'ip6_vti0\x00', &(0x7f0000000580)={'syztnl0\x00', 0x0, 0x29, 0x1, 0x8, 0x4, 0x60, @rand_addr=' \x01\x00', @private0={0xfc, 0x0, '\x00', 0x1}, 0x10, 0x8, 0x5, 0x3}}) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r11, 0x8933, &(0x7f0000000180)={'batadv_slave_1\x00', 0x0}) ioctl$sock_inet6_SIOCADDRT(r12, 0x890b, &(0x7f00000003c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @remote, @private0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400016e, r13}) sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000000b80)={&(0x7f0000000240)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f0000000b40)={&(0x7f0000000640)={0x4d8, 0x0, 0x8, 0x70bd27, 0x25dfdbfc, {}, [{{0x8}, {0x1e0, 0x2, 0x0, 0x1, [{0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x4}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1f}}, {0x8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x2}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0xfff}}}, {0x4c, 0x1, @lb_tx_method={{0x24}, {0x5}, {0x19, 0x4, 'hash_to_port_mapping\x00'}}}, {0x38, 0x1, @notify_peers_count={{0x24}, {0x5}, {0x8, 0x4, 0x80}}}, {0x38, 0x1, @mcast_rejoin_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}]}}, {{0x8, 0x1, r1}, {0x40, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup={{{0x24}, {0x5}, {0x4}}, {0x8}}}]}}, {{0x8, 0x1, r2}, {0x110, 0x2, 0x0, 0x1, [{0x54, 0x1, @bpf_hash_func={{0x24}, {0x5}, {0x24, 0x4, [{0x1ff, 0x9, 0x0, 0x1}, {0xf1, 0x0, 0x1, 0x6}, {0x7ff, 0x80, 0x1, 0x5}, {0x9, 0x5, 0x48, 0x2}]}}}, {0x38, 0x1, @activeport={{0x24}, {0x5}, {0x8}}}, {0x40, 0x1, @lb_tx_hash_to_port_mapping={{{0x24}, {0x5}, {0x8, 0x4, r3}}, {0x8}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x8}}, {0x8, 0x6, r4}}}]}}, {{0x8, 0x1, r5}, {0x174, 0x2, 0x0, 0x1, [{0x3c, 0x1, @user_linkup_enabled={{{0x24}, {0x5}, {0x4}}, {0x8, 0x6, r8}}}, {0x38, 0x1, @mcast_rejoin_count={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x44, 0x1, @name={{0x24}, {0x5}, {0x11, 0x4, 'activebackup\x00'}}}, {0x38, 0x1, @lb_stats_refresh_interval={{0x24}, {0x5}, {0x8, 0x4, 0x5}}}, {0x40, 0x1, @priority={{{0x24}, {0x5}, {0x8, 0x4, 0x200}}, {0x8, 0x6, r10}}}, {0x40, 0x1, @queue_id={{{0x24}, {0x5}, {0x8, 0x4, 0x1000}}, {0x8, 0x6, r13}}}]}}]}, 0x4d8}, 0x1, 0x0, 0x0, 0x2000c040}, 0x0) r14 = epoll_create1(0x0) r15 = socket(0x1, 0x80802, 0x0) epoll_ctl$EPOLL_CTL_ADD(r14, 0x1, r15, &(0x7f0000000080)={0x40002006}) r16 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r15, &(0x7f0000000200)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f00000001c0)={&(0x7f0000000180)={0x28, r16, 0x300, 0x70bd2a, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r17}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}]}, 0x28}, 0x1, 0x0, 0x0, 0x48804}, 0x4824) setsockopt$sock_int(r0, 0x1, 0x2e, &(0x7f0000000040)=0x3, 0x4) r18 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r18, 0x1, r0, &(0x7f0000000100)={0xe017be05}) epoll_ctl$EPOLL_CTL_MOD(r18, 0x3, r0, &(0x7f0000000080)) 130.42932ms ago: executing program 3: r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x8040, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000f40)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000700000095000000000000009500a5050000000077d8f3b423cdacc4c0fe2d8524e719105e6d018d80000000000000002be16ad10a48c941ccc42606d25dfd73a015e0ca7fc2506a0f68a7d06d7525f7866907dc6751dfb2cf9f8bf97b755f8f6965a060499800006953649c1cfd7587d452d66b7cc9d7d77578f4c35235138d5521f9453559c3421eed73d5661cfe6c20c3b3ffe1b4ce25d7c983c044c03bf3a48dfe3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36ea3792e2f6418f163d1a13ed38ae89d24e1cebfba2f87925bfacba800000000bc6f7d6dd4aed4af7588c8e1b4e810879b70a7000000000000000000d7900a820b5a038f4e9a217b98000000002a92895614cd50cbe43a1ed25268815a00000000000009d27d753a30a147b24a48435bd8a568669596e9e086cab3ce48e90defb6670c3df2624fad0a97aec70700000000000000148871c8d31d24291cf9e326e827e513e96068fd1e8a43e89f9c85c822297b7bd3d420b4ebff1432d08806bc376e3e49eeff182e1f24ed200ada12f7a15a5320e71666f472a97214d0b256596842f3725e18c073a579fb9e0bd4d377f2df5b2d72078e9f40b4ae7dc3b2ae00009474beda25f2e72eab5e188c46425678f8df0b94a0c918fb90862a004dfe2e684dae14babedfb3d7f70d183cd4aa50eca289e7baf8bee3254ba7da679daa84afbf8991fc05b0c7b590994647c30e71ceef8b82ca3d5650b22fad90fa7aa73b5155b9f5a661eea46383c2463d6e950af96a41c14afd7e28bd9a977aa79c6e5848b30bd0f54438d5f7a15712482ad55155d767404f00a6ac86735aa18d6f5d8d56bedb2d463f6c733a182e796a3a2ac8e2cccbd50e682f7f8b71cabe96da5b967410324c13fdc44467b5a47b885f09e5ba8f8a2da165ebcc9c013dbf41c35e5e445071b8c94da8aebe0294ea324858a65ccfdef5e45258e1691bb99b935ac05da6baae4079778787e400e6ed76c42b216ba01e2e71302680ee2b387a8139c894dae9aa7f9b6012e4454a84037a84b314618769e3155ad6301bc1df93a6c03a348105ffe4b6866fdf2cc18c035c013e97e8447468f05129df19207e9d3107bc762e3292220df88f85496587b505817d89ab13f7130db3d845b749a12f4f1b05951c00000000000000ad5ae950eea63d118794860b912044a4918e34e9c903b901a151f13882d7aa7bd3e297a7f241ba0c25a84e72e437d110345538fb2f7d507d3aedab70b6cfeb534b876e165d71d15464f2b24a1fb5c15ed43603d188f9f9e2d54614208a10bd122ca0eaba4d355ddd96c2ad8e85acdbb85ea91c1b37a31c1b14060c3d63d8cfec1765f53f73bff2f99cb9bc4fd994ce7a955bc622f110884f78352ebe4e5d00b7ed86890000000000000000bdd324d660a6ed0160f575651d11573c6463864f142d5f57ddea7a9f5760956469795ca490eadd1b817165acfcf750e814b2ece31b0fc2d755077792308cfadc98de651df8225d81f04da27b3ccfd19517c0a8f5c99499e5be79e5a289bf7b6e876ca212491de9008230654313697a6f8e5642aadf71066ee213c2f1117f0bb3861a5c8f3dad5ad49dff6598da1ea08c1e87336794006cc61b9ec8e2d992aa7d197861ead071dce2ecc27f87d6409f74989ee0faeaea6cfb09101642675f39dd601e4d104443ad362f1f01ad4cd295524b3a2489518e1a90e81bfeace473c4ea3c58343a6c8c3a00"/1280], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) fcntl$setlease(r0, 0x400, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='leases_conflict\x00', r1}, 0x10) unlink(&(0x7f0000000000)='./file1\x00') 119.326261ms ago: executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000600), 0x0, 0x0) ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0x4008ae06) 108.955933ms ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000640)=ANY=[@ANYBLOB="1201000000000010c41090ea40000000000109022400010000000009040000010301000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000380)={0x24, 0x0, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000340)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000680)=ANY=[@ANYBLOB="200125"], 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="20010e"], 0x0}) syz_usb_control_io(r0, 0x0, 0x0) 82.227967ms ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x6, 0xc, &(0x7f0000000540)=ANY=[@ANYBLOB="1802000000000000000000000000000085000000360000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008090000b703000000000000850000002300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x50) 71.914479ms ago: executing program 2: sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) readv(0xffffffffffffffff, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r1 = io_uring_setup(0x5807, &(0x7f0000000140)) dup3(r0, r1, 0x0) prctl$PR_SET_TIMERSLACK(0x1d, 0xffffffffffffffe1) futex(&(0x7f000000cffc)=0x100000000000004, 0x0, 0x4, &(0x7f0000edfff0)={0x0, 0x989680}, 0x0, 0x0) futex(&(0x7f000000cffc), 0x1, 0x0, 0x0, 0x0, 0x0) 10.154138ms ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x4, 0x5, 0x1000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_free_inode\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_free_inode\x00', r2}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 0s ago: executing program 2: r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00'}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0) syz_emit_ethernet(0xfdef, &(0x7f0000000780)=ANY=[@ANYBLOB], 0x0) kernel console output (not intermixed with test programs): ) entered blocking state [ 698.552527][T26038] bridge0: port 2(bridge_slave_1) entered forwarding state [ 698.559600][T26038] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.566368][T26038] bridge0: port 1(bridge_slave_0) entered forwarding state [ 698.618992][ T9121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 698.629183][ T9121] bridge0: port 1(bridge_slave_0) entered disabled state [ 698.637594][ T9121] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.745109][ T28] audit: type=1326 audit(2000000082.015:31639): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26053 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9b4347cf29 code=0x0 [ 698.805943][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 698.814546][ T1777] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.821415][ T1777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 698.847374][ T9121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 698.858756][ T9121] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.865656][ T9121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 698.878148][ T9121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 698.888659][T26065] Invalid ELF header magic: != ELF [ 698.903338][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 698.918758][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 698.932746][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 698.937399][T26061] loop1: detected capacity change from 0 to 40427 [ 698.946891][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 698.954363][T26061] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 698.954796][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 698.970025][T26061] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 698.978413][T26022] device bridge_slave_1 left promiscuous mode [ 698.981277][T26061] F2FS-fs (loop1): invalid crc value [ 698.989548][T26022] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.996978][T26022] device bridge_slave_0 left promiscuous mode [ 699.000431][T26061] F2FS-fs (loop1): Found nat_bits in checkpoint [ 699.012995][T26022] bridge0: port 1(bridge_slave_0) entered disabled state [ 699.031127][T26022] device veth1_macvtap left promiscuous mode [ 699.044444][T26022] device veth0_vlan left promiscuous mode [ 699.045189][T26061] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 699.057037][T26061] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 699.234156][T26038] device veth0_vlan entered promiscuous mode [ 699.289529][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 699.297934][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 699.308735][T26038] device veth1_macvtap entered promiscuous mode [ 699.321001][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 699.328796][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 699.336950][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 699.361516][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 699.366409][T26085] loop2: detected capacity change from 0 to 1024 [ 699.369765][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 699.385664][T26079] overlayfs: missing 'lowerdir' [ 699.424373][T26085] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 699.572967][T23406] EXT4-fs (loop2): unmounting filesystem. [ 699.650948][T26022] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 699.660135][T26022] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 699.858328][ T3003] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 700.213772][ T3003] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 700.224553][ T3003] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 700.234051][ T3003] usb 3-1: New USB device found, idVendor=172f, idProduct=0034, bcdDevice= 0.00 [ 700.242877][ T3003] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 700.251202][ T3003] usb 3-1: config 0 descriptor?? [ 700.474449][T26114] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 700.492416][ T28] audit: type=1326 audit(2000000083.960:31640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26116 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ab947cf29 code=0x0 [ 700.618328][T26134] loop1: detected capacity change from 0 to 1024 [ 700.625198][T26134] EXT4-fs: Ignoring removed i_version option [ 700.636065][T26134] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 700.667617][T23100] bridge0: port 3(syz_tun) entered disabled state [ 700.675246][T23100] device syz_tun left promiscuous mode [ 700.680585][T23100] bridge0: port 3(syz_tun) entered disabled state [ 700.710291][ T3003] hid (null): report_id 0 is invalid [ 700.711874][T23100] EXT4-fs (loop1): unmounting filesystem. [ 700.716426][ T3003] waltop 0003:172F:0034.00C3: report_id 0 is invalid [ 700.738008][ T3003] waltop 0003:172F:0034.00C3: item 0 0 1 8 parsing failed [ 700.745295][ T3003] waltop: probe of 0003:172F:0034.00C3 failed with error -22 [ 700.851771][T26138] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.858725][T26138] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.866022][T26138] device bridge_slave_0 entered promiscuous mode [ 700.872578][T26148] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 700.881332][T26138] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.881950][T26148] loop0: detected capacity change from 0 to 16 [ 700.888587][T26138] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.895310][T26148] erofs: (device loop0): mounted with root inode @ nid 36. [ 700.908678][T26138] device bridge_slave_1 entered promiscuous mode [ 700.909998][ T332] usb 3-1: USB disconnect, device number 105 [ 700.933466][T26148] IPv6: syztnl2: Disabled Multicast RS [ 700.979057][T26138] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.986130][T26138] bridge0: port 2(bridge_slave_1) entered forwarding state [ 700.993222][T26138] bridge0: port 1(bridge_slave_0) entered blocking state [ 700.999994][T26138] bridge0: port 1(bridge_slave_0) entered forwarding state [ 701.024176][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 701.031790][ T1777] bridge0: port 1(bridge_slave_0) entered disabled state [ 701.039080][ T1777] bridge0: port 2(bridge_slave_1) entered disabled state [ 701.057440][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 701.065688][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 701.073897][ T1777] bridge0: port 1(bridge_slave_0) entered blocking state [ 701.080785][ T1777] bridge0: port 1(bridge_slave_0) entered forwarding state [ 701.088894][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 701.096998][ T1777] bridge0: port 2(bridge_slave_1) entered blocking state [ 701.103875][ T1777] bridge0: port 2(bridge_slave_1) entered forwarding state [ 701.111166][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 701.119056][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 701.138847][T26138] device veth0_vlan entered promiscuous mode [ 701.145374][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 701.155959][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 701.163382][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 701.176910][T26138] device veth1_macvtap entered promiscuous mode [ 701.184903][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 701.200485][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 701.216582][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 701.413468][T26173] loop2: detected capacity change from 0 to 256 [ 701.422324][T26173] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 701.434416][T26173] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 701.448368][ T28] audit: type=1400 audit(2000000084.987:31641): avc: denied { rename } for pid=26172 comm="syz-executor.2" name="file1" dev="loop2" ino=1049347 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 701.585415][T26188] fuse: Bad value for 'fd' [ 701.765896][T26220] device syzkaller0 entered promiscuous mode [ 701.863520][ T28] audit: type=1400 audit(2000000085.436:31642): avc: denied { append } for pid=26230 comm="syz-executor.1" name="loop9" dev="devtmpfs" ino=123 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 702.030357][T26239] loop0: detected capacity change from 0 to 40427 [ 702.040431][T26239] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 702.049717][T26239] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 702.069046][T26239] F2FS-fs (loop0): invalid crc value [ 702.258420][T26239] F2FS-fs (loop0): Found nat_bits in checkpoint [ 702.296138][T26239] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 702.303582][T26239] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 702.337766][T26248] loop1: detected capacity change from 0 to 40427 [ 702.379503][T26248] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 702.387126][T26248] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 702.415479][T26248] F2FS-fs (loop1): Found nat_bits in checkpoint [ 702.453655][T26248] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 702.460603][T26248] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 702.520203][T26241] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 702.531522][T26241] F2FS-fs (loop1): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 703.037374][T26274] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 703.153565][T26275] overlayfs: missing 'lowerdir' [ 703.237326][T26281] netlink: 'syz-executor.1': attribute type 3 has an invalid length. [ 703.268818][T26281] loop1: detected capacity change from 0 to 16 [ 703.276812][T26281] erofs: (device loop1): mounted with root inode @ nid 36. [ 703.344659][T26281] IPv6: syztnl2: Disabled Multicast RS [ 703.906027][ T28] audit: type=1326 audit(2000000087.211:31643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26289 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0ab947cf29 code=0x0 [ 704.340691][T26310] loop1: detected capacity change from 0 to 16 [ 704.347696][T26310] erofs: (device loop1): erofs_read_superblock: blkszbits 0 isn't supported [ 704.367350][ T354] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 704.377544][ T354] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 704.751741][T26326] netlink: 'syz-executor.0': attribute type 3 has an invalid length. [ 704.761124][T26326] loop0: detected capacity change from 0 to 16 [ 704.767722][T26326] erofs: (device loop0): mounted with root inode @ nid 36. [ 704.805908][T26330] loop0: detected capacity change from 0 to 512 [ 705.079884][T26330] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 705.088735][T26330] ext4 filesystem being mounted at /root/syzkaller-testdir2860510389/syzkaller.Mb2sUK/18/bus supports timestamps until 2038 (0x7fffffff) [ 705.269612][T26347] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0' [ 705.600294][T26356] syz-executor.4[26356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 705.600369][T26356] syz-executor.4[26356] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 705.616993][T26348] loop2: detected capacity change from 0 to 65536 [ 705.637201][T26038] EXT4-fs (loop0): unmounting filesystem. [ 705.704076][ T332] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 706.087397][ T332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 706.141167][ T332] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 706.153925][ T332] usb 2-1: New USB device found, idVendor=27b8, idProduct=01ed, bcdDevice= 0.00 [ 706.162958][ T332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.171724][ T332] usb 2-1: config 0 descriptor?? [ 706.193745][T26393] loop2: detected capacity change from 0 to 512 [ 706.219737][T26393] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 706.228540][T26393] ext4 filesystem being mounted at /root/syzkaller-testdir4229122379/syzkaller.nykCuS/169/bus supports timestamps until 2038 (0x7fffffff) [ 706.446603][T26399] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0' [ 706.677424][ T332] hid-led 0003:27B8:01ED.00C4: unbalanced delimiter at end of report description [ 706.686839][ T332] hid-led: probe of 0003:27B8:01ED.00C4 failed with error -22 [ 706.822567][T26422] loop0: detected capacity change from 0 to 16 [ 706.829267][T26422] erofs: (device loop0): erofs_read_superblock: blkszbits 0 isn't supported [ 706.867842][ T9121] usb 2-1: USB disconnect, device number 100 [ 707.023578][T23406] EXT4-fs (loop2): unmounting filesystem. [ 707.359022][T26465] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 707.501788][T26467] loop1: detected capacity change from 0 to 512 [ 707.542759][T26467] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 707.551568][T26467] ext4 filesystem being mounted at /root/syzkaller-testdir3886389205/syzkaller.Sk396h/22/bus supports timestamps until 2038 (0x7fffffff) [ 707.722331][T26471] xt_SECMARK: invalid security context 'system_u:object_r:devicekit_exec_t:s0' [ 707.957285][T26483] syz-executor.0[26483] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 707.957356][T26483] syz-executor.0[26483] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 708.095758][T26509] syz-executor.0[26509] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 708.108108][T26509] syz-executor.0[26509] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 708.519254][T26515] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.0'. [ 708.552352][T26138] EXT4-fs (loop1): unmounting filesystem. [ 708.824020][T26519] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 708.904185][T26535] tc_dump_action: action bad kind [ 708.920431][T26537] fuse: Bad value for 'fd' [ 708.940783][ T28] audit: type=1326 audit(2000000093.007:31644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4347cf29 code=0x7ffc0000 [ 708.975009][ T28] audit: type=1326 audit(2000000093.007:31645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4347cf29 code=0x7ffc0000 [ 708.999280][ T28] audit: type=1326 audit(2000000093.028:31646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b4347cf29 code=0x7ffc0000 [ 709.024227][ T28] audit: type=1326 audit(2000000093.028:31647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4347cf29 code=0x7ffc0000 [ 709.048295][ T28] audit: type=1326 audit(2000000093.028:31648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4347cf29 code=0x7ffc0000 [ 709.072720][ T28] audit: type=1326 audit(2000000093.028:31649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b4347cf29 code=0x7ffc0000 [ 709.097235][ T28] audit: type=1326 audit(2000000093.039:31650): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4347cf29 code=0x7ffc0000 [ 709.121280][ T28] audit: type=1326 audit(2000000093.039:31651): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9b4347a6a7 code=0x7ffc0000 [ 709.145655][ T28] audit: type=1326 audit(2000000093.039:31652): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f9b43440379 code=0x7ffc0000 [ 709.169714][ T28] audit: type=1326 audit(2000000093.039:31653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26534 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f9b4347a6a7 code=0x7ffc0000 [ 709.229262][ T9121] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 709.565585][ T9121] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 709.584526][ T9121] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 709.597261][ T9121] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 709.606088][ T9121] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 709.614502][ T9121] usb 1-1: config 0 descriptor?? [ 709.806884][T26576] IPv6: NLM_F_REPLACE set, but no existing node found! [ 709.888710][T26588] syz-executor.4[26588] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 709.888758][T26588] syz-executor.4[26588] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 710.061769][ T9121] plantronics 0003:047F:FFFF.00C5: unknown main item tag 0x0 [ 710.080713][ T9121] plantronics 0003:047F:FFFF.00C5: unknown main item tag 0x0 [ 710.088153][ T9121] plantronics 0003:047F:FFFF.00C5: No inputs registered, leaving [ 710.106534][ T9121] plantronics 0003:047F:FFFF.00C5: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 711.508622][ T332] usb 1-1: USB disconnect, device number 96 [ 718.542373][T26600] IPv6: NLM_F_REPLACE set, but no existing node found! [ 718.559935][T26607] incfs: ino conflict with backing FS 1 [ 718.565797][T26607] incfs: ino conflict with backing FS 2 [ 718.571412][T26607] incfs: ino conflict with backing FS 5 [ 718.577833][T26607] incfs: ino conflict with backing FS 6 [ 718.586277][ T28] kauditd_printk_skb: 216 callbacks suppressed [ 718.586291][ T28] audit: type=1400 audit(2000000103.320:31870): avc: denied { create } for pid=26605 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_iscsi_socket permissive=1 [ 718.705309][T26616] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.712336][T26616] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.719647][T26616] device bridge_slave_0 entered promiscuous mode [ 718.728859][T26616] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.735820][T26616] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.743160][T26616] device bridge_slave_1 entered promiscuous mode [ 718.785430][T26616] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.792354][T26616] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.799392][T26616] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.806178][T26616] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.827588][T26629] fuse: Bad value for 'fd' [ 718.832128][T26629] fuse: Bad value for 'fd' [ 718.842125][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 718.850415][T14121] bridge0: port 1(bridge_slave_0) entered disabled state [ 718.858112][T14121] bridge0: port 2(bridge_slave_1) entered disabled state [ 718.876270][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 718.884301][T21561] bridge0: port 1(bridge_slave_0) entered blocking state [ 718.891162][T21561] bridge0: port 1(bridge_slave_0) entered forwarding state [ 718.898675][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 718.906635][T21561] bridge0: port 2(bridge_slave_1) entered blocking state [ 718.913465][T21561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 718.920692][T26633] IPv6: NLM_F_REPLACE set, but no existing node found! [ 718.934690][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 718.946201][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 718.960499][ T9121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 718.973309][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 718.981163][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 718.988449][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 718.996286][T26616] device veth0_vlan entered promiscuous mode [ 719.006043][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 719.018627][T26616] device veth1_macvtap entered promiscuous mode [ 719.032054][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 719.050134][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 719.129623][ T43] device bridge_slave_1 left promiscuous mode [ 719.135598][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 719.145343][ T43] device bridge_slave_0 left promiscuous mode [ 719.153101][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 719.167671][ T43] device veth1_macvtap left promiscuous mode [ 719.174556][ T43] device veth0_vlan left promiscuous mode [ 719.180202][T26665] ip6t_REJECT: TCP_RESET illegal for non-tcp [ 719.785033][T26696] loop0: detected capacity change from 0 to 2048 [ 719.801528][T26696] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 719.810005][T26696] ext4 filesystem being mounted at /root/syzkaller-testdir2860510389/syzkaller.Mb2sUK/53/bus supports timestamps until 2038 (0x7fffffff) [ 719.829574][T26038] EXT4-fs (loop0): unmounting filesystem. [ 720.790946][T26769] xt_limit: Overflow, try lower: 184549376/256 [ 720.849634][T26777] loop3: detected capacity change from 0 to 2048 [ 720.877035][T26777] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 720.885642][T26777] ext4 filesystem being mounted at /root/syzkaller-testdir1854847855/syzkaller.dy1TbQ/28/bus supports timestamps until 2038 (0x7fffffff) [ 720.914000][T26616] EXT4-fs (loop3): unmounting filesystem. [ 720.968482][T26793] fuse: Bad value for 'fd' [ 720.973217][T26793] fuse: Bad value for 'fd' [ 721.374991][T26841] x_tables: duplicate underflow at hook 4 [ 722.174111][T26877] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=35070 (70140 ns) > initial count (504 ns). Using initial count to start timer. [ 722.314319][T26886] loop2: detected capacity change from 0 to 256 [ 722.327258][T26886] FAT-fs (loop2): Directory bread(block 64) failed [ 722.333866][T26886] FAT-fs (loop2): Directory bread(block 65) failed [ 722.340200][T26886] FAT-fs (loop2): Directory bread(block 66) failed [ 722.346593][T26886] FAT-fs (loop2): Directory bread(block 67) failed [ 722.353212][T26886] FAT-fs (loop2): Directory bread(block 68) failed [ 722.359544][T26886] FAT-fs (loop2): Directory bread(block 69) failed [ 722.366307][T26886] FAT-fs (loop2): Directory bread(block 70) failed [ 722.372719][T26886] FAT-fs (loop2): Directory bread(block 71) failed [ 722.379039][T26886] FAT-fs (loop2): Directory bread(block 72) failed [ 722.385707][T26886] FAT-fs (loop2): Directory bread(block 73) failed [ 722.519374][ T1777] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 722.533819][T26894] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 722.912006][ T1777] usb 4-1: config 0 has an invalid interface descriptor of length 3, skipping [ 722.920873][ T1777] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 722.931069][ T1777] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 722.939918][ T1777] usb 4-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 722.948845][ T1777] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 722.957427][ T1777] usb 4-1: config 0 descriptor?? [ 722.988507][T26908] syz-executor.0[26908] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 722.988556][T26908] syz-executor.0[26908] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 723.196231][T26884] loop3: detected capacity change from 0 to 512 [ 723.226856][T26884] EXT4-fs (loop3): orphan cleanup on readonly fs [ 723.235363][T26884] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 723.244368][T26884] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 723.256914][T26884] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 723.265896][T26884] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 723.276197][T26918] netlink: 1320 bytes leftover after parsing attributes in process `syz-executor.2'. [ 723.288664][T26884] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz-executor.3: bg 0: block 64: padding at end of block bitmap is not set [ 723.311655][T26884] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 723.322963][T26884] Quota error (device loop3): dq_insert_tree: Quota tree root isn't allocated! [ 723.331890][T26884] Quota error (device loop3): qtree_write_dquot: Error -5 occurred while creating quota [ 723.344837][T26884] EXT4-fs (loop3): 1 orphan inode deleted [ 723.369699][T26884] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 723.383280][T26884] EXT4-fs (loop3): unmounting filesystem. [ 723.465110][T14121] usb 4-1: USB disconnect, device number 97 [ 726.257434][T26999] loop2: detected capacity change from 0 to 40427 [ 726.327840][T26999] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 726.335491][T26999] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 726.394979][T27004] loop3: detected capacity change from 0 to 256 [ 726.408048][T27004] FAT-fs (loop3): Directory bread(block 64) failed [ 726.414558][T27004] FAT-fs (loop3): Directory bread(block 65) failed [ 726.423660][T27004] FAT-fs (loop3): Directory bread(block 66) failed [ 726.430293][T26999] F2FS-fs (loop2): Found nat_bits in checkpoint [ 726.463537][T27004] FAT-fs (loop3): Directory bread(block 67) failed [ 726.471216][T27004] FAT-fs (loop3): Directory bread(block 68) failed [ 726.477855][T27004] FAT-fs (loop3): Directory bread(block 69) failed [ 726.484301][T26999] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 726.491373][T26999] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 726.499197][T27004] FAT-fs (loop3): Directory bread(block 70) failed [ 726.505617][T27004] FAT-fs (loop3): Directory bread(block 71) failed [ 726.512029][T27004] FAT-fs (loop3): Directory bread(block 72) failed [ 726.518453][T27004] FAT-fs (loop3): Directory bread(block 73) failed [ 726.526440][T26984] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 726.535644][T26984] F2FS-fs (loop2): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 726.624215][T27017] loop3: detected capacity change from 0 to 2048 [ 726.631519][T27017] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 726.644571][T27017] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 726.661128][T26616] EXT4-fs (loop3): unmounting filesystem. [ 726.988520][ T332] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 727.218804][ T332] usb 4-1: Using ep0 maxpacket: 32 [ 727.480437][ T332] usb 4-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed [ 727.489450][ T332] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 727.497625][ T332] usb 4-1: Product: syz [ 727.501698][ T332] usb 4-1: Manufacturer: syz [ 727.506037][ T332] usb 4-1: SerialNumber: syz [ 727.511168][ T332] usb 4-1: config 0 descriptor?? [ 727.994934][ T28] audit: type=1400 audit(2000000113.381:31871): avc: denied { unmount } for pid=23590 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 728.022343][T27063] syz-executor.4[27063] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 728.022419][T27063] syz-executor.4[27063] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 728.069764][T27059] loop0: detected capacity change from 0 to 40427 [ 728.088867][T27059] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 728.096449][T27059] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 728.107561][T27059] F2FS-fs (loop0): Found nat_bits in checkpoint [ 728.145049][T27059] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 728.151959][T27059] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 728.184279][T27056] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 728.193608][T27056] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 728.218888][ T332] (unnamed net_device) (uninitialized): Assigned a random MAC address: d6:5a:ce:60:00:18 [ 728.235339][ T332] rtl8150 4-1:0.0: eth1: rtl8150 is detected [ 728.242982][ T332] usb 4-1: USB disconnect, device number 98 [ 728.582281][T27090] loop2: detected capacity change from 0 to 256 [ 728.932486][T27104] netlink: 1320 bytes leftover after parsing attributes in process `syz-executor.0'. [ 729.018015][T27106] syz-executor.3[27106] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 729.018300][T27106] syz-executor.3[27106] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 729.432723][ T3003] usb 4-1: new high-speed USB device number 99 using dummy_hcd [ 729.694277][ T3003] usb 4-1: Using ep0 maxpacket: 32 [ 729.740918][ T1777] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 729.984258][ T3003] usb 4-1: New USB device found, idVendor=0584, idProduct=0008, bcdDevice= 1.02 [ 729.993571][ T3003] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 730.001415][ T3003] usb 4-1: Product: syz [ 730.005521][ T3003] usb 4-1: Manufacturer: syz [ 730.009977][ T3003] usb 4-1: SerialNumber: syz [ 730.015039][ T3003] usb 4-1: config 0 descriptor?? [ 730.059163][ T3003] ums-alauda 4-1:0.0: USB Mass Storage device detected [ 730.077194][ T1777] usb 3-1: config 0 has an invalid interface descriptor of length 3, skipping [ 730.085945][ T1777] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 730.095870][ T1777] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 730.104570][ T1777] usb 3-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 730.113432][ T1777] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 730.121827][ T1777] usb 3-1: config 0 descriptor?? [ 730.248690][ T3003] usb 4-1: USB disconnect, device number 99 [ 730.358433][T27119] loop2: detected capacity change from 0 to 512 [ 730.366018][T27119] EXT4-fs (loop2): orphan cleanup on readonly fs [ 730.372667][T27119] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated! [ 730.381604][T27119] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 730.391294][T27119] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated! [ 730.400067][T27119] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 730.409858][T27119] EXT4-fs error (device loop2): ext4_validate_block_bitmap:438: comm syz-executor.2: bg 0: block 64: padding at end of block bitmap is not set [ 730.424589][T27119] EXT4-fs error (device loop2) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 730.433440][T27119] Quota error (device loop2): dq_insert_tree: Quota tree root isn't allocated! [ 730.442335][T27119] Quota error (device loop2): qtree_write_dquot: Error -5 occurred while creating quota [ 730.451975][T27119] EXT4-fs (loop2): 1 orphan inode deleted [ 730.458532][T27119] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 730.467757][T27119] EXT4-fs (loop2): unmounting filesystem. [ 730.510658][ T1777] usb 3-1: USB disconnect, device number 106 [ 730.757395][T27143] netlink: 'syz-executor.3': attribute type 2 has an invalid length. [ 730.857782][T27145] loop3: detected capacity change from 0 to 40427 [ 730.864763][T27145] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 730.872440][T27145] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 730.882498][T27145] F2FS-fs (loop3): Found nat_bits in checkpoint [ 730.920895][T27145] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 730.930004][T27145] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 730.951634][ T28] audit: type=1400 audit(2000000116.550:31872): avc: denied { create } for pid=27144 comm="syz-executor.3" name="file2" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 730.978542][ T28] audit: type=1400 audit(2000000116.582:31873): avc: denied { write } for pid=27144 comm="syz-executor.3" name="file2" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 731.003468][ T28] audit: type=1400 audit(2000000116.582:31874): avc: denied { open } for pid=27144 comm="syz-executor.3" path="/root/syzkaller-testdir1854847855/syzkaller.dy1TbQ/63/bus/file2" dev="loop3" ino=10 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 731.036730][ T28] audit: type=1400 audit(2000000116.582:31875): avc: denied { ioctl } for pid=27144 comm="syz-executor.3" path="/root/syzkaller-testdir1854847855/syzkaller.dy1TbQ/63/bus/file2" dev="loop3" ino=10 ioctlcmd=0x4c02 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=blk_file permissive=1 [ 731.254215][ T1777] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 731.344705][T27189] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 731.357425][T27189] bridge0: port 2(bridge_slave_1) entered disabled state [ 731.364469][T27189] bridge0: port 1(bridge_slave_0) entered disabled state [ 731.411215][T27189] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 731.523208][T27203] fuse: Bad value for 'fd' [ 731.566440][T27213] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=27213 comm=syz-executor.2 [ 731.655979][ T1777] usb 4-1: config index 0 descriptor too short (expected 45, got 36) [ 731.664266][ T1777] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 731.675142][ T1777] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 731.688548][ T1777] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 731.713064][ T1777] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 731.757996][T27216] device pim6reg1 entered promiscuous mode [ 731.824021][ T1777] usb 4-1: config 0 descriptor?? [ 731.855349][T27220] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 731.861704][ T1777] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 731.872459][T27220] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 731.899767][T27222] loop2: detected capacity change from 0 to 256 [ 731.943368][T27233] loop0: detected capacity change from 0 to 512 [ 731.961294][T27233] EXT4-fs (loop0): 1 orphan inode deleted [ 731.966926][T27233] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 731.976148][T27233] ext4 filesystem being mounted at /root/syzkaller-testdir2860510389/syzkaller.Mb2sUK/111/file1 supports timestamps until 2038 (0x7fffffff) [ 732.001950][T26038] EXT4-fs (loop0): unmounting filesystem. [ 732.073477][T27241] loop0: detected capacity change from 0 to 256 [ 732.121034][T27244] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.128139][T27244] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.136274][T27244] device bridge_slave_0 entered promiscuous mode [ 732.143056][T27248] netlink: 1320 bytes leftover after parsing attributes in process `syz-executor.2'. [ 732.155173][T27244] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.162237][T27244] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.169521][T27244] device bridge_slave_1 entered promiscuous mode [ 732.213287][T27244] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.220371][T27244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 732.227444][T27244] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.234231][T27244] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.253949][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 732.261345][ T3003] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.268767][ T3003] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.292965][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 732.301223][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 732.308908][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 732.316382][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 732.324795][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 732.333358][ T3003] bridge0: port 1(bridge_slave_0) entered blocking state [ 732.340314][ T3003] bridge0: port 1(bridge_slave_0) entered forwarding state [ 732.347650][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 732.355648][ T3003] bridge0: port 2(bridge_slave_1) entered blocking state [ 732.362507][ T3003] bridge0: port 2(bridge_slave_1) entered forwarding state [ 732.370505][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 732.378743][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 732.389183][T27244] device veth0_vlan entered promiscuous mode [ 732.400656][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 732.410187][T27244] device veth1_macvtap entered promiscuous mode [ 732.421279][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 732.437604][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 732.609675][T26022] device bridge_slave_1 left promiscuous mode [ 732.616037][T26022] bridge0: port 2(bridge_slave_1) entered disabled state [ 732.624368][T26022] device bridge_slave_0 left promiscuous mode [ 732.631325][T26022] bridge0: port 1(bridge_slave_0) entered disabled state [ 732.639603][T26022] device veth1_macvtap left promiscuous mode [ 732.645844][T26022] device veth0_vlan left promiscuous mode [ 732.781464][T23590] bridge0: port 3(syz_tun) entered disabled state [ 732.789837][T23590] device syz_tun left promiscuous mode [ 732.795165][T23590] bridge0: port 3(syz_tun) entered disabled state [ 733.030894][T27277] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.037879][T27277] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.045144][T27277] device bridge_slave_0 entered promiscuous mode [ 733.052081][T27277] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.058944][T27277] bridge0: port 2(bridge_slave_1) entered disabled state [ 733.073285][T27277] device bridge_slave_1 entered promiscuous mode [ 733.356734][T27277] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.363832][T27277] bridge0: port 2(bridge_slave_1) entered forwarding state [ 733.371022][T27277] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.377925][T27277] bridge0: port 1(bridge_slave_0) entered forwarding state [ 733.383586][ T3003] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 733.413200][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 733.421070][ T1777] bridge0: port 1(bridge_slave_0) entered disabled state [ 733.428449][ T1777] bridge0: port 2(bridge_slave_1) entered disabled state [ 733.448280][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 733.456386][ T8752] bridge0: port 1(bridge_slave_0) entered blocking state [ 733.463250][ T8752] bridge0: port 1(bridge_slave_0) entered forwarding state [ 733.470516][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 733.478573][ T8752] bridge0: port 2(bridge_slave_1) entered blocking state [ 733.485423][ T8752] bridge0: port 2(bridge_slave_1) entered forwarding state [ 733.494316][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 733.509482][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 733.525088][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 733.533702][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 733.541627][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 733.549656][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 733.557141][T27277] device veth0_vlan entered promiscuous mode [ 733.570949][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 733.580521][T27277] device veth1_macvtap entered promiscuous mode [ 733.593767][ T1777] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 733.608652][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 733.626478][ T3003] usb 1-1: Using ep0 maxpacket: 32 [ 733.672442][ T8752] usb 4-1: USB disconnect, device number 100 [ 733.761001][T27293] loop3: detected capacity change from 0 to 512 [ 733.778428][T27293] EXT4-fs (loop3): 1 orphan inode deleted [ 733.784133][T27293] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 733.793047][T27293] ext4 filesystem being mounted at /root/syzkaller-testdir1854847855/syzkaller.dy1TbQ/64/file1 supports timestamps until 2038 (0x7fffffff) [ 733.821663][T26616] EXT4-fs (loop3): unmounting filesystem. [ 733.854456][T27303] device lo entered promiscuous mode [ 733.861627][T27303] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 733.878781][ T3003] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 733.889481][ T3003] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 733.897677][ T3003] usb 1-1: Product: syz [ 733.902326][ T3003] usb 1-1: config 0 descriptor?? [ 733.920801][T27310] netlink: 1320 bytes leftover after parsing attributes in process `syz-executor.2'. [ 734.165319][T27317] loop1: detected capacity change from 0 to 40427 [ 734.174012][T27317] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 734.182279][T27317] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 734.193611][T27317] F2FS-fs (loop1): Found nat_bits in checkpoint [ 734.205599][ T3003] usb 1-1: Found UVC 0.00 device syz (046d:08f6) [ 734.214060][ T3003] usb 1-1: No valid video chain found. [ 734.225395][ T3003] usb 1-1: USB disconnect, device number 97 [ 734.246998][T27317] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 734.254578][T27317] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 734.481666][T27326] loop4: detected capacity change from 0 to 512 [ 734.490121][T27326] ext4: Bad value for 'min_batch_time' [ 734.523065][ T1777] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 734.855732][T27336] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 734.880837][T27333] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 734.905553][T27340] device lo entered promiscuous mode [ 734.912665][T27340] IPv6: ADDRCONF(NETDEV_CHANGE): lo: link becomes ready [ 734.925030][ T1777] usb 2-1: config index 0 descriptor too short (expected 45, got 36) [ 734.945382][ T1777] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xFF, skipping [ 734.965742][ T1777] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 734.986631][ T1777] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 734.995779][ T1777] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 735.004975][ T1777] usb 2-1: config 0 descriptor?? [ 735.046592][ T1777] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 735.126103][T27353] syzkaller0: refused to change device tx_queue_len [ 735.348208][ T343] device bridge_slave_1 left promiscuous mode [ 735.354257][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 735.369534][ T343] device bridge_slave_0 left promiscuous mode [ 735.378717][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 735.397209][ T343] device veth1_macvtap left promiscuous mode [ 735.407639][ T343] device veth0_vlan left promiscuous mode [ 735.429134][ T3003] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 735.830526][ T3003] usb 3-1: Using ep0 maxpacket: 32 [ 736.980778][ T3003] usb 3-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 737.003036][ T3003] usb 3-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 737.012817][ T8752] usb 2-1: USB disconnect, device number 101 [ 737.013801][ T3003] usb 3-1: Product: syz [ 737.024904][ T3003] usb 3-1: config 0 descriptor?? [ 737.045085][ T1777] usb 1-1: new full-speed USB device number 98 using dummy_hcd [ 737.184792][T27411] netlink: 'syz-executor.3': attribute type 27 has an invalid length. [ 737.205172][T27411] device lo left promiscuous mode [ 737.351254][T27411] bridge0: port 2(bridge_slave_1) entered disabled state [ 737.358335][T27411] bridge0: port 1(bridge_slave_0) entered disabled state [ 737.362346][ T3003] usb 3-1: Found UVC 0.00 device syz (046d:08f6) [ 737.371706][ T3003] usb 3-1: No valid video chain found. [ 737.378412][ T3003] usb 3-1: USB disconnect, device number 107 [ 737.958591][T27420] usb usb2: usbfs: process 27420 (syz-executor.1) did not claim interface 0 before use [ 737.969472][ T1777] usb 1-1: config 1 interface 0 altsetting 1 has 3 endpoint descriptors, different from the interface descriptor's value: 0 [ 737.985970][ T1777] usb 1-1: config 1 interface 0 has no altsetting 0 [ 738.212762][ T1777] usb 1-1: string descriptor 0 read error: -22 [ 738.215685][T27427] loop4: detected capacity change from 0 to 512 [ 738.218878][ T1777] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 738.230378][T27427] FAT-fs (loop4): bogus logical sector size 2175 [ 738.237184][ T1777] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 738.379613][T27427] FAT-fs (loop4): Can't find a valid FAT filesystem [ 739.373816][T27438] device pim6reg1 entered promiscuous mode [ 739.388875][ T1777] usb 1-1: can't set config #1, error -71 [ 739.398468][ T1777] usb 1-1: USB disconnect, device number 98 [ 739.780645][ T2008] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 740.014120][ T2008] usb 2-1: Using ep0 maxpacket: 32 [ 740.239189][ T2008] usb 2-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 740.334304][ T2008] usb 2-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 740.447385][T27451] loop3: detected capacity change from 0 to 131072 [ 740.453793][ T2008] usb 2-1: Product: syz [ 740.459282][ T2008] usb 2-1: config 0 descriptor?? [ 740.468631][T27451] F2FS-fs (loop3): Found nat_bits in checkpoint [ 740.504403][ T28] audit: type=1326 audit(2000000126.786:31876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff06da7cf29 code=0x7ffc0000 [ 740.529044][T27451] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 740.536410][ T28] audit: type=1326 audit(2000000126.786:31877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff06da7cf29 code=0x7ffc0000 [ 740.565527][ T28] audit: type=1326 audit(2000000126.786:31878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff06da7cf29 code=0x7ffc0000 [ 740.605586][ T28] audit: type=1326 audit(2000000126.786:31879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff06da7cf29 code=0x7ffc0000 [ 740.633389][ T28] audit: type=1326 audit(2000000126.850:31880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff06da7cf29 code=0x7ffc0000 [ 740.657716][ T28] audit: type=1326 audit(2000000126.850:31881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff06da7a6a7 code=0x7ffc0000 [ 740.682783][ T28] audit: type=1326 audit(2000000126.850:31882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff06da40379 code=0x7ffc0000 [ 740.706831][ T28] audit: type=1326 audit(2000000126.850:31883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff06da7a6a7 code=0x7ffc0000 [ 740.731319][ T28] audit: type=1326 audit(2000000126.850:31884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff06da40379 code=0x7ffc0000 [ 740.755595][ T28] audit: type=1326 audit(2000000126.850:31885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27486 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff06da7a6a7 code=0x7ffc0000 [ 740.779793][ T2008] usb 2-1: Found UVC 0.00 device syz (046d:08f6) [ 740.786152][ T2008] usb 2-1: No valid video chain found. [ 740.792600][ T2008] usb 2-1: USB disconnect, device number 102 [ 741.581959][T27513] loop4: detected capacity change from 0 to 512 [ 741.600967][T27513] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 741.607841][T27515] loop2: detected capacity change from 0 to 256 [ 741.610104][T27513] EXT4-fs (loop4): mounting ext2 file system using the ext4 subsystem [ 741.625042][T27513] EXT4-fs (loop4): warning: checktime reached, running e2fsck is recommended [ 741.634693][T27513] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz-executor.4: iget: bad extended attribute block 19 [ 741.648278][T27513] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 741.667521][T27513] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 742.220076][T27548] loop2: detected capacity change from 0 to 256 [ 742.442556][T27277] EXT4-fs (loop4): unmounting filesystem. [ 742.539783][ T2008] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 742.689450][T27563] loop4: detected capacity change from 0 to 40427 [ 742.696862][T27563] F2FS-fs (loop4): invalid crc value [ 742.704074][T27563] F2FS-fs (loop4): Found nat_bits in checkpoint [ 742.727390][T27563] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 742.749127][T27277] syz-executor.4: attempt to access beyond end of device [ 742.749127][T27277] loop4: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 742.763422][T27277] syz-executor.4: attempt to access beyond end of device [ 742.763422][T27277] loop4: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 742.786836][T16543] kworker/u4:0: attempt to access beyond end of device [ 742.786836][T16543] loop4: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 742.787278][ T2008] usb 4-1: Using ep0 maxpacket: 16 [ 742.908802][ T1235] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 742.908841][ T2008] usb 4-1: config 0 has no interfaces? [ 742.980205][T27573] bridge0: port 1(bridge_slave_0) entered blocking state [ 742.987098][T27573] bridge0: port 1(bridge_slave_0) entered disabled state [ 742.994560][T27573] device bridge_slave_0 entered promiscuous mode [ 743.002394][T27573] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.009302][T27573] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.016579][T27573] device bridge_slave_1 entered promiscuous mode [ 743.030794][ T2008] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 743.039711][ T2008] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 743.047592][ T2008] usb 4-1: Product: syz [ 743.051603][ T2008] usb 4-1: Manufacturer: syz [ 743.056589][ T2008] r8152-cfgselector 4-1: config 0 descriptor?? [ 743.126635][T27573] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.134013][T27573] bridge0: port 2(bridge_slave_1) entered forwarding state [ 743.141075][T27573] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.147889][T27573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 743.175507][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 743.184153][ T704] bridge0: port 1(bridge_slave_0) entered disabled state [ 743.221438][ T704] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.237758][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 743.245779][ T704] bridge0: port 1(bridge_slave_0) entered blocking state [ 743.252600][ T704] bridge0: port 1(bridge_slave_0) entered forwarding state [ 743.259800][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 743.267984][ T704] bridge0: port 2(bridge_slave_1) entered blocking state [ 743.274819][ T704] bridge0: port 2(bridge_slave_1) entered forwarding state [ 743.282906][ T1235] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 743.297187][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 743.305165][ T2008] r8152-cfgselector 4-1: Unknown version 0x0000 [ 743.313397][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 743.480890][ T1235] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 743.490526][ T1235] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 743.499344][ T1235] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 743.508545][ T3003] r8152-cfgselector 4-1: USB disconnect, device number 101 [ 743.515852][ T1235] usb 1-1: config 0 descriptor?? [ 743.520902][T27573] device veth0_vlan entered promiscuous mode [ 743.527344][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 743.535246][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 743.542462][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 743.549721][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 743.561742][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 743.571713][T27573] device veth1_macvtap entered promiscuous mode [ 743.582841][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 743.592588][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 743.619536][T16543] device bridge_slave_1 left promiscuous mode [ 743.625526][T16543] bridge0: port 2(bridge_slave_1) entered disabled state [ 743.632903][T16543] device bridge_slave_0 left promiscuous mode [ 743.638948][T16543] bridge0: port 1(bridge_slave_0) entered disabled state [ 743.646748][T16543] device veth1_macvtap left promiscuous mode [ 743.652604][T16543] device veth0_vlan left promiscuous mode [ 743.870456][T27401] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 743.954730][ T1235] keytouch 0003:0926:3333.00C6: fixing up Keytouch IEC report descriptor [ 743.997143][ T1235] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.00C6/input/input166 [ 744.029001][T27592] loop3: detected capacity change from 0 to 1024 [ 744.035908][T27592] EXT4-fs: Ignoring removed nomblk_io_submit option [ 744.049803][T27592] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 744.077752][ T1235] keytouch 0003:0926:3333.00C6: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 744.091060][T26616] EXT4-fs (loop3): unmounting filesystem. [ 744.143162][ T332] usb 1-1: USB disconnect, device number 99 [ 744.262855][T27401] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 744.275620][T27401] usb 5-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 744.284828][T27401] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 744.293376][T27401] usb 5-1: config 0 descriptor?? [ 744.337673][T27401] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 744.582636][ T704] usb 5-1: USB disconnect, device number 103 [ 744.608101][T22523] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 744.841475][T22523] usb 4-1: Using ep0 maxpacket: 16 [ 744.953988][T22523] usb 4-1: config 0 has no interfaces? [ 745.066361][T22523] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 745.075350][T22523] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 745.083200][T22523] usb 4-1: Product: syz [ 745.087340][T22523] usb 4-1: Manufacturer: syz [ 745.092294][T22523] r8152-cfgselector 4-1: config 0 descriptor?? [ 745.203129][T27653] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.2'. [ 745.531508][T22523] r8152-cfgselector 4-1: Unknown version 0x0000 [ 745.738633][T22523] r8152-cfgselector 4-1: USB disconnect, device number 102 [ 746.392577][T27684] netlink: 40 bytes leftover after parsing attributes in process `syz-executor.3'. [ 746.426300][T27689] syz-executor.4[27689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 746.426342][T27689] syz-executor.4[27689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 746.839171][T27699] Invalid ELF header magic: != ELF [ 746.885622][T27705] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 746.959908][T27717] syz-executor.2[27717] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 746.959965][T27717] syz-executor.2[27717] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 747.005861][T27723] Invalid ELF header magic: != ELF [ 747.135493][T27729] usb usb2: usbfs: process 27729 (syz-executor.2) did not claim interface 0 before use [ 747.353790][T27731] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 747.370207][T27733] loop4: detected capacity change from 0 to 256 [ 747.379211][T27733] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 747.688283][T27744] syz-executor.0[27744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 747.688332][T27744] syz-executor.0[27744] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 747.736125][T14121] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 747.797503][T27750] netlink: 60 bytes leftover after parsing attributes in process `syz-executor.0'. [ 747.839874][T27756] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 747.855821][T27758] loop2: detected capacity change from 0 to 256 [ 747.864859][T27758] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 748.176753][T27770] syz-executor.2[27770] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 748.176794][T27770] syz-executor.2[27770] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 748.263141][T27774] loop2: detected capacity change from 0 to 1024 [ 748.281533][T27774] EXT4-fs: Ignoring removed nomblk_io_submit option [ 748.297440][T27774] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 748.319577][T23406] EXT4-fs (loop2): unmounting filesystem. [ 748.370542][T14121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 748.381420][T14121] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 748.391238][T14121] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 748.400133][T14121] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.409652][T14121] usb 5-1: config 0 descriptor?? [ 748.749436][T27793] loop0: detected capacity change from 0 to 40427 [ 748.756305][T27793] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 748.763939][T27793] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 748.774064][T27793] F2FS-fs (loop0): Found nat_bits in checkpoint [ 748.795790][T27793] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 748.807050][T27793] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 748.813971][T27793] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 748.856368][T14121] keytouch 0003:0926:3333.00C7: fixing up Keytouch IEC report descriptor [ 748.876398][T14121] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.00C7/input/input167 [ 749.026337][T27800] syz-executor.0: attempt to access beyond end of device [ 749.026337][T27800] loop0: rw=2049, sector=45096, nr_sectors = 64 limit=40427 [ 749.063859][T27800] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 749.100974][T14121] keytouch 0003:0926:3333.00C7: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 749.113702][T14121] usb 5-1: USB disconnect, device number 104 [ 749.188068][ T28] kauditd_printk_skb: 140 callbacks suppressed [ 749.188082][ T28] audit: type=1326 audit(2000000136.083:32026): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=27781 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b4347cf29 code=0x7fc00000 [ 749.251312][T27806] syz-executor.2[27806] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 749.251356][T27806] syz-executor.2[27806] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 749.301089][T27808] picdev_read: 478 callbacks suppressed [ 749.301102][T27808] kvm: pic: non byte read [ 749.377592][T27811] netlink: 'syz-executor.2': attribute type 287 has an invalid length. [ 749.919644][T27831] device vlan0 entered promiscuous mode [ 749.927139][T27831] device vlan0 left promiscuous mode [ 750.060567][ T28] audit: type=1400 audit(2000000137.026:32027): avc: denied { read } for pid=27840 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 750.088091][T22523] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 750.175856][T27845] loop0: detected capacity change from 0 to 40427 [ 750.183428][T27845] F2FS-fs (loop0): invalid crc value [ 750.192603][T27845] F2FS-fs (loop0): Found nat_bits in checkpoint [ 750.228396][T27845] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 750.242393][T26038] syz-executor.0: attempt to access beyond end of device [ 750.242393][T26038] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 750.256505][T27857] device vlan0 entered promiscuous mode [ 750.264292][T27857] device vlan0 left promiscuous mode [ 750.269952][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 750.368163][T27868] loop2: detected capacity change from 0 to 256 [ 750.424664][T22523] usb 5-1: config 0 has an invalid interface descriptor of length 3, skipping [ 750.433325][T22523] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 750.443298][T22523] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 750.451993][T22523] usb 5-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 750.460879][T22523] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 750.562047][T22523] usb 5-1: config 0 descriptor?? [ 750.838599][T27819] loop4: detected capacity change from 0 to 512 [ 750.846437][T27819] EXT4-fs (loop4): orphan cleanup on readonly fs [ 750.853168][T27819] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 750.853417][T27876] bridge0: port 1(bridge_slave_0) entered blocking state [ 750.863242][T27819] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 750.868993][T27876] bridge0: port 1(bridge_slave_0) entered disabled state [ 750.878584][T27819] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 750.885848][T27876] device bridge_slave_0 entered promiscuous mode [ 750.894196][T27819] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 750.901073][T27876] bridge0: port 2(bridge_slave_1) entered blocking state [ 750.916743][T27876] bridge0: port 2(bridge_slave_1) entered disabled state [ 750.917074][T27819] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 64: padding at end of block bitmap is not set [ 750.924148][T27876] device bridge_slave_1 entered promiscuous mode [ 750.938570][T27819] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6157: Corrupt filesystem [ 750.953319][T27819] Quota error (device loop4): dq_insert_tree: Quota tree root isn't allocated! [ 750.962130][T27819] Quota error (device loop4): qtree_write_dquot: Error -5 occurred while creating quota [ 750.971943][T27819] EXT4-fs (loop4): 1 orphan inode deleted [ 751.003003][T27819] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 751.012190][T27819] EXT4-fs (loop4): unmounting filesystem. [ 751.028416][T27876] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.035282][T27876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 751.042365][T27876] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.049137][T27876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.068846][T27401] usb 5-1: USB disconnect, device number 105 [ 751.076934][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 751.084381][ T704] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.091506][ T704] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.100245][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 751.108590][ T1235] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.115453][ T1235] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.125745][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 751.133846][ T1235] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.140682][ T1235] bridge0: port 2(bridge_slave_1) entered forwarding state [ 751.152450][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 751.161418][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 751.176739][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 751.187848][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 751.195763][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 751.203136][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 751.215050][T27876] device veth0_vlan entered promiscuous mode [ 751.228659][T27876] device veth1_macvtap entered promiscuous mode [ 751.235481][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 751.243600][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 751.251781][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 751.253363][T27882] random: crng reseeded on system resumption [ 751.266919][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 751.275757][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 751.284769][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 751.293148][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 751.301974][ T43] device bridge_slave_1 left promiscuous mode [ 751.307907][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.315674][ T43] device bridge_slave_0 left promiscuous mode [ 751.322011][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.329840][ T43] device veth1_macvtap left promiscuous mode [ 751.335830][ T43] device veth0_vlan left promiscuous mode [ 751.568774][T27898] loop4: detected capacity change from 0 to 256 [ 751.731031][ T704] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 751.807519][T27901] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.814403][T27901] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.821715][T27901] device bridge_slave_0 entered promiscuous mode [ 751.828545][T27901] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.835752][T27901] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.843007][T27901] device bridge_slave_1 entered promiscuous mode [ 751.887544][T27901] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.894419][T27901] bridge0: port 2(bridge_slave_1) entered forwarding state [ 751.901489][T27901] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.908283][T27901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.931357][ T1235] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 751.938905][ T1235] bridge0: port 1(bridge_slave_0) entered disabled state [ 751.946038][ T1235] bridge0: port 2(bridge_slave_1) entered disabled state [ 751.954777][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 751.962816][T22523] bridge0: port 1(bridge_slave_0) entered blocking state [ 751.969692][T22523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 751.980666][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 751.988899][T22523] bridge0: port 2(bridge_slave_1) entered blocking state [ 751.995770][T22523] bridge0: port 2(bridge_slave_1) entered forwarding state [ 752.009804][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 752.017700][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 752.034112][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 752.045195][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 752.053375][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 752.060850][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 752.071520][T27901] device veth0_vlan entered promiscuous mode [ 752.077475][ T704] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 752.085781][T27901] device veth1_macvtap entered promiscuous mode [ 752.096464][ T704] usb 3-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 752.105671][ T704] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 752.106499][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 752.115092][ T704] usb 3-1: config 0 descriptor?? [ 752.129240][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 752.137843][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 752.160966][ T704] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 752.172898][T27906] loop4: detected capacity change from 0 to 256 [ 752.181151][T27906] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 752.198413][T26022] device bridge_slave_1 left promiscuous mode [ 752.204519][T26022] bridge0: port 2(bridge_slave_1) entered disabled state [ 752.212268][T26022] device bridge_slave_0 left promiscuous mode [ 752.218355][T26022] bridge0: port 1(bridge_slave_0) entered disabled state [ 752.226382][T26022] device veth1_macvtap left promiscuous mode [ 752.232223][T26022] device veth0_vlan left promiscuous mode [ 752.367130][T14121] usb 3-1: USB disconnect, device number 108 [ 752.379281][T27910] loop4: detected capacity change from 0 to 40427 [ 752.387149][T27910] F2FS-fs (loop4): invalid crc value [ 752.393744][T27910] F2FS-fs (loop4): Found nat_bits in checkpoint [ 752.401078][T27915] loop0: detected capacity change from 0 to 1024 [ 752.408194][T27915] EXT4-fs (loop0): ext4_check_descriptors: Checksum for group 0 failed (29950!=20869) [ 752.419371][T27915] EXT4-fs (loop0): invalid journal inode [ 752.425225][T27915] EXT4-fs (loop0): can't get journal size [ 752.431127][T27915] EXT4-fs error (device loop0): ext4_protect_reserved_inode:182: inode #2: comm syz-executor.0: blocks 48-48 from inode overlap system zone [ 752.433321][T27910] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 752.447135][T27915] EXT4-fs (loop0): failed to initialize system zone (-117) [ 752.460016][T27915] EXT4-fs (loop0): mount failed [ 752.468593][T27901] syz-executor.4: attempt to access beyond end of device [ 752.468593][T27901] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 752.542339][T27915] loop0: detected capacity change from 0 to 512 [ 752.555790][T27915] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 752.566551][T27915] ext4 filesystem being mounted at /root/syzkaller-testdir2860510389/syzkaller.Mb2sUK/173/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 752.621525][T26038] EXT4-fs (loop0): unmounting filesystem. [ 752.835108][T27937] loop4: detected capacity change from 0 to 40427 [ 752.841936][T27937] F2FS-fs (loop4): Invalid log sectorsize (2) [ 752.854956][T27937] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 752.868225][T27937] F2FS-fs (loop4): Found nat_bits in checkpoint [ 752.901123][T27937] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 752.908145][T27937] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 752.927865][T27937] syz-executor.4: attempt to access beyond end of device [ 752.927865][T27937] loop4: rw=2049, sector=53248, nr_sectors = 128 limit=40427 [ 752.947585][T27901] syz-executor.4: attempt to access beyond end of device [ 752.947585][T27901] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 752.970683][T27946] bridge0: port 1(bridge_slave_0) entered blocking state [ 752.978841][ T28] audit: type=1400 audit(2000000140.154:32028): avc: denied { mounton } for pid=27951 comm="syz-executor.2" path="/root/syzkaller-testdir2678067160/syzkaller.PehHtQ/3/file0" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 752.983270][T27946] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.013759][T27946] device bridge_slave_0 entered promiscuous mode [ 753.033151][T27946] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.040792][T27946] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.048133][T27946] device bridge_slave_1 entered promiscuous mode [ 753.148959][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 753.158583][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 753.185684][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 753.194997][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 753.202944][T14121] bridge0: port 1(bridge_slave_0) entered blocking state [ 753.209794][T14121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 753.217215][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 753.225933][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 753.233876][T14121] bridge0: port 2(bridge_slave_1) entered blocking state [ 753.240683][T14121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 753.247910][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 753.255802][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 753.263530][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 753.271324][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 753.280831][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 753.300524][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 753.309504][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 753.323528][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 753.335447][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 753.345016][T26022] device bridge_slave_1 left promiscuous mode [ 753.353120][T26022] bridge0: port 2(bridge_slave_1) entered disabled state [ 753.360844][T26022] device bridge_slave_0 left promiscuous mode [ 753.367070][T26022] bridge0: port 1(bridge_slave_0) entered disabled state [ 753.375321][T26022] device veth1_macvtap left promiscuous mode [ 753.381165][T26022] device veth0_vlan left promiscuous mode [ 753.389424][ T28] audit: type=1400 audit(2000000140.582:32029): avc: denied { setattr } for pid=27962 comm="syz-executor.2" name="/" dev="configfs" ino=12351 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 753.508382][T27946] device veth0_vlan entered promiscuous mode [ 753.514970][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 753.523137][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 753.718376][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 753.726363][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 753.734975][T27946] device veth1_macvtap entered promiscuous mode [ 753.743776][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 753.751223][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 753.759881][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 753.770043][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 753.778067][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 754.230010][T27984] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=27984 comm=syz-executor.0 [ 754.243346][T27984] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=27984 comm=syz-executor.0 [ 754.379722][T27997] loop2: detected capacity change from 0 to 512 [ 754.393803][T27997] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz-executor.2: corrupted inode contents [ 754.406016][T27997] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #16: comm syz-executor.2: mark_inode_dirty error [ 754.418679][T27997] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz-executor.2: corrupted inode contents [ 754.430980][T27997] EXT4-fs error (device loop2): __ext4_ext_dirty:202: inode #16: comm syz-executor.2: mark_inode_dirty error [ 754.442664][T27997] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz-executor.2: corrupted inode contents [ 754.454841][T27997] EXT4-fs error (device loop2) in ext4_orphan_del:305: Corrupt filesystem [ 754.464010][T27997] EXT4-fs error (device loop2): ext4_do_update_inode:5212: inode #16: comm syz-executor.2: corrupted inode contents [ 754.476469][T27997] EXT4-fs error (device loop2): ext4_truncate:4302: inode #16: comm syz-executor.2: mark_inode_dirty error [ 754.487867][T27997] EXT4-fs error (device loop2) in ext4_process_orphan:347: Corrupt filesystem [ 754.496996][T27997] EXT4-fs (loop2): 1 truncate cleaned up [ 754.502438][T27997] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 754.511277][T27997] ext4 filesystem being mounted at /root/syzkaller-testdir2678067160/syzkaller.PehHtQ/12/file1 supports timestamps until 2038 (0x7fffffff) [ 754.525440][T26022] Quota error (device loop2): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 754.639203][T27876] EXT4-fs (loop2): unmounting filesystem. [ 756.582083][ T704] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 756.619080][T28028] loop2: detected capacity change from 0 to 40427 [ 756.626996][T28028] F2FS-fs (loop2): invalid crc value [ 756.633382][T28028] F2FS-fs (loop2): Found nat_bits in checkpoint [ 756.673845][T28028] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 756.810648][T27876] syz-executor.2: attempt to access beyond end of device [ 756.810648][T27876] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 756.920866][ T704] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 756.931700][ T704] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 756.941383][ T704] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 756.950326][ T704] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.958739][ T704] usb 1-1: config 0 descriptor?? [ 757.024907][T28043] loop2: detected capacity change from 0 to 40427 [ 757.032421][T28043] F2FS-fs (loop2): invalid crc value [ 757.038904][T28043] F2FS-fs (loop2): Found nat_bits in checkpoint [ 757.062499][T28043] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 757.081783][T27876] syz-executor.2: attempt to access beyond end of device [ 757.081783][T27876] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 757.521079][ T704] keytouch 0003:0926:3333.00C8: fixing up Keytouch IEC report descriptor [ 757.535847][ T704] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.00C8/input/input168 [ 757.598680][T28063] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=28063 comm=syz-executor.4 [ 757.611511][T28063] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=28063 comm=syz-executor.4 [ 757.637723][T28065] random: crng reseeded on system resumption [ 757.644984][ T704] keytouch 0003:0926:3333.00C8: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 757.683736][T28071] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 757.693360][T28071] netlink: 'syz-executor.4': attribute type 4 has an invalid length. [ 757.714253][ T3003] usb 1-1: USB disconnect, device number 100 [ 757.867763][T28085] loop4: detected capacity change from 0 to 512 [ 757.884973][T28085] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #16: comm syz-executor.4: corrupted inode contents [ 757.897323][T28085] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #16: comm syz-executor.4: mark_inode_dirty error [ 757.909752][T28085] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #16: comm syz-executor.4: corrupted inode contents [ 757.922026][T28085] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz-executor.4: mark_inode_dirty error [ 757.933654][T28085] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #16: comm syz-executor.4: corrupted inode contents [ 757.945955][T28085] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 757.954563][T28085] EXT4-fs error (device loop4): ext4_do_update_inode:5212: inode #16: comm syz-executor.4: corrupted inode contents [ 757.966901][T28085] EXT4-fs error (device loop4): ext4_truncate:4302: inode #16: comm syz-executor.4: mark_inode_dirty error [ 757.978336][T28085] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 757.987696][T28085] EXT4-fs (loop4): 1 truncate cleaned up [ 757.993340][T28085] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 758.004904][T28085] ext4 filesystem being mounted at /root/syzkaller-testdir3676480957/syzkaller.mqiRsj/28/file1 supports timestamps until 2038 (0x7fffffff) [ 758.021654][T26022] Quota error (device loop4): do_check_range: Getting dqdh_entries 15 out of range 0-14 [ 758.189403][T28094] overlayfs: unrecognized mount option "obj_role=" or missing value [ 758.356686][T28101] syz-executor.0[28101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 758.356762][T28101] syz-executor.0[28101] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 758.385624][T27901] EXT4-fs (loop4): unmounting filesystem. [ 758.806101][ T704] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 759.226186][ T704] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 759.237077][ T704] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 759.246780][ T704] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 759.255757][ T704] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 759.264169][ T704] usb 1-1: config 0 descriptor?? [ 759.410907][T28140] loop4: detected capacity change from 0 to 40427 [ 759.417786][T28140] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 759.425335][T28140] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 759.435392][T28140] F2FS-fs (loop4): Found nat_bits in checkpoint [ 759.456438][T28140] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 759.467782][T28140] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 759.474746][T28140] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 759.486438][T28140] syz-executor.4: attempt to access beyond end of device [ 759.486438][T28140] loop4: rw=2049, sector=77824, nr_sectors = 544 limit=40427 [ 759.501615][T28140] syz-executor.4: attempt to access beyond end of device [ 759.501615][T28140] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 759.626176][T28146] fscrypt (sda1, inode 1965): Unsupported encryption flags (0x64) [ 759.751696][ T704] keytouch 0003:0926:3333.00C9: fixing up Keytouch IEC report descriptor [ 759.761443][ T704] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.00C9/input/input169 [ 759.877037][T28161] overlayfs: unrecognized mount option "obj_role=" or missing value [ 759.947929][ T704] keytouch 0003:0926:3333.00C9: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 759.989108][ T704] usb 1-1: USB disconnect, device number 101 [ 761.083717][ T3003] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 761.317150][ T3003] usb 3-1: Using ep0 maxpacket: 8 [ 761.428659][ T3003] usb 3-1: config 135 has an invalid interface number: 230 but max is 0 [ 761.436941][ T3003] usb 3-1: config 135 has an invalid descriptor of length 41, skipping remainder of the config [ 761.447633][ T3003] usb 3-1: config 135 has no interface number 0 [ 761.453742][ T3003] usb 3-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 761.770077][ T3003] usb 3-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 761.779229][ T3003] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 761.787048][ T3003] usb 3-1: Product: syz [ 761.791019][ T3003] usb 3-1: Manufacturer: syz [ 761.795456][ T3003] usb 3-1: SerialNumber: syz [ 762.044675][ T3003] usb 3-1: Found UVC 0.00 device syz (18ec:3288) [ 762.050930][ T3003] usb 3-1: No valid video chain found. [ 762.056648][ T3003] usb 3-1: USB disconnect, device number 109 [ 762.165820][ T2008] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 762.688656][ T2008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 762.699572][ T2008] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 762.709261][ T2008] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 762.718205][ T2008] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 762.727115][ T2008] usb 5-1: config 0 descriptor?? [ 763.174211][ T2008] keytouch 0003:0926:3333.00CA: fixing up Keytouch IEC report descriptor [ 763.183879][ T2008] input: HID 0926:3333 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0926:3333.00CA/input/input170 [ 763.259522][ T2008] keytouch 0003:0926:3333.00CA: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.4-1/input0 [ 763.367095][T27401] usb 5-1: USB disconnect, device number 106 [ 763.716014][T28240] overlayfs: unrecognized mount option "obj_role=" or missing value [ 764.085654][T28252] loop4: detected capacity change from 0 to 40427 [ 764.092526][T28252] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 764.100150][T28252] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 764.110065][T28252] F2FS-fs (loop4): Found nat_bits in checkpoint [ 764.135177][T28252] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 764.147602][T28252] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 764.154646][T28252] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 764.176251][T28252] syz-executor.4: attempt to access beyond end of device [ 764.176251][T28252] loop4: rw=2049, sector=77824, nr_sectors = 544 limit=40427 [ 764.194520][T28252] syz-executor.4: attempt to access beyond end of device [ 764.194520][T28252] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 764.248084][T28266] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 764.874560][T28303] loop0: detected capacity change from 0 to 8192 [ 764.921140][T28303] loop0: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 764.924456][T28303] loop0: p4 start 3388997632 is beyond EOD, truncated [ 765.469540][T27401] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 765.636970][T28327] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.643903][T28327] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.655126][T28327] device bridge_slave_0 entered promiscuous mode [ 765.662104][T28327] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.669027][T28327] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.676657][T28327] device bridge_slave_1 entered promiscuous mode [ 765.754773][T28327] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.761647][T28327] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.768753][T28327] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.775521][T28327] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.809485][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 765.821398][ T3003] bridge0: port 1(bridge_slave_0) entered disabled state [ 765.828101][T28336] loop0: detected capacity change from 0 to 256 [ 765.834502][ T3003] bridge0: port 2(bridge_slave_1) entered disabled state [ 765.836932][T28336] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 765.862077][T27401] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 765.872217][T27401] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 765.881447][ T2008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 765.902042][ T2008] bridge0: port 1(bridge_slave_0) entered blocking state [ 765.908934][ T2008] bridge0: port 1(bridge_slave_0) entered forwarding state [ 765.916540][ T2008] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 765.931535][ T2008] bridge0: port 2(bridge_slave_1) entered blocking state [ 765.938449][ T2008] bridge0: port 2(bridge_slave_1) entered forwarding state [ 765.964635][T27401] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 765.973657][T27401] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 765.981484][T27401] usb 5-1: SerialNumber: syz [ 766.005756][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 766.014012][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 766.021900][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 766.034014][T28327] device veth0_vlan entered promiscuous mode [ 766.041020][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 766.048948][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 766.056896][ T704] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 766.072435][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 766.081884][T28327] device veth1_macvtap entered promiscuous mode [ 766.093588][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 766.110354][ T3003] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 766.180373][ T343] device bridge_slave_1 left promiscuous mode [ 766.186326][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 766.193876][ T343] device bridge_slave_0 left promiscuous mode [ 766.199986][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 766.207959][ T343] device veth1_macvtap left promiscuous mode [ 766.213791][ T343] device veth0_vlan left promiscuous mode [ 766.254209][T27401] usb 5-1: 0:2 : does not exist [ 766.259089][T27401] usb 5-1: unit 3 not found! [ 766.270267][T27401] usb 5-1: USB disconnect, device number 107 [ 766.705780][T28359] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=256 sclass=netlink_route_socket pid=28359 comm=syz-executor.4 [ 766.779630][T28371] loop4: detected capacity change from 0 to 128 [ 766.826528][T28373] loop0: detected capacity change from 0 to 512 [ 766.876457][T28373] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 766.885422][T28373] ext4 filesystem being mounted at /root/syzkaller-testdir2023596220/syzkaller.eI1Pf7/44/file0 supports timestamps until 2038 (0x7fffffff) [ 766.905829][T27946] EXT4-fs (loop0): unmounting filesystem. [ 766.917942][ T28] audit: type=1326 audit(2000000155.080:32030): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28370 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fdb1267cf29 code=0x0 [ 767.391780][ T704] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 767.686730][T28399] loop2: detected capacity change from 0 to 128 [ 767.746841][ T704] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 767.757733][ T704] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 767.840023][ T704] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 767.849333][ T704] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 767.857312][ T704] usb 1-1: SerialNumber: syz [ 768.120327][ T704] usb 1-1: 0:2 : does not exist [ 768.125015][ T704] usb 1-1: unit 3 not found! [ 768.130416][ T704] usb 1-1: USB disconnect, device number 102 [ 768.509247][T28410] netlink: 508 bytes leftover after parsing attributes in process `syz-executor.2'. [ 768.525179][T28412] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 768.609409][T28422] loop0: detected capacity change from 0 to 512 [ 769.050035][T28434] loop2: detected capacity change from 0 to 128 [ 769.649831][T27401] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 770.294343][T27401] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 770.305758][T27401] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 770.339052][T28451] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.345948][T28451] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.353658][T28451] device bridge_slave_0 entered promiscuous mode [ 770.360922][T28451] bridge0: port 2(bridge_slave_1) entered blocking state [ 770.368085][T28451] bridge0: port 2(bridge_slave_1) entered disabled state [ 770.376193][T28451] device bridge_slave_1 entered promiscuous mode [ 770.387354][T27401] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 770.396215][T27401] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 770.404150][T27401] usb 1-1: SerialNumber: syz [ 770.408894][T28456] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 770.454744][T28451] bridge0: port 2(bridge_slave_1) entered blocking state [ 770.461631][T28451] bridge0: port 2(bridge_slave_1) entered forwarding state [ 770.468656][T28451] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.475484][T28451] bridge0: port 1(bridge_slave_0) entered forwarding state [ 770.495045][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 770.502441][T14121] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.509874][T14121] bridge0: port 2(bridge_slave_1) entered disabled state [ 770.519236][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 770.527754][T22523] bridge0: port 1(bridge_slave_0) entered blocking state [ 770.534628][T22523] bridge0: port 1(bridge_slave_0) entered forwarding state [ 770.544225][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 770.552276][T14121] bridge0: port 2(bridge_slave_1) entered blocking state [ 770.559117][T14121] bridge0: port 2(bridge_slave_1) entered forwarding state [ 770.571849][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 770.579846][T22523] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 770.594130][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 770.605289][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 770.613377][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 770.620651][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 770.628154][T28451] device veth0_vlan entered promiscuous mode [ 770.639903][T26022] device bridge_slave_1 left promiscuous mode [ 770.645916][T26022] bridge0: port 2(bridge_slave_1) entered disabled state [ 770.653203][T26022] device bridge_slave_0 left promiscuous mode [ 770.659224][T26022] bridge0: port 1(bridge_slave_0) entered disabled state [ 770.667781][T27401] usb 1-1: 0:2 : does not exist [ 770.686263][T27401] usb 1-1: unit 3 not found! [ 770.694870][T27401] usb 1-1: USB disconnect, device number 103 [ 770.744750][T28451] device veth1_macvtap entered promiscuous mode [ 770.752064][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 770.765458][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 770.773647][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 771.269878][T28480] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28480 comm=syz-executor.4 [ 771.283511][T28480] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 771.291217][T28481] loop2: detected capacity change from 0 to 8192 [ 771.331819][T28481] loop2: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 771.332748][T28481] loop2: p4 start 3388997632 is beyond EOD, truncated [ 771.498735][T28492] syz-executor.0[28492] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 771.498810][T28492] syz-executor.0[28492] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 771.540688][T28492] loop0: detected capacity change from 0 to 8192 [ 771.933826][ T28] audit: type=1400 audit(2000000160.449:32031): avc: denied { setattr } for pid=28499 comm="syz-executor.3" name="binder-control" dev="binder" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 772.149619][T28517] loop3: detected capacity change from 0 to 1024 [ 772.227980][T28517] EXT4-fs: Ignoring removed orlov option [ 772.241127][T28517] EXT4-fs: Ignoring removed nomblk_io_submit option [ 772.272664][T28517] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 773.193937][T28517] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.3: lblock 0 mapped to illegal pblock 16 (length 1) [ 773.209095][T28517] EXT4-fs warning (device loop3): ext4_empty_dir:3093: inode #2: lblock 0: comm syz-executor.3: error -117 reading directory block [ 773.515089][T28451] EXT4-fs error (device loop3): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.3: lblock 0 mapped to illegal pblock 16 (length 1) [ 773.588093][T28538] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 773.598924][T28451] EXT4-fs warning (device loop3): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.3: error -117 reading directory block [ 773.614108][T28451] EXT4-fs error (device loop3): __ext4_get_inode_loc:4497: comm syz-executor.3: Invalid inode table block 5 in block_group 0 [ 773.627115][T28451] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 773.637145][T28451] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #2: comm syz-executor.3: mark_inode_dirty error [ 773.649300][T28538] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28538 comm=syz-executor.0 [ 773.668258][ T343] EXT4-fs error (device loop3): __ext4_get_inode_loc:4497: comm kworker/u4:3: Invalid inode table block 5 in block_group 0 [ 773.682900][ T343] EXT4-fs error (device loop3): __ext4_get_inode_loc:4497: comm kworker/u4:3: Invalid inode table block 5 in block_group 0 [ 773.698134][T28451] EXT4-fs (loop3): unmounting filesystem. [ 773.752008][T28553] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 773.763235][T28553] loop2: detected capacity change from 0 to 512 [ 773.770347][T28553] EXT4-fs (loop2): Test dummy encryption mode enabled [ 773.778540][T28553] EXT4-fs error (device loop2): __ext4_iget:5046: inode #11: block 1: comm syz-executor.2: invalid block [ 773.796479][T28553] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 11 (err -117) [ 773.819611][T28553] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 773.965624][T28568] bridge0: port 1(bridge_slave_0) entered blocking state [ 773.972502][T28568] bridge0: port 1(bridge_slave_0) entered disabled state [ 773.980019][T28568] device bridge_slave_0 entered promiscuous mode [ 773.986909][T28568] bridge0: port 2(bridge_slave_1) entered blocking state [ 773.994830][T28568] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.002274][T28568] device bridge_slave_1 entered promiscuous mode [ 774.040864][T27876] EXT4-fs (loop2): unmounting filesystem. [ 774.067009][T28579] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 774.080454][T28579] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28579 comm=syz-executor.2 [ 774.085374][T28568] bridge0: port 2(bridge_slave_1) entered blocking state [ 774.100249][T28568] bridge0: port 2(bridge_slave_1) entered forwarding state [ 774.107473][T28568] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.114237][T28568] bridge0: port 1(bridge_slave_0) entered forwarding state [ 774.122729][ T28] audit: type=1326 audit(2000000162.796:32032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51c8e7cf29 code=0x7ffc0000 [ 774.148944][ T704] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 774.156944][T14121] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.164002][ T28] audit: type=1326 audit(2000000162.807:32033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51c8e7cf29 code=0x7ffc0000 [ 774.188022][ T28] audit: type=1326 audit(2000000162.807:32034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51c8e7cf29 code=0x7ffc0000 [ 774.212172][T14121] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.212377][ T28] audit: type=1326 audit(2000000162.807:32035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f51c8e7cf29 code=0x7ffc0000 [ 774.243164][ T28] audit: type=1326 audit(2000000162.807:32036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f51c8e7cf29 code=0x7ffc0000 [ 774.267236][ T28] audit: type=1326 audit(2000000162.839:32037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f51c8e7a6a7 code=0x7ffc0000 [ 774.291331][ T28] audit: type=1326 audit(2000000162.839:32038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f51c8e40379 code=0x7ffc0000 [ 774.315335][ T28] audit: type=1326 audit(2000000162.839:32039): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f51c8e7cf29 code=0x7ffc0000 [ 774.339283][ T28] audit: type=1326 audit(2000000162.839:32040): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=28574 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f51c8e7a6a7 code=0x7ffc0000 [ 774.386514][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 774.395938][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 774.406251][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 774.415544][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 774.425236][ T332] bridge0: port 1(bridge_slave_0) entered blocking state [ 774.432105][ T332] bridge0: port 1(bridge_slave_0) entered forwarding state [ 774.448216][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 774.457119][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 774.466846][ T332] bridge0: port 2(bridge_slave_1) entered blocking state [ 774.473695][ T332] bridge0: port 2(bridge_slave_1) entered forwarding state [ 774.493984][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 774.502403][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 774.510254][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 774.518425][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 774.529960][ T704] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 774.540127][ T704] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 774.558389][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 774.566588][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 774.579979][T28568] device veth0_vlan entered promiscuous mode [ 774.590142][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 774.598206][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 774.606304][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 774.613717][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 774.613862][ T704] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 774.628459][T28568] device veth1_macvtap entered promiscuous mode [ 774.637989][ T704] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 774.647278][ T704] usb 5-1: SerialNumber: syz [ 774.652437][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 774.660721][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 774.668767][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 774.688354][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 774.696985][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 774.705229][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 774.713445][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 774.744491][ T8752] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 774.892519][T28601] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 774.903446][T26022] device bridge_slave_1 left promiscuous mode [ 774.905568][T28601] loop3: detected capacity change from 0 to 512 [ 774.913202][ T704] usb 5-1: 0:2 : does not exist [ 774.916790][T28601] EXT4-fs (loop3): Test dummy encryption mode enabled [ 774.920371][T26022] bridge0: port 2(bridge_slave_1) entered disabled state [ 774.929046][T28601] EXT4-fs error (device loop3): __ext4_iget:5046: inode #11: block 1: comm syz-executor.3: invalid block [ 774.934338][ T704] usb 5-1: unit 3 not found! [ 774.945059][T28601] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 11 (err -117) [ 774.951648][ T704] usb 5-1: USB disconnect, device number 108 [ 774.963037][T28601] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 774.975575][T26022] device bridge_slave_0 left promiscuous mode [ 774.991364][T26022] bridge0: port 1(bridge_slave_0) entered disabled state [ 774.999849][T26022] device veth1_macvtap left promiscuous mode [ 775.005699][T26022] device veth0_vlan left promiscuous mode [ 775.099022][ T8752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 775.111575][ T8752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 775.125472][ T8752] usb 3-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 775.134663][ T8752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.147477][ T8752] usb 3-1: config 0 descriptor?? [ 775.181644][T28568] EXT4-fs (loop3): unmounting filesystem. [ 775.195850][T28611] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 775.206461][T28611] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28611 comm=syz-executor.3 [ 775.230403][T28613] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=28613 comm=syz-executor.3 [ 775.244039][T28613] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 775.562191][T28634] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 775.574494][T28634] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 775.594905][ T8752] isku 0003:1E7D:319C.00CB: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.2-1/input0 [ 775.626678][T28636] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 775.651994][T28636] loop3: detected capacity change from 0 to 512 [ 775.670234][T28636] EXT4-fs (loop3): Test dummy encryption mode enabled [ 775.692275][T28636] EXT4-fs error (device loop3): __ext4_iget:5046: inode #11: block 1: comm syz-executor.3: invalid block [ 775.709959][T28636] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 11 (err -117) [ 775.730771][T28636] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 775.781528][ T330] usb 3-1: USB disconnect, device number 110 [ 776.095563][T28568] EXT4-fs (loop3): unmounting filesystem. [ 776.169228][T28651] random: crng reseeded on system resumption [ 776.199070][T28651] Restarting kernel threads ... done. [ 776.261220][T28662] loop2: detected capacity change from 0 to 512 [ 776.278327][T28662] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 776.312434][T28662] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 776.322176][T28662] ext4 filesystem being mounted at /root/syzkaller-testdir2678067160/syzkaller.PehHtQ/85/file0 supports timestamps until 2038 (0x7fffffff) [ 776.347969][T28662] EXT4-fs error (device loop2): __ext4_new_inode:1281: comm syz-executor.2: failed to insert inode 16: doubly allocated? [ 776.377099][T27876] EXT4-fs (loop2): unmounting filesystem. [ 776.685384][T22523] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 777.113242][ T330] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 777.300851][T22523] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 777.311665][T22523] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 777.321296][T22523] usb 4-1: New USB device found, idVendor=1e7d, idProduct=319c, bcdDevice= 0.00 [ 777.331710][T22523] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 777.360021][T22523] usb 4-1: config 0 descriptor?? [ 777.414197][T28729] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.2'. [ 777.431347][ T330] usb 1-1: Using ep0 maxpacket: 16 [ 777.561728][T28752] input input171: cannot allocate more than FF_MAX_EFFECTS effects [ 777.576511][ T28] kauditd_printk_skb: 6752 callbacks suppressed [ 777.576526][ T28] audit: type=1400 audit(2000000166.504:38793): avc: denied { watch } for pid=28754 comm="syz-executor.2" path="/sys/fs/cgroup" dev="sysfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 777.641367][T28761] loop2: detected capacity change from 0 to 1024 [ 777.647956][T28761] EXT4-fs: Ignoring removed orlov option [ 777.653402][T28761] EXT4-fs: Ignoring removed nomblk_io_submit option [ 777.667151][T28761] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 777.685149][T28761] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.2: lblock 0 mapped to illegal pblock 16 (length 1) [ 777.699717][T28761] EXT4-fs warning (device loop2): ext4_empty_dir:3093: inode #2: lblock 0: comm syz-executor.2: error -117 reading directory block [ 777.715789][T27876] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 16: comm syz-executor.2: lblock 0 mapped to illegal pblock 16 (length 1) [ 777.730625][T27876] EXT4-fs warning (device loop2): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.2: error -117 reading directory block [ 777.744851][T27876] EXT4-fs error (device loop2): __ext4_get_inode_loc:4497: comm syz-executor.2: Invalid inode table block 5 in block_group 0 [ 777.757955][T27876] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 777.767525][T27876] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #2: comm syz-executor.2: mark_inode_dirty error [ 777.779075][ T330] usb 1-1: New USB device found, idVendor=23a7, idProduct=fedc, bcdDevice=e0.0b [ 777.790943][ T330] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 777.807670][T22523] isku 0003:1E7D:319C.00CC: hidraw0: USB HID v0.00 Device [HID 1e7d:319c] on usb-dummy_hcd.3-1/input0 [ 777.808695][ T330] usb 1-1: Product: syz [ 777.832951][ T330] usb 1-1: Manufacturer: syz [ 777.837381][ T330] usb 1-1: SerialNumber: syz [ 777.846761][ T330] usb 1-1: config 0 descriptor?? [ 777.861813][T28766] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.868734][T28766] bridge0: port 1(bridge_slave_0) entered disabled state [ 777.876038][T28766] device bridge_slave_0 entered promiscuous mode [ 777.883149][T28766] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.890160][T28766] bridge0: port 2(bridge_slave_1) entered disabled state [ 777.897294][T28766] device bridge_slave_1 entered promiscuous mode [ 777.900651][ T1045] EXT4-fs error (device loop2): __ext4_get_inode_loc:4497: comm kworker/u4:6: Invalid inode table block 5 in block_group 0 [ 777.916571][ T1045] EXT4-fs error (device loop2): __ext4_get_inode_loc:4497: comm kworker/u4:6: Invalid inode table block 5 in block_group 0 [ 777.931278][T27876] EXT4-fs (loop2): unmounting filesystem. [ 777.967260][T28766] bridge0: port 2(bridge_slave_1) entered blocking state [ 777.974112][T28766] bridge0: port 2(bridge_slave_1) entered forwarding state [ 777.981219][T28766] bridge0: port 1(bridge_slave_0) entered blocking state [ 777.988007][T28766] bridge0: port 1(bridge_slave_0) entered forwarding state [ 777.995585][T22523] usb 4-1: USB disconnect, device number 103 [ 778.012259][ T8752] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.019423][ T8752] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.026871][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 778.034333][ T8752] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 778.042882][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 778.050873][T14121] bridge0: port 1(bridge_slave_0) entered blocking state [ 778.057721][T14121] bridge0: port 1(bridge_slave_0) entered forwarding state [ 778.066384][T21561] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 778.074415][T21561] bridge0: port 2(bridge_slave_1) entered blocking state [ 778.081262][T21561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 778.099065][T28766] device veth0_vlan entered promiscuous mode [ 778.106922][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 778.115070][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 778.123778][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 778.130996][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 778.138814][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 778.146590][T27401] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 778.163028][T28766] device veth1_macvtap entered promiscuous mode [ 778.169819][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 778.182944][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 778.191309][T14121] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 778.401864][ T330] usb 1-1: MIDIStreaming interface descriptor not found [ 778.403605][T28785] input input172: cannot allocate more than FF_MAX_EFFECTS effects [ 778.410592][ T330] usb 1-1: USB disconnect, device number 104 [ 778.535804][T28799] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 778.545532][T28799] netlink: 316 bytes leftover after parsing attributes in process `syz-executor.3'. [ 778.598216][ T343] device bridge_slave_1 left promiscuous mode [ 778.604183][ T343] bridge0: port 2(bridge_slave_1) entered disabled state [ 778.611465][ T343] device bridge_slave_0 left promiscuous mode [ 778.617535][ T343] bridge0: port 1(bridge_slave_0) entered disabled state [ 778.625321][ T343] device veth1_macvtap left promiscuous mode [ 778.631214][ T343] device veth0_vlan left promiscuous mode [ 779.252168][T28814] input input173: cannot allocate more than FF_MAX_EFFECTS effects [ 779.268480][T28816] syz-executor.2[28816] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 779.268582][T28816] syz-executor.2[28816] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 779.422787][T28840] loop3: detected capacity change from 0 to 8192 [ 779.475961][T28840] loop3: p1 < p5 p6 p7 p8 p9 p10 p11 p12 p13 p14 p15 p16 p17 p18 p19 p20 p21 p22 p23 p24 p25 p26 p27 p28 p29 p30 p31 p32 p33 p34 p35 p36 p37 p38 p39 p40 p41 p42 p43 p44 p45 p46 p47 p48 p49 p50 p51 p52 p53 p54 p55 p56 p57 p58 p59 p60 p61 p62 p63 p64 p65 p66 p67 p68 p69 p70 p71 p72 p73 p74 p75 p76 p77 p78 p79 p80 p81 p82 p83 p84 p85 p86 p87 p88 p89 p90 p91 p92 p93 p94 p95 p96 p97 p98 p99 p100 p101 p102 p103 p104 p105 p106 p107 p108 p109 p110 p111 p112 p113 p114 p115 p116 p117 p118 p119 p120 p121 p122 p123 p124 p125 p126 p127 p128 p129 p130 p131 p132 p133 p134 p135 p136 p137 p138 p139 p140 p141 p142 p143 p144 p145 p146 p147 p148 p149 p150 p151 p152 p153 p154 p155 p156 p157 p158 p159 p160 p161 p162 p163 p164 p165 p166 p167 p168 p169 p170 p171 p172 p173 p174 p175 p176 p177 p178 p179 p180 p181 p182 p183 p184 p185 p186 p187 p188 p189 p190 p191 p192 p193 p194 p195 p196 p197 p198 p199 p200 p201 p202 p203 p204 p205 p206 p207 p208 p209 p210 p211 p212 p213 p214 p215 p216 [ 779.563514][T28844] overlayfs: failed to resolve './file0': -2 [ 780.164559][T28865] syz-executor.3[28865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 780.164607][T28865] syz-executor.3[28865] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 780.413051][T28884] loop3: detected capacity change from 0 to 40427 [ 780.433425][T28884] F2FS-fs (loop3): invalid crc value [ 780.442851][T28884] F2FS-fs (loop3): Found nat_bits in checkpoint [ 780.469149][T28902] syz-executor.4[28902] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 780.469236][T28902] syz-executor.4[28902] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 780.521984][T28884] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 780.551149][T28568] syz-executor.3: attempt to access beyond end of device [ 780.551149][T28568] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 780.664734][T28907] overlayfs: failed to resolve './file0': -2 [ 780.842735][T28915] loop4: detected capacity change from 0 to 512 [ 780.872716][T28915] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 780.880859][T28915] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz-executor.4: invalid indirect mapped block 2683928664 (level 1) [ 780.895557][T28915] EXT4-fs (loop4): Remounting filesystem read-only [ 780.902099][T28915] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters [ 780.916716][T28915] EXT4-fs (loop4): 1 truncate cleaned up [ 780.922226][T28915] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 780.939403][T27901] EXT4-fs (loop4): unmounting filesystem. [ 783.923956][T29111] loop4: detected capacity change from 0 to 512 [ 783.931127][T29111] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended [ 783.945327][T29111] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #15: comm syz-executor.4: iget: bad extended attribute block 19 [ 783.963383][T29111] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 783.975717][T29111] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 784.000776][T27901] EXT4-fs (loop4): unmounting filesystem. [ 785.031193][T29155] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=46 sclass=netlink_tcpdiag_socket pid=29155 comm=syz-executor.3 [ 785.204409][T29171] general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN [ 785.215962][T29171] KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] [ 785.224201][T29171] CPU: 1 PID: 29171 Comm: syz-executor.2 Tainted: G W 6.1.78-syzkaller-00016-gbda57805ab9f #0 [ 785.236173][T29171] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 785.246070][T29171] RIP: 0010:dev_map_generic_redirect+0x90/0x7d0 2033/05/18 03:36:14 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 785.252144][T29171] Code: f1 f1 00 f2 f2 f2 4b 89 04 26 43 c7 44 26 0f f3 f3 f3 f3 43 c6 44 26 13 f3 e8 ac 07 de ff 48 89 d8 48 c1 e8 03 48 89 44 24 48 <42> 80 3c 20 00 74 08 48 89 df e8 f1 04 25 00 48 89 5c 24 18 4c 8b [ 785.271597][T29171] RSP: 0018:ffffc9000307f6c0 EFLAGS: 00010246 [ 785.277490][T29171] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000040000 [ 785.285302][T29171] RDX: ffffc900069e9000 RSI: 0000000000000414 RDI: 0000000000000415 [ 785.293116][T29171] RBP: ffffc9000307f818 R08: 0000000000000005 R09: ffffffff8411e3d3 [ 785.300927][T29171] R10: 0000000000000004 R11: ffff88810d2b1440 R12: dffffc0000000000 [ 785.308735][T29171] R13: ffff888117586500 R14: 1ffff9200060fee4 R15: 0000000000000000 [ 785.316548][T29171] FS: 00007f9bd3d5e6c0(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 785.325318][T29171] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 785.331735][T29171] CR2: 0000000020010000 CR3: 000000011e2ec000 CR4: 00000000003506a0 [ 785.339638][T29171] Call Trace: [ 785.342759][T29171] [ 785.345539][T29171] ? __die_body+0x62/0xb0 [ 785.349713][T29171] ? die_addr+0x9f/0xd0 [ 785.353695][T2