last executing test programs: 1m12.392449089s ago: executing program 0 (id=402): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f00000007c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x6}}, &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='tlb_flush\x00', r0}, 0x10) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) 1m12.353000471s ago: executing program 0 (id=405): r0 = fsopen(&(0x7f0000000040)='fuseblk\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000580)='\xc1J\xaf\xfd,\x86\xbc\xa9\x02\xf2\xf6\xe2\xcd\x9f\xf6\x83\xeb\xba_6\xfdR\xd0\x8d\xc1\xf6.$w\xab|*`\x11H+^\xbb\x8ar\xb1\x8ec\xec,\xd5\xfd,\xce`\x9f\x92\xb4\xbe\x06?\xaa\x16Q\x94\x15\xbe\x80E\x9c\x93Hq?<(+\xceb0\xcc\xad\xdd\x1c\xee\x19\x1b\x91Z\x85\xb7\x04\xe7\xaf\xe0W,G\xc8\xc0\xbcR\x90\x17\x19@m\xa5\x19\x16i\xc8\x99)\xa5\xb0\xba\xbc\xe0rV\x06\xd0B\x0f\xcdF\xbc\x8e\x8a^%8k\x849S\x15=kxS\x1c\xc1\xdaT\x9c\b\xb6\xd8\xa0st~\xf1\x93\xb8\xba\xa5gV\x18F\x8f\xe4b\xdc\x19_P\x81\xa4\xc3\\g\x11\xd1\xc8 U\xba\x03\xc9\xf17\x88\r\xb99]\xdfM\xc8AQB\xc3\xf0\xf7t\xee\x95&w\xc3;', &(0x7f0000000180), 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000380)='{:\'@-\x00', &(0x7f0000000140)='\x00k\x00\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f00000000c0)='fuseblk\x00', &(0x7f0000000b80)='fuseblk\x00', 0x0) close(r0) 1m12.340254662s ago: executing program 0 (id=407): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000020000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000600459e850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x18) syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000000580), 0x5, 0x504, &(0x7f0000002580)="$eJzs3c9rXFsdAPDvzCR5SZtn33uKvFfBFirUHzSTH0gTFcSVuiiIBTcKNSbTWDPphMykNqFgqrsuXIiiIC7c+xe4sStLQVwrbl1Ji9YIVSpcmTtz00kyk041mfHlfj4wnXvnTOd7ziTfkzPnnjs3gNy62PynEDEZEb+PiHOt3f1PuNi62312b6l5K0SSXP9rIX1ecz97avb/zkbETkSMR8RXvxjxrcLhuPWt7dXFarWy0d4vN9bWy/Wt7Su31hZXKiuV2zPzVxcW5qfnZheOra0PfvidB9d+/eWxXz3/wZNHP/rtb5rVmmyXdbbjOLWaPhpvdzw2EhGfO4lgQ1Bqt2di2BXhv9L8+X0wIi6l+X8uSulPsz8vTrRmwElLkiT5d/JGr+KdBDi1iukYuFCciojWdrE4NdUaw38ozhSrtXrjUzdrm7eXW2Plt2K0ePNWtTLd/qzwVowWmvsz6fbL/dkD+3MR6Rj4x6WJdH9qqVZdHmxXBxxw9kD+/6PUyn8gJ/r/yA+cNvIf8kv+Q37Jf8gv+Q/5Jf8hv+Q/5Jf8h/yS/5Bfnfmfncj15pDqAgzWUX//xwZYD2CgvnLtWvOWZOe/L9/Z2lyt3bmyXKmvTq1tLk0t1TbWp1ZqtZX0nJ21V71etVZbn/l0bN4tNyr1Rrm+tX1jrbZ5u3EjPa//RmV0IK0C+vH2hYd/LETEzmcm0lt0/MmXq3C6JUkhhn0OMjAcpWF3QMDQOPQH+fUan/F7fkkY8P7W5St694yf7Vn0+Vg/keoAA1A8qvDF48FVBBi4y+85/gd5Zf4f8sv8P+TXK8b4hgeQA0fN/0f7Wn5d9Tv///z16gOcvCPn/4FTbbLL9b+SJPnemx3X7pqOiA9ExB9Ko29k1/oCToPiXwrt8f/lcx+bPFg6VvhnOgcwFhHf/fn1n95dbDQ2ZpqP/23v8cbP2o/PDqP+QG/7Z/iyPM3yGADIr91n95ay2yDjPv1CaxHC4fgj7bnJ8XQEc2a3sG+tQuGY1i7s3I+Id7vFL7Svd9468nFmt3Qo/jvt+0LrJdL6jqTXTR9M/Pc64n+0I/75//ldgXx42Ox/prvlXzHN6djLv/39z+QxrY/O+r9szXVn/Kz/K/Xo/y70GePbv/h+t8O76WLvp/cjznftf7N442msg/GbdbvcZ/wn3/jah3uVJb9svU63+JnmVrmxtl6ub21fuZXVYv7qwsL89NzsQjmdoy5nM9WHffbd3z3qFb/Z/rYe7f/TofZPtOv0iT7b/6+PPP76xSPif/xS99+/d9L7A+9/kuzV4ZN9xv/77J+/2ausGX+5x/tf7BY/stKIuT7j13/yJecOA8D/kfrW9upitVrZ6LIx2rvIhg0bg94YiQEGfVXPsTOYDgo4MS+Tftg1AQAAAAAAAAAAAPrVa/Xvw2NcTjzsNgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnAb/CQAA//9AntRF") mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file7\x00', 0x16c) renameat2(0xffffffffffffff9c, &(0x7f0000000140)='./file7\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x4) 1m12.319270324s ago: executing program 0 (id=409): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000007c0)=@base={0xf, 0x4, 0x4, 0x12, 0x0, 0xffffffffffffffff, 0x8}, 0x50) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000a80)={r1, &(0x7f0000000940), &(0x7f0000000a40)=@tcp6=r0}, 0x20) recvmmsg(r0, &(0x7f0000000280)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12063, 0x0) 1m12.308529145s ago: executing program 0 (id=410): syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x0, &(0x7f0000000040), 0x2, 0x46b, &(0x7f0000000580)="$eJzs3M1vFOUfAPDvzLbw+/HWivgColaJsfGlpQWVgxeNJh4wmugB9VTbQgiFGloTIUSqMXgxMSR6Vo8m/gXevBj1ZGLiSe+GhCgX0FPNzM5Ad9ltt3TZrd3PJxl4nn2e7TzfPvPMPDPPbgPoWUPZP0nEtoj4LSIGqtnaCkPV/65dOTf595Vzk0ksLr72Z5LXu3rl3GRZtXzf1iIznEakHyXFTmrNnTl7YmJmZvp0kR+dP/nO6NyZs08ePzlxbPrY9KnxQ4cOHhh75unxp9oSZxbX1T3vz+7d/dIbF1+ePHLx7R+/ydq7rShfGsct2XTzS0NZ4H8t5urLHon/r2l36832Jemkr4sNYVUqEZF1V38+/geiEjc6byBe/LCrjQNuq+zatLl58cIisIEl0e0WAN1RXuiz+99y69DUY124/Fz1BiiL+1qxVUv6Ii3q9Nfd37bTUEQcWfjni2yLdjyHAABYwSeTnx+OJxrN/9K4e0m9HcUaymBE3BEROyPizojYFRF3ReR174mIe1e5//qloZvnP+mlWwqsRdn879libat2/lfO/mKwUuS25/H3J0ePz0zvL34nw9G/OcuPLbOP71745dNmZUvnf9mW7b+cCxbtuNRX94BuamJ+Ip+UtsHlDyL29DWKP7m+EpBExO6I2LO6H72jTBx/7Ou9zSqtHP8y2rDOtPhVxKPV/l+IuvhLyfLrk6P/i5np/aPlUXGzn36+8Gqz/a8p/jbI+n9L7fFflHx5pkgMvrV0vXYuVr1yeeH3j5ve09zq8b8peT0/H5XLru9NzM+fHovYlBzO8zWvj994b5kv62fxD+9rPP53Fu/J+v++iMgO4vsj4oGIeLBo+0MR8XBE7Fsm/h+eb162Hvp/quH57/rxP5jU9P/qE5UT33/bbP+t9f/BPDVcvJKf/1bQagPX8rsDAACA/4o0/wx8ko5cT6fpyEj1M/y7Yks6Mzs3//jR2XdPTVU/Kz8Y/Wn5pGtgyfPQsWSh+InV/HjxrLgsP1A8N/6sEnl+ZHJ2ZqrLsUOv29pk/Gf+qHS7dcBt12gdbbzBF9qAjad+/Ke12fOvdLIxQEf5vjb0rhXGf9qpdgCd5/oPvavR+D9fl7cWABuT6z/0LuMfepfxD72rbvxX4tdutQTooLV8r1+ilxORrotmtJRo/e9B3O7Em+ujGS0kun1mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI9/AwAA//9sbvBf") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x51) ioctl$FS_IOC_FSSETXATTR(r1, 0x401c5820, &(0x7f0000000080)={0x8}) ioctl$FS_IOC_FSSETXATTR(r0, 0x401c5820, &(0x7f0000000080)={0x8, 0x0, 0xfffffffe, 0xe4c, 0xf2}) 1m12.291230857s ago: executing program 0 (id=411): io_setup(0x6, &(0x7f0000001000)=0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=@base={0xb, 0x5, 0x4, 0xa932, 0x9, 0xffffffffffffffff, 0x800008}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) io_getevents(r0, 0x3, 0x3, &(0x7f00000010c0)=[{}, {}, {}], &(0x7f0000001140)={0x0, 0x3938700}) 1m9.356511797s ago: executing program 32 (id=438): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e000000040000000800000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000e00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000440)={&(0x7f0000000140)='kfree\x00', r1}, 0x18) r2 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r2, 0x4000000000000, 0x4, 0x0, 0x0) 1m4.576637167s ago: executing program 2 (id=550): syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x3000490, &(0x7f0000000d80)={[{@dioread_lock}, {@auto_da_alloc}, {@quota}, {@norecovery}, {@auto_da_alloc}, {@noquota}, {@grpquota}, {@barrier_val}, {@grpjquota}, {@jqfmt_vfsold}]}, 0x45, 0x7b1, &(0x7f00000004c0)="$eJzs3c9rHNcdAPDvrFY/7VYqFFr3JCi0BuNV5ap2C4Wq9FAKNRjaUw+1xWotHK20RrsylhCJTQjkEkhCbsnF5/y8hFzz45BL8n8EGyeRTRxyCAqzP6SVtCvvOtKuHX8+MNZ7M2/2ve+82TfPmtFuAE+tyfSfTMSJiHg5iRivr08iYrCaykbM1so92NzIp0sSW1v/+Sqplrm/uZGPpn1Sx+qZX0fExy9EnMrsr7e8tr44VywWVur5qcrS1any2vrpK0tzC4WFwvLZ6ZmZM+f+dO7s4cX6zefrx++88s/fvzP73fO/evelT5KYjeP1bc1xHJbJmKwfk8H0EO7yj8OurG/ef7aDQk1nQPYoG0OX0o4ZqPfKiRiPgYP6Z7SXLQMAjspzEbHVzkDbLQDAEy2pXf//1u92AAC90vg9wP3NjXxj6e9vJHrr7t8jYqQWf+P+Zm1Ltn7PbqR6H3TsfrLrzkgSEROHUP9kRLzxwf/fSpc4ovuQAK3cuBkRlyYm94//yb5nFrr1h9arF5ozk3s2Gv+gdz5M5z9/bjX/y2zPf6LF/Ge4xXv3UTz8/Z+5fQjVtJXO//7a9Gzbg6b46yYG6rmfVed8g8nlK8VCOrb9PCJOxuBwmp8+oI6T976/125b8/zv61efeTOtP/25UyJzOzu8e5/5ucrcj4m52d2bEb/Jtoo/Hf+Hq/2ftJn/Xuiwjn/95cXX221L40/jbSz74z9aW7ciftey/5PtMsmBzydOVU+HqcZJ0cJ7szHWrv7J7E7/p0taf+P/Ar2Q9v/YwfFPJM3Pa5Y7funtp8U+uzX+UbtCzed/6/hbn/9DyX+r6aH6uutzlcrKdMRQ8u/968/s7NvIN8qn8Z/8bev3f2P8a3H+/y99/UsdHojsnS/ffvT4j1Ya/3xX/d91IkYeLA60q7+z/p/ZtU8n41+nDXzU4wYAAAAAAAAAAAAAAAAAAAAAAAAA3chExPFIMrntdCaTy9W+w/uXMZYplsqVU5dLq8vzUf2u7IkYzDQ+6nK86fNQp+ufh9/In9mT/2NE/CIiXhsereZz+VJxvt/BAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDdsTbf/5/6YnhP4YF+tBAAOBIjLuwA8LRJstl+NwEA6LWRrkqPHlk7AIDe6e76DwD8FLj+A8DT5yHX/71/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADdunD+fLpsfbu5kU/z89fWVhdL107PF8qLuaXVfC5fWrmaWyiVFoqFXL601PaFbtR+FEulqzOxvHp9qlIoV6bKa+sXl0qry5WLV5bmFgoXC4M9iwwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOldeW1+cKxYLKxJ9SSx+WuuHx6U9Et0l4kat/x6X9hxeIoZ2RonR/gxOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAE+AHwIAAP//4VQjgA==") mkdir(&(0x7f00000004c0)='./bus\x00', 0x0) chdir(&(0x7f00000000c0)='./bus\x00') r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r0, 0x0, 0x0) 1m4.41916391s ago: executing program 2 (id=554): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x20, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b704000008000000850000007800000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x73cea2d47785b264, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000280)='sched_switch\x00', r1}, 0x18) bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000440)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x6, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5}, 0x50) 1m4.330101778s ago: executing program 2 (id=560): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r1, 0x10e, 0xc, &(0x7f0000000000)={0x4800}, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000003900)={0x24, 0x16, 0xa01, 0x0, 0x0, {0x3}, [@typed={0x4}, @typed={0xc, 0xa, 0x0, 0x0, @u64}]}, 0x24}}, 0x0) 1m4.264169193s ago: executing program 2 (id=563): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000680)={[{@test_dummy_encryption}, {@init_itable}, {@noload}]}, 0x3, 0x470, &(0x7f0000001240)="$eJzs3MtvG1UXAPAzkzj98qUloZRXyyNQEBWPpGkLdMECEEgsioQEC1haSVqVpi1qjESrSKQsygohJPaIJf8CK9ggxAqJLexRpQp1Q8vKaOyZxHZsp2nsuMW/n+T23Hn43uOZa9+ZayeAoTWd/ZNE7I6I3yNisl5s3mC6/t+N6yvzN6+vzCdRrb77V1Lb7u/rK/PFpsV+E42FSOJAm3qXL146U15aWryQl2crZz+aXb546YXTZ8unFk8tnjty/Pixo3Mvv3TkxZ7kORFpHr31wVdvn/iiKf+WPHpkutvKp6vVHlc3WHsa4tEBtoOtGcmPV6nW/ydjpOHoTcabn60VPh1QA4G+qVar1YnOq1erwH9YEs1lXR6GRfFBX1z/trsOfrVvo4/Bu/Za/QIoy/tG/qivGV27Y1Bqub7tpemIeH/1n2+yR/TnPgQAQJMfsvHP89loZ2U+G3usjz/SeKBhu3vyuaGpiLg3IvZGxH1xLvZFxP0RtW0fjIiHtlh/6yTJxvFPevW2ErtF2fjvlXxuq3n8V4z+YmokL+2p5V9KTp5eWjycvyaHorQrK891qePHN377stO6xvFf9sjqL8aCeTuuju5q3mehXClvJ+dG1y5H7B9tl3+yNhOQRMTDEbG/3ROkm9dx+tnvHum0bvP8u+jBRFP124hn6sd/NVryLyTd5ydn/xdLi4dni7Nio19+vfJOp/q3lX8PZMf//23P/7X8p5LG+drlrddx5Y/PO17TTJfyYAvn/2q5Uh5L3qvFY/myT8qVyoW5iLHkRL3RjcuPrO9blIvts/wPHWzf//fG+itxICKyk/jRiHgsIh7Pj90TEfFkRBzskv/Prz/1Yeuy8SL/O+D4L2zp+K8HY9G6pH0wcuan75sqnVoP8/xvdn//O1aLDuVLbuX971badXtnMwAAANx90ojYHUk6sxan6cxM/Tv8+yLSpfPLledOnv/43EL9NwJTUUqLO12TDfdD5/LL+nr5ckTUv1pQrD8aae2+8dcj47XyzPz5pYVBJw9DbqJD/8/8OTLo1gF95wdbMLz0fxheXft/aefaAey8Df2/a5/f1de2ADurzef/+CDaAey8duN/f+8HhkNL/zftB0PE/X8YXvo/DC/9H4bS8nhs/iP5rkHxTLe5+2bBZMR2WziYIEp3RDP6FkTa9yrG+ntq9S1I7sI2bwgG954EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQS/8GAAD//3hZ0MA=") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f0000000000)='./file0\x00', 0x1222068, &(0x7f0000000bc0)=ANY=[], 0x1, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) 1m4.049311091s ago: executing program 2 (id=570): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{r0}, &(0x7f00000002c0), &(0x7f0000000300)=r1}, 0x20) uname(&(0x7f0000000040)=""/15) 1m3.867974436s ago: executing program 2 (id=576): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000080)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@bsdgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@bsdgroups}, {@oldalloc}]}, 0x3, 0x460, &(0x7f0000000780)="$eJzs3M9rHFUcAPDvTH70t4m1/ugPNbWKwR9Jk1btwYui4EFB0EM9xiQttWkjTQRbilaRepSCF0/iUfAv8CB6EfUkePGgdykU6aWtIIzM7kyz2e5uk3STjdnPB6Z9b+fNvvfdN2/3zbxOA+haQ/kfScT2iPgjIgaq2cUFhqp/Xb96fvLG1fOTSWTZG38nlXLXrp6fLIuWx20rMsNpRPpJEnsb1Dt39tzJiZmZ6TNFfnT+1Lujc2fPPX3i1MTx6ePTp8ePHDl8aOy5Z8efqTtyf/9K4szbdG3PB7P7dr/y1qXXJo9eevvnb5Iy/ro42mSo1c7HsqzN1XXWjpp00tvBhrAsPRGRd1dfZfwPRE8sdN5AvPxxRxsHrKosy7JtzXdfyIANLImlljxZfF8AG0P5Q59f/5bbGk091oUrL1QvgPK4rxdbdU9vpEWZvrrr23YaioijF/75Mt9iefchdn63Sm0CADa27/P5z1ON5n9p3FdT7q5ibWgwIu7OJx8RcU9E7IqIeyMqZe+PiAeWWX/9Ismt85/0ckR88fuKoru9fP73fLG2tXj+V87+YrCnyO2oxN+XHDsxM32w+EyGo29Tnh9rUccPL/32WbN9tfO/fMvrL+eCRTsu925afMzUxPzEncRc68pHEXt6G8Wf3FwJSCJid0TsafYmm1vXceKJr/c129cs/r6lNL4N60zZVxGPV/v/QtTFX0par0+Obo6Z6YOj5Vlxq19+vfh6s/pv3/+rK+//rQ3P/5vxDya167Vzy6/j4p+fNr2mWen535+8WUmXi8HvT8zPnxmL6E9erTa69vXxhWPLfFk+j3/4QOPxvzMWPom9EZGfxA9GxEMR8XDR9v0R8UhEHGgR/08vPvrO0uNP17z/p5bV/wuJ/qh/pXGi5+SP3y6qdLBV/I36/3AlNVy8spTvvxbNuZFl2R2czQAAAPD/k0bE9kjSkZvpNB0Zqf57+V2xNZ2ZnZt/8tjse6enqs8IDEZfWt7pGqi5HzpWXNaX+fG6/KHivvHnPVsq+ZHJ2ZmpTgcPXW5bk/Gf+6un060DVp3ntaB7Gf/QvYx/6F7GP3SvBuN/SyfaAay9Rr//H3agHcDaqxv/lv2gi7j+h+5l/EP36r39M/zAxjO3JVo/vL/ixL/FfyDQ/neWWA+JSNdFMyRWKdHpbyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2+C8AAP//E8nlDg==") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000002000040"]) 1m3.835150758s ago: executing program 33 (id=576): syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x408e, &(0x7f0000000080)={[{@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2e}}, {@bsdgroups}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x4000}}, {@stripe={'stripe', 0x3d, 0x4000}}, {@bsdgroups}, {@oldalloc}]}, 0x3, 0x460, &(0x7f0000000780)="$eJzs3M9rHFUcAPDvTH70t4m1/ugPNbWKwR9Jk1btwYui4EFB0EM9xiQttWkjTQRbilaRepSCF0/iUfAv8CB6EfUkePGgdykU6aWtIIzM7kyz2e5uk3STjdnPB6Z9b+fNvvfdN2/3zbxOA+haQ/kfScT2iPgjIgaq2cUFhqp/Xb96fvLG1fOTSWTZG38nlXLXrp6fLIuWx20rMsNpRPpJEnsb1Dt39tzJiZmZ6TNFfnT+1Lujc2fPPX3i1MTx6ePTp8ePHDl8aOy5Z8efqTtyf/9K4szbdG3PB7P7dr/y1qXXJo9eevvnb5Iy/ro42mSo1c7HsqzN1XXWjpp00tvBhrAsPRGRd1dfZfwPRE8sdN5AvPxxRxsHrKosy7JtzXdfyIANLImlljxZfF8AG0P5Q59f/5bbGk091oUrL1QvgPK4rxdbdU9vpEWZvrrr23YaioijF/75Mt9iefchdn63Sm0CADa27/P5z1ON5n9p3FdT7q5ibWgwIu7OJx8RcU9E7IqIeyMqZe+PiAeWWX/9Ismt85/0ckR88fuKoru9fP73fLG2tXj+V87+YrCnyO2oxN+XHDsxM32w+EyGo29Tnh9rUccPL/32WbN9tfO/fMvrL+eCRTsu925afMzUxPzEncRc68pHEXt6G8Wf3FwJSCJid0TsafYmm1vXceKJr/c129cs/r6lNL4N60zZVxGPV/v/QtTFX0par0+Obo6Z6YOj5Vlxq19+vfh6s/pv3/+rK+//rQ3P/5vxDya167Vzy6/j4p+fNr2mWen535+8WUmXi8HvT8zPnxmL6E9erTa69vXxhWPLfFk+j3/4QOPxvzMWPom9EZGfxA9GxEMR8XDR9v0R8UhEHGgR/08vPvrO0uNP17z/p5bV/wuJ/qh/pXGi5+SP3y6qdLBV/I36/3AlNVy8spTvvxbNuZFl2R2czQAAAPD/k0bE9kjSkZvpNB0Zqf57+V2xNZ2ZnZt/8tjse6enqs8IDEZfWt7pGqi5HzpWXNaX+fG6/KHivvHnPVsq+ZHJ2ZmpTgcPXW5bk/Gf+6un060DVp3ntaB7Gf/QvYx/6F7GP3SvBuN/SyfaAay9Rr//H3agHcDaqxv/lv2gi7j+h+5l/EP36r39M/zAxjO3JVo/vL/ixL/FfyDQ/neWWA+JSNdFMyRWKdHpbyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID2+C8AAP//E8nlDg==") r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000000000002000040"]) 57.275207765s ago: executing program 34 (id=411): io_setup(0x6, &(0x7f0000001000)=0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001000)=@base={0xb, 0x5, 0x4, 0xa932, 0x9, 0xffffffffffffffff, 0x800008}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000740)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffff9}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f00000003c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) io_getevents(r0, 0x3, 0x3, &(0x7f00000010c0)=[{}, {}, {}], &(0x7f0000001140)={0x0, 0x3938700}) 26.679652927s ago: executing program 4 (id=1349): r0 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f0000000080)={0x2, 0x5, 0x0, 0x3, 0x2, 0x0, 0x700}, 0x10}, 0x1, 0x7}, 0x0) 26.623218262s ago: executing program 4 (id=1350): socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) fcntl$lock(r0, 0x6, &(0x7f0000002000)={0x1, 0x0, 0x200, 0x2}) fcntl$lock(r0, 0x26, &(0x7f00000031c0)={0x1, 0x0, 0x0, 0x5}) fcntl$lock(r0, 0x26, &(0x7f0000000080)={0x0, 0x0, 0x10}) fcntl$lock(r0, 0x7, &(0x7f0000000040)={0x1, 0x0, 0x0, 0x3}) 25.773631242s ago: executing program 4 (id=1368): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000a00)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffe}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10) r2 = openat$selinux_load(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0) write$selinux_load(r2, &(0x7f00000003c0)={0xf97cff8c, 0x8}, 0x10) 25.730448885s ago: executing program 4 (id=1369): syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x8, &(0x7f0000000080)={[{@sb={'sb', 0x3d, 0x1}}, {@nodioread_nolock}]}, 0x2, 0x53a, &(0x7f0000000c80)="$eJzs3c9vI1cdAPDvOPHmR7NNCj0AArqUwoJW6yTeNqp6YXsBoaoSouLEYRsSN4pir6PYK5qwh+yReyVW4gT8B9w4IPXEgRs3kDj0Ug5IC6xADRIHoxlPEjexE7dJ7ST+fKTJzHszO9/34n3veV5kvwBG1o2I2I2IaxHxdkTM5vlJvsXd9pZe99HThyt7Tx+uJNFqvfXPJDuf5kXHv0k9k99zMiJ++L2InyTH4za2dzaWq9XKVp6eb9Y25xvbO7fXC3lOeWlxaeHVO6+Uz62uL9R+++S762/86Pe/+8qHf9r99s/SYs38/Hp2rrMeh4pnjpnk95npyBuPiDfOfOeLYzz//8Plk7a2z0XEi1n7n42x7NUEAK6yVms2WrOdaQDgqkuf/2ciKZTyuYCZKBRKpfYc3vMxXajWG81bs/UH91cjm8Oai2LhnfVqZSGfK5yLYpKmF7Pjw3T5Y+n3Knci4rmIeG9iKjtfWqlXV4f5xgcARtgzR8b//0y0x/9OZ/8rGABw4UwOuwAAwMB1jP9zwywHADA4nv8BYPR8gvHfpwMB4Irw/A8Ao8f4DwCj59Tx/9FgygEADMQP3nwz3Vp77e+/3v+m7turlcZGqfZgpbRS39osrdXra9VKaaXVOu1+1Xp9c/Hlg2Rje+derf7gfvPeem15rXKv4rsEAGD4nnvh/b+kg/7ua1PZFh1rORir4WorDLsAwNCMDbsAwND4PA+Mrj6e8U0DwBXXZYnetnyCIOl1wWOLv8JldfOL5v9hVJ1l/t/cAVxun27+/zvnXg5g8IzhMLparcSa/wAwYszxAz3//p/r+RUhj/u4+d1PXh4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4DGayLSmUsrXAd9OfhVIp4npEzEUxeWe9WlmIiGcj4s8TxYk0vTjsQgMAZ1T4e5Kv/3Vz9qWZo2evJf+dyPYR8dNfvvWLd5ebza3FNP9fB/nNx2n+VHOrfG0YFQAAOu2vu/nBYVY2fpfzfceD/EdPH67sb4Ms4pPXI2JyKou/l2/tM+Mxnu0noxgR0/9O8nRb+n5l7Bzi7z6KiC/s138y3u2IMJPNgbRXPj0aP419/dzjd/7+j8YvfKy+hexcui9mv4vPx5HCAad6//V2P5m3vbSJ5+2vEDeyfff2P5n1UGeX9n9pc9071v8VDvq/sWPxk6zN3zhIn1ySJy//4fvHMluz7XOPIr403i1+chA/6d7/Fl/qs44ffPmrL/Y61/pVxM2u9d9fkbqWdbPzzdrmfGN75/Z6bXmtsla5Xy4vLS4tvHrnlfJ8Nkfd/vnHbjH+8dqtZ3vFT+s/3SP+5Mn1j2/0Wf9f/+/tH3/thPjf+nr31//5E+KnY+I3+4y/PH235/LdafzVHvU/5fWPW33G//BvO6t9XgoADEBje2djuVqtbJ1ykL7XPO0aB/0fpM/2F6AY2UHsRpzXDbNJiYjoek36jvpiVPmzOkiGFv03533DYfdMwGftsNH3vuavgywQAAAAAAAAAAAAAABwTGN7Z2Oi+6e1zu1g2HUEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg6vp/AAAA//9W1cZQ") syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0/file1\x00', 0x1c0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0/file1\x00', 0x0, 0x0) 25.674310229s ago: executing program 4 (id=1373): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec850000007d000000850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='mm_page_alloc\x00', r0}, 0x10) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/cpuinfo\x00', 0x0, 0x0) sendfile(r1, r2, 0x0, 0x1000) 25.227820456s ago: executing program 4 (id=1384): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000000)={0x11, 0x4, r2, 0x1, 0xfe, 0x6, @remote}, 0x14) syz_emit_ethernet(0xe, &(0x7f00000001c0)=ANY=[@ANYRES16], 0x0) 25.17841275s ago: executing program 35 (id=1384): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'syz_tun\x00', 0x0}) bind$packet(r0, &(0x7f0000000000)={0x11, 0x4, r2, 0x1, 0xfe, 0x6, @remote}, 0x14) syz_emit_ethernet(0xe, &(0x7f00000001c0)=ANY=[@ANYRES16], 0x0) 25.031209092s ago: executing program 5 (id=1390): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="0700000004000000000100000116000028"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0xd, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='rss_stat\x00', r1}, 0x18) r2 = getpid() process_vm_readv(r2, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) 24.839836578s ago: executing program 5 (id=1395): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1b, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r1}, 0x10) getpriority(0x0, 0xffffffffffffffff) 24.836214268s ago: executing program 5 (id=1397): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r2, 0x4068aea3, &(0x7f0000000180)={0xbe, 0x0, 0x1}) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f00000005c0)=ANY=[@ANYBLOB="0100000000000000024d564b"]) 24.772872083s ago: executing program 5 (id=1398): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x42000, 0x0) getdents64(r0, &(0x7f0000000c80)=""/135, 0x87) 24.556860141s ago: executing program 5 (id=1401): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x181d82, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000400)={'syztnl1\x00', &(0x7f0000000100)={'syztnl1\x00', 0x0, 0x0, 0xe6, 0x7e, 0x80000000, 0x2, @dev={0xfe, 0x80, '\x00', 0x21}, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x7800, 0x80, 0x4, 0x8}}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000100)=ANY=[@ANYBLOB="08000000000000006a02"]) 24.137865255s ago: executing program 5 (id=1405): futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20008084}, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000018c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x7b5, 0x312, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x9}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000640)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"\f'], 0x0}, 0x0) 24.047509033s ago: executing program 36 (id=1405): futex_waitv(0x0, 0x0, 0x0, 0x0, 0x1) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={0x0}, 0x1, 0x0, 0x0, 0x20008084}, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000018c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x7b5, 0x312, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xb0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xb}}, {{{0x9, 0x5, 0x81, 0x3, 0x20, 0x0, 0x9}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000640)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='\x00\"\f'], 0x0}, 0x0) 23.22406079s ago: executing program 9 (id=1406): r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r0, &(0x7f0000000340)={0x2, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) r1 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r1, &(0x7f0000000000)=[{&(0x7f00000001c0)="580000001500add427323b472545b45602117fffffff81000e224e217f000001925aa80020007b00090080007f000001e809000000ff0000f03ac71033000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) 23.178910944s ago: executing program 9 (id=1414): syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=") mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f}) chdir(&(0x7f00000001c0)='./file0\x00') r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x42000, 0x0) getdents64(r0, &(0x7f0000000c80)=""/135, 0x87) 23.10446798s ago: executing program 9 (id=1417): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0a00000004000000ff0f000007"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000004080)={{r0}, &(0x7f0000004000), &(0x7f0000004040)}, 0x20) pause() 22.73614274s ago: executing program 9 (id=1419): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x1c) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') openat2(r1, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x8}, 0x18) 22.713199352s ago: executing program 37 (id=1419): r0 = fsopen(&(0x7f0000000100)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x1c) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') openat2(r1, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x8}, 0x18) 4.621000591s ago: executing program 1 (id=1894): r0 = openat$selinux_avc_cache_threshold(0xffffffffffffff9c, &(0x7f0000000480), 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_sock_diag(0x10, 0x3, 0x4) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) syz_usb_connect$uac1(0x3, 0xdc, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES16=r1], 0x0) 4.052340148s ago: executing program 3 (id=1925): syz_clone3(&(0x7f0000000080)={0x801400, 0x0, 0x0, 0x0, {0xe}, 0x0, 0x0, 0x0, 0x0}, 0x58) r0 = gettid() timer_create(0x2, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000)=0x0) seccomp$SECCOMP_SET_MODE_STRICT(0x0, 0x0, 0x0) timer_settime(r1, 0x1, &(0x7f0000000880)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) 3.283538771s ago: executing program 1 (id=1939): r0 = syz_open_procfs(0x0, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$sock_SIOCGIFVLAN_DEL_VLAN_CMD(r1, 0x8982, &(0x7f0000002800)={0x1, 'vlan0\x00'}) read$char_usb(r0, 0x0, 0x0) write$tcp_mem(r0, 0x0, 0x0) 3.209458857s ago: executing program 3 (id=1940): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x10) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) 3.208901287s ago: executing program 1 (id=1941): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x20c00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f0000000540)={0x8, 0x99}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f00000000c0)={0x0, 0x0, @pic={0x7, 0x80, 0x3, 0x15, 0xff, 0x2, 0x6, 0xaf, 0x9, 0xe, 0xfa, 0x10, 0x40, 0x5, 0x7, 0x38}}) 3.092007587s ago: executing program 3 (id=1942): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000002740)=0x401, 0x4) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 3.091676377s ago: executing program 3 (id=1943): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='task_newtask\x00', r1}, 0x10) syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) 3.091527276s ago: executing program 3 (id=1944): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf", @ANYRES64=r0], 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) r2 = dup(r0) write$UHID_INPUT(r2, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d350987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) 2.219012128s ago: executing program 1 (id=1955): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000040000000c0000000010"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000006d00000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='mm_page_alloc\x00', r1}, 0x10) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r2, 0x107, 0x5, &(0x7f0000001100)=@req3={0x8000, 0x200, 0x80, 0x20000}, 0x1c) 2.202179279s ago: executing program 1 (id=1946): r0 = syz_usb_connect$cdc_ncm(0x2, 0x7a, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000020000402505a1a44000010203010902680002010040000904000001020e0000052406000105240000000d370f0100000000000000000006241a0000000c241b4800f3ff00050080050905810300020000000904010000020d00000904010102020d0000090582020004000000090503020002"], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000bc0)={0x34, &(0x7f0000000900)={0x30, 0x7, 0x1a, "865aac70c6ad345e911ace98332f146201663a46393bba5e01c4"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 1.842592589s ago: executing program 3 (id=1952): r0 = syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x0, 0x0, 0xffffffffffff8001, 0x1, [{{0x9, 0x2, 0x3b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x4, 0x3, 0x2, 0x6, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x4}}, {[], {{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello') 1.480368798s ago: executing program 8 (id=1960): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="0900000004000000dd0000000a"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000070000001801000020756c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000a5df850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000940)='percpu_alloc_percpu\x00', r1}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x3, 0x3, &(0x7f0000000000)=@framed={{0x7a, 0xa, 0x0, 0xff00, 0x0, 0x71, 0x10, 0x43}}, &(0x7f0000000480)='syzkaller\x00'}, 0x80) 1.469613989s ago: executing program 8 (id=1961): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) io_setup(0x2, &(0x7f0000000000)=0x0) r1 = eventfd(0x0) io_submit(r0, 0x2, &(0x7f0000000040)=[&(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0xc2, r1, &(0x7f0000000180)="0100fd6400000000", 0x8, 0x36}, &(0x7f00000000c0)={0x0, 0x0, 0xfe, 0x5, 0x0, r1, 0x0, 0x0, 0x0, 0x0, 0x1, r1}]) syz_clone3(&(0x7f0000001e80)={0x166002400, 0x0, 0x0, 0x0, {0xa}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.210412251s ago: executing program 8 (id=1966): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0b00000007000000010001000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) getcwd(&(0x7f0000000000)=""/60, 0x3c) 1.102911229s ago: executing program 8 (id=1968): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000640)=ANY=[@ANYBLOB="1b00000000000000000000000020"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001000000000000000640000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000e0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='sys_enter\x00', r1}, 0x18) pause() 738.190929ms ago: executing program 6 (id=1980): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad433ec50000000f00008095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000003e40), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_CHANNELS_SET(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={0x34, r2, 0x1, 0x70bd2d, 0x25dfdbfe, {}, [@ETHTOOL_A_CHANNELS_OTHER_COUNT={0x8, 0x8, 0xdefd}, @ETHTOOL_A_CHANNELS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bond\x00'}]}]}, 0x34}}, 0x400c890) 719.731781ms ago: executing program 6 (id=1981): r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000000440)={'sit0\x00', &(0x7f0000000400)={'syztnl0\x00', 0x0, 0x0, 0x10, 0x101, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x65, 0x0, 0x0, 0x0, 0x0, @local, @loopback}}}}) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'erspan0\x00', r1, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @multicast2}}}}) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r2, 0x89f5, &(0x7f00000001c0)={'syztnl0\x00', &(0x7f0000000140)={'erspan0\x00', 0x0, 0x0, 0x8000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @dev={0xac, 0x14, 0x14, 0xd}, @loopback}}}}) 684.036723ms ago: executing program 6 (id=1983): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000006c0)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000100000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000500000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000200)='mm_page_alloc\x00', r1}, 0x10) r2 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r2, 0x0, 0x29, 0x0, 0x5000) 648.294206ms ago: executing program 6 (id=1985): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount$bind(0x0, 0x0, 0x0, 0x2125099, 0x0) mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101097, 0x0) mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b100a, 0x0) umount2(&(0x7f0000000080)='./file0/../file0\x00', 0x0) 647.918826ms ago: executing program 6 (id=1987): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000380)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314, 0x1}], 0x0, 0x0, 0x0}) 575.959092ms ago: executing program 7 (id=1988): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = syz_open_procfs(0x0, &(0x7f0000004600)='map_files\x00') fchdir(r1) mkdirat(0xffffffffffffffff, &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) sendmmsg$unix(r0, &(0x7f0000000100)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88004}}, {{&(0x7f0000000080)=@abs={0x1, 0x30, 0x4e30}, 0x6e, 0x0}}], 0x2, 0x40008004) 559.942694ms ago: executing program 7 (id=1989): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0f000000040000000800000001"], 0x50) r1 = socket$unix(0x1, 0x2, 0x0) sendmsg$unix(r1, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080)=[@rights={{0x14, 0x1, 0x1, [r0]}}], 0x18}, 0x4000000) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=@newlink={0x30, 0x10, 0x1, 0x70bd22, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, 0x52242, 0x48308}, [@IFLA_GROUP={0x8}, @IFLA_MASTER={0x8}]}, 0x30}, 0x1, 0x0, 0x0, 0x68010}, 0x4) 484.05183ms ago: executing program 6 (id=1990): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 481.89391ms ago: executing program 38 (id=1990): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000f00)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='timer_start\x00', r0}, 0x10) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000940)) 464.069631ms ago: executing program 7 (id=1992): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000d7c900000900000001"], 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r2}, 0x10) setregid(0xffffffffffffffff, 0x0) 439.944943ms ago: executing program 7 (id=1993): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xa, 0x5, 0x2, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000300)='sys_enter\x00', r1}, 0x10) getuid() 384.139388ms ago: executing program 7 (id=1994): mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$incfs(&(0x7f0000000580)='./file0\x00', &(0x7f0000000140)='./file0\x00', &(0x7f00000005c0), 0x0, 0x0) chdir(&(0x7f00000001c0)='./file0\x00') rmdir(&(0x7f0000000380)='./file0/../file0\x00') 383.916848ms ago: executing program 7 (id=1995): r0 = openat$selinux_relabel(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0x0}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1800000000000000000000000000800018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r2}, 0x10) write$selinux_access(r0, &(0x7f0000001a80)=ANY=[@ANYBLOB="73797374656d5f753a6f626a6563745f723a7570647077645f657865635f742073797374656d5f753a73797374656d5f723afaffffffffffffff3a73302030"], 0x56) 217.975092ms ago: executing program 8 (id=1996): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10) write$cgroup_subtree(r1, &(0x7f0000000040)=ANY=[@ANYBLOB='1-2:'], 0x31) 189.845244ms ago: executing program 8 (id=1997): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = socket$inet(0x2, 0x6000000000000001, 0x0) mmap(&(0x7f0000001000/0x200000)=nil, 0x200000, 0x2000001, 0x13, r1, 0x2000) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 0s ago: executing program 1 (id=1998): r0 = socket$inet6_udp(0xa, 0x2, 0x0) fcntl$lock(0xffffffffffffffff, 0x26, 0x0) r1 = socket(0x2, 0xa, 0x300) setsockopt$sock_int(r1, 0x1, 0x28, &(0x7f0000000040)=0x9, 0x4) sendmmsg$inet(r0, &(0x7f0000000540)=[{{&(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10, 0x0}}], 0x1, 0x0) kernel console output (not intermixed with test programs): ntronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.231503][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 69.239999][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.248003][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 69.255919][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.256500][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 69.263401][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.271834][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 69.278705][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.287975][ T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 69.301816][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.309306][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.316767][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.324383][ T39] plantronics 0003:047F:FFFF.0012: unknown main item tag 0x0 [ 69.341944][ T39] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving [ 69.353315][ T39] plantronics 0003:047F:FFFF.0012: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 69.401951][ T2844] loop7: detected capacity change from 0 to 1024 [ 69.423068][ T2844] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 69.442492][ T2844] ext4 filesystem being mounted at /59/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 69.479156][ T2039] EXT4-fs (loop7): unmounting filesystem. [ 69.526838][ T2862] loop5: detected capacity change from 0 to 128 [ 69.534902][ T2862] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 69.547567][ T2862] FAT-fs (loop5): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 69.547829][ T6] usb 7-1: USB disconnect, device number 6 [ 69.607015][ T2860] loop4: detected capacity change from 0 to 8192 [ 69.652910][ T2860] loop4: p4 [ 69.656491][ T2860] loop4: p4 size 33575424 extends beyond EOD, truncated [ 69.670321][ T2860] netlink: 27 bytes leftover after parsing attributes in process `syz.4.1041'. [ 69.695882][ T2871] netlink: 'syz.4.1046': attribute type 13 has an invalid length. [ 69.704026][ T2871] netlink: 'syz.4.1046': attribute type 17 has an invalid length. [ 69.727326][ T1140] udevd[1140]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 69.741146][ T1140] udevd[1140]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory [ 69.761961][ T2871] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 69.851239][ T2881] loop4: detected capacity change from 0 to 512 [ 69.857784][ T334] usb 6-1: new high-speed USB device number 11 using dummy_hcd [ 70.042415][ T334] usb 6-1: Using ep0 maxpacket: 32 [ 70.048790][ T334] usb 6-1: config 0 has an invalid interface number: 184 but max is 0 [ 70.057191][ T334] usb 6-1: config 0 has no interface number 0 [ 70.063482][ T334] usb 6-1: config 0 interface 184 has no altsetting 0 [ 70.079078][ T334] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 70.088470][ T334] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.096555][ T334] usb 6-1: Product: syz [ 70.100764][ T334] usb 6-1: Manufacturer: syz [ 70.102463][ T6] usb 8-1: new high-speed USB device number 6 using dummy_hcd [ 70.105410][ T334] usb 6-1: SerialNumber: syz [ 70.106018][ T334] usb 6-1: config 0 descriptor?? [ 70.123378][ T334] smsc75xx v1.0.0 [ 70.303392][ T6] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 70.314365][ T6] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 70.324162][ T6] usb 8-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 70.333231][ T6] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 70.342136][ T6] usb 8-1: config 0 descriptor?? [ 70.347148][ T517] usb 7-1: new full-speed USB device number 7 using dummy_hcd [ 70.533444][ T517] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 70.552448][ T517] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 70.564649][ T517] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 70.575625][ T517] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 70.588651][ T517] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 70.597930][ T517] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 70.612348][ T517] usb 7-1: Product: syz [ 70.616561][ T517] usb 7-1: Manufacturer: syz [ 70.621170][ T517] usb 7-1: SerialNumber: syz [ 70.627516][ T2885] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 70.641511][ T517] cdc_mbim 7-1:1.0: skipping garbage [ 70.726675][ T334] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 70.747777][ T334] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 70.776818][ T6] cp2112 0003:10C4:EA90.0013: unknown main item tag 0x0 [ 70.789595][ T6] cp2112 0003:10C4:EA90.0013: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.7-1/input0 [ 70.844918][ T2885] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 70.853645][ T2885] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 70.853713][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 70.853724][ T28] audit: type=1326 audit(1756411383.058:649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=2896 comm="syz.4.1055" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feeb138ebe9 code=0x0 [ 70.963333][ T334] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 70.974806][ T334] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 70.976353][ T6] cp2112 0003:10C4:EA90.0013: Part Number: 0x82 Device Version: 0xFE [ 70.984855][ T334] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 71.003117][ T334] smsc75xx 6-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 71.012749][ T334] smsc75xx: probe of 6-1:0.184 failed with error -71 [ 71.021603][ T334] usb 6-1: USB disconnect, device number 11 [ 71.176960][ T6] cp2112 0003:10C4:EA90.0013: error requesting SMBus config [ 71.186824][ T6] cp2112: probe of 0003:10C4:EA90.0013 failed with error -32 [ 71.196868][ T6] usb 8-1: USB disconnect, device number 6 [ 71.230947][ T2907] fido_id[2907]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.7/usb8/report_descriptor': No such file or directory [ 71.462761][ T2885] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 71.470022][ T2885] raw-gadget.2 gadget.6: fail, usb_ep_enable returned -22 [ 71.477450][ T517] cdc_mbim 7-1:1.0: setting rx_max = 16384 [ 71.679143][ T517] cdc_mbim 7-1:1.0: setting tx_max = 16384 [ 71.698089][ T517] cdc_mbim 7-1:1.0: cdc-wdm0: USB WDM device [ 71.720911][ T517] cdc_mbim 7-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.6-1, CDC MBIM, b2:2b:b4:ee:0c:d7 [ 71.724585][ T2919] 9pnet: p9_errstr2errno: server reported unknown error @cÿÿÿÿÿÿÿÿD†üB€|˜Ü‘…–0xffffffffffffffff [ 71.748482][ T28] audit: type=1400 audit(1756411383.948:650): avc: denied { read } for pid=142 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 71.752798][ T517] usb 7-1: USB disconnect, device number 7 [ 71.778759][ T517] cdc_mbim 7-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.6-1, CDC MBIM [ 71.794555][ T2922] loop4: detected capacity change from 0 to 128 [ 71.801790][ T2922] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive! [ 71.816908][ T2922] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1) [ 71.836004][ T28] audit: type=1400 audit(1756411383.948:651): avc: denied { search } for pid=142 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 71.861087][ T28] audit: type=1400 audit(1756411383.948:652): avc: denied { read } for pid=142 comm="dhcpcd" name="n15" dev="tmpfs" ino=6677 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 71.896608][ T28] audit: type=1400 audit(1756411383.948:653): avc: denied { open } for pid=142 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=6677 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 71.919698][ T28] audit: type=1400 audit(1756411383.948:654): avc: denied { getattr } for pid=142 comm="dhcpcd" path="/run/udev/data/n15" dev="tmpfs" ino=6677 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 71.942906][ T28] audit: type=1400 audit(1756411384.078:655): avc: denied { read append } for pid=2926 comm="syz.1.1070" name="vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 71.968628][ T28] audit: type=1400 audit(1756411384.078:656): avc: denied { open } for pid=2926 comm="syz.1.1070" path="/dev/vga_arbiter" dev="devtmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:xserver_misc_device_t tclass=chr_file permissive=1 [ 72.036512][ T28] audit: type=1400 audit(1756411384.238:657): avc: denied { append } for pid=2938 comm="syz.1.1075" name="kvm" dev="devtmpfs" ino=83 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:kvm_device_t tclass=chr_file permissive=1 [ 72.141869][ T2951] loop4: detected capacity change from 0 to 512 [ 72.156213][ T2951] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 72.165159][ T2951] ext4 filesystem being mounted at /248/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 72.177852][ T28] audit: type=1400 audit(1756411384.378:658): avc: denied { setattr } for pid=2950 comm="syz.4.1080" name="/" dev="loop4" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 72.200306][ T2951] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 72.221421][ T286] EXT4-fs (loop4): unmounting filesystem. [ 72.548855][ T2990] loop6: detected capacity change from 0 to 8192 [ 72.659023][ T2995] Zero length message leads to an empty skb [ 72.734692][ T3002] loop6: detected capacity change from 0 to 512 [ 73.238596][ T3019] loop7: detected capacity change from 0 to 40427 [ 73.248832][ T3019] F2FS-fs (loop7): Small segment_count (9 < 1 * 24) [ 73.256347][ T3019] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 73.290698][ T3019] F2FS-fs (loop7): Found nat_bits in checkpoint [ 73.358346][ T3019] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 73.370852][ T3019] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 73.415871][ T3019] bio_check_eod: 1025 callbacks suppressed [ 73.415888][ T3019] syz.7.1110: attempt to access beyond end of device [ 73.415888][ T3019] loop7: rw=2049, sector=53248, nr_sectors = 16 limit=40427 [ 73.443473][ T2039] syz-executor: attempt to access beyond end of device [ 73.443473][ T2039] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 73.513059][ T3040] SELinux: unknown common ocket [ 73.519444][ T3040] SELinux: failed to load policy [ 73.594491][ T3048] cgroup: fork rejected by pids controller in /syz5 [ 73.721630][ T3056] loop6: detected capacity change from 0 to 256 [ 73.741426][ T3056] exFAT-fs (loop6): failed to load upcase table (idx : 0x00010000, chksum : 0x76dfe2a7, utbl_chksum : 0xe619d30d) [ 73.762499][ T3056] exFAT-fs (loop6): failed to load alloc-bitmap [ 73.768853][ T3056] exFAT-fs (loop6): failed to recognize exfat type [ 73.872342][ T288] usb 8-1: new high-speed USB device number 7 using dummy_hcd [ 73.880313][ T3058] bridge0: port 1(bridge_slave_0) entered blocking state [ 73.888518][ T3058] bridge0: port 1(bridge_slave_0) entered disabled state [ 73.896435][ T3058] device bridge_slave_0 entered promiscuous mode [ 73.905144][ T3058] bridge0: port 2(bridge_slave_1) entered blocking state [ 73.912360][ T3058] bridge0: port 2(bridge_slave_1) entered disabled state [ 73.920875][ T3058] device bridge_slave_1 entered promiscuous mode [ 73.998280][ T3058] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.005348][ T3058] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.012612][ T3058] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.019627][ T3058] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.043355][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 74.054928][ T447] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.063643][ T288] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 74.092719][ T447] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.093008][ T288] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 74.123014][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 74.131686][ T447] bridge0: port 1(bridge_slave_0) entered blocking state [ 74.132673][ T288] usb 8-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 74.138739][ T447] bridge0: port 1(bridge_slave_0) entered forwarding state [ 74.164955][ T288] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 74.176051][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 74.186072][ T447] bridge0: port 2(bridge_slave_1) entered blocking state [ 74.190098][ T288] usb 8-1: config 0 descriptor?? [ 74.193129][ T447] bridge0: port 2(bridge_slave_1) entered forwarding state [ 74.193806][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 74.222220][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 74.242187][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 74.250975][ T3078] tun0: tun_chr_ioctl cmd 1074025675 [ 74.256402][ T3078] tun0: persist enabled [ 74.267285][ T3058] device veth0_vlan entered promiscuous mode [ 74.273696][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 74.281865][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 74.289430][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 74.297309][ T3078] tun0: tun_chr_ioctl cmd 1074025675 [ 74.303132][ T3078] tun0: persist enabled [ 74.315342][ T8] device bridge_slave_1 left promiscuous mode [ 74.321470][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 74.329349][ T8] device bridge_slave_0 left promiscuous mode [ 74.335808][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 74.344617][ T8] device veth1_macvtap left promiscuous mode [ 74.350649][ T8] device veth0_vlan left promiscuous mode [ 74.421299][ T3084] input: syz1 as /devices/virtual/input/input14 [ 74.430853][ T3084] input: failed to attach handler leds to device input14, error: -6 [ 74.451717][ T3058] device veth1_macvtap entered promiscuous mode [ 74.458719][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 74.480997][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 74.509234][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 74.539741][ T3093] SELinux: failed to load policy [ 74.597161][ T3107] I/O error, dev loop9, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 74.606610][ T3107] FAT-fs (loop9): unable to read boot sector [ 74.625503][ T288] hid (null): global environment stack underflow [ 74.633902][ T288] hid-steam 0003:28DE:1142.0014: global environment stack underflow [ 74.644229][ T288] hid-steam 0003:28DE:1142.0014: item 0 0 1 11 parsing failed [ 74.644781][ T3117] capability: warning: `syz.5.1149' uses deprecated v2 capabilities in a way that may be insecure [ 74.651863][ T288] hid-steam 0003:28DE:1142.0014: steam_probe:parse of hid interface failed [ 74.678630][ T288] hid-steam: probe of 0003:28DE:1142.0014 failed with error -22 [ 74.872589][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 74.881118][ T3150] loop5: detected capacity change from 0 to 512 [ 74.921525][ T39] usb 8-1: USB disconnect, device number 7 [ 74.929327][ T3152] loop5: detected capacity change from 0 to 512 [ 74.948718][ T3152] EXT4-fs: Ignoring removed nobh option [ 74.962385][ T288] usb 7-1: new high-speed USB device number 8 using dummy_hcd [ 74.973363][ T3152] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #3: comm syz.5.1166: corrupted inode contents [ 74.985631][ T3152] EXT4-fs error (device loop5): ext4_dirty_inode:6121: inode #3: comm syz.5.1166: mark_inode_dirty error [ 74.997264][ T3139] loop4: detected capacity change from 0 to 40427 [ 74.997424][ T3152] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #3: comm syz.5.1166: corrupted inode contents [ 75.015678][ T3152] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #3: comm syz.5.1166: mark_inode_dirty error [ 75.027248][ T3139] F2FS-fs (loop4): invalid crc value [ 75.030153][ T3152] EXT4-fs error (device loop5): ext4_acquire_dquot:6801: comm syz.5.1166: Failed to acquire dquot type 0 [ 75.034499][ T3139] F2FS-fs (loop4): Found nat_bits in checkpoint [ 75.044515][ T3152] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #16: comm syz.5.1166: corrupted inode contents [ 75.062118][ T3152] EXT4-fs error (device loop5): ext4_dirty_inode:6121: inode #16: comm syz.5.1166: mark_inode_dirty error [ 75.073674][ T3152] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #16: comm syz.5.1166: corrupted inode contents [ 75.076987][ T3139] F2FS-fs (loop4): Start checkpoint disabled! [ 75.085975][ T3152] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #16: comm syz.5.1166: mark_inode_dirty error [ 75.092266][ T3139] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6 [ 75.103971][ T3152] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #16: comm syz.5.1166: corrupted inode contents [ 75.122850][ T3152] EXT4-fs error (device loop5) in ext4_orphan_del:305: Corrupt filesystem [ 75.131540][ T3152] EXT4-fs error (device loop5): ext4_do_update_inode:5256: inode #16: comm syz.5.1166: corrupted inode contents [ 75.144886][ T3152] EXT4-fs error (device loop5): ext4_truncate:4314: inode #16: comm syz.5.1166: mark_inode_dirty error [ 75.152443][ T288] usb 7-1: Using ep0 maxpacket: 16 [ 75.157825][ T3152] EXT4-fs error (device loop5) in ext4_process_orphan:347: Corrupt filesystem [ 75.162183][ T288] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 75.170284][ T3152] EXT4-fs (loop5): 1 truncate cleaned up [ 75.185254][ T352] kworker/u4:4: attempt to access beyond end of device [ 75.185254][ T352] loop4: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 75.185664][ T3152] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 75.199959][ T288] usb 7-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 75.209183][ T3152] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 75.251288][ T288] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 75.261051][ T288] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 75.269367][ T288] usb 7-1: SerialNumber: syz [ 75.275199][ T3058] EXT4-fs (loop5): unmounting filesystem. [ 75.490223][ T288] usb 7-1: USB disconnect, device number 8 [ 75.685610][ T3214] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1190'. [ 75.787347][ T3235] syz.4.1202[3235] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 75.787418][ T3235] syz.4.1202[3235] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 75.836657][ T3244] incfs: Options parsing error. -22 [ 75.853433][ T3244] incfs: mount failed -22 [ 75.866777][ T28] kauditd_printk_skb: 115 callbacks suppressed [ 75.866792][ T28] audit: type=1400 audit(1756411388.068:772): avc: denied { execmem } for pid=3247 comm="syz.7.1208" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=process permissive=1 [ 75.909395][ T28] audit: type=1400 audit(1756411388.108:773): avc: denied { create } for pid=3251 comm="syz.1.1210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 75.930563][ T3252] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1210'. [ 75.939946][ T28] audit: type=1400 audit(1756411388.108:774): avc: denied { create } for pid=3253 comm="syz.4.1211" anonclass=[io_uring] scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 75.962785][ T28] audit: type=1400 audit(1756411388.108:775): avc: denied { map } for pid=3253 comm="syz.4.1211" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=29340 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 75.987238][ T28] audit: type=1400 audit(1756411388.108:776): avc: denied { read write } for pid=3253 comm="syz.4.1211" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=29340 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 76.013207][ T28] audit: type=1400 audit(1756411388.128:777): avc: denied { write } for pid=3251 comm="syz.1.1210" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 76.086658][ T28] audit: type=1400 audit(1756411388.288:778): avc: denied { mount } for pid=3261 comm="syz.6.1214" name="/" dev="configfs" ino=14496 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 76.109855][ T28] audit: type=1400 audit(1756411388.288:779): avc: denied { search } for pid=3261 comm="syz.6.1214" name="/" dev="configfs" ino=14496 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=dir permissive=1 [ 76.214727][ T3279] SELinux: unknown common ocket [ 76.220429][ T3279] SELinux: failed to load policy [ 76.234976][ T3281] cgroup: fork rejected by pids controller in /syz1 [ 76.291652][ T3286] loop5: detected capacity change from 0 to 512 [ 76.316443][ T3286] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002] [ 76.324568][ T3286] System zones: 0-2, 18-18, 34-35 [ 76.330291][ T3286] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 76.339664][ T3286] ext4 filesystem being mounted at /18/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 76.370437][ T3058] EXT4-fs (loop5): unmounting filesystem. [ 76.452381][ T288] usb 7-1: new high-speed USB device number 9 using dummy_hcd [ 76.553387][ T28] audit: type=1400 audit(1756411388.758:780): avc: denied { mounton } for pid=3295 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 76.595016][ T3295] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.602912][ T3295] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.610355][ T3295] device bridge_slave_0 entered promiscuous mode [ 76.619424][ T3295] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.626604][ T3295] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.634753][ T3295] device bridge_slave_1 entered promiscuous mode [ 76.642365][ T288] usb 7-1: Using ep0 maxpacket: 32 [ 76.649788][ T288] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 76.659086][ T288] usb 7-1: config 0 interface 0 has no altsetting 1 [ 76.667284][ T288] usb 7-1: New USB device found, idVendor=152d, idProduct=0539, bcdDevice= 0.00 [ 76.676757][ T288] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 76.684954][ T288] usb 7-1: SerialNumber: syz [ 76.691559][ T288] usb 7-1: config 0 descriptor?? [ 76.698372][ T288] usb-storage 7-1:0.0: USB Mass Storage device detected [ 76.706568][ T288] usb-storage 7-1:0.0: Quirks match for vid 152d pid 0539: 4000000 [ 76.769559][ T3316] 9pnet: p9_errstr2errno: server reported unknown error @ [ 76.772216][ T3295] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.783850][ T3295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.791125][ T3295] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.798167][ T3295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.806262][ T3319] SELinux: unknown common ocket [ 76.813133][ T3319] SELinux: failed to load policy [ 76.837614][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 76.845426][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 76.855414][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 76.874568][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 76.882847][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 76.889881][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 76.899559][ T60] usb 7-1: USB disconnect, device number 9 [ 76.906815][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 76.916007][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 76.923064][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 76.944775][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 76.953422][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 76.963076][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 76.977895][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 76.986168][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 76.993860][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 77.001407][ T3295] device veth0_vlan entered promiscuous mode [ 77.012988][ T352] device bridge_slave_1 left promiscuous mode [ 77.019150][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 77.040074][ T352] device bridge_slave_0 left promiscuous mode [ 77.046394][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 77.055068][ T352] device veth1_macvtap left promiscuous mode [ 77.061135][ T352] device veth0_vlan left promiscuous mode [ 77.092329][ T39] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 77.166918][ T3295] device veth1_macvtap entered promiscuous mode [ 77.174452][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 77.193370][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 77.211291][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 77.234885][ T28] audit: type=1400 audit(1756411389.438:781): avc: denied { ioctl } for pid=3332 comm="syz.1.1228" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=29555 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 77.283063][ T39] usb 5-1: Using ep0 maxpacket: 16 [ 77.289329][ T39] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 77.299901][ T39] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 77.309110][ T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 77.317580][ T39] usb 5-1: Product: syz [ 77.319342][ T3328] loop5: detected capacity change from 0 to 131072 [ 77.321781][ T39] usb 5-1: Manufacturer: syz [ 77.333489][ T3328] F2FS-fs (loop5): Test dummy encryption mode enabled [ 77.340270][ T39] usb 5-1: SerialNumber: syz [ 77.344525][ T3328] F2FS-fs (loop5): invalid crc value [ 77.351326][ T39] usb 5-1: config 0 descriptor?? [ 77.376175][ T3328] F2FS-fs (loop5): Found nat_bits in checkpoint [ 77.390682][ T39] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 77.420861][ T3328] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 77.421793][ T39] usb 5-1: Detected FT232R [ 77.579841][ T3353] SELinux: unknown common ocket [ 77.584299][ T39] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 77.586520][ T3353] SELinux: failed to load policy [ 77.597604][ T3355] loop7: detected capacity change from 0 to 16 [ 77.616844][ T3355] erofs: (device loop7): z_erofs_load_lz4_config: invalid lz4 cfgs, size=4 [ 77.726985][ T3361] 9pnet: p9_errstr2errno: server reported unknown error @cÿÿÿÿÿÿÿÿD†üB€|˜Ü‘…–0xffffffffffffffff [ 77.796346][ T39] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 77.990768][ T3363] loop7: detected capacity change from 0 to 40427 [ 78.009066][ T3363] F2FS-fs (loop7): invalid crc value [ 78.029980][ T446] usb 5-1: USB disconnect, device number 8 [ 78.039851][ T446] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 78.050661][ T3363] F2FS-fs (loop7): Found nat_bits in checkpoint [ 78.070472][ T446] ftdi_sio 5-1:0.0: device disconnected [ 78.100241][ T3363] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4 [ 78.177583][ T2039] syz-executor: attempt to access beyond end of device [ 78.177583][ T2039] loop7: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 78.181462][ T3399] 9pnet: p9_errstr2errno: server reported unknown error @cÿÿÿÿÿÿÿÿD†üB€|˜Ü‘…–0xffffffffffffffff [ 78.314220][ T3405] loop5: detected capacity change from 0 to 1024 [ 78.329794][ T3405] EXT4-fs: Ignoring removed nobh option [ 78.342752][ T3405] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 78.382927][ T3405] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback. [ 78.413507][ T3405] EXT4-fs error (device loop5): ext4_mb_mark_diskspace_used:3841: comm syz.5.1269: Allocating blocks 481-513 which overlap fs metadata [ 78.433015][ T3404] EXT4-fs (loop5): pa ffff888134f3a0a8: logic 48, phys. 161, len 22 [ 78.441036][ T3404] EXT4-fs error (device loop5): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 2 [ 78.456878][ T3058] EXT4-fs (loop5): unmounting filesystem. [ 78.496156][ T3419] netlink: 72 bytes leftover after parsing attributes in process `syz.1.1275'. [ 78.604097][ T3431] loop7: detected capacity change from 0 to 512 [ 78.647474][ T3431] EXT4-fs: Ignoring removed nobh option [ 78.695177][ T3431] EXT4-fs error (device loop7): ext4_do_update_inode:5256: inode #3: comm syz.7.1288: corrupted inode contents [ 78.738650][ T3431] EXT4-fs error (device loop7): ext4_dirty_inode:6121: inode #3: comm syz.7.1288: mark_inode_dirty error [ 78.799811][ T3431] EXT4-fs error (device loop7): ext4_do_update_inode:5256: inode #3: comm syz.7.1288: corrupted inode contents [ 78.861418][ T3431] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #3: comm syz.7.1288: mark_inode_dirty error [ 78.894032][ T3431] EXT4-fs error (device loop7): ext4_acquire_dquot:6801: comm syz.7.1288: Failed to acquire dquot type 0 [ 78.922467][ T3431] EXT4-fs error (device loop7): ext4_do_update_inode:5256: inode #16: comm syz.7.1288: corrupted inode contents [ 78.940992][ T3431] EXT4-fs error (device loop7): ext4_dirty_inode:6121: inode #16: comm syz.7.1288: mark_inode_dirty error [ 78.965417][ T3431] EXT4-fs error (device loop7): ext4_do_update_inode:5256: inode #16: comm syz.7.1288: corrupted inode contents [ 79.001460][ T3431] EXT4-fs error (device loop7): __ext4_ext_dirty:202: inode #16: comm syz.7.1288: mark_inode_dirty error [ 79.031030][ T3430] loop4: detected capacity change from 0 to 40427 [ 79.047483][ T3383] loop6: detected capacity change from 0 to 131072 [ 79.052518][ T3431] EXT4-fs error (device loop7): ext4_do_update_inode:5256: inode #16: comm syz.7.1288: corrupted inode contents [ 79.073028][ T3383] F2FS-fs (loop6): Test dummy encryption mode enabled [ 79.098647][ T3431] EXT4-fs error (device loop7) in ext4_orphan_del:305: Corrupt filesystem [ 79.103826][ T3430] F2FS-fs (loop4): invalid crc value [ 79.119553][ T3431] EXT4-fs error (device loop7): ext4_do_update_inode:5256: inode #16: comm syz.7.1288: corrupted inode contents [ 79.133253][ T3383] F2FS-fs (loop6): invalid crc value [ 79.150788][ T3431] EXT4-fs error (device loop7): ext4_truncate:4314: inode #16: comm syz.7.1288: mark_inode_dirty error [ 79.181173][ T3430] F2FS-fs (loop4): Found nat_bits in checkpoint [ 79.193563][ T3431] EXT4-fs error (device loop7) in ext4_process_orphan:347: Corrupt filesystem [ 79.203405][ T3383] F2FS-fs (loop6): Found nat_bits in checkpoint [ 79.251222][ T3431] EXT4-fs (loop7): 1 truncate cleaned up [ 79.276431][ T3431] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 79.307218][ T3431] ext4 filesystem being mounted at /98/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 79.341200][ T3383] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5 [ 79.342766][ T3430] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 79.455160][ T286] syz-executor: attempt to access beyond end of device [ 79.455160][ T286] loop4: rw=2049, sector=40960, nr_sectors = 32 limit=40427 [ 79.488970][ T2039] EXT4-fs (loop7): unmounting filesystem. [ 79.754560][ T3474] device bridge0 entered promiscuous mode [ 79.760379][ T3474] device macsec1 entered promiscuous mode [ 79.762640][ T3470] loop7: detected capacity change from 0 to 1024 [ 79.767504][ T3474] bridge0: port 3(macsec1) entered blocking state [ 79.779248][ T3474] bridge0: port 3(macsec1) entered disabled state [ 79.787013][ T3474] device bridge0 left promiscuous mode [ 79.794665][ T3470] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 79.843252][ T3470] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 79.861995][ T3470] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 79.885155][ T3470] incfs: Can't find or create .index dir in ./file0 [ 79.892055][ T3470] incfs: mount failed -28 [ 79.909209][ T2039] EXT4-fs (loop7): unmounting filesystem. [ 79.938876][ T3482] loop5: detected capacity change from 0 to 256 [ 79.957000][ T3482] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d) [ 79.976633][ T3488] loop4: detected capacity change from 0 to 512 [ 79.988929][ T3488] EXT4-fs: Ignoring removed nobh option [ 80.038837][ T3495] netlink: 96 bytes leftover after parsing attributes in process `syz.6.1301'. [ 80.040118][ T3496] loop7: detected capacity change from 0 to 512 [ 80.060848][ T3496] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode [ 80.083864][ T3488] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #3: comm syz.4.1298: corrupted inode contents [ 80.104765][ T3496] EXT4-fs error (device loop7): ext4_xattr_inode_iget:404: comm syz.7.1303: inode #255: comm syz.7.1303: iget: illegal inode # [ 80.105828][ T3488] EXT4-fs error (device loop4): ext4_dirty_inode:6121: inode #3: comm syz.4.1298: mark_inode_dirty error [ 80.139607][ T3496] EXT4-fs error (device loop7): ext4_xattr_inode_iget:409: comm syz.7.1303: error while reading EA inode 255 err=-117 [ 80.152332][ T3496] EXT4-fs (loop7): 1 orphan inode deleted [ 80.152805][ T3488] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #3: comm syz.4.1298: corrupted inode contents [ 80.158103][ T3496] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 80.217490][ T3488] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #3: comm syz.4.1298: mark_inode_dirty error [ 80.222531][ T2039] EXT4-fs (loop7): unmounting filesystem. [ 80.236061][ T3488] EXT4-fs error (device loop4): ext4_acquire_dquot:6801: comm syz.4.1298: Failed to acquire dquot type 0 [ 80.266932][ T3488] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #16: comm syz.4.1298: corrupted inode contents [ 80.269396][ T3513] netlink: 16 bytes leftover after parsing attributes in process `syz.6.1309'. [ 80.288146][ T3488] EXT4-fs error (device loop4): ext4_dirty_inode:6121: inode #16: comm syz.4.1298: mark_inode_dirty error [ 80.291748][ T3512] loop5: detected capacity change from 0 to 1024 [ 80.310013][ T3512] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 80.323239][ T3488] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #16: comm syz.4.1298: corrupted inode contents [ 80.357496][ T3512] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 80.378232][ T3488] EXT4-fs error (device loop4): __ext4_ext_dirty:202: inode #16: comm syz.4.1298: mark_inode_dirty error [ 80.393270][ T3512] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 80.408457][ T3488] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #16: comm syz.4.1298: corrupted inode contents [ 80.421008][ T3512] incfs: Can't find or create .index dir in ./file0 [ 80.427891][ T3488] EXT4-fs error (device loop4) in ext4_orphan_del:305: Corrupt filesystem [ 80.436767][ T3512] incfs: mount failed -28 [ 80.446792][ T3488] EXT4-fs error (device loop4): ext4_do_update_inode:5256: inode #16: comm syz.4.1298: corrupted inode contents [ 80.466466][ T3058] EXT4-fs (loop5): unmounting filesystem. [ 80.483773][ T3488] EXT4-fs error (device loop4): ext4_truncate:4314: inode #16: comm syz.4.1298: mark_inode_dirty error [ 80.515956][ T3488] EXT4-fs error (device loop4) in ext4_process_orphan:347: Corrupt filesystem [ 80.531545][ T3488] EXT4-fs (loop4): 1 truncate cleaned up [ 80.537380][ T3488] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 80.547156][ T3488] ext4 filesystem being mounted at /303/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 80.598586][ T286] EXT4-fs (loop4): unmounting filesystem. [ 80.632672][ T39] usb 8-1: new high-speed USB device number 8 using dummy_hcd [ 80.824899][ T39] usb 8-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 80.849678][ T39] usb 8-1: config 1 interface 0 has no altsetting 0 [ 80.868201][ T39] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 80.900286][ T39] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 80.908614][ T39] usb 8-1: SerialNumber: syz [ 80.974827][ T3573] device bridge0 entered promiscuous mode [ 80.982224][ T3573] device macsec1 entered promiscuous mode [ 80.995431][ T3573] bridge0: port 3(macsec1) entered blocking state [ 81.001871][ T3573] bridge0: port 3(macsec1) entered disabled state [ 81.009260][ T3573] device bridge0 left promiscuous mode [ 81.017586][ T3576] device batadv_slave_0 entered promiscuous mode [ 81.025000][ T3575] device batadv_slave_0 left promiscuous mode [ 81.078915][ T28] kauditd_printk_skb: 45 callbacks suppressed [ 81.078928][ T28] audit: type=1400 audit(1756411393.278:823): avc: denied { bind } for pid=3583 comm="syz.4.1341" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 81.081011][ T3580] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 81.125765][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready [ 81.135624][ T3567] loop5: detected capacity change from 0 to 40427 [ 81.142834][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 81.159770][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready [ 81.167795][ T3567] F2FS-fs (loop5): invalid crc value [ 81.168600][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 81.182677][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 81.185350][ T3567] F2FS-fs (loop5): Found nat_bits in checkpoint [ 81.190988][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 81.205324][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 81.213516][ T43] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 81.229849][ T3567] F2FS-fs (loop5): Start checkpoint disabled! [ 81.237324][ T3567] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6 [ 81.311220][ T8] kworker/u4:0: attempt to access beyond end of device [ 81.311220][ T8] loop5: rw=2049, sector=40960, nr_sectors = 24 limit=40427 [ 81.416320][ T3602] device veth0_to_bridge entered promiscuous mode [ 81.428658][ T3600] device veth0_to_bridge left promiscuous mode [ 81.442512][ T28] audit: type=1400 audit(1756411393.648:824): avc: denied { setopt } for pid=3601 comm="syz.4.1349" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 81.483700][ T3607] loop7: detected capacity change from 0 to 16384 [ 81.491200][ T28] audit: type=1400 audit(1756411393.678:825): avc: denied { lock } for pid=3604 comm="syz.4.1350" path="socket:[30587]" dev="sockfs" ino=30587 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 81.614254][ T39] cdc_ether 8-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.7-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 81.629372][ T28] audit: type=1400 audit(1756411393.828:826): avc: denied { getattr } for pid=3611 comm="syz.5.1347" name="/" dev="dax" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 81.703209][ T28] audit: type=1400 audit(1756411393.878:827): avc: denied { read } for pid=142 comm="dhcpcd" scontext=system_u:system_r:dhcpc_t tcontext=system_u:system_r:dhcpc_t tclass=netlink_kobject_uevent_socket permissive=1 [ 81.724198][ T28] audit: type=1400 audit(1756411393.888:828): avc: denied { search } for pid=142 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 81.745852][ T28] audit: type=1400 audit(1756411393.888:829): avc: denied { read } for pid=142 comm="dhcpcd" name="n16" dev="tmpfs" ino=8127 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.768715][ T28] audit: type=1400 audit(1756411393.888:830): avc: denied { open } for pid=142 comm="dhcpcd" path="/run/udev/data/n16" dev="tmpfs" ino=8127 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.793459][ T28] audit: type=1400 audit(1756411393.888:831): avc: denied { getattr } for pid=142 comm="dhcpcd" path="/run/udev/data/n16" dev="tmpfs" ino=8127 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 81.845105][ T28] audit: type=1400 audit(1756411394.048:832): avc: denied { remount } for pid=3608 comm="syz.1.1352" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 82.020402][ T334] usb 8-1: USB disconnect, device number 8 [ 82.026643][ T334] cdc_ether 8-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.7-1, CDC Ethernet Device [ 82.062385][ T60] usb 7-1: new high-speed USB device number 10 using dummy_hcd [ 82.242355][ T60] usb 7-1: Using ep0 maxpacket: 32 [ 82.248514][ T60] usb 7-1: config 0 has an invalid interface number: 184 but max is 0 [ 82.256772][ T60] usb 7-1: config 0 has no interface number 0 [ 82.263133][ T60] usb 7-1: config 0 interface 184 has no altsetting 0 [ 82.271424][ T60] usb 7-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 82.280582][ T60] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 82.288635][ T60] usb 7-1: Product: syz [ 82.292931][ T60] usb 7-1: Manufacturer: syz [ 82.297566][ T60] usb 7-1: SerialNumber: syz [ 82.303515][ T60] usb 7-1: config 0 descriptor?? [ 82.309328][ T60] smsc75xx v1.0.0 [ 82.324749][ T3644] SELinux: failed to load policy [ 82.339337][ T3646] loop4: detected capacity change from 0 to 512 [ 82.363743][ T3646] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 82.372759][ T3646] ext4 filesystem being mounted at /319/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 82.404549][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.416892][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.428770][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.440385][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.452002][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.463683][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.475931][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.487738][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.506436][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.518239][ T286] EXT4-fs warning (device loop4): ext4_empty_dir:3147: inode #12: comm syz-executor: directory missing '.' [ 82.577540][ T3665] loop5: detected capacity change from 0 to 512 [ 82.614287][ T3665] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 82.651325][ T3058] EXT4-fs (loop5): unmounting filesystem. [ 82.697913][ T3671] I/O error, dev loop11, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 82.715583][ T3671] F2FS-fs (loop11): Unable to read 1th superblock [ 82.722182][ T3671] I/O error, dev loop11, sector 8 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 82.741053][ T3671] F2FS-fs (loop11): Unable to read 2th superblock [ 82.777051][ T3677] loop5: detected capacity change from 0 to 512 [ 82.790137][ T3677] EXT4-fs: Ignoring removed i_version option [ 82.798192][ T286] EXT4-fs (loop4): unmounting filesystem. [ 82.804657][ T3677] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 82.835729][ T3677] EXT4-fs (loop5): 1 truncate cleaned up [ 82.841428][ T3677] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 82.879472][ T3058] EXT4-fs (loop5): unmounting filesystem. [ 82.936905][ T3685] loop7: detected capacity change from 0 to 2048 [ 83.019068][ T3685] loop7: unable to read partition table [ 83.025064][ T3685] loop7: partition table beyond EOD, truncated [ 83.031241][ T3685] loop_reread_partitions: partition scan of loop7 () failed (rc=-5) [ 83.088365][ T103] loop7: unable to read partition table [ 83.099146][ T103] loop7: partition table beyond EOD, truncated [ 83.106111][ T3692] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.122339][ T3692] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.137446][ T3692] device bridge_slave_0 entered promiscuous mode [ 83.152622][ T43] device bridge_slave_1 left promiscuous mode [ 83.158831][ T336] I/O error, dev loop7, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 83.169087][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.189239][ T43] device bridge_slave_0 left promiscuous mode [ 83.216316][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 83.234367][ T43] device veth1_macvtap left promiscuous mode [ 83.240746][ T43] device veth0_vlan left promiscuous mode [ 83.326905][ T3716] loop5: detected capacity change from 0 to 512 [ 83.347943][ T60] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 83.348058][ T3716] EXT4-fs: Ignoring removed orlov option [ 83.364711][ T60] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 83.367219][ T3716] EXT4-fs (loop5): mounting ext3 file system using the ext4 subsystem [ 83.374375][ T60] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 83.392905][ T3692] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.393511][ T3716] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 83.399923][ T3692] bridge0: port 2(bridge_slave_1) entered disabled state [ 83.401256][ T3692] device bridge_slave_1 entered promiscuous mode [ 83.408664][ T3716] EXT4-fs error (device loop5): ext4_xattr_ibody_find:2195: inode #15: comm syz.5.1398: corrupted in-inode xattr [ 83.415684][ T60] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 83.421384][ T3716] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1398: couldn't read orphan inode 15 (err -117) [ 83.437301][ T60] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 83.443003][ T3716] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none. [ 83.454992][ T60] smsc75xx 7-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 83.526482][ T60] smsc75xx: probe of 7-1:0.184 failed with error -71 [ 83.544910][ T3058] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 83.571326][ T60] usb 7-1: USB disconnect, device number 10 [ 83.572396][ T6] usb 8-1: new high-speed USB device number 9 using dummy_hcd [ 83.590920][ T3058] EXT4-fs error (device loop5): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 83.619885][ T3058] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 83.647570][ T3058] EXT4-fs error (device loop5): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 83.669639][ T3058] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 83.691069][ T3058] EXT4-fs error (device loop5): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 83.711296][ T3058] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 83.726909][ T3692] bridge0: port 2(bridge_slave_1) entered blocking state [ 83.731702][ T3058] EXT4-fs error (device loop5): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 83.738155][ T3692] bridge0: port 2(bridge_slave_1) entered forwarding state [ 83.738236][ T3692] bridge0: port 1(bridge_slave_0) entered blocking state [ 83.757885][ T3058] EXT4-fs error (device loop5): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 83.764279][ T3692] bridge0: port 1(bridge_slave_0) entered forwarding state [ 83.771737][ T3058] EXT4-fs error (device loop5): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 83.818258][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 83.822719][ T6] usb 8-1: Using ep0 maxpacket: 32 [ 83.826134][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 83.839334][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 83.852097][ T6] usb 8-1: config 0 interface 0 has no altsetting 0 [ 83.861913][ T6] usb 8-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 83.862101][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 83.879605][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 83.886529][ T6] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 83.902990][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 83.911323][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 83.924443][ T3692] device veth0_vlan entered promiscuous mode [ 83.931196][ T3058] EXT4-fs (loop5): unmounting filesystem. [ 83.933681][ T6] usb 8-1: config 0 descriptor?? [ 83.942056][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 83.956371][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 83.965622][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 83.974036][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 83.983055][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 83.995469][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.005053][ T3692] device veth1_macvtap entered promiscuous mode [ 84.022838][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 84.030556][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 84.038874][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.050566][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 84.060280][ T447] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.108033][ T3743] loop6: detected capacity change from 0 to 1024 [ 84.145077][ T3743] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 84.165204][ T6] usbhid 8-1:0.0: can't add hid device: -71 [ 84.174568][ T6] usbhid: probe of 8-1:0.0 failed with error -71 [ 84.189947][ T6] usb 8-1: USB disconnect, device number 9 [ 84.196653][ T3743] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 84.214738][ T3743] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 84.230413][ T3743] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2818: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 84.249043][ T3746] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.250464][ T3743] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 319 with max blocks 1 with error 28 [ 84.256184][ T3746] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.268814][ T3743] EXT4-fs (loop6): This should not happen!! Data will be lost [ 84.268814][ T3743] [ 84.276426][ T3754] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 1 with error 28 [ 84.285980][ T3746] device bridge_slave_0 entered promiscuous mode [ 84.304166][ T3743] EXT4-fs (loop6): Total free blocks count 0 [ 84.304879][ T3746] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.317246][ T3743] EXT4-fs (loop6): Free/Dirty block details [ 84.317261][ T3746] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.323464][ T3754] EXT4-fs (loop6): This should not happen!! Data will be lost [ 84.323464][ T3754] [ 84.330677][ T3746] device bridge_slave_1 entered promiscuous mode [ 84.340246][ T3743] EXT4-fs (loop6): free_blocks=20480 [ 84.346457][ T3754] EXT4-fs (loop6): Total free blocks count 0 [ 84.351751][ T3743] EXT4-fs (loop6): dirty_blocks=32 [ 84.392948][ T3756] loop8: detected capacity change from 0 to 512 [ 84.502096][ T3746] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.509191][ T3746] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.516478][ T3746] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.523523][ T3746] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.547599][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 84.556130][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.563557][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.581763][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 84.590228][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 84.597303][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 84.605620][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 84.615046][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 84.622107][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 84.639814][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 84.647996][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 84.663717][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 84.673160][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 84.681160][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 84.688785][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 84.698141][ T3746] device veth0_vlan entered promiscuous mode [ 84.705340][ T43] device bridge_slave_1 left promiscuous mode [ 84.711459][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 84.719637][ T43] device bridge_slave_0 left promiscuous mode [ 84.725969][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 84.734059][ T43] device veth1_macvtap left promiscuous mode [ 84.740053][ T43] device veth0_vlan left promiscuous mode [ 84.782359][ T6] usb 8-1: new high-speed USB device number 10 using dummy_hcd [ 84.808718][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 84.817797][ T3746] device veth1_macvtap entered promiscuous mode [ 84.827401][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 84.837000][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 84.888351][ T3774] loop9: detected capacity change from 0 to 512 [ 84.911874][ T3774] EXT4-fs: Ignoring removed orlov option [ 84.919831][ T3774] EXT4-fs (loop9): mounting ext3 file system using the ext4 subsystem [ 84.929204][ T3774] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8002c119, mo2=0002] [ 84.938682][ T3774] EXT4-fs error (device loop9): ext4_xattr_ibody_find:2195: inode #15: comm syz.9.1414: corrupted in-inode xattr [ 84.950788][ T3774] EXT4-fs error (device loop9): ext4_orphan_get:1405: comm syz.9.1414: couldn't read orphan inode 15 (err -117) [ 84.962932][ T3774] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none. [ 84.973504][ T6] usb 8-1: Using ep0 maxpacket: 32 [ 84.986418][ T3746] EXT4-fs error (device loop9): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 85.006840][ T3746] EXT4-fs error (device loop9): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 85.026166][ T3746] EXT4-fs error (device loop9): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 85.026269][ T6] usb 8-1: config 0 interface 0 has no altsetting 0 [ 85.046983][ T3746] EXT4-fs error (device loop9): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 85.053373][ T6] usb 8-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 85.080718][ T6] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.089306][ T6] usb 8-1: config 0 descriptor?? [ 85.092463][ T3746] EXT4-fs error (device loop9): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 85.114579][ T3746] EXT4-fs error (device loop9): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 85.134297][ T3746] EXT4-fs error (device loop9): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 85.154342][ T39] usb 7-1: new high-speed USB device number 11 using dummy_hcd [ 85.154837][ T3746] EXT4-fs error (device loop9): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 85.181286][ T3746] EXT4-fs error (device loop9): ext4_readdir:263: inode #11: block 18: comm syz-executor: path (unknown): bad entry in directory: inode out of bounds - offset=0, inode=256, rec_len=1024, size=1024 fake=0 [ 85.192357][ T334] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 85.203730][ T3746] EXT4-fs error (device loop9): ext4_empty_dir:3177: inode #11: block 18: comm syz-executor: bad entry in directory: inode out of bounds - offset=4096, inode=256, rec_len=1024, size=1024 fake=0 [ 85.295486][ T3746] EXT4-fs (loop9): unmounting filesystem. [ 85.347124][ T39] usb 7-1: config 0 has an invalid interface number: 1 but max is 0 [ 85.362342][ T39] usb 7-1: config 0 has no interface number 0 [ 85.372373][ T39] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 85.386054][ T39] usb 7-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 85.396116][ T39] usb 7-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 85.405275][ T334] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 85.416394][ T39] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 85.424852][ T334] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 85.438415][ T334] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 85.449556][ T39] usb 7-1: config 0 descriptor?? [ 85.455000][ T334] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 85.469425][ T334] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 85.478628][ T334] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.486702][ T334] usb 2-1: Product: syz [ 85.491043][ T334] usb 2-1: Manufacturer: syz [ 85.495717][ T334] usb 2-1: SerialNumber: syz [ 85.497658][ T6] hid (null): invalid report_count 61715 [ 85.506077][ T3776] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 85.507869][ T6] uclogic 0003:5543:0522.0015: invalid report_count 61715 [ 85.514096][ T334] cdc_mbim 2-1:1.0: skipping garbage [ 85.520448][ T6] uclogic 0003:5543:0522.0015: item 0 2 1 9 parsing failed [ 85.538238][ T6] uclogic 0003:5543:0522.0015: parse failed [ 85.544238][ T6] uclogic: probe of 0003:5543:0522.0015 failed with error -22 [ 85.583020][ T3781] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.590135][ T3781] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.601628][ T3781] device bridge_slave_0 entered promiscuous mode [ 85.610221][ T3781] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.617322][ T3781] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.624953][ T3781] device bridge_slave_1 entered promiscuous mode [ 85.728625][ T3776] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 85.737807][ T3776] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 85.740880][ T517] usb 8-1: USB disconnect, device number 10 [ 85.750142][ T3781] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.757906][ T3781] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.765207][ T3781] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.772220][ T3781] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.803485][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 85.811069][ T10] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.818402][ T10] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.827894][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 85.836301][ T10] bridge0: port 1(bridge_slave_0) entered blocking state [ 85.843335][ T10] bridge0: port 1(bridge_slave_0) entered forwarding state [ 85.861610][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 85.869998][ T10] bridge0: port 2(bridge_slave_1) entered blocking state [ 85.877041][ T10] bridge0: port 2(bridge_slave_1) entered forwarding state [ 85.893130][ T352] device bridge_slave_1 left promiscuous mode [ 85.899447][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 85.905485][ T39] input: HID 04d9:a055 as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.1/0003:04D9:A055.0016/input/input15 [ 85.918101][ T352] device bridge_slave_0 left promiscuous mode [ 85.924333][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 85.932074][ T352] device veth1_macvtap left promiscuous mode [ 85.938237][ T352] device veth0_vlan left promiscuous mode [ 85.984770][ T39] holtek_kbd 0003:04D9:A055.0016: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.6-1/input1 [ 86.007173][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 86.015767][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 86.038034][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 86.046505][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 86.061011][ T3781] device veth0_vlan entered promiscuous mode [ 86.068452][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 86.076292][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 86.084419][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 86.091917][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 86.105021][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 86.113722][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 86.121612][ T6] usb 7-1: USB disconnect, device number 11 [ 86.128944][ T3781] device veth1_macvtap entered promiscuous mode [ 86.141733][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 86.149778][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 86.158143][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 86.170416][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 86.178634][ T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 86.191040][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 86.191051][ T28] audit: type=1400 audit(1756411398.388:867): avc: denied { mounton } for pid=3781 comm="syz-executor" path="/root/syzkaller.4REHKs/syz-tmp" dev="sda1" ino=2063 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=dir permissive=1 [ 86.221906][ T28] audit: type=1400 audit(1756411398.388:868): avc: denied { mount } for pid=3781 comm="syz-executor" name="/" dev="tmpfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 86.245473][ T28] audit: type=1400 audit(1756411398.388:869): avc: denied { mounton } for pid=3781 comm="syz-executor" path="/root/syzkaller.4REHKs/syz-tmp/newroot/dev" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 86.274436][ T28] audit: type=1400 audit(1756411398.388:870): avc: denied { mount } for pid=3781 comm="syz-executor" name="/" dev="proc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_t tclass=filesystem permissive=1 [ 86.303358][ T28] audit: type=1400 audit(1756411398.398:871): avc: denied { mounton } for pid=3781 comm="syz-executor" path="/root/syzkaller.4REHKs/syz-tmp/newroot/sys/kernel/debug" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=dir permissive=1 [ 86.330553][ T28] audit: type=1400 audit(1756411398.398:872): avc: denied { mounton } for pid=3781 comm="syz-executor" path="/root/syzkaller.4REHKs/syz-tmp/newroot/proc/sys/fs/binfmt_misc" dev="proc" ino=31671 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysctl_fs_t tclass=dir permissive=1 [ 86.331427][ T3810] loop7: detected capacity change from 0 to 256 [ 86.364987][ T3776] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 86.372815][ T28] audit: type=1400 audit(1756411398.398:873): avc: denied { unmount } for pid=3781 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 86.379777][ T3776] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 86.420930][ T28] audit: type=1400 audit(1756411398.418:874): avc: denied { mounton } for pid=3781 comm="syz-executor" path="/dev/gadgetfs" dev="devtmpfs" ino=570 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:device_t tclass=dir permissive=1 [ 86.446205][ T334] cdc_mbim 2-1:1.0: dwNtbInMaxSize=7 is too small. Using 2048 [ 86.456340][ T28] audit: type=1400 audit(1756411398.428:875): avc: denied { mount } for pid=3781 comm="syz-executor" name="/" dev="binder" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 86.479147][ T334] cdc_mbim 2-1:1.0: setting rx_max = 2048 [ 86.479305][ T28] audit: type=1400 audit(1756411398.428:876): avc: denied { mounton } for pid=3781 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 86.566960][ T3823] loop3: detected capacity change from 0 to 512 [ 86.595165][ T3823] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 86.604508][ T3823] ext4 filesystem being mounted at /3/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.620836][ T3823] syz.3.1433[3823] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 86.620904][ T3823] syz.3.1433[3823] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 86.663480][ T3781] EXT4-fs (loop3): unmounting filesystem. [ 86.697742][ T334] cdc_mbim 2-1:1.0: setting tx_max = 16384 [ 86.707354][ T3833] loop6: detected capacity change from 0 to 512 [ 86.712941][ T334] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 86.739906][ T334] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 1a:eb:32:59:35:1b [ 86.775715][ T3833] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 86.792813][ T3833] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 86.797944][ T334] usb 2-1: USB disconnect, device number 8 [ 86.831070][ T1710] EXT4-fs (loop6): unmounting filesystem. [ 86.846891][ T3847] loop7: detected capacity change from 0 to 1024 [ 86.863408][ T334] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 86.883898][ T3847] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 86.953455][ T3847] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback. [ 87.043217][ T6] usb 9-1: new high-speed USB device number 2 using dummy_hcd [ 87.044075][ T3847] EXT4-fs error (device loop7): ext4_mb_mark_diskspace_used:3841: comm syz.7.1441: Allocating blocks 497-513 which overlap fs metadata [ 87.051888][ T3847] EXT4-fs (loop7): Remounting filesystem read-only [ 87.052015][ T3847] EXT4-fs (loop7): pa ffff888134f3adc8: logic 256, phys. 385, len 8 [ 87.052038][ T3847] EXT4-fs error (device loop7): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 1 [ 87.052196][ T3847] EXT4-fs (loop7): Remounting filesystem read-only [ 87.092172][ T3846] EXT4-fs error (device loop7): mb_free_blocks:1815: group 0, inode 15: block 129:freeing already freed block (bit 8); block bitmap corrupt. [ 87.092791][ T3846] EXT4-fs (loop7): Remounting filesystem read-only [ 87.123678][ T2039] EXT4-fs (loop7): unmounting filesystem. [ 87.224943][ T6] usb 9-1: Using ep0 maxpacket: 32 [ 87.226828][ T6] usb 9-1: config 0 interface 0 has no altsetting 0 [ 87.277485][ T6] usb 9-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 87.299528][ T6] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.310167][ T6] usb 9-1: config 0 descriptor?? [ 87.652463][ T3326] usb 7-1: new high-speed USB device number 12 using dummy_hcd [ 87.675040][ T6] usbhid 9-1:0.0: can't add hid device: -71 [ 87.680996][ T6] usbhid: probe of 9-1:0.0 failed with error -71 [ 87.699152][ T6] usb 9-1: USB disconnect, device number 2 [ 87.833545][ T3326] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 87.844575][ T3326] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 87.854507][ T3326] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 87.867617][ T3326] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 87.891466][ T3326] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 87.903625][ T3326] usb 7-1: config 0 descriptor?? [ 88.112342][ T517] usb 8-1: new high-speed USB device number 11 using dummy_hcd [ 88.294023][ T517] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 88.307852][ T517] usb 8-1: config 0 has no interfaces? [ 88.313038][ T3326] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 88.320714][ T3326] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 88.323595][ T517] usb 8-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 88.338648][ T517] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.342365][ T3326] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 88.346801][ T517] usb 8-1: Product: syz [ 88.358302][ T517] usb 8-1: Manufacturer: syz [ 88.363075][ T517] usb 8-1: SerialNumber: syz [ 88.363099][ T3326] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 88.375698][ T3326] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 88.375812][ T517] usb 8-1: config 0 descriptor?? [ 88.383103][ T3326] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 88.395579][ T3326] plantronics 0003:047F:FFFF.0017: unknown main item tag 0x0 [ 88.403227][ T3326] plantronics 0003:047F:FFFF.0017: No inputs registered, leaving [ 88.412005][ T3326] plantronics 0003:047F:FFFF.0017: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0 [ 88.412377][ T6] usb 9-1: new high-speed USB device number 3 using dummy_hcd [ 88.605145][ T3326] usb 7-1: USB disconnect, device number 12 [ 88.632501][ T6] usb 9-1: Using ep0 maxpacket: 32 [ 88.653042][ T6] usb 9-1: config 0 interface 0 has no altsetting 0 [ 88.653345][ T334] usb 8-1: USB disconnect, device number 11 [ 88.659661][ T6] usb 9-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice= 0.00 [ 88.692326][ T6] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 88.712529][ T6] usb 9-1: config 0 descriptor?? [ 88.744343][ T3891] loop3: detected capacity change from 0 to 512 [ 88.764052][ T3891] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 88.773825][ T3891] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 88.794587][ T3891] EXT4-fs (loop3): shut down requested (1) [ 88.810557][ T3781] EXT4-fs (loop3): unmounting filesystem. [ 88.843128][ T3897] incfs: Options parsing error. -22 [ 88.848641][ T3897] incfs: mount failed -22 [ 88.952617][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 89.121955][ T6] hid (null): invalid report_count 61715 [ 89.128676][ T6] uclogic 0003:5543:0522.0018: invalid report_count 61715 [ 89.135977][ T6] uclogic 0003:5543:0522.0018: item 0 2 1 9 parsing failed [ 89.147788][ T6] uclogic 0003:5543:0522.0018: parse failed [ 89.154014][ T6] uclogic: probe of 0003:5543:0522.0018 failed with error -22 [ 89.342376][ T334] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 89.388876][ T3326] usb 9-1: USB disconnect, device number 3 [ 89.405301][ T3982] device veth1_to_bond entered promiscuous mode [ 89.412828][ T3981] device veth1_to_bond left promiscuous mode [ 89.495371][ T4004] sock: sock_set_timeout: `syz.6.1504' (pid 4004) tries to set negative timeout [ 89.545268][ T334] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 89.557956][ T334] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 89.576931][ T334] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 89.591895][ T334] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 89.606383][ T334] usb 4-1: SerialNumber: syz [ 89.657954][ T4036] SELinux: policydb table sizes (0,538976256) do not match mine (8,7) [ 89.666684][ T4036] SELinux: failed to load policy [ 89.816391][ T334] usb 4-1: 0:2 : does not exist [ 89.823213][ T334] usb 4-1: USB disconnect, device number 3 [ 89.914061][ T4077] netlink: 76 bytes leftover after parsing attributes in process `syz.6.1540'. [ 90.043220][ T1140] udevd[1140]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 90.186504][ T4111] loop8: detected capacity change from 0 to 2048 [ 90.204847][ T4111] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 90.222029][ T3692] EXT4-fs (loop8): unmounting filesystem. [ 90.371314][ T4128] hub 9-0:1.0: USB hub found [ 90.376060][ T4128] hub 9-0:1.0: 1 port detected [ 90.422833][ T4134] tmpfs: Unknown parameter 'gr' [ 90.485905][ T334] hid-generic 0000:0003:0003.0019: item fetching failed at offset 0/2 [ 90.494448][ T334] hid-generic: probe of 0000:0003:0003.0019 failed with error -22 [ 90.673339][ T4186] loop7: detected capacity change from 0 to 1024 [ 90.693261][ T4186] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 90.709512][ T4186] EXT4-fs warning (device loop7): ext4_rmdir:3243: inode #11: comm syz.7.1588: empty directory 'file1' has too many links (111) [ 90.728592][ T2039] EXT4-fs (loop7): unmounting filesystem. [ 90.892344][ T334] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 90.910753][ T4196] loop6: detected capacity change from 0 to 1024 [ 90.917570][ T4196] EXT4-fs: Ignoring removed nomblk_io_submit option [ 90.943244][ T4196] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 90.960884][ T1710] EXT4-fs (loop6): unmounting filesystem. [ 91.016570][ T4210] loop6: detected capacity change from 0 to 512 [ 91.034395][ T4210] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback. [ 91.043725][ T4210] ext4 filesystem being mounted at /200/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 91.058256][ T4210] EXT4-fs error (device loop6): ext4_do_update_inode:5256: inode #2: comm syz.6.1598: corrupted inode contents [ 91.070300][ T4210] EXT4-fs error (device loop6): ext4_dirty_inode:6121: inode #2: comm syz.6.1598: mark_inode_dirty error [ 91.081871][ T4210] EXT4-fs error (device loop6): ext4_do_update_inode:5256: inode #2: comm syz.6.1598: corrupted inode contents [ 91.093920][ T4210] EXT4-fs error (device loop6): __ext4_ext_dirty:202: inode #2: comm syz.6.1598: mark_inode_dirty error [ 91.103401][ T334] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64 [ 91.107374][ T4210] EXT4-fs error (device loop6): ext4_get_first_dir_block:3594: inode #18: comm syz.6.1598: directory missing '.' [ 91.116341][ T334] usb 4-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32 [ 91.137587][ T334] usb 4-1: config 1 interface 0 has no altsetting 0 [ 91.142794][ T1710] EXT4-fs (loop6): unmounting filesystem. [ 91.145747][ T334] usb 4-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40 [ 91.159320][ T334] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.167493][ T334] usb 4-1: Product: syz [ 91.171846][ T334] usb 4-1: Manufacturer: syz [ 91.176577][ T334] usb 4-1: SerialNumber: syz [ 91.182797][ T4176] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 91.192859][ T28] kauditd_printk_skb: 137 callbacks suppressed [ 91.192873][ T28] audit: type=1400 audit(1756411403.388:1014): avc: denied { create } for pid=4217 comm="syz.6.1601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 91.228060][ T4176] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 91.251932][ T28] audit: type=1400 audit(1756411403.388:1015): avc: denied { bind } for pid=4217 comm="syz.6.1601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 91.279003][ T28] audit: type=1400 audit(1756411403.388:1016): avc: denied { setopt } for pid=4217 comm="syz.6.1601" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 91.413063][ T4228] loop8: detected capacity change from 0 to 8192 [ 91.430073][ T28] audit: type=1400 audit(1756411403.628:1017): avc: denied { mount } for pid=4227 comm="syz.8.1606" name="/" dev="loop8" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 91.459018][ T28] audit: type=1400 audit(1756411403.658:1018): avc: denied { unmount } for pid=3692 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 91.501791][ T28] audit: type=1400 audit(1756411403.698:1019): avc: denied { read } for pid=4231 comm="syz.8.1608" dev="nsfs" ino=4026532297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 91.525074][ T28] audit: type=1400 audit(1756411403.728:1020): avc: denied { open } for pid=4231 comm="syz.8.1608" path="net:[4026532297]" dev="nsfs" ino=4026532297 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 91.549272][ T28] audit: type=1400 audit(1756411403.728:1021): avc: denied { create } for pid=4231 comm="syz.8.1608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 91.570213][ T28] audit: type=1400 audit(1756411403.768:1022): avc: denied { setopt } for pid=4231 comm="syz.8.1608" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 91.612355][ T517] usb 7-1: new high-speed USB device number 13 using dummy_hcd [ 91.617752][ T28] audit: type=1400 audit(1756411403.798:1023): avc: denied { map } for pid=4233 comm="syz.8.1609" path="/dev/ashmem" dev="devtmpfs" ino=269 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 91.649540][ T4238] sch_fq: defrate 4294967295 ignored. [ 91.802347][ T517] usb 7-1: Using ep0 maxpacket: 16 [ 91.808626][ T517] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 91.829151][ T517] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 91.850696][ T517] usb 7-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 91.867738][ T517] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 91.876093][ T517] usb 7-1: Product: syz [ 91.880256][ T517] usb 7-1: Manufacturer: syz [ 91.885088][ T517] usb 7-1: SerialNumber: syz [ 92.005455][ T4258] loop8: detected capacity change from 0 to 512 [ 92.021930][ T4258] EXT4-fs (loop8): orphan cleanup on readonly fs [ 92.029041][ T4258] EXT4-fs error (device loop8): ext4_acquire_dquot:6801: comm syz.8.1620: Failed to acquire dquot type 1 [ 92.041220][ T4258] EXT4-fs (loop8): 1 truncate cleaned up [ 92.047420][ T4258] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 92.063740][ T4258] EXT4-fs (loop8): warning: mounting fs with errors, running e2fsck is recommended [ 92.073521][ T4258] EXT4-fs warning (device loop8): read_mmp_block:115: Error -117 while reading MMP block 8 [ 92.091527][ T3692] EXT4-fs (loop8): unmounting filesystem. [ 92.101376][ T517] usb 7-1: 0:2 : does not exist [ 92.108384][ T517] usb 7-1: 5:0: failed to get current value for ch 0 (-22) [ 92.124284][ T517] usb 7-1: USB disconnect, device number 13 [ 92.267456][ T4290] loop8: detected capacity change from 0 to 1024 [ 92.281012][ T334] rtl8150 4-1:1.0: couldn't reset the device [ 92.293448][ T334] rtl8150: probe of 4-1:1.0 failed with error -5 [ 92.302245][ T334] usb 4-1: USB disconnect, device number 4 [ 92.313221][ T4290] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 92.337582][ T3692] EXT4-fs (loop8): unmounting filesystem. [ 92.353978][ T1140] udevd[1140]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 92.621483][ T4316] loop6: detected capacity change from 0 to 128 [ 92.651303][ T4316] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=16, mo=a802c018, mo2=0002] [ 92.659383][ T4316] System zones: 1-3, 19-19, 35-36 [ 92.669862][ T4316] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 92.678644][ T4316] ext4 filesystem being mounted at /205/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 92.738574][ T1710] EXT4-fs (loop6): unmounting filesystem. [ 92.754598][ T4335] loop6: detected capacity change from 0 to 128 [ 92.763272][ T4335] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 92.796089][ T4335] ext4 filesystem being mounted at /206/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 92.820968][ T1710] EXT4-fs (loop6): unmounting filesystem. [ 95.770724][ T4377] netlink: 'syz.7.1672': attribute type 6 has an invalid length. [ 95.924499][ T4399] loop8: detected capacity change from 0 to 128 [ 95.958761][ T4399] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: none. [ 95.982509][ T4399] ext4 filesystem being mounted at /52/mnt supports timestamps until 2038-01-19 (0x7fffffff) [ 96.013962][ T3692] EXT4-fs (loop8): unmounting filesystem. [ 96.032350][ T517] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 96.137181][ T4388] loop6: detected capacity change from 0 to 40427 [ 96.149285][ T4388] F2FS-fs (loop6): invalid crc value [ 96.175268][ T4388] F2FS-fs (loop6): Found nat_bits in checkpoint [ 96.229908][ T4388] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e4 [ 96.283367][ T517] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 96.291385][ T517] usb 4-1: config 0 has no interface number 0 [ 96.300414][ T517] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 96.311380][ T517] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 96.321620][ T517] usb 4-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 96.330726][ T517] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 96.339420][ T517] usb 4-1: config 0 descriptor?? [ 96.406170][ T1710] syz-executor: attempt to access beyond end of device [ 96.406170][ T1710] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 96.478361][ T4442] x_tables: duplicate underflow at hook 4 [ 96.629861][ T28] kauditd_printk_skb: 24 callbacks suppressed [ 96.629875][ T28] audit: type=1400 audit(1756411408.828:1046): avc: denied { ioctl } for pid=4448 comm="syz.1.1703" path="socket:[35993]" dev="sockfs" ino=35993 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 96.666748][ T4463] loop7: detected capacity change from 0 to 1024 [ 96.675663][ T4463] EXT4-fs: Ignoring removed i_version option [ 96.682034][ T4462] bridge0: port 1(bridge_slave_0) entered disabled state [ 96.689380][ T4463] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 96.698261][ T4464] netlink: 96 bytes leftover after parsing attributes in process `syz.8.1709'. [ 96.718618][ T4463] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 96.734575][ T4463] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 96.749251][ T28] audit: type=1400 audit(1756411408.938:1047): avc: denied { connect } for pid=4473 comm="syz.1.1712" lport=255 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 96.793505][ T4463] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 28 [ 96.806855][ T517] input: HID 04d9:a055 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:04D9:A055.001A/input/input16 [ 96.819478][ T4463] EXT4-fs (loop7): This should not happen!! Data will be lost [ 96.819478][ T4463] [ 96.831684][ T4463] EXT4-fs (loop7): Total free blocks count 0 [ 96.837835][ T4463] EXT4-fs (loop7): Free/Dirty block details [ 96.841757][ T28] audit: type=1400 audit(1756411409.038:1048): avc: denied { load_policy } for pid=4476 comm="syz.1.1713" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=security permissive=1 [ 96.843922][ T4463] EXT4-fs (loop7): free_blocks=20480 [ 96.869597][ T4477] SELinux: failed to load policy [ 96.874704][ T4463] EXT4-fs (loop7): dirty_blocks=64 [ 96.880242][ T4463] EXT4-fs (loop7): Block reservation details [ 96.888371][ T28] audit: type=1400 audit(1756411409.088:1049): avc: denied { read } for pid=88 comm="acpid" name="event3" dev="devtmpfs" ino=1306 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 96.889189][ T517] holtek_kbd 0003:04D9:A055.001A: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.3-1/input1 [ 96.912457][ T28] audit: type=1400 audit(1756411409.088:1050): avc: denied { open } for pid=88 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1306 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 96.947926][ T4463] EXT4-fs (loop7): i_reserved_data_blocks=4 [ 96.957125][ T4475] EXT4-fs (loop7): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 28 [ 97.015463][ T517] usb 4-1: USB disconnect, device number 5 [ 97.037197][ T4484] fido_id[4484]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 97.066524][ T28] audit: type=1400 audit(1756411409.088:1051): avc: denied { ioctl } for pid=88 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=1306 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 97.163226][ T28] audit: type=1400 audit(1756411409.368:1052): avc: denied { create } for pid=4499 comm="syz.6.1725" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 97.247925][ T4509] netlink: 44 bytes leftover after parsing attributes in process `syz.6.1728'. [ 97.341026][ T4506] loop7: detected capacity change from 0 to 40427 [ 97.342174][ T4518] SELinux: ebitmap start bit (7603732) is not a multiple of the map unit size (64) [ 97.350240][ T4506] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12 [ 97.359539][ T4518] SELinux: failed to load policy [ 97.365051][ T4506] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock [ 97.378561][ T4506] F2FS-fs (loop7): invalid crc value [ 97.399671][ T4506] F2FS-fs (loop7): Found nat_bits in checkpoint [ 97.434318][ T4506] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0 [ 97.439287][ T4528] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1735'. [ 97.441396][ T4506] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5 [ 97.462218][ T4506] syz.7.1727: attempt to access beyond end of device [ 97.462218][ T4506] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 97.470239][ T4528] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1735'. [ 97.476058][ T28] audit: type=1400 audit(1756411409.658:1053): avc: denied { create } for pid=4505 comm="syz.7.1727" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 97.773879][ T28] audit: type=1400 audit(1756411409.978:1054): avc: denied { mount } for pid=4572 comm="syz.3.1757" name="/" dev="incremental-fs" ino=216 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 97.797323][ T28] audit: type=1400 audit(1756411409.978:1055): avc: denied { setattr } for pid=4572 comm="syz.3.1757" name="/" dev="incremental-fs" ino=216 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 97.916387][ T4593] netlink: 8 bytes leftover after parsing attributes in process `syz.8.1766'. [ 97.928662][ T4593] netlink: 24 bytes leftover after parsing attributes in process `syz.8.1766'. [ 97.971490][ T4605] loop8: detected capacity change from 0 to 1024 [ 97.977935][ T3326] usb 7-1: new high-speed USB device number 14 using dummy_hcd [ 97.978212][ T4605] EXT4-fs: Ignoring removed nobh option [ 97.997907][ T4605] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 98.013526][ T4605] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 98.030204][ T4612] loop3: detected capacity change from 0 to 512 [ 98.043975][ T3692] EXT4-fs (loop8): unmounting filesystem. [ 98.172049][ T4628] loop8: detected capacity change from 0 to 512 [ 98.180487][ T3326] usb 7-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 98.210946][ T3326] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 98.223604][ T3326] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 98.227468][ T4634] loop3: detected capacity change from 0 to 512 [ 98.231634][ T3326] usb 7-1: SerialNumber: syz [ 98.245910][ T4634] EXT4-fs: Ignoring removed mblk_io_submit option [ 98.246706][ T4628] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback. [ 98.252407][ T4634] EXT4-fs: Ignoring removed bh option [ 98.267176][ T4634] EXT4-fs (loop3): Test dummy encryption mode enabled [ 98.267590][ T4628] ext4 filesystem being mounted at /76/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 98.275194][ T4634] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 98.307823][ T4634] EXT4-fs (loop3): 1 truncate cleaned up [ 98.318412][ T4634] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 98.337733][ T3692] EXT4-fs (loop8): unmounting filesystem. [ 98.370597][ T3781] EXT4-fs (loop3): unmounting filesystem. [ 98.540807][ T4670] loop8: detected capacity change from 0 to 256 [ 98.559498][ T4670] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 98.570163][ T4670] exFAT-fs (loop8): Medium has reported failures. Some data may be lost. [ 98.580304][ T4670] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 98.835855][ T4684] loop8: detected capacity change from 0 to 40427 [ 98.847656][ T4684] F2FS-fs (loop8): Small segment_count (9 < 1 * 24) [ 98.854687][ T4684] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 98.875608][ T3326] cdc_ether 7-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.6-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 98.896572][ T4684] F2FS-fs (loop8): Found nat_bits in checkpoint [ 98.913426][ T4688] loop7: detected capacity change from 0 to 128 [ 98.943215][ T4664] loop3: detected capacity change from 0 to 131072 [ 98.945336][ T4684] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 98.957050][ T4684] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 98.977288][ T4664] F2FS-fs (loop3): invalid crc value [ 98.997858][ T4684] syz.8.1805: attempt to access beyond end of device [ 98.997858][ T4684] loop8: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 99.006404][ T4664] F2FS-fs (loop3): Found nat_bits in checkpoint [ 99.026596][ T3692] syz-executor: attempt to access beyond end of device [ 99.026596][ T3692] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 99.062591][ T4664] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e4 [ 99.096602][ T4664] F2FS-fs (loop3): Corrupted max_depth of 3: 16842753 [ 99.256190][ T517] usb 7-1: USB disconnect, device number 14 [ 99.267659][ T517] cdc_ether 7-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.6-1, CDC Ethernet Device [ 99.283091][ T3326] usb 8-1: new high-speed USB device number 12 using dummy_hcd [ 99.462351][ T3326] usb 8-1: Using ep0 maxpacket: 32 [ 99.468483][ T3326] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.479535][ T3326] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.482353][ T6] usb 9-1: new high-speed USB device number 4 using dummy_hcd [ 99.489479][ T3326] usb 8-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 99.505854][ T3326] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.514447][ T3326] usb 8-1: config 0 descriptor?? [ 99.520141][ T3326] hub 8-1:0.0: USB hub found [ 99.602341][ T446] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 99.662332][ T334] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 99.673501][ T6] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 99.684407][ T6] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.695298][ T6] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.705057][ T6] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 99.718764][ T6] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 99.720815][ T3326] hub 8-1:0.0: 9 ports detected [ 99.727812][ T6] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 99.733163][ T3326] hub 8-1:0.0: insufficient power available to use all downstream ports [ 99.740736][ T6] usb 9-1: Manufacturer: syz [ 99.757381][ T6] usb 9-1: config 0 descriptor?? [ 99.783310][ T446] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.793181][ T446] usb 2-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 99.802234][ T446] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.811313][ T446] usb 2-1: config 0 descriptor?? [ 99.852376][ T334] usb 4-1: Using ep0 maxpacket: 32 [ 99.858555][ T334] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.869645][ T334] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.879609][ T334] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 99.888678][ T334] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.897547][ T334] usb 4-1: config 0 descriptor?? [ 99.903629][ T334] hub 4-1:0.0: USB hub found [ 99.934182][ T3326] hub 8-1:0.0: hub_hub_status failed (err = -71) [ 99.940593][ T3326] hub 8-1:0.0: config failed, can't get hub status (err -71) [ 99.949280][ T3326] usbhid 8-1:0.0: can't add hid device: -71 [ 99.955241][ T3326] usbhid: probe of 8-1:0.0 failed with error -71 [ 99.984221][ T3326] usb 8-1: USB disconnect, device number 12 [ 100.052342][ T288] usb 7-1: new high-speed USB device number 15 using dummy_hcd [ 100.104081][ T334] hub 4-1:0.0: 1 port detected [ 100.164866][ T6] appleir 0003:05AC:8243.001B: unknown main item tag 0x0 [ 100.172114][ T6] appleir 0003:05AC:8243.001B: No inputs registered, leaving [ 100.180742][ T6] appleir 0003:05AC:8243.001B: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0 [ 100.220589][ T446] nintendo 0003:057E:200E.001C: unbalanced collection at end of report description [ 100.230153][ T446] nintendo 0003:057E:200E.001C: HID parse failed [ 100.236749][ T446] nintendo 0003:057E:200E.001C: probe - fail = -22 [ 100.243283][ T446] nintendo: probe of 0003:057E:200E.001C failed with error -22 [ 100.252413][ T288] usb 7-1: Using ep0 maxpacket: 16 [ 100.258692][ T288] usb 7-1: config 0 has an invalid interface number: 8 but max is 0 [ 100.266702][ T288] usb 7-1: config 0 has no interface number 0 [ 100.272826][ T288] usb 7-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 100.284750][ T288] usb 7-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 100.293823][ T288] usb 7-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 100.301890][ T288] usb 7-1: Product: syz [ 100.306043][ T288] usb 7-1: SerialNumber: syz [ 100.311146][ T288] usb 7-1: config 0 descriptor?? [ 100.426766][ T446] usb 2-1: USB disconnect, device number 9 [ 100.443106][ T39] usb 9-1: USB disconnect, device number 4 [ 100.510974][ T334] usb 4-1: USB disconnect, device number 6 [ 100.526644][ T288] usb 7-1: USB disconnect, device number 15 [ 100.812385][ T3326] usb 8-1: new full-speed USB device number 13 using dummy_hcd [ 100.998630][ T3326] usb 8-1: config 16 has an invalid interface number: 131 but max is 0 [ 101.008132][ T3326] usb 8-1: config 16 has no interface number 0 [ 101.015669][ T3326] usb 8-1: New USB device found, idVendor=04e6, idProduct=000b, bcdDevice= 1.00 [ 101.025559][ T3326] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.042958][ T3326] usb-storage 8-1:16.131: USB Mass Storage device detected [ 101.073483][ T3326] usb-storage 8-1:16.131: Quirks match for vid 04e6 pid 000b: 4 [ 101.210483][ T4768] loop6: detected capacity change from 0 to 256 [ 101.233518][ T4768] syz.6.1839: attempt to access beyond end of device [ 101.233518][ T4768] loop6: rw=2049, sector=256, nr_sectors = 4 limit=256 [ 101.253860][ T288] usb 8-1: USB disconnect, device number 13 [ 101.457978][ T4781] device syz_tun entered promiscuous mode [ 101.464341][ T4780] device syz_tun left promiscuous mode [ 101.691674][ T28] kauditd_printk_skb: 32 callbacks suppressed [ 101.691689][ T28] audit: type=1400 audit(101.670:1088): avc: denied { write } for pid=4807 comm="syz.6.1856" name="tcp" dev="proc" ino=4026533138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:proc_net_t tclass=file permissive=1 [ 101.942350][ T446] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 101.995315][ T4833] loop6: detected capacity change from 0 to 1024 [ 102.001978][ T4833] EXT4-fs: Ignoring removed i_version option [ 102.032936][ T4833] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 102.075009][ T4833] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 102.088600][ T4833] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 1305 free clusters [ 102.101977][ T4847] loop7: detected capacity change from 0 to 2048 [ 102.110264][ T4833] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 28 [ 102.122989][ T4833] EXT4-fs (loop6): This should not happen!! Data will be lost [ 102.122989][ T4833] [ 102.132822][ T446] usb 4-1: Using ep0 maxpacket: 16 [ 102.133672][ T4833] EXT4-fs (loop6): Total free blocks count 0 [ 102.139187][ T446] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 102.144251][ T4833] EXT4-fs (loop6): Free/Dirty block details [ 102.154390][ T446] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 102.169017][ T4833] EXT4-fs (loop6): free_blocks=20480 [ 102.174609][ T4833] EXT4-fs (loop6): dirty_blocks=64 [ 102.179827][ T4833] EXT4-fs (loop6): Block reservation details [ 102.186086][ T4833] EXT4-fs (loop6): i_reserved_data_blocks=4 [ 102.186843][ T4847] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none. [ 102.192823][ T446] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 102.201086][ T4849] EXT4-fs (loop6): Delayed block allocation failed for inode 15 at logical offset 21 with max blocks 43 with error 28 [ 102.209576][ T446] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.229913][ T446] usb 4-1: Product: syz [ 102.234108][ T446] usb 4-1: Manufacturer: syz [ 102.238694][ T446] usb 4-1: SerialNumber: syz [ 102.255749][ T4847] fs-verity: sha512 using implementation "sha512-avx2" [ 102.271001][ T2039] EXT4-fs (loop7): unmounting filesystem. [ 102.313089][ T28] audit: type=1400 audit(102.300:1089): avc: denied { nlmsg_read } for pid=4856 comm="syz.6.1876" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 102.313096][ T4857] netlink: 272 bytes leftover after parsing attributes in process `syz.6.1876'. [ 102.362420][ T3326] usb 9-1: new full-speed USB device number 5 using dummy_hcd [ 102.447412][ T446] usb 4-1: 0:2 : does not exist [ 102.454291][ T446] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 102.466354][ T446] usb 4-1: USB disconnect, device number 7 [ 102.543393][ T3326] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 102.562344][ T3326] usb 9-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 102.573379][ T3326] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 102.584432][ T3326] usb 9-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 102.596572][ T3326] usb 9-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 102.605626][ T3326] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.613604][ T3326] usb 9-1: Product: syz [ 102.617766][ T3326] usb 9-1: Manufacturer: syz [ 102.622356][ T3326] usb 9-1: SerialNumber: syz [ 102.627900][ T4841] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 102.635208][ T288] usb 7-1: new high-speed USB device number 16 using dummy_hcd [ 102.635882][ T3326] cdc_mbim 9-1:1.0: skipping garbage [ 102.693018][ T1140] udevd[1140]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 102.822346][ T288] usb 7-1: Using ep0 maxpacket: 16 [ 102.828583][ T288] usb 7-1: config 0 has an invalid interface number: 105 but max is 0 [ 102.836785][ T288] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 102.846875][ T288] usb 7-1: config 0 has no interface number 0 [ 102.848781][ T4841] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 102.854520][ T288] usb 7-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 102.860244][ T4841] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 102.869289][ T288] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.884171][ T288] usb 7-1: Product: syz [ 102.888327][ T288] usb 7-1: Manufacturer: syz [ 102.892944][ T288] usb 7-1: SerialNumber: syz [ 102.898108][ T288] usb 7-1: config 0 descriptor?? [ 102.903895][ T288] usb 7-1: Found UVC 0.00 device syz (046d:08f3) [ 102.910350][ T288] usb 7-1: No valid video chain found. [ 103.052457][ T28] audit: type=1400 audit(103.030:1090): avc: denied { shutdown } for pid=4874 comm="syz.7.1882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 103.089594][ T28] audit: type=1400 audit(103.060:1091): avc: denied { read } for pid=4874 comm="syz.7.1882" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 103.114994][ T446] usb 7-1: USB disconnect, device number 16 [ 103.173761][ T4870] loop3: detected capacity change from 0 to 40427 [ 103.180657][ T4870] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 103.188432][ T4870] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 103.197951][ T4870] F2FS-fs (loop3): invalid crc value [ 103.218744][ T4870] F2FS-fs (loop3): Found nat_bits in checkpoint [ 103.259135][ T4870] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 103.266241][ T4870] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 103.306503][ T4870] syz.3.1880: attempt to access beyond end of device [ 103.306503][ T4870] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 103.319519][ T28] audit: type=1400 audit(103.290:1092): avc: denied { ioctl } for pid=4894 comm="syz.7.1890" path="socket:[37119]" dev="sockfs" ino=37119 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 103.512976][ T4841] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 103.520154][ T4841] raw-gadget.1 gadget.8: fail, usb_ep_enable returned -22 [ 103.527672][ T3326] cdc_mbim 9-1:1.0: setting rx_max = 16384 [ 103.591199][ T4917] kvm: MWAIT instruction emulated as NOP! [ 103.649937][ T4927] loop6: detected capacity change from 0 to 16 [ 103.656820][ T4928] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 103.672736][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 103.685149][ T28] audit: type=1400 audit(103.680:1093): avc: denied { read } for pid=4931 comm="syz.7.1907" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 103.685738][ T4927] erofs: (device loop6): mounted with root inode @ nid 36. [ 103.728706][ T3326] cdc_mbim 9-1:1.0: setting tx_max = 16384 [ 103.736558][ T28] audit: type=1400 audit(103.720:1094): avc: denied { mount } for pid=4933 comm="syz.3.1908" name="/" dev="debugfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 103.745642][ T3326] cdc_mbim 9-1:1.0: cdc-wdm0: USB WDM device [ 103.764345][ T334] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 103.786303][ T28] audit: type=1400 audit(103.720:1095): avc: denied { getopt } for pid=4933 comm="syz.3.1908" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 103.788014][ T3326] cdc_mbim 9-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.8-1, CDC MBIM, 5a:b8:79:43:e7:5e [ 103.836905][ T3326] usb 9-1: USB disconnect, device number 5 [ 103.849636][ T3326] cdc_mbim 9-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.8-1, CDC MBIM [ 103.858677][ T28] audit: type=1400 audit(103.720:1096): avc: denied { remount } for pid=4933 comm="syz.3.1908" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 103.878145][ T28] audit: type=1400 audit(103.750:1097): avc: denied { unmount } for pid=3781 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:debugfs_t tclass=filesystem permissive=1 [ 103.952361][ T334] usb 2-1: Using ep0 maxpacket: 16 [ 103.980284][ T334] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 103.994299][ T334] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 104.027390][ T334] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 104.047024][ T4971] loop6: detected capacity change from 0 to 256 [ 104.053341][ T334] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.069020][ T334] usb 2-1: Product: syz [ 104.073493][ T334] usb 2-1: Manufacturer: syz [ 104.078224][ T334] usb 2-1: SerialNumber: syz [ 104.078607][ T103] udevd[103]: worker [1140] terminated by signal 33 (Unknown signal 33) [ 104.091503][ T103] udevd[103]: worker [1140] failed while handling '/devices/virtual/block/loop6' [ 104.234337][ T4987] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1932'. [ 104.292941][ T334] usb 2-1: 0:2 : does not exist [ 104.299569][ T334] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 104.311564][ T334] usb 2-1: USB disconnect, device number 10 [ 104.319848][ T336] udevd[336]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 104.397311][ T4996] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1936'. [ 104.642334][ T3326] usb 9-1: new high-speed USB device number 6 using dummy_hcd [ 104.692339][ T446] usb 7-1: new high-speed USB device number 17 using dummy_hcd [ 104.833424][ T3326] usb 9-1: config 0 has an invalid interface number: 1 but max is 0 [ 104.841501][ T3326] usb 9-1: config 0 has no interface number 0 [ 104.847654][ T3326] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 104.858725][ T3326] usb 9-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 104.868510][ T3326] usb 9-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 104.879671][ T3326] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.890039][ T446] usb 7-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 104.890420][ T3326] usb 9-1: config 0 descriptor?? [ 104.900224][ T446] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 104.912764][ T446] usb 7-1: Product: syz [ 104.917250][ T446] usb 7-1: Manufacturer: syz [ 104.921848][ T446] usb 7-1: SerialNumber: syz [ 104.927183][ T446] r8152-cfgselector 7-1: config 0 descriptor?? [ 105.252362][ T334] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 105.325695][ T3326] input: HID 04d9:a055 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.1/0003:04D9:A055.001D/input/input17 [ 105.337963][ T446] r8152-cfgselector 7-1: Unknown version 0x0000 [ 105.344369][ T446] r8152-cfgselector 7-1: bad CDC descriptors [ 105.350665][ T446] r8152-cfgselector 7-1: Unknown version 0x0000 [ 105.357990][ T446] r8152-cfgselector 7-1: USB disconnect, device number 17 [ 105.415223][ T3326] holtek_kbd 0003:04D9:A055.001D: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.8-1/input1 [ 105.447299][ T334] usb 4-1: Using ep0 maxpacket: 16 [ 105.459603][ T334] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 105.467642][ T334] usb 4-1: config 0 has no interface number 0 [ 105.474042][ T334] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 105.486020][ T334] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 105.495089][ T334] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 105.503199][ T334] usb 4-1: Product: syz [ 105.507347][ T334] usb 4-1: SerialNumber: syz [ 105.512394][ T334] usb 4-1: config 0 descriptor?? [ 105.540563][ T288] usb 9-1: USB disconnect, device number 6 [ 105.726708][ T334] usb 4-1: USB disconnect, device number 8 [ 106.152603][ T3326] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 106.232840][ C0] bridge0: received packet on bridge_slave_1 with own address as source address (addr:aa:aa:aa:aa:aa:1c, vlan:0) [ 106.333776][ T3326] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 106.344973][ T3326] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 106.356090][ T3326] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 106.367204][ T3326] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64 [ 106.379571][ T3326] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 106.388862][ T3326] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.393123][ T5043] loop8: detected capacity change from 0 to 40427 [ 106.397118][ T3326] usb 2-1: Product: syz [ 106.407482][ T3326] usb 2-1: Manufacturer: syz [ 106.412070][ T3326] usb 2-1: SerialNumber: syz [ 106.413794][ T5043] F2FS-fs (loop8): Small segment_count (9 < 1 * 24) [ 106.423469][ T5022] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 106.424099][ T5043] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock [ 106.440732][ T3326] cdc_mbim 2-1:1.0: skipping garbage [ 106.443323][ T5043] F2FS-fs (loop8): Found nat_bits in checkpoint [ 106.472388][ T5043] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0 [ 106.479490][ T5043] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5 [ 106.510295][ T3692] syz-executor: attempt to access beyond end of device [ 106.510295][ T3692] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 106.532523][ T446] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 106.642059][ T5022] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 106.649445][ T5022] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 106.723528][ T446] usb 4-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 106.736445][ T446] usb 4-1: config 1 interface 0 has no altsetting 0 [ 106.743738][ T446] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 106.753037][ T446] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 106.761004][ T446] usb 4-1: SerialNumber: syz [ 106.792274][ T5065] loop6: detected capacity change from 0 to 512 [ 106.799256][ T5065] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode [ 106.811027][ T5065] EXT4-fs (loop6): 1 truncate cleaned up [ 106.816772][ T5065] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none. [ 106.831681][ T28] kauditd_printk_skb: 8 callbacks suppressed [ 106.831695][ T28] audit: type=1400 audit(106.820:1106): avc: denied { setattr } for pid=5064 comm="syz.6.1964" name="file0" dev="loop6" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 106.860950][ T1710] EXT4-fs (loop6): unmounting filesystem. [ 107.111598][ T5078] netem: change failed [ 107.163824][ T28] audit: type=1400 audit(107.150:1107): avc: denied { relabelfrom } for pid=5086 comm="syz.7.1974" name="NETLINK" dev="sockfs" ino=38290 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_route_socket permissive=1 [ 107.187655][ T5087] SELinux: Context system_u:object_r:syslogd_var_run_t:s0 is not valid (left unmapped). [ 107.206384][ T28] audit: type=1400 audit(107.190:1108): avc: denied { relabelto } for pid=5086 comm="syz.7.1974" name="NETLINK" dev="sockfs" ino=38290 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=netlink_route_socket permissive=1 trawcon="system_u:object_r:syslogd_var_run_t:s0" [ 107.260245][ T5022] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 107.267669][ T5022] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 107.275169][ T3326] cdc_mbim 2-1:1.0: setting rx_max = 16384 [ 107.392096][ T446] cdc_ether 4-1:1.0 usb0: register 'cdc_ether' at usb-dummy_hcd.3-1, CDC Ethernet Device, 42:42:42:42:42:42 [ 107.441869][ T28] audit: type=1400 audit(107.420:1109): avc: denied { map } for pid=5112 comm="syz.7.1986" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=179 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 107.476269][ T3326] cdc_mbim 2-1:1.0: setting tx_max = 16384 [ 107.483821][ T3326] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 107.493695][ T3326] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 96:c8:41:19:e7:1f [ 107.519338][ T3326] usb 2-1: USB disconnect, device number 11 [ 107.530914][ T3326] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 107.537680][ T5118] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 107.547811][ T5118] device bridge_slave_0 left promiscuous mode [ 107.554059][ T5118] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.563516][ T5118] device bridge_slave_1 left promiscuous mode [ 107.569726][ T5118] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.669103][ T28] audit: type=1400 audit(107.650:1110): avc: denied { rmdir } for pid=5124 comm="syz.7.1994" name="file0" dev="incremental-fs" ino=1262 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 107.697116][ T2039] ------------[ cut here ]------------ [ 107.702687][ T2039] WARNING: CPU: 1 PID: 2039 at fs/inode.c:332 drop_nlink+0xc5/0x110 [ 107.710694][ T2039] Modules linked in: [ 107.714674][ T2039] CPU: 1 PID: 2039 Comm: syz-executor Tainted: G W syzkaller #0 [ 107.723789][ T2039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 107.726602][ T28] audit: type=1400 audit(107.680:1111): avc: denied { mounton } for pid=5126 comm="syz-executor" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 107.733859][ T2039] RIP: 0010:drop_nlink+0xc5/0x110 [ 107.733881][ T2039] Code: 1b 48 8d bb b8 04 00 00 be 08 00 00 00 e8 03 ea f0 ff f0 48 ff 83 b8 04 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 eb 8b ac ff <0f> 0b eb 86 44 89 f1 80 e1 07 80 c1 03 38 c1 0f 8c 5e ff ff ff 4c [ 107.779305][ T2039] RSP: 0018:ffffc900046e7c38 EFLAGS: 00010293 [ 107.785376][ T2039] RAX: ffffffff81c37b75 RBX: ffff88813048a288 RCX: ffff888113ebbcc0 [ 107.793358][ T2039] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 107.801311][ T2039] RBP: ffffc900046e7c60 R08: 0000000000000004 R09: 0000000000000003 [ 107.809293][ T2039] R10: fffff520008dcf78 R11: 1ffff920008dcf78 R12: dffffc0000000000 [ 107.812864][ T19] usb 4-1: USB disconnect, device number 9 [ 107.817279][ T2039] R13: 1ffff1102609145a R14: ffff88813048a2d0 R15: 0000000000000000 [ 107.831058][ T2039] FS: 0000555566f90500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 107.840030][ T2039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 107.846625][ T2039] CR2: 0000555566fb34e8 CR3: 000000012f59a000 CR4: 00000000003506a0 [ 107.847119][ T19] cdc_ether 4-1:1.0 usb0: unregister 'cdc_ether' usb-dummy_hcd.3-1, CDC Ethernet Device [ 107.854617][ T2039] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 107.854630][ T2039] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 107.854641][ T2039] Call Trace: [ 107.883595][ T2039] [ 107.886523][ T2039] shmem_rmdir+0x5b/0x90 [ 107.890774][ T2039] vfs_rmdir+0x393/0x500 [ 107.895069][ T2039] incfs_kill_sb+0x105/0x220 [ 107.899662][ T2039] deactivate_locked_super+0xb5/0x120 [ 107.905064][ T2039] deactivate_super+0xaf/0xe0 [ 107.909799][ T2039] cleanup_mnt+0x45f/0x4e0 [ 107.914242][ T2039] __cleanup_mnt+0x19/0x20 [ 107.918655][ T2039] task_work_run+0x1db/0x240 [ 107.923242][ T2039] ? __cfi_task_work_run+0x10/0x10 [ 107.928345][ T2039] ? __x64_sys_umount+0x125/0x160 [ 107.933366][ T2039] ? __cfi___x64_sys_umount+0x10/0x10 [ 107.938747][ T2039] exit_to_user_mode_loop+0x9b/0xb0 [ 107.943960][ T2039] exit_to_user_mode_prepare+0x5a/0xa0 [ 107.949411][ T2039] syscall_exit_to_user_mode+0x1a/0x30 [ 107.954884][ T2039] do_syscall_64+0x58/0xa0 [ 107.957986][ T28] audit: type=1400 audit(107.940:1112): avc: denied { map } for pid=5129 comm="syz.8.1997" path="socket:[38468]" dev="sockfs" ino=38468 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 107.959297][ T2039] ? clear_bhb_loop+0x30/0x80 [ 107.986367][ T2039] ? clear_bhb_loop+0x30/0x80 [ 107.991039][ T2039] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 107.996927][ T2039] RIP: 0033:0x7f7695f8ff17 [ 108.001330][ T2039] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 108.021108][ T2039] RSP: 002b:00007fff661999a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.029525][ T2039] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7695f8ff17 [ 108.037513][ T2039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff66199a60 [ 108.045483][ T2039] RBP: 00007fff66199a60 R08: 0000000000000000 R09: 0000000000000000 [ 108.053446][ T2039] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6619aaf0 [ 108.061406][ T2039] R13: 00007f7696011c05 R14: 000000000001a49f R15: 00007fff6619ab30 [ 108.069378][ T2039] [ 108.072421][ T2039] ---[ end trace 0000000000000000 ]--- [ 108.078780][ T2039] ================================================================== [ 108.086843][ T2039] BUG: KASAN: null-ptr-deref in ihold+0x20/0x60 [ 108.093081][ T2039] Write of size 4 at addr 0000000000000170 by task syz-executor/2039 [ 108.101135][ T2039] [ 108.103019][ T5135] syz.1.1998 uses obsolete (PF_INET,SOCK_PACKET) [ 108.103449][ T2039] CPU: 1 PID: 2039 Comm: syz-executor Tainted: G W syzkaller #0 [ 108.118739][ T2039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.128774][ T2039] Call Trace: [ 108.129974][ T28] audit: type=1400 audit(108.110:1113): avc: denied { write } for pid=275 comm="syz-executor" path="pipe:[13854]" dev="pipefs" ino=13854 scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:sshd_t tclass=fifo_file permissive=1 [ 108.132043][ T2039] [ 108.132052][ T2039] __dump_stack+0x21/0x24 [ 108.161810][ T2039] dump_stack_lvl+0xee/0x150 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 108.166404][ T2039] ? __cfi_dump_stack_lvl+0x8/0x8 [ 108.171429][ T2039] ? ihold+0x20/0x60 [ 108.175322][ T2039] ? ihold+0x20/0x60 [ 108.179215][ T2039] print_report+0x3d/0x60 [ 108.183548][ T2039] kasan_report+0x122/0x150 [ 108.188061][ T2039] ? ihold+0x20/0x60 [ 108.191954][ T2039] kasan_check_range+0x280/0x290 [ 108.196890][ T2039] __kasan_check_write+0x14/0x20 [ 108.201811][ T2039] ihold+0x20/0x60 [ 108.205508][ T2039] vfs_rmdir+0x25f/0x500 [ 108.209726][ T2039] incfs_kill_sb+0x105/0x220 [ 108.214310][ T2039] deactivate_locked_super+0xb5/0x120 [ 108.219661][ T2039] deactivate_super+0xaf/0xe0 [ 108.224313][ T2039] cleanup_mnt+0x45f/0x4e0 [ 108.228708][ T2039] __cleanup_mnt+0x19/0x20 [ 108.233103][ T2039] task_work_run+0x1db/0x240 [ 108.237691][ T2039] ? __cfi_task_work_run+0x10/0x10 [ 108.242779][ T2039] ? __x64_sys_umount+0x125/0x160 [ 108.247795][ T2039] ? __cfi___x64_sys_umount+0x10/0x10 [ 108.253141][ T2039] exit_to_user_mode_loop+0x9b/0xb0 [ 108.258317][ T2039] exit_to_user_mode_prepare+0x5a/0xa0 [ 108.263764][ T2039] syscall_exit_to_user_mode+0x1a/0x30 [ 108.269219][ T2039] do_syscall_64+0x58/0xa0 [ 108.273627][ T2039] ? clear_bhb_loop+0x30/0x80 [ 108.278279][ T2039] ? clear_bhb_loop+0x30/0x80 [ 108.282933][ T2039] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.288797][ T2039] RIP: 0033:0x7f7695f8ff17 [ 108.293185][ T2039] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 108.312765][ T2039] RSP: 002b:00007fff661999a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.321152][ T2039] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7695f8ff17 [ 108.329096][ T2039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff66199a60 [ 108.337039][ T2039] RBP: 00007fff66199a60 R08: 0000000000000000 R09: 0000000000000000 [ 108.344982][ T2039] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6619aaf0 [ 108.352926][ T2039] R13: 00007f7696011c05 R14: 000000000001a49f R15: 00007fff6619ab30 [ 108.360873][ T2039] [ 108.363867][ T2039] ================================================================== [ 108.373035][ T2039] Disabling lock debugging due to kernel taint [ 108.379206][ T2039] BUG: kernel NULL pointer dereference, address: 0000000000000170 [ 108.386999][ T2039] #PF: supervisor write access in kernel mode [ 108.393045][ T2039] #PF: error_code(0x0002) - not-present page [ 108.399000][ T2039] PGD 1073b3067 P4D 1073b3067 PUD 0 [ 108.404275][ T2039] Oops: 0002 [#1] PREEMPT SMP KASAN [ 108.409460][ T2039] CPU: 1 PID: 2039 Comm: syz-executor Tainted: G B W syzkaller #0 [ 108.418462][ T2039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 108.428524][ T2039] RIP: 0010:ihold+0x26/0x60 [ 108.433019][ T2039] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 51 83 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 41 [ 108.452606][ T2039] RSP: 0018:ffffc900046e7c78 EFLAGS: 00010246 [ 108.458652][ T2039] RAX: ffff888113ebbc00 RBX: 0000000000000000 RCX: ffff888113ebbcc0 [ 108.466605][ T2039] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 108.474555][ T2039] RBP: ffffc900046e7c88 R08: dffffc0000000000 R09: fffffbfff0f2d4fd [ 108.482506][ T2039] R10: fffffbfff0f2d4fd R11: 1ffffffff0f2d4fc R12: ffff88813048a294 [ 108.490469][ T2039] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 108.498520][ T2039] FS: 0000555566f90500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 108.507442][ T2039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.514014][ T2039] CR2: 0000000000000170 CR3: 000000012f59a000 CR4: 00000000003526a0 [ 108.521972][ T2039] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 108.529927][ T2039] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 108.537880][ T2039] Call Trace: [ 108.541145][ T2039] [ 108.544057][ T2039] vfs_rmdir+0x25f/0x500 [ 108.548285][ T2039] incfs_kill_sb+0x105/0x220 [ 108.552856][ T2039] deactivate_locked_super+0xb5/0x120 [ 108.558333][ T2039] deactivate_super+0xaf/0xe0 [ 108.563000][ T2039] cleanup_mnt+0x45f/0x4e0 [ 108.567401][ T2039] __cleanup_mnt+0x19/0x20 [ 108.571800][ T2039] task_work_run+0x1db/0x240 [ 108.576372][ T2039] ? __cfi_task_work_run+0x10/0x10 [ 108.581463][ T2039] ? __x64_sys_umount+0x125/0x160 [ 108.586467][ T2039] ? __cfi___x64_sys_umount+0x10/0x10 [ 108.591822][ T2039] exit_to_user_mode_loop+0x9b/0xb0 [ 108.597087][ T2039] exit_to_user_mode_prepare+0x5a/0xa0 [ 108.602524][ T2039] syscall_exit_to_user_mode+0x1a/0x30 [ 108.607967][ T2039] do_syscall_64+0x58/0xa0 [ 108.612365][ T2039] ? clear_bhb_loop+0x30/0x80 [ 108.617020][ T2039] ? clear_bhb_loop+0x30/0x80 [ 108.621676][ T2039] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 108.627554][ T2039] RIP: 0033:0x7f7695f8ff17 [ 108.631948][ T2039] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 [ 108.651530][ T2039] RSP: 002b:00007fff661999a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 108.659926][ T2039] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f7695f8ff17 [ 108.667883][ T2039] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff66199a60 [ 108.675832][ T2039] RBP: 00007fff66199a60 R08: 0000000000000000 R09: 0000000000000000 [ 108.683781][ T2039] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6619aaf0 [ 108.691731][ T2039] R13: 00007f7696011c05 R14: 000000000001a49f R15: 00007fff6619ab30 [ 108.699688][ T2039] [ 108.702686][ T2039] Modules linked in: [ 108.706568][ T2039] CR2: 0000000000000170 [ 108.710700][ T2039] ---[ end trace 0000000000000000 ]--- [ 108.716131][ T2039] RIP: 0010:ihold+0x26/0x60 [ 108.720616][ T2039] Code: 33 36 7c df 55 48 89 e5 41 56 53 48 89 fb e8 51 83 ac ff 48 8d bb 70 01 00 00 be 04 00 00 00 e8 40 e1 f0 ff 41 be 01 00 00 00 44 0f c1 b3 70 01 00 00 41 ff c6 bf 02 00 00 00 44 89 f6 e8 41 [ 108.740210][ T2039] RSP: 0018:ffffc900046e7c78 EFLAGS: 00010246 [ 108.746274][ T2039] RAX: ffff888113ebbc00 RBX: 0000000000000000 RCX: ffff888113ebbcc0 [ 108.754233][ T2039] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 108.762186][ T2039] RBP: ffffc900046e7c88 R08: dffffc0000000000 R09: fffffbfff0f2d4fd [ 108.770142][ T2039] R10: fffffbfff0f2d4fd R11: 1ffffffff0f2d4fc R12: ffff88813048a294 [ 108.778093][ T2039] R13: dffffc0000000000 R14: 0000000000000001 R15: 0000000000000000 [ 108.786045][ T2039] FS: 0000555566f90500(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 108.794958][ T2039] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.801523][ T2039] CR2: 0000000000000170 CR3: 000000012f59a000 CR4: 00000000003526a0 [ 108.809481][ T2039] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 108.817433][ T2039] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 108.825384][ T2039] Kernel panic - not syncing: Fatal exception [ 108.831653][ T2039] Kernel Offset: disabled [ 108.835956][ T2039] Rebooting in 86400 seconds..