last executing test programs: 26.467109498s ago: executing program 1: socket$inet6_udplite(0xa, 0x2, 0x88) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mknod$loop(&(0x7f0000000000)='./file0\x00', 0x100000000000600d, 0x1) creat(&(0x7f0000000080)='./file0\x00', 0x0) inotify_init1(0x0) syz_open_dev$usbfs(0x0, 0x0, 0x0) sendmsg$NL80211_CMD_REQ_SET_REG(0xffffffffffffffff, 0x0, 0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/keys\x00', 0x0, 0x0) r1 = openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/tcp_rmem\x00', 0x1, 0x0) sendfile(r1, r0, 0x0, 0x7) 26.447063531s ago: executing program 1: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x11, 0x8, &(0x7f0000000200)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0ff5b14104fe62cc60e413905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289d01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf2364149215108333719acd97cfa107d40224edc5465a93df8513a32ec450bebc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe511195418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4929330142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da8c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000dd11e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15f2a169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f000010000000000000905ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400bee3dfc8fb24f67c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341b74abaa7c95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb232bbdb9dc33cbd7643866fde41f94290c2a5ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595270fb4021428ce970275d13b78100788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f76dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d2e959efc71f665c4d75cf2458e3322c9062ece84c99a061997a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb5aac518a75f9e7d7101d5e186c489b3a06fb99f0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f4df90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d164118e4cbe02400000000ff0700000000cc9d8046c216c1f895778cb25122a2a998de44aeadea2a40da8daccf080842a4867217373934bbd42dcb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcd62981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba495aea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250df98674152f94e32409e2a3bce109b60000000000001700d6d5210d7560eb92d6a97a27602b81f76386f1535b1fad6ec9a31137abf9a404abde7750898b1bd627e87306703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294059323e7a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd704e4214de5946932d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854356cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505466ac96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a428f1da1fc8df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1785eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945e20fa26b8471d42645288d7226bbd9c9e9e1cc9eb3d541e407cc2dae5e690cd628ab84875f2c50ba891cea599b079b4b4ba686fcdf240430a537a395dc73bda367bf12cb7d81691a5fe8c47be2f5656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed1254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b70ebc660309e1e245b0fd78f9743af932cd6db49a47613808bad959719c0000000000378a921c7f7f6933c2e24c7e800003c9e8095e02985f28de0bbc76d58dd92606b1ef6486c85fa3e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6968d12418a4d2a0d086d8438d415d713acebc5b014e61a543a5a391f03daca80f08f0e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e112645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4cba6e6390a9f302c6eb2df7766411bef0ebb5000000000006065d6735eb7a00e127c000000000000000000000000000000a1c3da144589dcaddb71cf9374843e23f992a237a9040747e0434a8a643990b4059a98411ce867d1af7e8ea89f49e6f564d4dce8a7d6939a9214a7f39e83bd247e03a09dba000000000000000000000000aaf033d47249c8444bc13844cbf1be617d82b269e5ea0c0d525603c0ec543ea581f63893ae414a6683e941fdbdff03cfc5f8744583c0aa766a65321f907927a59d75b47f06895e8471ebc2840ce5bd054df223fb09b9c739ad64cfcfd2d498b0f11056f6c40874cb977c99b6bc1a8732198a17e610082b7ce0365f271b11d4b4a3d4c7d0bb273f406ecd4b26c93151c30f5a269991402d109becb1b9bafcb2b47e940000000000e540d8b0db3774effb7469a21f96e2594b2973ebf7a1bd9ace2ed4d6eb1735f85885be5be74dc2ea5d7d499bd28271b98f187f5879b16b409a04d78175cc8d0f707c822805d7011ed4b22419186dd2b22aadf15828db2ca19d79e1bf2f7989237ee5cb2e1eb7b2bfc92d3aa95a26f060935c4fee8b2d7d0bf3c6d82d04329164bd4ee0b8060183f36762b0440d9082d7c8b06e4c2024f77e1018758d28e7ee290f32a48bfc2aa10b3dba9bff00d2410f3477a8e0df689c880dc9a677cfaa16603527c06625a3363744cea5f2d350224cc0fea76c72ca08507235c67346722f20690fde0790f040f5fd3eff75f9b291cc5e9c686ebaadbe756c6fa039ff441e427ed12578d5cb041ebf729cfaa575cc852fbdb54e6043"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='kfree\x00', r1}, 0x10) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_XCRS(r4, 0x4188aea7, &(0x7f0000000680)=ANY=[@ANYBLOB="05000000000000001000000000000000000000800000"]) 26.352444366s ago: executing program 1: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000000)='ext4_remove_blocks\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$cgroup_int(r2, &(0x7f0000000080), 0x2) ioctl$SIOCSIFHWADDR(r2, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc, 0x2}}) 26.336778648s ago: executing program 1: r0 = creat(&(0x7f0000000240)='./bus\x00', 0x0) pwritev2(r0, &(0x7f00000015c0)=[{&(0x7f0000000080)="ec", 0x1}], 0x1, 0xfffff, 0x0, 0x0) r1 = open(&(0x7f0000000200)='./bus\x00', 0x44000, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x6, 0x7, 0x9}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000004e8100000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r2}, &(0x7f0000000080), &(0x7f0000000200)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) dup3(r1, r0, 0x0) finit_module(r1, 0x0, 0x0) 26.318749141s ago: executing program 1: syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) unshare(0x60600) mount$incfs(&(0x7f0000000080)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) mount$incfs(&(0x7f0000000140)='./file0\x00', &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x0, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001280)=@base={0x2, 0x4, 0x2, 0xc, 0x1400, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100000000a0000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000180)='kfree\x00', r2}, 0x10) openat(r0, &(0x7f0000000200)='./file0/file0\x00', 0xa4b40, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x0) 26.289673866s ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000df9b7739000000000d000000850000009e00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, r4, 0x0, 0x8ec0, 0x0) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000dfff75390000000000008b00850000007d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r5}, 0x10) fcntl$setpipe(r4, 0x407, 0x0) dup3(r2, r3, 0x0) dup2(r3, r4) sendmsg$nl_route_sched(r4, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000014c0), 0x8e0}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) sync() 23.912113732s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x1, 0x8, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000280)={{r0, 0xffffffffffffffff}, &(0x7f0000000900), &(0x7f00000008c0)}, 0x20) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000540)={r1, &(0x7f0000000440), &(0x7f00000004c0), 0x3}, 0x20) 23.903950723s ago: executing program 4: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) close_range(r1, 0xffffffffffffffff, 0x2) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) mkdirat$cgroup(0xffffffffffffffff, &(0x7f00000005c0)='syz1\x00', 0x1ff) close_range(r0, 0xffffffffffffffff, 0x0) 23.811329457s ago: executing program 4: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000018105e04da070000000000010902240001000000000904000009030000000921000000012222000905810308"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x22, {[@global=@item_012={0x2, 0x1, 0x9, "2313"}, @global=@item_012={0x2, 0x1, 0x0, "e53f"}, @global=@item_4={0x3, 0x1, 0x7, '\f\x00'}, @local=@item_012={0x2, 0x2, 0x2, "9000"}, @global=@item_4={0x3, 0x1, 0x0, "0900be00"}, @main=@item_4={0x3, 0x0, 0x8}, @local=@item_4={0x3, 0x2, 0x0, "09007a15"}, @local=@item_4={0x3, 0x2, 0x0, "5d8c3dda"}]}}, 0x0}, 0x0) syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000400)="e4") syz_usb_ep_write(r0, 0x81, 0x1, &(0x7f0000000000)='B') 20.792003621s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x3, 0x20008, 0x8}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r0, 0xffffffffffffffff}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000004018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='ext4_drop_inode\x00', r2}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 20.776398074s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x1003, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000840)={{r0}, &(0x7f00000007c0), &(0x7f0000000800)='%+9llu \x00'}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000000)='module_request\x00', r2}, 0x10) socketpair(0x0, 0x0, 0x0, &(0x7f00000006c0)) 20.759888426s ago: executing program 4: bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sched_switch\x00', r3}, 0x10) mkdirat(0xffffffffffffff9c, 0x0, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000480)='./file1\x00', 0x0, 0x0, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f0000000140)="00c2", 0x2, 0xfffffffffffffffd) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r4, 0x1, 0x11, &(0x7f0000caaffb)={0x0, 0x0}, &(0x7f0000cab000)=0xc) setresuid(0x0, r5, 0x0) add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='sys_enter\x00'}, 0x10) sync() 5.020827248s ago: executing program 3: syz_mount_image$tmpfs(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000180)) pipe2$9p(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="1500000065ffff"], 0x15) r2 = dup(r1) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000240), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2]) write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18) write$FUSE_DIRENTPLUS(r2, &(0x7f0000000280)=ANY=[@ANYBLOB="b0"], 0xb0) mount$9p_fd(0x0, &(0x7f0000000400)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f00000005c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}, 0x2c, {[{@cache_loose}, {@access_uid}]}}) r3 = syz_open_procfs(0x0, &(0x7f0000000200)='mountinfo\x00') read$FUSE(r3, &(0x7f0000001e80)={0x2020}, 0x2062) 4.988064052s ago: executing program 3: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) select(0x0, 0x0, 0x0, 0x0, 0x0) 4.137957143s ago: executing program 3: bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b000101000000090400001202060000052406000005240000000d240f01000000000000000000090582020002060000090502"], 0x0) 2.554609607s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000000000406c256d0000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000540)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0x5, {0x5, 0x0, "a8c6df"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000440)={0x24, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4}}, 0x0, 0x0}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b70800000d0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="000312"], 0x0, 0x0}, 0x0) 2.5353935s ago: executing program 0: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000072000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10) select(0x0, 0x0, 0x0, 0x0, 0x0) 2.395933881s ago: executing program 2: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000580)=@framed={{}, [@snprintf={{}, {}, {0x5}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {}, {0x85, 0x0, 0x0, 0x8c}}]}, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = socket$inet6_udp(0xa, 0x2, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000940)={r1, 0xe0, &(0x7f0000000840)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000680)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x6, 0x4, &(0x7f00000006c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000700)=[0x0, 0x0, 0x0, 0x0], 0x0, 0x3b, &(0x7f0000000740)=[{}], 0x8, 0x10, &(0x7f0000000780), &(0x7f00000007c0), 0x8, 0x50, 0x8, 0x8, &(0x7f0000000800)}}, 0x10) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r2, 0x89f3, &(0x7f0000000a00)={'ip6gre0\x00', &(0x7f0000000980)={'ip6tnl0\x00', r3, 0x4, 0x0, 0x95, 0x1, 0x28, @loopback, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x8, 0x0, 0x80000001, 0x8}}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000200)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}, @TCA_EGRESS_BLOCK={0x8, 0xe, 0x2}, @TCA_RATE={0x6}]}, 0x40}}, 0x0) 2.383933323s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000140)='mm_page_alloc\x00', r1}, 0x10) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000001"], 0xfe44, 0x0) 2.373061385s ago: executing program 2: syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x2, &(0x7f0000000b40)=ANY=[@ANYRES32=0x0, @ANYBLOB="5e0de6d0a46fa97f7414d5d4beddb6230d028c2985c07fd13ab9cd215be43701b0695c176f010c8522dc892d07fde1c4dd61620c6f145357d324923d98eafd69fcb6929e5d0149b55ad366cb405eb1db194e21eff7ee1ffd0fc491f7a1bd5ef94daa60e4ca4f86b607c0bfa43209a15cc602bced1e30290c9c66b61c0ce079072dc9c55937e87e811990c0a91e53fb7262746f85989515c54010fd24e6ce0415a26322ae81df827d5dcd02a05bea25986e519c3ec6192d3b14cf5fe367c9165b7e625e7c8389494b52ea3019206695e90ce8167dbf5a4157b8943bb48d9b485936f5e27d9538b9a26e5aba36d03db6093d2d3572600e08431993ce973d4cc18848c4593672ae571311d7723653de6825ebf2cb1ea583fe04db14c9ce1762a6b8f00dfd20f64f9acc3ced5097658b468f02c66bb8a7a586d00970044ace79a1202a934310f37359976a87a4b407ee8c3838f48255c0dd8dec7e6be5ef228cb602d83169cc3cdd372823665e0173e6d17bce2a6fb31d80542852c651fbb12c1f875a9f9f7654944b6054fbd6a2755f1eac851d3574df50e5bcf52b771784b7494278b1ee4954fcc101a27cd2caa6bed9d137b06ac60716f64745446165f75818f9ee4d0d02407e33f2cbe25398555191dc68ca32d57d986da35f029b57bc9ddbdb3c7286994688782975d4e91dfd0ae1aca248ac78df50ecf1a84b8a88577c1884bd97c96b3feea64f35e34b41ee47cc845f9240bfabb68c11e1dec3ae7aa4642af97341fb2358ec2c9fffb1c0bb90f375020e7a14c3c46c41766614442a0eeb6c5a55c6dc8d735ad8f724be9123a12f1416ed9404a070da645be79878b39e36eb461ec426c46a5d0201543fa3ccd8b0c305655aee8dbbae71e1f187bae5abe882e52a41dfb52a057704dbf359f993f0fde8bcab0f8ba7ec1f84e7386e8c72c81a6317bc937529063f8f5cf7b8753592629199a0e63773f9d1c63373738804b8267c989434168ecdfd0805e8936f99b5dffbab3a2c326a8bcf5881fe5f79cf58bea52d236abdfb1986331fabb9aab70f3e50acf81e2f5b4db83a73f9d0ec011f840fc5f62e5762cd4abfabebe5737d1486d65ad58f846c29bb1e94c7b20b04a34be7be0ec348f502dffb12f7e4140f8d70120ff1015664afa4c0dab33e5c04ea296ae48c0f4d7c67db9c319de481e018299990c727eb95b6746cc5bbfbdee52a77d96f2406b2f883eb3cce1deb571bc322dd113d69aac36e3816ca2256067391a1d10386503d2788eb5f3289ed462c3bea4951e2e9843cfa0ee70826c2d29ab31a902ccd9f82e43e56a6299b3f5c19ab010ee56c7d71031684ab754c1a442c386b93fa66dcc36f9c1d372434e75a5a7f8651ec4bb2b46ab61fc45a019abf8e20107e9a228ec07ecadfcb2f2373bf977cdedcdaa103bba3b70fb2ab373070f3fa88ef3ff54c1bf05df0350c3d9f8fc6d35734798bfe454da9128e2011e33e8b7602d3e45c160eb85ff49d722c1d049de00b151a938c5cb59861e19669b381f0ebcae398a93789ce8e2579aaf7b1493db08d71165d6c60396e0f2626b9f4609965d6c063fc071592e5eb58b707a942ab6a8a09192fd0bd3f0964c9ff7c978fbb46bd951f0d60c296f00d38c78bdee7f9e894b04b174a15aa68ff527376b3fc319996400f2e705cdf15f133a59a496402afc90824306d0f5c49993d3fa24ede9304f11fd30b31e7ce0517d9ea1919f2f5ef3ed1ede8f39872e17e0fbfdf1a9342dc65b192cb01dcbae1bbfab8b3fa2db08b09cd2aa9ad36ad9d4fc7039dafe688b1dff5986e172cc2e3476caa63ad6603568b2290252dc015c12323a980c6a347ec50efc9aea18c124bb21877b3807df36b71ad0e108f819988b8769cd1a6ec5d5b853939845187763ccc818d50146b912e3c76dbb7d893d787c898727be3b369c1c0526845b4ce2e842dbb120b2d7174203b3096f381743f4e0480206a13aee6f6514818dc77c5bf1e0476c1e391a71d2c58cc862063c5723bb0e7eb06e7e2d22252793c5b65c77c850530ef57f894145b332708371a06135382b7eea0782f8f7a88392c2be365934785685a2af96aa2b6e2035c3cb6f556071be1fb411f8c8497c041573e261a205d40b098ac2546cf2d25b7947c503ed6c9c9c3217a8695e1ca1b359ac92b91740344796243fac99189c0c46215df1a42478ebdb8c4a8d99e6ee985886de89c5d33f9485891da2023ce3d3c3b7b620c4231100c1911730f9d03e90ccf9cd10e4c7953e79a10913d683b3860db3c40f53f85ef77b9bdc108661a1d7b6c28d3c9f1c8bdd4d6110ba986c1f639de668a027740124ecdf54ab9e877f3208dad0139d434eb76ad3d6fb08ef20b6bdca5392d5e21ff9be075658192e70ff175beaa325397b45bdf9d5025935f9369d6a8bb9e368cab2beae3b891faeb1c9623104cacebffac39be98e324991983a268fce8226ef81184e4f2bab4b05f4c0111bcff4de5633fe26dda28197418470c59a254d18320afb3264ba857e0666e35e504d93054c8fc6e5e6bde8845abd33f6607d988da0e41831bb1228dcd83a894d094fdae1f592078d6d1b79dc8dc40d76e7b065b7ddb42b82773251dfd887fd0083d581deefd2cc8bf133f239aa7d014b67cd27eab9c40578449f61aef4831d1cef26902d886f29ada6624c45ef13caea199e8e98a14eb66559cb55296d7b1bfe87ff39c4e29598a014d723d245a2501301d2e9ac28caa8848532acc0c142b45f02e2daf692ba28decf4e0f6afcf5eeaa84e5282b91c3026d7c350bae653b2fcae8b77e9236348be3717552db2351cb289a4848cfaef7fcca4d246c91aeb619c7fdfc2a740736fd3677599d7e0092cd32274817188964b2be954bcfb3bc7928367be69d05688509f0b1edfbdb2138d766cff0bed83d67fea0ed79a6d02cee5ff6a4a6c6cd05f769cae141cc543af8705d1878953b63b3b1bb9f65e3c35891e9716959627b8bd8cda654dbaf44b2240144d587b2ee6b7c14d4246a920eeb5dd6adde20e4782f015a39b7e1287a3b00d93e7ae0dab496644aa5e833fc2334777c41b8935461c845d44f82fbdd821d413ed3b4a8c35ce5e36729b755c10400e66f49e012b7b1416744498d99093074574068230236c3559a25b4badfc4610cd4bca127b17434a76f10638e26cd77bdc8d9063398def2a36b115b381d03ea4a556aa608bde59c0e6662c0a1382d4bb26563e42b80d21c8400e4f48ccf62bbff0faa291cca6d5093cf12ac83979505bcf31682c225d9f5d02b43a83c4b0d9a9ceaab087b9acf6ec300f3e82f1fb348786704dfb536cdb65e1e35a8e68c9cd2490b198c1d0d46fb7f51ea8f5e210d3547c9577396a6619476871b3260ea49a5bb95825192688cff7e22520b821ceeeccc1f54471b76ae855c3733054be0ce00a4c44de27e45c2c0569de1b7c1621089f731fe64022e5b2225f3d85b71d4dba61a0a51b2a93687a33fa26f586da98f7b811221c717180d717546ef88e8ef37fdb381643f9eb32fbf327f37dc16f725b384d7bec64fb64a25836dd46a3ed3403ae2d9c751056d6db1983c0b36226bef498caa786c78f26a0e56b6fae8034df8fe9e76b466c6f67774c6bcdfa4429c3a5fb1edaa3f0e44f60f13a63c9ed19f360a30dcbdff3a30c8003a5c0eb51d8f1620fc58134550c46a7e66cfcb411c9bb151fe823ef2dbdfaad4ed4b54bd02740aad65163d30c43425c05032107fdb2de4b9be600fd35a33abda297087cd206cc56ade830c52524130ca577cc34f7538fd1bdb1c0608ede243a47cc6021447183509091511565b138126840859812db525691bd0b357bd6499e70ae3aa2d2711298dda1b4f274a6c24e31f548693c2ffb86ac957b00fe7fb802c72cf70977a116972fe9ccfdf206977c6137d152010132a6a3b01197769a418126b57ad67661c555d8c11ad8c09c8ba43a4ff55b28bf37ff03febf4688f30a3ab759b0088810c7e7d45eeeee778fdc9cd0efc719a84170d47246e9ed1e072799d7e2419bab5af06f3d319e2e19819237b6b5ba746d221796086570e1bf3365078d4c9806c7949e773c752665a73adfc3ee5d24fd17c653009ad1f3f5a0b3184c99f72dea417702391bcc4f2d1f924298c056d18b4083e075255799b77ed11b003cb5b54f26f28716582dffbcb3fbb9891c2b27ee8a0e3ea8e0412a13e63920ef0886e97b7b22aea7d22734459fe2f09007e16160b0770b6e5235c6cd19fd76b9305615018a0b1ec748a2daedb768680ec63b5c4cc8848221e474c7f3e24f339ce640534e682209d119c29652b95b4d63e1633b31f4c31b27f67ddd456c2816bf9f60457c36c1b6f011251a30b708cb218e25523f967c90a320eaa1e7d9aa8bcfc3c46d89881a9ca821ee324ee883aa7fcfb528e588e05e9e9cdaa7ae84ef5dabba76681d9b2b16af60b0ec3770e5d44b72fdfa193ba723875ea8bc93d50fb22b2ebb576826da6c4e1f7574e4d9ef140986fdc01b0334d8a646e7ac43d12c12463d8142236432e5f03ba68beec4c578016c396ac719e108a6ff7c1d2c7aaea8085dd176f716cbb815f944153657289625f22a8ee62e596d498ed2246ae8daa093280f5e33677ccdb95682faecf22d091c31fd8a0d541adcdb78090368ccdba3afda265ca1bd4bd412b236892ca41a629cdd6bd96529ba789a8f25f7122902f9bd121b050ea3075cf9c8ab7051ec2e7647b5e7ca81ab314863868c2519b0700b924d862fcae1ad13c08cece894ee7026ed0795166e8abac03f593285a8e82a05d0354a8b9e464e363660b7b2674a109397fbb0d191dcd32b1aad1ff7742b7a208ba423058329038ff7e54c963322b1ab821af6d500a996afdf94086293ec0089ebebc7996b76f3a315d7e515c5c56363c8fbf8f5af457bc8ee55ab884b2129cc064e0540315bb758441c25e2c4675972966581ce8dbe69cb52e6ed39b6ea6f752f1d2014cf5e30928815ddff44fc2b7260eafa9a9fb647f2f211ef3a79bd0d2d46d2e64db000db30350977c5b7638565c0db0115e7affbf3b554dc4a7066c50a6a22c6e75487d8624bc2c46a97f51a93009f747cb685af75ae2e8f79894f63e8a79ecae8548ccaf89006607adc82197ed1ceaad2f74f63cef83454e0cae3220d0c2d5ae37f90938cda02ef853e03358ee634707c806262752cb33dfd1e9061d032f8402c075293c33c3fc850ae7cf79cafb1f7629cffbaa6afe2873470ddae816f46877f5d1b463fd0cdc6564b17968058a014ac214bd49240ef7e939ab4220f1e3f641591db5c2a289f42e3f831f6743e03491e7bd97e3eb6edd8b9b7d31985a052bdeaf5682bb8eac75ad212a5fe79fb2ddd3c170336d7d96fc121d0700f71b0e12d1dfed19c372d999dddfe3e350f99803cae669208822fb126a440650c8dc39151f82cb26810edf96a13a198fceafd94b1ad15aef421f01ee62e527295adbb10fda8e3335369cc31297b6bb6597f19a429d73d6f68a6719909c846b825c858f82b4c8f432475812ebe8085e445beea7807c00d3a092e1b00fa02ae41fdf2a1013a7f1f87bf5b3ed8238fe94d07a8851ac2c1d8399af64ac964e2011f888ae935e0c24349127a339cca1b23e1039b89045df50918dc869803526f3f761c66b5a32cb3f370810af2f7a2e6deab47ba0bce10f5f1650776d84896b60f735282196208cc477e68762303830cdb687f9c9f9727bd938b170a4cf32aedbe132fea64c3c649b20ba74caebe8587e634d4d86ca8d7dc637a998b8dd921e9", @ANYRES32], 0xff, 0x2e7, &(0x7f0000000280)="$eJzs3M9LG2kcx/Gvml9GNDksu+wuy37ZveyyMGj2XghFaWmgRU2pLRRGnbQh00QygyWlqD31WvpH9CDe6k1oe+jVS2899dKbhxZKqfTXlEwmGjX+oiZa836B5nGe5+vzTGYcPiNk1q48uFXIOUbOdKW7OyzdIguyLpKstkQq1W9dIhKTmi6JSKMF+bfv3cs/xiauXkhnMsOjqiPp8f9Tqjrw55Pbd5f+eub2XV4eWInKavL62tvU69WfV39d+zp+M+9o3tFiyVVTJ0uv3Mikbel03ikYqpc8z3QszRefT4j4/SXXrPbn7NLMTEXN4nR/fKZsOY6axYoWrIpKSKRcUfOGmS+qYRjaHxfsJ7o4Omqm/Wbs0MVTLVgQvtu5HSd+uZw2e0Skd8fY7GK7VgUAAE6OLfk/ptvzv68reK1u+eJ5XmO9n//fPxY5UP5fieyS/4N8X8//tlXL/45Vdg+W/92SutX8HyL/H0J2M//j1Krm/3jw9+u7d21p0G+Q/wEAAAAAAAAAAAAAAAAAAAAA+BGse17C87xE/bX+FQ0+El7/+bjXidbg+He2MQ0aqjER+/5sdjYrYodrGzeOuyWDkpDP/vkQqLVHzmeGB9WXlKf2fFA/P5vt8QvTOcmLLZYMSUKSzeuHavW6tT4s8cb6lCTkp+b1qab1Efnn74Z6QxLyYkpKYsu0f15v1s8NqZ69mNlW3+uPAwAAAADgNDB0Q9P7d8PYrb9Wn86J+PfX+/9/YNv9dUh+Cx3vvgMAAAAA0Cmcyp2CadtWuY2NmIi0fq7q3rV+d3r3HjP3X/vf3pPTSDRsqT9Euu3LCDVOGg1W0aK5fnn46MPR/cIzy79/atb1sS1v3QEuHuHWXZcAAAAAHL3N0L/7GO9NO1cEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnad1TxHqCGfZ6sgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQWb4FAAD//9yVIwU=") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.kill\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000380), 0x208e24b) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) mkdir(&(0x7f0000000280)='./file0\x00', 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000180)='./bus\x00', 0x0) creat(0x0, 0x0) mknod$loop(&(0x7f00000004c0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) mkdir(&(0x7f0000000000)='./file1\x00', 0x0) rename(&(0x7f00000000c0)='./file0\x00', &(0x7f0000000f00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 2.346110649s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r0}, 0x0, &(0x7f0000000040)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$inet(0xffffffffffffffff, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000180)='workqueue_activate_work\x00', r1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) 2.333939631s ago: executing program 2: bpf$MAP_CREATE(0x0, 0x0, 0x0) write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x8, 0xc, 0xffffffff, 0x1, 0x1}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), &(0x7f00000004c0)="d9d73529eeb5b4fa4a967d61fb364aa03adc4b443fceca0b02b0ddaf2071e1b39c35a1e8cab45dd09fd283719b5d6c39e0608df99e7f961046c172201d506507b00fca2b02cb175873816d32ee4da0b2b977e0ff8dd7c033b39746fe00000000000000000000000000008f56d31f6d6a549886ef67d28d3392f3c415dd91c56dd8e458791fe9c03f2c4cd98773ac534a922a9800f51713b9742ebba408e140cd8ecff4b721faa38c4ce2121579d803d28f297dc50588ce6e84b1e6f77e580ce226d4c67a674fcb7ba84b238a5e1ea976531b13eab900428f7068579e80f7630bf6000000000000000000", 0x5, r0}, 0x38) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400002000000085000000030000009500000000000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[@ANYRESOCT=r1], &(0x7f0000000240)='GPL\x00', 0x0, 0xfefd, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='sys_enter\x00', r2}, 0x10) process_madvise(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@bloom_filter={0x1e, 0x0, 0x2000003, 0xe0, 0x0, 0x1}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020207025000000002dba513d7b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000008f00850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4}, 0x10) bpf$MAP_LOOKUP_ELEM(0x3, &(0x7f00000001c0)={r3, 0x0, 0x0}, 0x20) fsetxattr$system_posix_acl(0xffffffffffffffff, &(0x7f0000000000)='system.posix_acl_default\x00', 0x0, 0x0, 0x1) r5 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(r5, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002302230102090500000010000020d3"]) 2.318042113s ago: executing program 2: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x8}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r0}, &(0x7f0000000400), &(0x7f00000004c0)=r1}, 0x20) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r2}, 0x10) r3 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000180)={0x20, 0x80, 0x1c}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 1.69022166s ago: executing program 0: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c3"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r0}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) mount$incfs(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='rlog_pages=00000000000000000005']) 1.677420482s ago: executing program 0: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='ramfs\x00', 0x0, 0x0) r0 = inotify_init() inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x1600050b) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000040)) r1 = creat(&(0x7f00000001c0)='./file0/bus\x00', 0x6857b21ff1155d90) writev(r1, &(0x7f00000004c0)=[{&(0x7f0000000400)="d7", 0x1}], 0x1) 1.629185529s ago: executing program 0: bpf$MAP_CREATE(0x0, 0x0, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000020000402505a1a440000000010109023b000101000000090400001202060000052406000005240000000d240f01000000000000000000090582020002060000090502"], 0x0) 135.633639ms ago: executing program 0: r0 = openat$rfkill(0xffffffffffffff9c, &(0x7f00000000c0), 0x800, 0x0) read$rfkill(r0, 0x0, 0x0) 129.33827ms ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b7030000000000f7850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000002700)=@base={0xb, 0x8, 0x10001, 0x9, 0x1, 0x1}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b70800007f0000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000200)='sched_switch\x00', r2}, 0x10) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) open$dir(&(0x7f00000002c0)='./file0\x00', 0x80001, 0x100) mkdirat(0xffffffffffffffff, 0x0, 0x0) mount$tmpfs(0x0, 0x0, &(0x7f0000000300), 0x0, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, 0x0, 0x0) close(0xffffffffffffffff) socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10) r4 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$UHID_CREATE(r4, &(0x7f0000002a00)={0x0, {'syz0\x00', 'syz0\x00', 'syz0\x00', &(0x7f00000000c0)=""/43, 0x2b}}, 0x120) readv(r4, &(0x7f0000002980)=[{&(0x7f0000000700)=""/163, 0xa3}], 0x2) write$UHID_DESTROY(r4, &(0x7f0000000080), 0xfffffd5e) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = openat$loop_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$LOOP_CTL_REMOVE(r5, 0x4c81, 0x0) 51.401202ms ago: executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) unshare(0x22020400) ioctl$KVM_CHECK_EXTENSION(r0, 0xae03, 0x18) 0s ago: executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000000000407d1e9c3100000000000109022400010000000009040000010300000009211800004922070009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000400)={0x2c, &(0x7f0000000280)={0x0, 0x0, 0x7, {0x7, 0x0, "5a7da32917"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x4, 0x5}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000006007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffd6, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='kfree\x00', r2}, 0x10) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000140), 0xfcb8) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="2001"], 0x0}) kernel console output (not intermixed with test programs): it: type=1400 audit(2000000190.102:52407): avc: denied { watch } for pid=8015 comm="syz-executor.3" path="/root/syzkaller-testdir3338741342/syzkaller.AoJnAc/32/file0" dev="loop3" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 272.452478][ T7555] EXT4-fs (loop3): unmounting filesystem. [ 272.525714][ T8025] loop0: detected capacity change from 0 to 16 [ 272.533683][ T8025] erofs: (device loop0): mounted with root inode @ nid 36. [ 272.553549][ T8027] loop3: detected capacity change from 0 to 40427 [ 272.560526][ T8027] F2FS-fs (loop3): Wrong segment_count / block_count (64 > 16384) [ 272.568238][ T8027] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 272.578423][ T8027] F2FS-fs (loop3): Found nat_bits in checkpoint [ 272.595385][ T8032] loop0: detected capacity change from 0 to 256 [ 272.606499][ T8032] FAT-fs (loop0): Directory bread(block 64) failed [ 272.611951][ T8027] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 272.613512][ T8032] FAT-fs (loop0): Directory bread(block 65) failed [ 272.621432][ T8027] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 272.627900][ T8032] FAT-fs (loop0): Directory bread(block 66) failed [ 272.641512][ T8032] FAT-fs (loop0): Directory bread(block 67) failed [ 272.647983][ T8032] FAT-fs (loop0): Directory bread(block 68) failed [ 272.655776][ T8032] FAT-fs (loop0): Directory bread(block 69) failed [ 272.662930][ T7555] syz-executor.3: attempt to access beyond end of device [ 272.662930][ T7555] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 272.673412][ T8032] FAT-fs (loop0): Directory bread(block 70) failed [ 272.683407][ T8032] FAT-fs (loop0): Directory bread(block 71) failed [ 272.690110][ T8032] FAT-fs (loop0): Directory bread(block 72) failed [ 272.696448][ T8032] FAT-fs (loop0): Directory bread(block 73) failed [ 272.751791][ T8032] syz-executor.0: attempt to access beyond end of device [ 272.751791][ T8032] loop0: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 272.758102][ T8039] device veth0_vlan left promiscuous mode [ 272.771744][ T8039] device veth0_vlan entered promiscuous mode [ 272.780625][ T8032] Buffer I/O error on dev loop0, logical block 306, lost async page write [ 272.823914][ T8050] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8050 comm=syz-executor.3 [ 272.840727][ T8050] device wireguard0 entered promiscuous mode [ 273.102196][ T8062] loop3: detected capacity change from 0 to 40427 [ 273.549308][ T8074] loop2: detected capacity change from 0 to 256 [ 273.564806][ T8074] FAT-fs (loop2): Directory bread(block 64) failed [ 273.571364][ T8074] FAT-fs (loop2): Directory bread(block 65) failed [ 273.578311][ T8074] FAT-fs (loop2): Directory bread(block 66) failed [ 273.584863][ T8074] FAT-fs (loop2): Directory bread(block 67) failed [ 273.591637][ T8074] FAT-fs (loop2): Directory bread(block 68) failed [ 273.598152][ T8074] FAT-fs (loop2): Directory bread(block 69) failed [ 273.605064][ T8074] FAT-fs (loop2): Directory bread(block 70) failed [ 273.611502][ T8074] FAT-fs (loop2): Directory bread(block 71) failed [ 273.617832][ T8074] FAT-fs (loop2): Directory bread(block 72) failed [ 273.624184][ T8074] FAT-fs (loop2): Directory bread(block 73) failed [ 273.724300][ T8074] syz-executor.2: attempt to access beyond end of device [ 273.724300][ T8074] loop2: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 273.737816][ T8074] Buffer I/O error on dev loop2, logical block 306, lost async page write [ 274.123473][ T8088] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8088 comm=syz-executor.3 [ 274.140233][ T8088] device wireguard0 entered promiscuous mode [ 274.151584][ T8094] loop0: detected capacity change from 0 to 128 [ 274.160220][ T8094] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 274.168848][ T8094] ext4 filesystem being mounted at /root/syzkaller-testdir2086821342/syzkaller.QNOsic/105/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 274.213380][ T6805] EXT4-fs (loop0): unmounting filesystem. [ 274.236922][ T28] audit: type=1400 audit(2000000191.942:52408): avc: denied { setopt } for pid=8102 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 274.273332][ T8108] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 274.390486][ T8115] loop3: detected capacity change from 0 to 40427 [ 274.645919][ T8125] loop4: detected capacity change from 0 to 128 [ 274.717921][ T8125] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 274.726478][ T8125] ext4 filesystem being mounted at /root/syzkaller-testdir1211409494/syzkaller.8ZQvtj/73/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff) [ 274.772414][ T7074] EXT4-fs (loop4): unmounting filesystem. [ 274.994766][ T8132] loop2: detected capacity change from 0 to 256 [ 275.010542][ T8132] FAT-fs (loop2): Directory bread(block 64) failed [ 275.016971][ T8132] FAT-fs (loop2): Directory bread(block 65) failed [ 275.023483][ T8132] FAT-fs (loop2): Directory bread(block 66) failed [ 275.030225][ T8132] FAT-fs (loop2): Directory bread(block 67) failed [ 275.036794][ T8132] FAT-fs (loop2): Directory bread(block 68) failed [ 275.043205][ T8132] FAT-fs (loop2): Directory bread(block 69) failed [ 275.049523][ T8132] FAT-fs (loop2): Directory bread(block 70) failed [ 275.055924][ T8132] FAT-fs (loop2): Directory bread(block 71) failed [ 275.062326][ T8132] FAT-fs (loop2): Directory bread(block 72) failed [ 275.068632][ T8132] FAT-fs (loop2): Directory bread(block 73) failed [ 275.090634][ T8132] syz-executor.2: attempt to access beyond end of device [ 275.090634][ T8132] loop2: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 275.104403][ T8132] Buffer I/O error on dev loop2, logical block 306, lost async page write [ 275.138109][ T8138] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8138 comm=syz-executor.2 [ 275.153893][ T8138] device wireguard0 entered promiscuous mode [ 275.185540][ T8143] netlink: 'syz-executor.3': attribute type 1 has an invalid length. [ 275.252792][ T8147] loop0: detected capacity change from 0 to 512 [ 275.281196][ T8147] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 275.290243][ T8147] ext4 filesystem being mounted at /root/syzkaller-testdir2086821342/syzkaller.QNOsic/114/file0 supports timestamps until 2038 (0x7fffffff) [ 275.308476][ T8147] EXT4-fs error (device loop0): ext4_readdir:260: inode #12: block 32: comm syz-executor.0: path /root/syzkaller-testdir2086821342/syzkaller.QNOsic/114/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=12, rec_len=106, size=2048 fake=1 [ 275.337190][ T6805] EXT4-fs (loop0): unmounting filesystem. [ 275.350985][ T8153] loop0: detected capacity change from 0 to 512 [ 275.358816][ T8153] EXT4-fs error (device loop0): ext4_orphan_get:1422: comm syz-executor.0: bad orphan inode 17 [ 275.370043][ T8153] ext4_test_bit(bit=16, block=4) = 1 [ 275.375365][ T8153] is_bad_inode(inode)=0 [ 275.379429][ T8153] NEXT_ORPHAN(inode)=0 [ 275.383352][ T8153] max_ino=32 [ 275.386407][ T8153] i_nlink=1 [ 275.389577][ T8153] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 275.520727][ T6805] EXT4-fs (loop0): unmounting filesystem. [ 275.653253][ T8165] loop0: detected capacity change from 0 to 256 [ 275.670791][ T8171] loop4: detected capacity change from 0 to 256 [ 275.675636][ T8165] FAT-fs (loop0): Directory bread(block 64) failed [ 275.683638][ T8165] FAT-fs (loop0): Directory bread(block 65) failed [ 275.690164][ T8165] FAT-fs (loop0): Directory bread(block 66) failed [ 275.696499][ T8165] FAT-fs (loop0): Directory bread(block 67) failed [ 275.703125][ T8165] FAT-fs (loop0): Directory bread(block 68) failed [ 275.703212][ T7512] EXT4-fs error: 154 callbacks suppressed [ 275.703225][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 275.709655][ T8165] FAT-fs (loop0): Directory bread(block 69) failed [ 275.715654][ T8171] exfat: Unknown parameter '' [ 275.724434][ T8165] FAT-fs (loop0): Directory bread(block 70) failed [ 275.730819][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 275.735097][ T8165] FAT-fs (loop0): Directory bread(block 71) failed [ 275.741661][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 275.753017][ T8165] FAT-fs (loop0): Directory bread(block 72) failed [ 275.759448][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 275.768699][ T8165] FAT-fs (loop0): Directory bread(block 73) failed [ 275.817179][ T8165] syz-executor.0: attempt to access beyond end of device [ 275.817179][ T8165] loop0: rw=1, sector=1224, nr_sectors = 4 limit=256 [ 275.830870][ T8165] Buffer I/O error on dev loop0, logical block 306, lost async page write [ 275.884378][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 275.893791][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 275.895203][ T8179] loop2: detected capacity change from 0 to 512 [ 275.905682][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 275.920796][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 275.933504][ T8179] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 275.942473][ T8179] ext4 filesystem being mounted at /root/syzkaller-testdir3086096430/syzkaller.mpwLQn/276/file0 supports timestamps until 2038 (0x7fffffff) [ 276.219464][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 276.229420][ T8179] EXT4-fs error (device loop2): ext4_readdir:260: inode #12: block 32: comm syz-executor.2: path /root/syzkaller-testdir3086096430/syzkaller.mpwLQn/276/file0/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=12, rec_len=106, size=2048 fake=1 [ 276.237404][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 276.271802][ T4641] EXT4-fs (loop2): unmounting filesystem. [ 276.304170][ T8196] loop2: detected capacity change from 0 to 256 [ 276.740320][ T8204] loop4: detected capacity change from 0 to 256 [ 276.743311][ T28] audit: type=1400 audit(2000000194.069:52409): avc: denied { execute } for pid=8205 comm="syz-executor.0" path="/root/syzkaller-testdir2086821342/syzkaller.QNOsic/119/file0/bus" dev="ramfs" ino=53771 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 276.746899][ T8204] exfat: Unknown parameter '' [ 276.825943][ T28] audit: type=1400 audit(2000000194.149:52410): avc: denied { mounton } for pid=8211 comm="syz-executor.4" path="/root/syzkaller-testdir1211409494/syzkaller.8ZQvtj/80/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 277.842616][ T8239] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=8239 comm=syz-executor.4 [ 277.858661][ T8239] device wireguard0 entered promiscuous mode [ 277.897599][ T8232] loop0: detected capacity change from 0 to 40427 [ 277.905257][ T8232] F2FS-fs (loop0): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 277.913028][ T8232] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 277.922659][ T8232] F2FS-fs (loop0): invalid crc value [ 277.924062][ T8250] loop2: detected capacity change from 0 to 256 [ 277.929440][ T8232] F2FS-fs (loop0): Found nat_bits in checkpoint [ 278.026232][ T8232] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 278.033309][ T8232] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 279.438549][ T8268] syz-executor.0: attempt to access beyond end of device [ 279.438549][ T8268] loop0: rw=2049, sector=53248, nr_sectors = 408 limit=40427 [ 279.719122][ T6805] syz-executor.0: attempt to access beyond end of device [ 279.719122][ T6805] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 279.785990][ T8279] rtc_cmos 00:00: Alarms can be up to one day in the future [ 279.793735][ T28] audit: type=1400 audit(2000000197.109:52411): avc: denied { ioctl } for pid=8270 comm="syz-executor.2" path="/dev/rtc0" dev="devtmpfs" ino=171 ioctlcmd=0x7003 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 281.093876][ T7512] EXT4-fs error: 74 callbacks suppressed [ 281.093899][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 281.161882][ T8288] loop4: detected capacity change from 0 to 512 [ 281.183725][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 281.200556][ T8288] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 17 [ 281.206983][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 281.216466][ T8288] ext4_test_bit(bit=16, block=4) = 1 [ 281.224946][ T8288] is_bad_inode(inode)=0 [ 281.228914][ T8288] NEXT_ORPHAN(inode)=0 [ 281.233086][ T8288] max_ino=32 [ 281.236104][ T8288] i_nlink=1 [ 281.239163][ T8288] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 281.262520][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 281.303869][ T7074] EXT4-fs (loop4): unmounting filesystem. [ 281.312858][ T8309] loop2: detected capacity change from 0 to 256 [ 281.350794][ T8309] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x396351b2, utbl_chksum : 0xe619d30d) [ 281.366940][ T28] audit: type=1400 audit(2000000198.689:52412): avc: denied { remove_name } for pid=8308 comm="syz-executor.2" name="file1" dev="loop2" ino=1048792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 281.409016][ T28] audit: type=1400 audit(2000000198.699:52413): avc: denied { unlink } for pid=8308 comm="syz-executor.2" name="file1" dev="loop2" ino=1048792 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 281.426244][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 281.445844][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 281.457536][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 281.459009][ T8309] exFAT-fs (loop2): error, exfat_alloc_cluster: invalid used clusters(t:15,u:4294930442) [ 281.459009][ T8309] [ 281.466783][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 281.478465][ T8309] exFAT-fs (loop2): Filesystem has been set read-only [ 281.768789][ T384] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 281.777692][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 281.792133][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 282.149344][ T384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 282.160094][ T384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 282.169826][ T384] usb 4-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 282.209735][ T384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.218609][ T384] usb 4-1: config 0 descriptor?? [ 282.301300][ T8321] loop0: detected capacity change from 0 to 40427 [ 282.308101][ T8321] F2FS-fs (loop0): Small segment_count (9 < 1 * 24) [ 282.314559][ T8321] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 282.324889][ T8321] F2FS-fs (loop0): Found nat_bits in checkpoint [ 282.372417][ T8321] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 282.379431][ T8321] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 282.393011][ T8329] rtc_cmos 00:00: Alarms can be up to one day in the future [ 282.466626][ T6805] syz-executor.0: attempt to access beyond end of device [ 282.466626][ T6805] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 282.705696][ T384] lenovo 0003:17EF:60EE.0042: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.3-1/input0 [ 282.880745][ T8335] loop2: detected capacity change from 0 to 512 [ 282.890112][ T8335] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 282.898984][ T8335] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6 [ 282.925644][ T384] usb 4-1: USB disconnect, device number 27 [ 283.150555][ T28] audit: type=1400 audit(2000000200.479:52414): avc: denied { append } for pid=8344 comm="syz-executor.4" name="event2" dev="devtmpfs" ino=181 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:event_device_t tclass=chr_file permissive=1 [ 283.279417][ T60] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 283.522732][ T8355] loop3: detected capacity change from 0 to 40427 [ 283.529739][ T8355] F2FS-fs (loop3): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 283.537307][ T8355] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 283.546402][ T8355] F2FS-fs (loop3): invalid crc value [ 283.552757][ T8355] F2FS-fs (loop3): Found nat_bits in checkpoint [ 283.576826][ T8355] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 283.583790][ T8355] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 283.645655][ T60] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 283.655663][ T60] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 283.664796][ T60] usb 1-1: too many endpoints for config 1 interface 1 altsetting 255: 255, using maximum allowed: 30 [ 283.675863][ T60] usb 1-1: config 1 interface 1 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 283.688918][ T60] usb 1-1: config 1 interface 1 has no altsetting 0 [ 283.785406][ T8365] syz-executor.3: attempt to access beyond end of device [ 283.785406][ T8365] loop3: rw=2049, sector=53248, nr_sectors = 408 limit=40427 [ 283.939360][ T3358] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 283.959322][ T60] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 283.968347][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.991119][ T60] usb 1-1: Product: syz [ 283.995213][ T60] usb 1-1: Manufacturer: syz [ 283.999580][ T60] usb 1-1: SerialNumber: syz [ 284.041267][ T8371] loop2: detected capacity change from 0 to 512 [ 284.052341][ T8371] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem [ 284.060987][ T8371] EXT4-fs (loop2): failed to open journal device unknown-block(0,0) -6 [ 284.315672][ T7555] syz-executor.3: attempt to access beyond end of device [ 284.315672][ T7555] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 284.329980][ T60] usb 1-1: 0:2 : does not exist [ 284.344169][ T60] usb 1-1: USB disconnect, device number 38 [ 284.379501][ T3358] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 284.394678][ T3358] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 284.412476][ T3358] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.428600][ T3358] usb 5-1: config 0 descriptor?? [ 284.690458][ T3358] usb 5-1: USB disconnect, device number 28 [ 285.051649][ T8386] loop0: detected capacity change from 0 to 512 [ 285.123760][ T8386] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended [ 285.157107][ T8386] EXT4-fs (loop0): orphan cleanup on readonly fs [ 285.163970][ T8386] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #17: comm syz-executor.0: iget: bad i_size value: -6917529027641081756 [ 285.177778][ T8386] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 17 (err -117) [ 285.190729][ T8386] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 285.278958][ T8379] loop3: detected capacity change from 0 to 131072 [ 285.287131][ T8379] F2FS-fs (loop3): invalid crc value [ 285.294321][ T8379] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 285.324220][ T8379] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 285.933607][ T8408] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.940654][ T8408] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.951162][ T8408] device bridge_slave_1 left promiscuous mode [ 285.957164][ T8408] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.964924][ T8408] device bridge_slave_0 left promiscuous mode [ 285.970933][ T8408] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.002537][ T8409] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.3'. [ 286.030528][ T8409] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=8409 comm=syz-executor.3 [ 286.045756][ T8409] loop3: detected capacity change from 0 to 256 [ 286.179398][ T7512] EXT4-fs error: 146 callbacks suppressed [ 286.179415][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 286.246087][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 286.250228][ T8424] netlink: 172 bytes leftover after parsing attributes in process `syz-executor.2'. [ 286.270135][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 286.281250][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 286.331278][ T8419] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.345595][ T8419] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.359128][ T8419] device bridge_slave_0 entered promiscuous mode [ 286.372287][ T8419] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.399327][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 286.407603][ T8419] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.408331][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 286.426615][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 286.435764][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 286.436933][ T8419] device bridge_slave_1 entered promiscuous mode [ 286.549334][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 286.560560][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 286.612988][ T8419] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.619875][ T8419] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.626977][ T8419] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.633871][ T8419] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.710241][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 286.718078][ T3358] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.735818][ T3358] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.758902][ T4682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 286.770218][ T4682] bridge0: port 1(bridge_slave_0) entered blocking state [ 286.777105][ T4682] bridge0: port 1(bridge_slave_0) entered forwarding state [ 286.799912][ T4682] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 286.816224][ T4682] bridge0: port 2(bridge_slave_1) entered blocking state [ 286.823118][ T4682] bridge0: port 2(bridge_slave_1) entered forwarding state [ 286.837974][ T4682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 286.845976][ T4682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 286.862165][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 286.882281][ T8419] device veth0_vlan entered promiscuous mode [ 286.894234][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 286.905346][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 286.919982][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 286.943040][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 286.959910][ T8419] device veth1_macvtap entered promiscuous mode [ 286.983299][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 286.995965][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 287.029631][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 287.046071][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 287.152825][ T8436] loop3: detected capacity change from 0 to 131072 [ 287.162242][ T8436] F2FS-fs (loop3): invalid crc value [ 287.168906][ T8436] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387) [ 287.189782][ T8451] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.200488][ T8451] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.207960][ T8451] device bridge_slave_0 left promiscuous mode [ 287.214126][ T8451] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.223828][ T8436] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 287.230345][ T8454] loop7: detected capacity change from 0 to 16384 [ 287.252852][ T8455] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 287.274567][ T8455] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=8455 comm=syz-executor.2 [ 287.321265][ T8451] loop2: detected capacity change from 0 to 256 [ 287.329305][ T60] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 287.389559][ T8454] I/O error, dev loop7, sector 5376 op 0x0:(READ) flags 0x80700 phys_seg 4 prio class 2 [ 287.408115][ T28] audit: type=1400 audit(2000000204.729:52415): avc: denied { ioctl } for pid=8453 comm="syz-executor.4" path="socket:[54960]" dev="sockfs" ino=54960 ioctlcmd=0x942d scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 287.699628][ T60] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 287.726698][ T60] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 287.733428][ T8462] loop3: detected capacity change from 0 to 512 [ 287.749347][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.758046][ T60] usb 2-1: config 0 descriptor?? [ 287.771349][ T8462] EXT4-fs error (device loop3): __ext4_iget:5046: inode #14: block 1886221359: comm syz-executor.3: invalid block [ 287.783970][ T8462] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 14 (err -117) [ 287.796189][ T8462] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 287.805360][ T8462] ext4 filesystem being mounted at /root/syzkaller-testdir3338741342/syzkaller.AoJnAc/68/bus supports timestamps until 2038 (0x7fffffff) [ 287.823071][ T6805] EXT4-fs (loop0): unmounting filesystem. [ 287.838040][ T8467] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. [ 287.849844][ T8462] loop3: detected capacity change from 512 to 96 [ 287.860683][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 287.871514][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 287.889279][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 287.904833][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 287.930718][ T8472] serio: Serial port pts0 [ 288.019946][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 288.033840][ T3358] usb 2-1: USB disconnect, device number 30 [ 288.039671][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 288.051748][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 288.060951][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 288.109305][ T60] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 288.169028][ T28] audit: type=1400 audit(2000000205.489:52416): avc: denied { create } for pid=8479 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ipx_socket permissive=1 [ 288.190509][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 288.209778][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 288.287545][ T8488] syz-executor.4[8488] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 288.287757][ T8488] syz-executor.4[8488] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 288.317108][ T8490] loop4: detected capacity change from 0 to 128 [ 288.335461][ T8490] FAT-fs (loop4): Unrecognized mount option "º£úˆ†Ÿ@Íî-" or missing value [ 288.373115][ T8490] input: syz0 as /devices/virtual/input/input68 [ 288.479313][ T60] usb 1-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 0 [ 288.491582][ T60] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 288.504375][ T60] usb 1-1: config 0 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 288.669429][ T60] usb 1-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 288.678322][ T60] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.686332][ T2210] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 288.693834][ T60] usb 1-1: Product: syz [ 288.698085][ T60] usb 1-1: Manufacturer: syz [ 288.702492][ T60] usb 1-1: SerialNumber: syz [ 288.707535][ T60] usb 1-1: config 0 descriptor?? [ 288.749648][ T60] usb-storage 1-1:0.0: USB Mass Storage device detected [ 288.757114][ T60] usb-storage 1-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 288.800081][ T60] usb-storage 1-1:0.1: USB Mass Storage device detected [ 288.807563][ T60] usb-storage 1-1:0.1: Quirks match for vid 1908 pid 1315: 20000 [ 288.889500][ T384] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 289.049433][ T2210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 289.060262][ T2210] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 289.070028][ T2210] usb 5-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 289.078961][ T2210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.087422][ T2210] usb 5-1: config 0 descriptor?? [ 289.249353][ T384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 289.260232][ T384] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 289.269755][ T384] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 289.278593][ T384] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.287106][ T384] usb 2-1: config 0 descriptor?? [ 289.467921][ T1019] usb 1-1: USB disconnect, device number 39 [ 289.525386][ T8514] cgroup: fork rejected by pids controller in /syz0 [ 289.570940][ T2210] lenovo 0003:17EF:60EE.0043: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.4-1/input0 [ 289.752484][ T8518] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.760023][ T8518] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.767412][ T8518] device bridge_slave_0 entered promiscuous mode [ 289.774941][ T2210] usb 5-1: USB disconnect, device number 29 [ 289.783240][ T8518] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.790697][ T8518] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.798087][ T8518] device bridge_slave_1 entered promiscuous mode [ 289.863890][ T8518] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.870879][ T8518] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.877949][ T8518] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.884769][ T8518] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.913808][ T39] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 289.922143][ T39] bridge0: port 1(bridge_slave_0) entered disabled state [ 289.929497][ T39] bridge0: port 2(bridge_slave_1) entered disabled state [ 289.939577][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 289.947842][ T3358] bridge0: port 1(bridge_slave_0) entered blocking state [ 289.954708][ T3358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 289.973037][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 289.981461][ T3358] bridge0: port 2(bridge_slave_1) entered blocking state [ 289.988332][ T3358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 289.996234][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 290.004381][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 290.027795][ T8518] device veth0_vlan entered promiscuous mode [ 290.034255][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 290.042992][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 290.051190][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 290.058499][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 290.073260][ T8518] device veth1_macvtap entered promiscuous mode [ 290.085952][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 290.089347][ T384] usb 2-1: string descriptor 0 read error: -71 [ 290.105070][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 290.118893][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 290.119392][ T384] uclogic 0003:256C:006D.0044: failed retrieving string descriptor #200: -71 [ 290.135772][ T384] uclogic 0003:256C:006D.0044: failed retrieving pen parameters: -71 [ 290.143822][ T384] uclogic 0003:256C:006D.0044: failed probing pen v2 parameters: -71 [ 290.152025][ T384] uclogic 0003:256C:006D.0044: failed probing parameters: -71 [ 290.159593][ T384] uclogic: probe of 0003:256C:006D.0044 failed with error -71 [ 290.167920][ T384] usb 2-1: USB disconnect, device number 31 [ 290.200308][ T665] device bridge_slave_1 left promiscuous mode [ 290.207790][ T665] bridge0: port 2(bridge_slave_1) entered disabled state [ 290.215889][ T665] device bridge_slave_0 left promiscuous mode [ 290.222143][ T665] bridge0: port 1(bridge_slave_0) entered disabled state [ 290.230545][ T665] device veth1_macvtap left promiscuous mode [ 290.236398][ T665] device veth0_vlan left promiscuous mode [ 290.399848][ T8533] syz-executor.0[8533] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 290.399924][ T8533] syz-executor.0[8533] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 290.706254][ T28] audit: type=1400 audit(2000000208.029:52417): avc: denied { lock } for pid=8536 comm="syz-executor.1" path="socket:[55960]" dev="sockfs" ino=55960 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_stream_socket permissive=1 [ 290.898690][ T8551] xt_TCPMSS: Only works on TCP SYN packets [ 291.189313][ T43] EXT4-fs error: 23689 callbacks suppressed [ 291.189334][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 291.243822][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 291.257417][ T8553] loop4: detected capacity change from 0 to 128 [ 291.271405][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 291.282957][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 291.293343][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 291.293431][ T8553] EXT4-fs error (device loop4): __ext4_fill_super:5386: inode #2: comm syz-executor.4: iget: checksum invalid [ 291.316814][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 291.333504][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 291.357290][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 291.375090][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 291.392277][ T8553] EXT4-fs (loop4): get root inode failed [ 291.399118][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 291.413339][ T8553] EXT4-fs (loop4): mount failed [ 291.749322][ T2210] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 291.769279][ T3358] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 292.109378][ T2210] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 292.119404][ T2210] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 292.128733][ T2210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.137222][ T2210] usb 5-1: config 0 descriptor?? [ 292.149493][ T3358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.160681][ T3358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 292.170284][ T3358] usb 1-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 292.179152][ T3358] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.188985][ T3358] usb 1-1: config 0 descriptor?? [ 292.390538][ T2210] usb 5-1: USB disconnect, device number 30 [ 292.670621][ T3358] lenovo 0003:17EF:60EE.0045: hidraw0: USB HID v0.00 Device [HID 17ef:60ee] on usb-dummy_hcd.0-1/input0 [ 292.873822][ T1019] usb 1-1: USB disconnect, device number 40 [ 292.931452][ T8600] device syzkaller0 entered promiscuous mode [ 292.955923][ T8462] EXT4-fs error: 166 callbacks suppressed [ 292.955945][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 292.970828][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 292.983004][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 292.992200][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 293.115957][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 293.249383][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 293.282755][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 293.291963][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 293.409351][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 293.418457][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 293.591102][ T8623] loop0: detected capacity change from 0 to 16 [ 293.598132][ T8623] erofs: (device loop0): mounted with root inode @ nid 36. [ 293.665420][ T8624] netlink: 'syz-executor.0': attribute type 12 has an invalid length. [ 293.678378][ T8624] syz-executor.0: attempt to access beyond end of device [ 293.678378][ T8624] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 293.862214][ T8628] loop4: detected capacity change from 0 to 256 [ 293.896610][ T28] audit: type=1400 audit(2000000211.219:52418): avc: denied { rename } for pid=8627 comm="syz-executor.4" name="file1" dev="loop4" ino=1048801 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 293.920590][ T8628] exFAT-fs (loop4): error, found bogus dentry(2) beyond unused empty group(0) (start_clu : 5, cur_clu : 5) [ 293.920606][ T28] audit: type=1400 audit(2000000211.249:52419): avc: denied { rmdir } for pid=8627 comm="syz-executor.4" name="bus" dev="loop4" ino=1048800 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 293.955136][ T8628] exFAT-fs (loop4): Filesystem has been set read-only [ 293.975209][ T8635] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 294.149544][ T8655] incfs: Options parsing error. -22 [ 294.154699][ T8655] incfs: mount failed -22 [ 294.197689][ T8660] loop0: detected capacity change from 0 to 256 [ 294.214821][ T8660] exFAT-fs (loop0): error, found bogus dentry(2) beyond unused empty group(0) (start_clu : 5, cur_clu : 5) [ 294.226192][ T8660] exFAT-fs (loop0): Filesystem has been set read-only [ 294.619363][ T8674] syz-executor.1[8674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 294.619477][ T8674] syz-executor.1[8674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 294.633877][ T8674] syz-executor.1[8674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 294.645680][ T8674] syz-executor.1[8674] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 295.382341][ T8689] incfs: Options parsing error. -22 [ 295.399094][ T8689] incfs: mount failed -22 [ 295.446288][ T8697] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.453340][ T8697] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.464219][ T8697] device bridge_slave_1 left promiscuous mode [ 295.470264][ T8697] bridge0: port 2(bridge_slave_1) entered disabled state [ 295.477670][ T8697] device bridge_slave_0 left promiscuous mode [ 295.483793][ T8697] bridge0: port 1(bridge_slave_0) entered disabled state [ 295.515265][ T8698] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.0'. [ 295.530469][ T8698] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=27 sclass=netlink_route_socket pid=8698 comm=syz-executor.0 [ 295.564039][ T8698] loop0: detected capacity change from 0 to 256 [ 295.718191][ T8704] syz-executor.0[8704] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 295.718263][ T8704] syz-executor.0[8704] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 295.739855][ T8704] syz-executor.0[8704] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 295.751548][ T8704] syz-executor.0[8704] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 295.943778][ T8724] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 296.047793][ T8734] syz-executor.1[8734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 296.047867][ T8734] syz-executor.1[8734] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 296.199390][ T43] EXT4-fs error: 28892 callbacks suppressed [ 296.199410][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 296.260104][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 296.276760][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 296.289338][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 296.299169][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 296.312411][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 296.322379][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 296.334700][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 296.345859][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 296.360833][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 296.429278][ T4682] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 296.689263][ T4682] usb 1-1: Using ep0 maxpacket: 8 [ 296.809310][ T4682] usb 1-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=13.13 [ 296.818361][ T4682] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.861694][ T4682] usb 1-1: config 0 descriptor?? [ 296.899820][ T4682] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 296.944034][ T8753] loop4: detected capacity change from 0 to 40427 [ 296.951687][ T8753] F2FS-fs (loop4): invalid crc value [ 296.958148][ T8753] F2FS-fs (loop4): Found nat_bits in checkpoint [ 297.012126][ T8753] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 297.048648][ T8753] rtc_cmos 00:00: Alarms can be up to one day in the future [ 297.067596][ T8752] rtc_cmos 00:00: Alarms can be up to one day in the future [ 297.102716][ T384] usb 1-1: USB disconnect, device number 41 [ 297.167248][ T4682] rtc_cmos 00:00: Alarms can be up to one day in the future [ 297.185562][ T4682] rtc_cmos 00:00: Alarms can be up to one day in the future [ 297.197754][ T4682] rtc_cmos 00:00: Alarms can be up to one day in the future [ 297.205271][ T4682] rtc_cmos 00:00: Alarms can be up to one day in the future [ 297.212450][ T4682] rtc rtc0: __rtc_set_alarm: err=-22 [ 297.369277][ T4682] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 297.609261][ T4682] usb 2-1: Using ep0 maxpacket: 16 [ 297.621065][ T8779] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 297.681577][ T8783] device syzkaller0 entered promiscuous mode [ 297.739331][ T4682] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.750089][ T4682] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 297.762929][ T4682] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 297.772181][ T4682] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.789761][ T4682] usb 2-1: config 0 descriptor?? [ 298.039774][ T8462] EXT4-fs error: 158 callbacks suppressed [ 298.039805][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 298.055189][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 298.084171][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 298.093185][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 298.209385][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 298.218406][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 298.230321][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 298.239332][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 298.290168][ T4682] HID 045e:07da: Invalid code 65791 type 1 [ 298.299553][ T4682] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0046/input/input69 [ 298.311673][ T4682] microsoft 0003:045E:07DA.0046: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 298.359302][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 298.368289][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 298.652900][ T8791] loop0: detected capacity change from 0 to 16 [ 298.659742][ T8791] erofs: (device loop0): mounted with root inode @ nid 36. [ 298.724298][ T8792] netlink: 'syz-executor.0': attribute type 12 has an invalid length. [ 298.736613][ T8792] syz-executor.0: attempt to access beyond end of device [ 298.736613][ T8792] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 299.839875][ T8802] loop0: detected capacity change from 0 to 256 [ 299.846741][ T8802] exFAT-fs (loop0): Invalid exboot-signature(sector = 1): 0xaa5500ba [ 299.855830][ T8802] exFAT-fs (loop0): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x5119b3c5) [ 299.866235][ T8802] exFAT-fs (loop0): invalid boot region [ 299.871901][ T8802] exFAT-fs (loop0): failed to recognize exfat type [ 300.082451][ T4682] usb 2-1: USB disconnect, device number 32 [ 300.110890][ T8808] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 300.199286][ T384] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 300.458128][ T8816] loop4: detected capacity change from 0 to 128 [ 300.569392][ T384] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 300.579584][ T384] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 300.588490][ T384] usb 1-1: too many endpoints for config 1 interface 1 altsetting 255: 255, using maximum allowed: 30 [ 300.599493][ T384] usb 1-1: config 1 interface 1 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 300.612952][ T384] usb 1-1: config 1 interface 1 has no altsetting 0 [ 300.630010][ T8820] loop4: detected capacity change from 0 to 16 [ 300.636829][ T8820] erofs: (device loop4): mounted with root inode @ nid 36. [ 300.701497][ T8821] netlink: 'syz-executor.4': attribute type 12 has an invalid length. [ 300.712190][ T8821] syz-executor.4: attempt to access beyond end of device [ 300.712190][ T8821] loop4: rw=0, sector=8, nr_sectors = 16 limit=16 [ 300.779464][ T384] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 300.788514][ T384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.796692][ T384] usb 1-1: Product: syz [ 300.800933][ T384] usb 1-1: Manufacturer: syz [ 300.805468][ T384] usb 1-1: SerialNumber: syz [ 301.129388][ T384] usb 1-1: 0:2 : does not exist [ 301.135977][ T384] usb 1-1: USB disconnect, device number 42 [ 301.209369][ T43] EXT4-fs error: 28965 callbacks suppressed [ 301.209391][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 301.224500][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 301.236033][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 301.245184][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 301.256781][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 301.265813][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 301.277309][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 301.286336][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 301.297746][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 301.306563][ T39] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 301.306726][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 301.549336][ T39] usb 2-1: Using ep0 maxpacket: 16 [ 301.909373][ T39] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.920779][ T39] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 301.933759][ T39] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 301.942858][ T39] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.951389][ T39] usb 2-1: config 0 descriptor?? [ 302.430259][ T39] HID 045e:07da: Invalid code 65791 type 1 [ 302.439090][ T39] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0047/input/input70 [ 302.451687][ T39] microsoft 0003:045E:07DA.0047: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 302.505562][ T8850] loop0: detected capacity change from 0 to 256 [ 302.512832][ T8850] exFAT-fs (loop0): Invalid exboot-signature(sector = 1): 0xaa5500ba [ 302.521892][ T8850] exFAT-fs (loop0): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0x5119b3c5) [ 302.532073][ T8850] exFAT-fs (loop0): invalid boot region [ 302.537440][ T8850] exFAT-fs (loop0): failed to recognize exfat type [ 302.593022][ T8852] loop0: detected capacity change from 0 to 16 [ 302.599865][ T8852] erofs: (device loop0): mounted with root inode @ nid 36. [ 302.665067][ T8853] netlink: 'syz-executor.0': attribute type 12 has an invalid length. [ 302.711424][ T8853] syz-executor.0: attempt to access beyond end of device [ 302.711424][ T8853] loop0: rw=0, sector=8, nr_sectors = 16 limit=16 [ 302.851139][ T8855] bpf_get_probe_write_proto: 6 callbacks suppressed [ 302.851159][ T8855] syz-executor.0[8855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 302.857646][ T8855] syz-executor.0[8855] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 302.870967][ T8855] loop0: detected capacity change from 0 to 16 [ 302.889962][ T8855] erofs: (device loop0): mounted with root inode @ nid 36. [ 302.897789][ T8855] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=46 [ 302.906830][ T8855] SELinux: inode_doinit_use_xattr: getxattr returned 117 for dev=loop0 ino=46 [ 302.915967][ T8855] incfs_lookup_dentry err:-117 [ 302.920580][ T8855] incfs: Can't find or create .index dir in ./file0 [ 302.927019][ T8855] incfs: mount failed -117 [ 303.069681][ T8462] EXT4-fs error: 162 callbacks suppressed [ 303.069710][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 303.084891][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 303.097136][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 303.107057][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 303.229730][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 303.249350][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 303.261092][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 303.270182][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 303.389346][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 303.399632][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 303.830593][ T8863] tipc: Failed to remove unknown binding: 66,1,1/0:2662428641/2662428643 [ 303.839562][ T8863] tipc: Failed to remove unknown binding: 66,1,1/0:2662428641/2662428643 [ 303.847930][ T8863] tipc: Failed to remove unknown binding: 66,1,1/0:2662428641/2662428643 [ 304.043883][ T1019] usb 2-1: USB disconnect, device number 33 [ 304.099894][ T28] audit: type=1400 audit(2000000221.429:52420): avc: denied { getopt } for pid=8878 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 304.181697][ T8882] binder: 8880:8882 ioctl c0306201 20000380 returned -14 [ 304.213108][ T8889] device syzkaller0 entered promiscuous mode [ 304.293350][ T8891] loop0: detected capacity change from 0 to 1024 [ 304.494797][ T8891] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 304.509403][ T8891] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 304.524463][ T8891] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 32768 with max blocks 64 with error 28 [ 304.537238][ T8891] EXT4-fs (loop0): This should not happen!! Data will be lost [ 304.537238][ T8891] [ 304.546910][ T8891] EXT4-fs (loop0): Total free blocks count 0 [ 304.552927][ T8891] EXT4-fs (loop0): Free/Dirty block details [ 304.558924][ T8891] EXT4-fs (loop0): free_blocks=68451041280 [ 304.564957][ T8891] EXT4-fs (loop0): dirty_blocks=64 [ 304.570289][ T8891] EXT4-fs (loop0): Block reservation details [ 304.576095][ T8891] EXT4-fs (loop0): i_reserved_data_blocks=4 [ 304.588975][ T8518] EXT4-fs (loop0): unmounting filesystem. [ 304.603066][ T8898] SELinux: unrecognized netlink message: protocol=4 nlmsg_type=16 sclass=netlink_tcpdiag_socket pid=8898 comm=syz-executor.0 [ 304.647973][ T8902] loop4: detected capacity change from 0 to 2048 [ 304.661775][ T8902] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 304.685559][ T7074] EXT4-fs (loop4): unmounting filesystem. [ 304.938204][ T384] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 305.359301][ T384] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 305.371472][ T384] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 305.380453][ T384] usb 1-1: too many endpoints for config 1 interface 1 altsetting 255: 255, using maximum allowed: 30 [ 305.400512][ T384] usb 1-1: config 1 interface 1 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 305.422906][ T384] usb 1-1: config 1 interface 1 has no altsetting 0 [ 305.589396][ T384] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 305.598597][ T384] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.606709][ T384] usb 1-1: Product: syz [ 305.611048][ T384] usb 1-1: Manufacturer: syz [ 305.615529][ T384] usb 1-1: SerialNumber: syz [ 305.939757][ T384] usb 1-1: 0:2 : does not exist [ 305.946393][ T384] usb 1-1: USB disconnect, device number 43 [ 306.219350][ T43] EXT4-fs error: 29489 callbacks suppressed [ 306.219371][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 306.236357][ T60] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 306.236574][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 306.252713][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 306.264320][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 306.273645][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 306.285184][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 306.294126][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 306.305841][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 306.314778][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 306.326662][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 306.489289][ T60] usb 2-1: Using ep0 maxpacket: 8 [ 306.609856][ T60] usb 2-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=13.13 [ 306.643144][ T60] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.730016][ T60] usb 2-1: config 0 descriptor?? [ 306.769783][ T60] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 306.973191][ T384] usb 2-1: USB disconnect, device number 34 [ 307.396552][ T8952] loop0: detected capacity change from 0 to 40427 [ 307.405843][ T8952] F2FS-fs (loop0): Found nat_bits in checkpoint [ 307.443456][ T8952] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 307.462538][ T8518] syz-executor.0: attempt to access beyond end of device [ 307.462538][ T8518] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 308.059280][ T1019] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 308.159365][ T8462] EXT4-fs error: 158 callbacks suppressed [ 308.159388][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 308.173948][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 308.185644][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 308.194648][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 308.309335][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 308.318487][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 308.330271][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 308.339333][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 308.459396][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 308.468418][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 308.489484][ T1019] usb 1-1: config 0 has an invalid interface number: 169 but max is 1 [ 308.497496][ T1019] usb 1-1: config 0 has no interface number 1 [ 308.669303][ T1019] usb 1-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice=e9.34 [ 308.678183][ T1019] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.686061][ T1019] usb 1-1: Product: syz [ 308.690004][ T1019] usb 1-1: Manufacturer: syz [ 308.694408][ T1019] usb 1-1: SerialNumber: syz [ 308.709502][ T1019] usb 1-1: config 0 descriptor?? [ 308.843295][ T8986] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 308.852831][ T8986] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'. [ 308.901484][ T8994] loop4: detected capacity change from 0 to 2048 [ 308.942180][ T8994] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 308.953777][ T1019] usb 1-1: USB disconnect, device number 44 [ 308.984895][ T7074] EXT4-fs (loop4): unmounting filesystem. [ 309.177716][ T28] audit: type=1400 audit(2000000226.499:52421): avc: denied { getopt } for pid=9002 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 309.223068][ T28] audit: type=1400 audit(2000000226.549:52422): avc: denied { map } for pid=9004 comm="syz-executor.1" path="/root/syzkaller-testdir4257713923/syzkaller.mKj68j/86/bus" dev="devtmpfs" ino=115 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.299299][ T384] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 310.389924][ T9067] loop4: detected capacity change from 0 to 2048 [ 310.400881][ T9067] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 310.413181][ T28] audit: type=1400 audit(2000000227.739:52423): avc: denied { execute } for pid=9066 comm="syz-executor.4" path="/root/syzkaller-testdir1211409494/syzkaller.8ZQvtj/171/file0/bus" dev="devtmpfs" ino=118 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 310.461203][ T9067] EXT4-fs error (device loop4): ext4_xattr_ibody_get:603: inode #19: comm syz-executor.4: corrupted in-inode xattr [ 310.473900][ T9067] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #19: comm syz-executor.4: corrupted in-inode xattr [ 310.491294][ T7074] EXT4-fs error (device loop4): ext4_lookup:1859: inode #2: comm syz-executor.4: deleted inode referenced: 11 [ 310.504810][ T7074] EXT4-fs error (device loop4): ext4_lookup:1859: inode #2: comm syz-executor.4: deleted inode referenced: 11 [ 310.561423][ T7074] EXT4-fs (loop4): unmounting filesystem. [ 310.679321][ T384] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 310.702398][ T384] usb 1-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 310.734594][ T384] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 310.743424][ T384] usb 1-1: config 0 descriptor?? [ 310.749080][ T9072] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.756124][ T9072] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.763470][ T9072] device bridge_slave_0 entered promiscuous mode [ 310.771416][ T9072] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.778486][ T9072] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.786999][ T9072] device bridge_slave_1 entered promiscuous mode [ 310.854647][ T9072] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.861542][ T9072] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.868610][ T9072] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.875510][ T9072] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.903365][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 310.912415][ T384] bridge0: port 1(bridge_slave_0) entered disabled state [ 310.920019][ T384] bridge0: port 2(bridge_slave_1) entered disabled state [ 310.936117][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 310.944368][ T384] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.951245][ T384] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.958460][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 310.967089][ T384] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.973968][ T384] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.986081][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 310.988768][ T384] usb 1-1: USB disconnect, device number 45 [ 310.994249][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 311.016475][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 311.030090][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 311.038082][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 311.046668][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 311.054645][ T9072] device veth0_vlan entered promiscuous mode [ 311.069575][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 311.079108][ T9072] device veth1_macvtap entered promiscuous mode [ 311.090523][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 311.105527][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 311.150129][ T2074] device bridge_slave_1 left promiscuous mode [ 311.156168][ T2074] bridge0: port 2(bridge_slave_1) entered disabled state [ 311.163575][ T2074] device bridge_slave_0 left promiscuous mode [ 311.169624][ T2074] bridge0: port 1(bridge_slave_0) entered disabled state [ 311.185829][ T2074] device veth0_vlan left promiscuous mode [ 311.229294][ T43] EXT4-fs error: 32482 callbacks suppressed [ 311.229314][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 311.247123][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 311.256443][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 311.268082][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 311.277146][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 311.288854][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 311.297962][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 311.309723][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 311.318684][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 311.330133][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 311.344055][ T9087] binder: 9084:9087 ioctl c018620c 20000280 returned -1 [ 311.790656][ T9104] loop0: detected capacity change from 0 to 2048 [ 311.853695][ T9104] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 311.878032][ T9104] EXT4-fs error (device loop0): ext4_xattr_ibody_get:603: inode #19: comm syz-executor.0: corrupted in-inode xattr [ 311.890318][ T9104] EXT4-fs error (device loop0): ext4_xattr_ibody_find:2213: inode #19: comm syz-executor.0: corrupted in-inode xattr [ 311.908779][ T8518] EXT4-fs error (device loop0): ext4_lookup:1859: inode #2: comm syz-executor.0: deleted inode referenced: 11 [ 311.920696][ T8518] EXT4-fs error (device loop0): ext4_lookup:1859: inode #2: comm syz-executor.0: deleted inode referenced: 11 [ 311.961673][ T8518] EXT4-fs (loop0): unmounting filesystem. [ 312.127695][ T9110] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.134823][ T9110] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.142649][ T9110] device bridge_slave_0 entered promiscuous mode [ 312.152389][ T9110] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.159408][ T9110] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.166751][ T9110] device bridge_slave_1 entered promiscuous mode [ 312.238306][ T9110] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.245208][ T9110] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.252293][ T9110] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.259055][ T9110] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.288497][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 312.296814][ T3358] bridge0: port 1(bridge_slave_0) entered disabled state [ 312.304374][ T3358] bridge0: port 2(bridge_slave_1) entered disabled state [ 312.371404][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 312.380357][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 312.387255][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 312.396267][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 312.404533][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 312.411424][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 312.433211][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 312.441300][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 312.459559][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 312.467927][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 312.505667][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 312.516822][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 312.529538][ T9110] device veth0_vlan entered promiscuous mode [ 312.554814][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 312.564662][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 312.587101][ T9110] device veth1_macvtap entered promiscuous mode [ 312.610292][ T9121] loop0: detected capacity change from 0 to 16384 [ 312.620634][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 312.628197][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 312.641107][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 312.649528][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 312.657672][ T384] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 312.720277][ T9105] device veth1_macvtap left promiscuous mode [ 312.726173][ T9105] device veth0_vlan left promiscuous mode [ 312.869266][ T1019] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 312.940014][ T9125] loop0: detected capacity change from 16384 to 16320 [ 313.139376][ T9127] loop0: detected capacity change from 0 to 40427 [ 313.149481][ T9127] F2FS-fs (loop0): Found nat_bits in checkpoint [ 313.186922][ T9127] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 313.212737][ T9127] syz-executor.0: attempt to access beyond end of device [ 313.212737][ T9127] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 313.227382][ T8462] EXT4-fs error: 306 callbacks suppressed [ 313.227402][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 313.242236][ T9127] syz-executor.0: attempt to access beyond end of device [ 313.242236][ T9127] loop0: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 313.256408][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 313.259317][ T1019] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 313.268950][ T9127] syz-executor.0: attempt to access beyond end of device [ 313.268950][ T9127] loop0: rw=2049, sector=45112, nr_sectors = 8 limit=40427 [ 313.292101][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 313.300977][ T1019] usb 5-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 313.310072][ T1019] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 313.318086][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 313.318611][ T1019] usb 5-1: config 0 descriptor?? [ 313.343357][ T9110] syz-executor.0: attempt to access beyond end of device [ 313.343357][ T9110] loop0: rw=2049, sector=45120, nr_sectors = 8 limit=40427 [ 313.439318][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 313.459819][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 313.490245][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 313.504358][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 313.568555][ T28] audit: type=1400 audit(2000000230.889:52424): avc: denied { accept } for pid=9147 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 313.603982][ T2210] usb 5-1: USB disconnect, device number 31 [ 313.629361][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 313.638567][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 313.713245][ T9156] loop0: detected capacity change from 0 to 512 [ 313.731637][ T9156] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 313.740459][ T9156] ext4 filesystem being mounted at /root/syzkaller-testdir639068764/syzkaller.LfoWvj/10/bus supports timestamps until 2038 (0x7fffffff) [ 313.764353][ T9110] EXT4-fs (loop0): unmounting filesystem. [ 314.124233][ T28] audit: type=1400 audit(2000000231.449:52425): avc: denied { nlmsg_write } for pid=9189 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_tcpdiag_socket permissive=1 [ 314.198866][ T9192] overlayfs: statfs failed on './file0' [ 315.131715][ T9223] loop4: detected capacity change from 0 to 128 [ 315.140969][ T9223] FAT-fs (loop4): error, fat_bmap_cluster: request beyond EOF (i_pos 196) [ 315.149685][ T9223] FAT-fs (loop4): Filesystem has been set read-only [ 315.169276][ T4682] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 315.409264][ T4682] usb 1-1: Using ep0 maxpacket: 8 [ 315.569352][ T4682] usb 1-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice=13.13 [ 315.578632][ T4682] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 315.587771][ T4682] usb 1-1: config 0 descriptor?? [ 315.629633][ T4682] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 315.833786][ T2210] usb 1-1: USB disconnect, device number 46 [ 316.239394][ T43] EXT4-fs error: 33673 callbacks suppressed [ 316.239413][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 316.254197][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 316.265690][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 316.275345][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 316.286901][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 316.296065][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 316.307541][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 316.317245][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 316.328979][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 316.340763][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 316.416450][ T9251] KVM: debugfs: duplicate directory 9251-6 [ 316.771334][ T9285] KVM: debugfs: duplicate directory 9285-6 [ 316.869267][ T3358] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 317.129279][ T4682] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 317.249309][ T3358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.260373][ T3358] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 317.270249][ T3358] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 317.289264][ T3358] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.307837][ T3358] usb 1-1: config 0 descriptor?? [ 317.379373][ T4682] usb 5-1: Using ep0 maxpacket: 16 [ 317.437936][ T9291] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.449289][ T9291] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.456731][ T9291] device bridge_slave_0 entered promiscuous mode [ 317.464048][ T9291] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.471193][ T9291] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.478932][ T9291] device bridge_slave_1 entered promiscuous mode [ 317.519382][ T4682] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.544803][ T4682] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 317.558241][ T4682] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 317.567334][ T4682] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.576418][ T4682] usb 5-1: config 0 descriptor?? [ 317.620892][ T9291] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.627785][ T9291] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.634898][ T9291] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.641765][ T9291] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.670477][ T9296] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.677350][ T9296] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.684976][ T9296] device bridge_slave_0 entered promiscuous mode [ 317.692399][ T9296] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.699505][ T9296] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.706836][ T9296] device bridge_slave_1 entered promiscuous mode [ 317.733190][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.740986][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 317.748173][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 317.778122][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 317.786894][ T1019] bridge0: port 1(bridge_slave_0) entered blocking state [ 317.793770][ T1019] bridge0: port 1(bridge_slave_0) entered forwarding state [ 317.801022][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 317.809050][ T1019] bridge0: port 2(bridge_slave_1) entered blocking state [ 317.815926][ T1019] bridge0: port 2(bridge_slave_1) entered forwarding state [ 317.843124][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 317.851047][ T385] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 317.877751][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 317.899659][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 317.907546][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 317.916156][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 317.924374][ T9291] device veth0_vlan entered promiscuous mode [ 317.947511][ T9291] device veth1_macvtap entered promiscuous mode [ 317.957863][ T2210] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 317.981961][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 317.989956][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 317.998050][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 318.004938][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 318.012368][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 318.021278][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 318.028154][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 318.053047][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 318.065026][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 318.070921][ T4682] HID 045e:07da: Invalid code 65791 type 1 [ 318.083003][ T4682] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0049/input/input71 [ 318.095808][ T4682] microsoft 0003:045E:07DA.0049: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 318.100056][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 318.123174][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 318.138581][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 318.163711][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 318.183443][ T9296] device veth0_vlan entered promiscuous mode [ 318.192186][ T9307] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 318.201674][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 318.209722][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 318.217072][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 318.237761][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 318.250141][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 318.259880][ T9296] device veth1_macvtap entered promiscuous mode [ 318.278156][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 318.294682][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 318.304456][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 318.319375][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 318.319642][ T8462] EXT4-fs error: 174 callbacks suppressed [ 318.319658][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 318.327630][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 318.350064][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 318.361910][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 318.371141][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 318.385038][ T9314] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'. [ 318.396420][ T28] audit: type=1400 audit(2000000235.729:52426): avc: denied { setattr } for pid=9312 comm="syz-executor.3" name=".pending_reads" dev="incremental-fs" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 318.431185][ T3358] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0048/input/input72 [ 318.444420][ T3358] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0048/input/input73 [ 318.457160][ T3358] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0048/input/input74 [ 318.471144][ T3358] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.0048/input/input75 [ 318.484422][ T3358] uclogic 0003:256C:006D.0048: input,hiddev96,hidraw1: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 318.497041][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 318.506176][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 318.518036][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 318.527197][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 318.637429][ T39] usb 1-1: USB disconnect, device number 47 [ 318.643442][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 318.655491][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 318.689369][ T384] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 319.049362][ T384] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 319.059422][ T384] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 319.068420][ T384] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.078189][ T384] usb 3-1: config 0 descriptor?? [ 319.139020][ T9318] syz-executor.3[9318] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 319.139093][ T9318] syz-executor.3[9318] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 319.168564][ T28] audit: type=1400 audit(2000000236.489:52427): avc: denied { create } for pid=9319 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=dccp_socket permissive=1 [ 319.322169][ T2210] usb 3-1: USB disconnect, device number 32 [ 319.409165][ T9336] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 319.863976][ T3358] usb 5-1: USB disconnect, device number 32 [ 320.351177][ T9363] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'. [ 320.405816][ T9367] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 320.432459][ T9360] syz-executor.2[9360] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.432532][ T9360] syz-executor.2[9360] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 320.848892][ T9397] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 321.259337][ T43] EXT4-fs error: 31154 callbacks suppressed [ 321.259385][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 321.399546][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 321.411128][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 321.420125][ T9421] loop0: detected capacity change from 0 to 2048 [ 321.420205][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 321.437860][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 321.446919][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 321.458838][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 321.468022][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 321.480179][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 321.489491][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 321.597424][ T28] audit: type=1400 audit(2000000238.919:52428): avc: denied { map } for pid=9425 comm="syz-executor.2" path="socket:[60570]" dev="sockfs" ino=60570 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 321.608370][ T9428] loop2: detected capacity change from 0 to 512 [ 321.629922][ T9421] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 321.640027][ T9428] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 321.648928][ T9428] ext4 filesystem being mounted at /root/syzkaller-testdir3822665001/syzkaller.Xsa6PJ/4/bus supports timestamps until 2038 (0x7fffffff) [ 321.663826][ T9110] EXT4-fs (loop0): unmounting filesystem. [ 321.672106][ T9296] EXT4-fs (loop2): unmounting filesystem. [ 321.699891][ T9437] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 321.718713][ T28] audit: type=1400 audit(2000000239.039:52429): avc: denied { write } for pid=9440 comm="syz-executor.2" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 321.977860][ T9451] TCP: TCP_TX_DELAY enabled [ 322.050705][ T9454] loop2: detected capacity change from 0 to 16 [ 322.061781][ T9454] erofs: (device loop2): mounted with root inode @ nid 36. [ 322.679997][ T9461] loop0: detected capacity change from 0 to 2048 [ 322.698056][ T9461] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 322.728612][ T9110] EXT4-fs (loop0): unmounting filesystem. [ 322.764123][ T9465] loop0: detected capacity change from 0 to 512 [ 322.810443][ T9465] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 322.819649][ T9465] ext4 filesystem being mounted at /root/syzkaller-testdir639068764/syzkaller.LfoWvj/55/bus supports timestamps until 2038 (0x7fffffff) [ 322.855524][ T9110] EXT4-fs (loop0): unmounting filesystem. [ 323.155637][ T9478] syz-executor.2[9478] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.155727][ T9478] syz-executor.2[9478] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 323.181278][ T28] audit: type=1400 audit(2000000240.509:52430): avc: denied { nlmsg_write } for pid=9477 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_audit_socket permissive=1 [ 323.244656][ T9480] loop2: detected capacity change from 0 to 128 [ 323.338229][ T8462] EXT4-fs error: 166 callbacks suppressed [ 323.338249][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 323.356544][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 323.368423][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 323.381526][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 323.549975][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 323.570939][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 323.642033][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 323.655047][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 323.779304][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 323.788498][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 324.032070][ T384] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 324.068893][ T28] audit: type=1400 audit(2000000241.389:52431): avc: denied { append } for pid=9491 comm="syz-executor.3" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 324.266024][ T9507] syz-executor.3[9507] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 324.266125][ T9507] syz-executor.3[9507] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 324.449399][ T384] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 324.514429][ T384] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 324.540611][ T384] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 324.558243][ T384] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 324.590167][ T384] usb 1-1: config 0 descriptor?? [ 324.979768][ T9503] loop2: detected capacity change from 0 to 131072 [ 325.003488][ T9503] F2FS-fs (loop2): invalid crc value [ 325.026733][ T9503] F2FS-fs (loop2): Found nat_bits in checkpoint [ 325.070541][ T9503] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 325.429518][ T9550] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 325.451579][ T9550] loop2: detected capacity change from 0 to 512 [ 325.461114][ T9550] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 325.470168][ T9550] ext4 filesystem being mounted at /root/syzkaller-testdir3822665001/syzkaller.Xsa6PJ/24/file0 supports timestamps until 2038 (0x7fffffff) [ 325.731041][ T384] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004A/input/input76 [ 325.744796][ T384] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004A/input/input77 [ 325.757446][ T384] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004A/input/input78 [ 325.770900][ T384] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:256C:006D.004A/input/input79 [ 325.784885][ T384] uclogic 0003:256C:006D.004A: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.0-1/input0 [ 325.939266][ T384] usb 1-1: USB disconnect, device number 48 [ 325.959470][ T9555] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 325.967908][ T9555] usb usb7: usbfs: process 9555 (syz-executor.3) did not claim interface 0 before use [ 326.219871][ T9296] EXT4-fs (loop2): unmounting filesystem. [ 326.269764][ T43] EXT4-fs error: 31567 callbacks suppressed [ 326.269810][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 326.279401][ T9574] loop2: detected capacity change from 0 to 512 [ 326.294730][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 326.305081][ T9574] EXT4-fs (loop2): 1 truncate cleaned up [ 326.310621][ T9574] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 326.319558][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 326.335162][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 326.337291][ T28] audit: type=1326 audit(2000000243.659:52432): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9576 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f915647cea9 code=0x0 [ 326.344254][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 326.368195][ T9574] EXT4-fs error (device loop2): __ext4_expand_extra_isize:5890: inode #18: comm syz-executor.2: bad extra_isize 10 (inode size 256) [ 326.380256][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 326.401385][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 326.413272][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 326.423552][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 326.424113][ T9296] EXT4-fs (loop2): unmounting filesystem. [ 326.435859][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 326.466566][ T9580] loop2: detected capacity change from 0 to 2048 [ 326.484527][ T9583] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 326.492843][ T9580] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 326.493033][ T9583] usb usb7: usbfs: process 9583 (syz-executor.0) did not claim interface 0 before use [ 326.523343][ T9580] loop0: detected capacity change from 0 to 16384 [ 326.929303][ T9588] loop0: detected capacity change from 16384 to 16320 [ 327.031647][ T9296] EXT4-fs (loop2): unmounting filesystem. [ 327.398620][ T9602] loop0: detected capacity change from 0 to 40427 [ 327.423530][ T9602] F2FS-fs (loop0): invalid crc value [ 327.450974][ T9610] loop2: detected capacity change from 0 to 256 [ 327.487053][ T9602] F2FS-fs (loop0): Found nat_bits in checkpoint [ 327.684739][ T9602] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 329.011293][ T8462] EXT4-fs error: 270 callbacks suppressed [ 329.011314][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 329.032318][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 329.056448][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 329.112689][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 329.113239][ T9110] syz-executor.0: attempt to access beyond end of device [ 329.113239][ T9110] loop0: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 329.168583][ T9110] syz-executor.0: attempt to access beyond end of device [ 329.168583][ T9110] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 329.215640][ T665] kworker/u4:4: attempt to access beyond end of device [ 329.215640][ T665] loop0: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 329.237403][ T9620] loop2: detected capacity change from 0 to 2048 [ 329.249329][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 329.287617][ T9620] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 329.312753][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 329.324599][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 329.335111][ T9296] EXT4-fs (loop2): unmounting filesystem. [ 329.342591][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 329.400300][ T9635] loop2: detected capacity change from 0 to 256 [ 329.423009][ T9637] serio: Serial port ptm0 [ 329.469616][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 329.490781][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 329.530424][ T9640] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 329.654581][ T9643] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.661693][ T9643] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.669057][ T9643] device bridge_slave_0 entered promiscuous mode [ 329.676108][ T9643] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.683097][ T9643] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.690509][ T9643] device bridge_slave_1 entered promiscuous mode [ 329.784552][ T9643] bridge0: port 2(bridge_slave_1) entered blocking state [ 329.791554][ T9643] bridge0: port 2(bridge_slave_1) entered forwarding state [ 329.798697][ T9643] bridge0: port 1(bridge_slave_0) entered blocking state [ 329.805596][ T9643] bridge0: port 1(bridge_slave_0) entered forwarding state [ 329.819875][ T2074] device bridge_slave_1 left promiscuous mode [ 329.825916][ T2074] bridge0: port 2(bridge_slave_1) entered disabled state [ 329.833456][ T2074] device bridge_slave_0 left promiscuous mode [ 329.839867][ T2074] bridge0: port 1(bridge_slave_0) entered disabled state [ 329.848251][ T2074] device veth1_macvtap left promiscuous mode [ 329.854276][ T2074] device veth0_vlan left promiscuous mode [ 329.984586][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 329.992938][ T1019] bridge0: port 1(bridge_slave_0) entered disabled state [ 330.000159][ T1019] bridge0: port 2(bridge_slave_1) entered disabled state [ 330.019365][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 330.027538][ T3358] bridge0: port 1(bridge_slave_0) entered blocking state [ 330.034411][ T3358] bridge0: port 1(bridge_slave_0) entered forwarding state [ 330.042269][ T3358] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 330.050568][ T3358] bridge0: port 2(bridge_slave_1) entered blocking state [ 330.057421][ T3358] bridge0: port 2(bridge_slave_1) entered forwarding state [ 330.072565][ T4682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 330.080671][ T4682] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 330.100529][ T9643] device veth0_vlan entered promiscuous mode [ 330.107254][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 330.116281][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 330.124214][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 330.132224][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 330.146312][ T9643] device veth1_macvtap entered promiscuous mode [ 330.154668][ T4682] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 330.170381][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 330.179089][ T1019] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 330.211028][ T9661] loop0: detected capacity change from 0 to 128 [ 330.719279][ T28] audit: type=1326 audit(2000000248.039:52433): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.781571][ T28] audit: type=1326 audit(2000000248.039:52434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.817370][ T28] audit: type=1326 audit(2000000248.039:52435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.843279][ T28] audit: type=1326 audit(2000000248.039:52436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.868831][ T28] audit: type=1326 audit(2000000248.039:52437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.896732][ T28] audit: type=1326 audit(2000000248.039:52438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.921331][ T28] audit: type=1326 audit(2000000248.039:52439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.946558][ T28] audit: type=1326 audit(2000000248.039:52440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.970758][ T28] audit: type=1326 audit(2000000248.039:52441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 330.995379][ T28] audit: type=1326 audit(2000000248.039:52442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=9657 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3d3407cea9 code=0x7fc00000 [ 331.292464][ T43] EXT4-fs error: 18831 callbacks suppressed [ 331.292485][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 331.344990][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 331.390751][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 331.409596][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 331.426476][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 331.442322][ T9714] syz-executor.0[9714] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 331.442394][ T9714] syz-executor.0[9714] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 331.449430][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 331.499360][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 331.518474][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 331.543343][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 331.559374][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 331.721506][ T9706] loop2: detected capacity change from 0 to 40427 [ 331.728655][ T9706] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 331.767415][ T9706] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 331.816214][ T9706] F2FS-fs (loop2): Found nat_bits in checkpoint [ 331.955184][ T9706] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 331.970786][ T9706] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 332.253540][ T9740] loop2: detected capacity change from 0 to 128 [ 333.179313][ T384] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 333.190765][ T9773] loop0: detected capacity change from 0 to 16 [ 333.199916][ T9773] erofs: (device loop0): mounted with root inode @ nid 36. [ 333.539531][ T384] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.569279][ T384] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.579163][ T384] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 333.592941][ T384] usb 3-1: New USB device found, idVendor=11c2, idProduct=2208, bcdDevice= 0.00 [ 333.602011][ T384] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.620593][ T384] usb 3-1: config 0 descriptor?? [ 334.019336][ T8462] EXT4-fs error: 214 callbacks suppressed [ 334.019356][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 334.060438][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 334.100440][ T384] betop 0003:11C2:2208.004B: item fetching failed at offset 4/5 [ 334.108325][ T384] betop 0003:11C2:2208.004B: parse failed [ 334.119667][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 334.129282][ T384] betop: probe of 0003:11C2:2208.004B failed with error -22 [ 334.138639][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 334.222379][ T9786] loop0: detected capacity change from 0 to 128 [ 334.286285][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 334.295362][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 334.309004][ T384] usb 3-1: USB disconnect, device number 33 [ 334.316255][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 334.325649][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 334.444683][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 334.502387][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 334.573195][ T9799] syz-executor.0[9799] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 334.573267][ T9799] syz-executor.0[9799] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 334.588287][ T9799] loop0: detected capacity change from 0 to 512 [ 334.616810][ T9799] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 334.630199][ T9799] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 334.649408][ T9799] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 334.679716][ T9799] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 334.687538][ T9799] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 334.714250][ T9799] EXT4-fs (loop0): orphan cleanup on readonly fs [ 334.721180][ T9799] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 34: padding at end of block bitmap is not set [ 334.736291][ T9799] EXT4-fs (loop0): 1 truncate cleaned up [ 334.759508][ T9799] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 334.813908][ T9799] syz-executor.0 (9799) used greatest stack depth: 19368 bytes left [ 334.855023][ T9643] EXT4-fs (loop0): unmounting filesystem. [ 335.067484][ T9814] loop2: detected capacity change from 0 to 16 [ 335.077867][ T9814] erofs: (device loop2): mounted with root inode @ nid 36. [ 336.038172][ T9824] loop2: detected capacity change from 0 to 128 [ 336.299293][ T43] EXT4-fs error: 27579 callbacks suppressed [ 336.299312][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 336.318591][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 336.327631][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 336.349605][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 336.366855][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 336.382043][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 336.397724][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 336.413124][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 336.427556][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 336.439353][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 336.539926][ T9840] syz-executor.0[9840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 336.540002][ T9840] syz-executor.0[9840] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 336.562216][ T9840] loop0: detected capacity change from 0 to 512 [ 336.581532][ T9840] EXT4-fs (loop0): ext4_check_descriptors: Block bitmap for group 1 overlaps superblock [ 336.591277][ T9840] EXT4-fs (loop0): ext4_check_descriptors: Inode bitmap for group 1 overlaps superblock [ 336.601087][ T9840] EXT4-fs (loop0): ext4_check_descriptors: Inode table for group 1 overlaps superblock [ 336.611534][ T9840] EXT4-fs (loop0): revision level too high, forcing read-only mode [ 336.641429][ T9840] [EXT4 FS bs=4096, gc=2, bpg=34, ipg=32, mo=c040e118, mo2=0000] [ 336.662254][ T9840] EXT4-fs (loop0): orphan cleanup on readonly fs [ 336.673758][ T9840] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 34: padding at end of block bitmap is not set [ 336.689951][ T9840] __quota_error: 60 callbacks suppressed [ 336.689970][ T9840] Quota error (device loop0): write_blk: dquota write failed [ 336.703036][ T9840] Quota error (device loop0): qtree_write_dquot: Error -117 occurred while creating quota [ 336.729349][ T9840] EXT4-fs (loop0): 1 truncate cleaned up [ 336.739531][ T9840] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 336.756306][ T9643] EXT4-fs (loop0): unmounting filesystem. [ 336.819305][ T384] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 337.160456][ T2074] device bridge_slave_1 left promiscuous mode [ 337.166483][ T2074] bridge0: port 2(bridge_slave_1) entered disabled state [ 337.173927][ T2074] device bridge_slave_0 left promiscuous mode [ 337.179367][ T384] usb 4-1: config 1 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 337.190484][ T2074] bridge0: port 1(bridge_slave_0) entered disabled state [ 337.199730][ T384] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 337.214869][ T2074] device veth1_macvtap left promiscuous mode [ 337.221028][ T2074] device veth0_vlan left promiscuous mode [ 337.289427][ T384] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 337.314355][ T384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 337.327677][ T384] usb 4-1: SerialNumber: syz [ 337.361417][ T9858] syz-executor.0[9858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 337.361657][ T9858] syz-executor.0[9858] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 337.373652][ T384] cdc_ether: probe of 4-1:1.0 failed with error -22 [ 337.522155][ T9862] loop2: detected capacity change from 0 to 128 [ 337.590048][ T384] usb 4-1: USB disconnect, device number 28 [ 337.878356][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x1 [ 337.893274][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.922279][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.929618][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.936981][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.944729][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.952270][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x4 [ 337.959727][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.967036][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.987201][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 337.994459][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.012660][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.029281][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.041563][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.067519][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.079421][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.086827][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.094197][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.134228][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.141557][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.148808][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.156362][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.163659][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.170972][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.178227][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.185527][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.192800][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.200033][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.207195][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.214501][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.221731][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.228963][ T4682] hid-generic 0000:0000:0000.004C: unknown main item tag 0x0 [ 338.236767][ T4682] hid-generic 0000:0000:0000.004C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 338.296447][ T9880] loop2: detected capacity change from 0 to 128 [ 338.389283][ T384] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 338.629301][ T39] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 338.749296][ T384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 338.760256][ T384] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 338.769887][ T384] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 338.778733][ T384] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.787172][ T384] usb 4-1: config 0 descriptor?? [ 338.992720][ T28] audit: type=1400 audit(2000000256.319:52501): avc: denied { watch watch_reads } for pid=9889 comm="syz-executor.0" path="/root/syzkaller-testdir877060362/syzkaller.LGsqK6/32/file0" dev="ramfs" ino=62086 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=dir permissive=1 [ 338.999484][ T39] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.059460][ T8462] EXT4-fs error: 222 callbacks suppressed [ 339.059479][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 339.074082][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 339.085776][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 339.094911][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 339.189308][ T39] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 339.198243][ T39] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.206021][ T39] usb 3-1: Product: syz [ 339.210074][ T39] usb 3-1: Manufacturer: syz [ 339.214400][ T39] usb 3-1: SerialNumber: syz [ 339.219471][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 339.228516][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 339.240323][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 339.249414][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 339.259547][ T384] hid (null): bogus close delimiter [ 339.299300][ T2210] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 339.369308][ T8462] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 339.378399][ T8462] EXT4-fs error (device loop3): __ext4_ext_dirty:202: inode #18: comm syz-executor.3: mark_inode_dirty error [ 339.479374][ T384] usb 4-1: language id specifier not provided by device, defaulting to English [ 339.659329][ T2210] usb 1-1: config 1 interface 0 altsetting 0 has a duplicate endpoint with address 0x2, skipping [ 339.669807][ T2210] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 339.759355][ T2210] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 339.768451][ T2210] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 339.776323][ T2210] usb 1-1: SerialNumber: syz [ 339.819606][ T2210] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 339.901232][ T384] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.004D/input/input80 [ 339.914152][ T384] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.004D/input/input81 [ 339.926787][ T384] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.004D/input/input82 [ 339.940441][ T384] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.004D/input/input83 [ 339.953596][ T384] uclogic 0003:256C:006D.004D: input,hiddev96,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 340.021919][ T387] usb 1-1: USB disconnect, device number 49 [ 340.101412][ T2210] usb 4-1: USB disconnect, device number 29 [ 340.359348][ T39] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 340.365773][ T39] cdc_ncm 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 340.373017][ T39] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 340.542367][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x1 [ 340.549846][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.557063][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.564832][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.572153][ T39] cdc_ncm 3-1:1.0: setting tx_max = 184 [ 340.579507][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.586843][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.594658][ T39] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 340.612331][ T39] usb 3-1: USB disconnect, device number 34 [ 340.620938][ T39] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 340.630152][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x4 [ 340.637369][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.646837][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.654532][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.666349][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.673919][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.681281][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.688653][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.698062][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.705346][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.712700][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.720104][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.727394][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.734674][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.742136][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.749412][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.756590][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.763939][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.771117][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.778294][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.785521][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.792829][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.800068][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.807247][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.814483][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.821679][ T387] hid-generic 0000:0000:0000.004E: unknown main item tag 0x0 [ 340.829426][ T387] hid-generic 0000:0000:0000.004E: hidraw0: HID v0.00 Device [syz0] on syz0 [ 340.839849][ T387] ================================================================== [ 340.847730][ T387] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x130 [ 340.855366][ T387] Read of size 8 at addr ffff88811d82acf0 by task kworker/1:4/387 [ 340.863000][ T387] [ 340.865174][ T387] CPU: 1 PID: 387 Comm: kworker/1:4 Not tainted 6.1.78-syzkaller-00002-g65aed0e2f758 #0 [ 340.874717][ T387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 340.884617][ T387] Workqueue: events linkwatch_event [ 340.889653][ T387] Call Trace: [ 340.892857][ T387] [ 340.895637][ T387] dump_stack_lvl+0x151/0x1b7 [ 340.900236][ T387] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 340.905529][ T387] ? _printk+0xd1/0x111 [ 340.909524][ T387] ? __virt_addr_valid+0x242/0x2f0 [ 340.914816][ T387] print_report+0x158/0x4e0 [ 340.919243][ T387] ? __virt_addr_valid+0x242/0x2f0 [ 340.924288][ T387] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 340.930352][ T387] ? __list_del_entry_valid+0xa6/0x130 [ 340.935818][ T387] kasan_report+0x13c/0x170 [ 340.940159][ T387] ? __list_del_entry_valid+0xa6/0x130 [ 340.945454][ T387] __asan_report_load8_noabort+0x14/0x20 [ 340.950941][ T387] __list_del_entry_valid+0xa6/0x130 [ 340.956048][ T387] process_one_work+0x4d7/0xcb0 [ 340.960730][ T387] worker_thread+0xa60/0x1260 [ 340.965245][ T387] kthread+0x26d/0x300 [ 340.969146][ T387] ? worker_clr_flags+0x1a0/0x1a0 [ 340.974009][ T387] ? kthread_blkcg+0xd0/0xd0 [ 340.978434][ T387] ret_from_fork+0x1f/0x30 [ 340.982687][ T387] [ 340.985549][ T387] [ 340.987721][ T387] Allocated by task 39: [ 340.991801][ T387] kasan_set_track+0x4b/0x70 [ 340.996225][ T387] kasan_save_alloc_info+0x1f/0x30 [ 341.001173][ T387] __kasan_kmalloc+0x9c/0xb0 [ 341.005611][ T387] __kmalloc_node+0xb4/0x1e0 [ 341.010025][ T387] kvmalloc_node+0x221/0x640 [ 341.014538][ T387] alloc_netdev_mqs+0x8c/0xf90 [ 341.019143][ T387] alloc_etherdev_mqs+0x36/0x40 [ 341.023825][ T387] usbnet_probe+0x207/0x27c0 [ 341.028252][ T387] usb_probe_interface+0x5b6/0xa90 [ 341.033204][ T387] really_probe+0x2b8/0x920 [ 341.037536][ T387] __driver_probe_device+0x1a0/0x310 [ 341.042664][ T387] driver_probe_device+0x54/0x3d0 [ 341.047517][ T387] __device_attach_driver+0x2e3/0x490 [ 341.052725][ T387] bus_for_each_drv+0x183/0x200 [ 341.057413][ T387] __device_attach+0x312/0x510 [ 341.062012][ T387] device_initial_probe+0x1a/0x20 [ 341.066872][ T387] bus_probe_device+0xbe/0x1e0 [ 341.071472][ T387] device_add+0xb60/0xf10 [ 341.075638][ T387] usb_set_configuration+0x190f/0x1e80 [ 341.080933][ T387] usb_generic_driver_probe+0x8b/0x150 [ 341.086227][ T387] usb_probe_device+0x144/0x260 [ 341.090929][ T387] really_probe+0x2b8/0x920 [ 341.095255][ T387] __driver_probe_device+0x1a0/0x310 [ 341.100374][ T387] driver_probe_device+0x54/0x3d0 [ 341.105235][ T387] __device_attach_driver+0x2e3/0x490 [ 341.110446][ T387] bus_for_each_drv+0x183/0x200 [ 341.115128][ T387] __device_attach+0x312/0x510 [ 341.119815][ T387] device_initial_probe+0x1a/0x20 [ 341.124676][ T387] bus_probe_device+0xbe/0x1e0 [ 341.129281][ T387] device_add+0xb60/0xf10 [ 341.133442][ T387] usb_new_device+0xf32/0x1810 [ 341.138042][ T387] hub_event+0x2db1/0x4830 [ 341.142293][ T387] process_one_work+0x73d/0xcb0 [ 341.146982][ T387] worker_thread+0xa60/0x1260 [ 341.151497][ T387] kthread+0x26d/0x300 [ 341.155399][ T387] ret_from_fork+0x1f/0x30 [ 341.159678][ T387] [ 341.161822][ T387] Freed by task 39: [ 341.165470][ T387] kasan_set_track+0x4b/0x70 [ 341.170067][ T387] kasan_save_free_info+0x2b/0x40 [ 341.174925][ T387] ____kasan_slab_free+0x131/0x180 [ 341.179884][ T387] __kasan_slab_free+0x11/0x20 [ 341.184472][ T387] __kmem_cache_free+0x218/0x3b0 [ 341.189250][ T387] kfree+0x7a/0xf0 [ 341.192814][ T387] kvfree+0x35/0x40 [ 341.196450][ T387] netdev_freemem+0x3f/0x60 [ 341.200819][ T387] netdev_release+0x7f/0xb0 [ 341.205129][ T387] device_release+0x95/0x1c0 [ 341.209558][ T387] kobject_put+0x178/0x260 [ 341.213811][ T387] put_device+0x1f/0x30 [ 341.217802][ T387] free_netdev+0x393/0x480 [ 341.222055][ T387] usbnet_disconnect+0x245/0x390 [ 341.226832][ T387] usb_unbind_interface+0x1fa/0x8c0 [ 341.231879][ T387] device_release_driver_internal+0x53e/0x870 [ 341.237869][ T387] device_release_driver+0x19/0x20 [ 341.242797][ T387] bus_remove_device+0x2fa/0x360 [ 341.247571][ T387] device_del+0x663/0xe90 [ 341.251738][ T387] usb_disable_device+0x380/0x720 [ 341.256683][ T387] usb_disconnect+0x32a/0x890 [ 341.261200][ T387] hub_event+0x1ed8/0x4830 [ 341.265449][ T387] process_one_work+0x73d/0xcb0 [ 341.270137][ T387] worker_thread+0xd71/0x1260 [ 341.274648][ T387] kthread+0x26d/0x300 [ 341.278557][ T387] ret_from_fork+0x1f/0x30 [ 341.282809][ T387] [ 341.284981][ T387] Last potentially related work creation: [ 341.290532][ T387] kasan_save_stack+0x3b/0x60 [ 341.295045][ T387] __kasan_record_aux_stack+0xb4/0xc0 [ 341.300254][ T387] kasan_record_aux_stack_noalloc+0xb/0x10 [ 341.305894][ T387] insert_work+0x56/0x310 [ 341.310146][ T387] __queue_work+0x9b6/0xd70 [ 341.314487][ T387] queue_work_on+0x105/0x170 [ 341.318912][ T387] usbnet_link_change+0xeb/0x100 [ 341.323685][ T387] usbnet_probe+0x1dbe/0x27c0 [ 341.328200][ T387] usb_probe_interface+0x5b6/0xa90 [ 341.333149][ T387] really_probe+0x2b8/0x920 [ 341.337713][ T387] __driver_probe_device+0x1a0/0x310 [ 341.342826][ T387] driver_probe_device+0x54/0x3d0 [ 341.347684][ T387] __device_attach_driver+0x2e3/0x490 [ 341.352891][ T387] bus_for_each_drv+0x183/0x200 [ 341.357572][ T387] __device_attach+0x312/0x510 [ 341.362174][ T387] device_initial_probe+0x1a/0x20 [ 341.367035][ T387] bus_probe_device+0xbe/0x1e0 [ 341.371635][ T387] device_add+0xb60/0xf10 [ 341.375799][ T387] usb_set_configuration+0x190f/0x1e80 [ 341.381102][ T387] usb_generic_driver_probe+0x8b/0x150 [ 341.386393][ T387] usb_probe_device+0x144/0x260 [ 341.391074][ T387] really_probe+0x2b8/0x920 [ 341.395413][ T387] __driver_probe_device+0x1a0/0x310 [ 341.400535][ T387] driver_probe_device+0x54/0x3d0 [ 341.405397][ T387] __device_attach_driver+0x2e3/0x490 [ 341.410602][ T387] bus_for_each_drv+0x183/0x200 [ 341.415289][ T387] __device_attach+0x312/0x510 [ 341.419890][ T387] device_initial_probe+0x1a/0x20 [ 341.424750][ T387] bus_probe_device+0xbe/0x1e0 [ 341.429352][ T387] device_add+0xb60/0xf10 [ 341.433518][ T387] usb_new_device+0xf32/0x1810 [ 341.438115][ T387] hub_event+0x2db1/0x4830 [ 341.442367][ T387] process_one_work+0x73d/0xcb0 [ 341.447055][ T387] worker_thread+0xa60/0x1260 [ 341.451569][ T387] kthread+0x26d/0x300 [ 341.455476][ T387] ret_from_fork+0x1f/0x30 [ 341.459727][ T387] [ 341.461897][ T387] The buggy address belongs to the object at ffff88811d82a000 [ 341.461897][ T387] which belongs to the cache kmalloc-4k of size 4096 [ 341.475784][ T387] The buggy address is located 3312 bytes inside of [ 341.475784][ T387] 4096-byte region [ffff88811d82a000, ffff88811d82b000) [ 341.489236][ T387] [ 341.491405][ T387] The buggy address belongs to the physical page: [ 341.497675][ T387] page:ffffea0004760a00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x11d828 [ 341.507723][ T387] head:ffffea0004760a00 order:3 compound_mapcount:0 compound_pincount:0 [ 341.515882][ T387] flags: 0x4000000000010200(slab|head|zone=1) [ 341.521789][ T387] raw: 4000000000010200 0000000000000000 dead000000000001 ffff888100043380 [ 341.530208][ T387] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 341.538622][ T387] page dumped because: kasan: bad access detected [ 341.544969][ T387] page_owner tracks the page as allocated [ 341.550511][ T387] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5983, tgid 5983 (syz-executor.1), ts 219957634483, free_ts 219942749746 [ 341.573426][ T387] post_alloc_hook+0x213/0x220 [ 341.578025][ T387] prep_new_page+0x1b/0x110 [ 341.582362][ T387] get_page_from_freelist+0x27ea/0x2870 [ 341.587746][ T387] __alloc_pages+0x3a1/0x780 [ 341.592170][ T387] alloc_slab_page+0x6c/0xf0 [ 341.596604][ T387] new_slab+0x90/0x3e0 [ 341.600590][ T387] ___slab_alloc+0x6f9/0xb80 [ 341.605017][ T387] __slab_alloc+0x5d/0xa0 [ 341.609184][ T387] __kmem_cache_alloc_node+0x1af/0x250 [ 341.614475][ T387] kmalloc_trace+0x2a/0xa0 [ 341.618926][ T387] kobject_uevent_env+0x262/0x720 [ 341.623787][ T387] kobject_uevent+0x1f/0x30 [ 341.628128][ T387] __kobject_del+0xee/0x300 [ 341.632461][ T387] kobject_put+0x1cc/0x260 [ 341.636873][ T387] net_rx_queue_update_kobjects+0x42a/0x4a0 [ 341.642601][ T387] netif_set_real_num_rx_queues+0x105/0x1e0 [ 341.648319][ T387] page last free stack trace: [ 341.652834][ T387] free_unref_page_prepare+0x83d/0x850 [ 341.658213][ T387] free_unref_page+0xb2/0x5c0 [ 341.662726][ T387] __free_pages+0x61/0xf0 [ 341.666894][ T387] __free_slab+0xce/0x1a0 [ 341.671058][ T387] discard_slab+0x29/0x40 [ 341.675224][ T387] __slab_free+0x205/0x280 [ 341.679478][ T387] ___cache_free+0xc6/0xd0 [ 341.683730][ T387] qlist_free_all+0xc5/0x140 [ 341.688164][ T387] kasan_quarantine_reduce+0x15a/0x180 [ 341.693464][ T387] __kasan_slab_alloc+0x24/0x80 [ 341.698159][ T387] slab_post_alloc_hook+0x53/0x2c0 [ 341.703084][ T387] kmem_cache_alloc_node+0x18a/0x2d0 [ 341.708204][ T387] __alloc_skb+0xcc/0x2d0 [ 341.712369][ T387] netlink_ack+0x392/0x12a0 [ 341.716709][ T387] netlink_rcv_skb+0x24a/0x410 [ 341.721310][ T387] rtnetlink_rcv+0x1c/0x20 [ 341.725564][ T387] [ 341.727735][ T387] Memory state around the buggy address: [ 341.733213][ T387] ffff88811d82ab80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 2033/05/18 03:37:39 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 341.741116][ T387] ffff88811d82ac00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 341.748999][ T387] >ffff88811d82ac80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 341.756916][ T387] ^ [ 341.764447][ T387] ffff88811d82ad00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 341.772347][ T387] ffff88811d82ad80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 341.780243][ T387] ================================================================== [ 341.788142][ T387] Disabling lock debugging due to kernel taint [ 341.804523][ T43] EXT4-fs error: 30276 callbacks suppressed [ 341.804545][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 341.822071][ T43] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 341.831095][ T43] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm kworker/u4:2: mark_inode_dirty error [ 341.843225][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 341.879027][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 341.898426][ T7512] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Out of memory [ 341.909311][ T7512] EXT4-fs error (device loop1): __ext4_ext_dirty:202: inode #18: comm syz-executor.1: mark_inode_dirty error [ 341.926360][ T43] EXT4-fs err