last executing test programs: 8.278183936s ago: executing program 3: mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r5}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}]}}}]}, 0x40}}, 0x0) 8.151023036s ago: executing program 1: openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.events\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000001b00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b7040000000000008500000057"], 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='ext4_es_lookup_extent_exit\x00', r2}, 0x10) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='block_split\x00', r3}, 0x10) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000b40)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000400)='block_split\x00', r4}, 0x10) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0) write$cgroup_type(r5, &(0x7f0000000180), 0x40001) 8.073748368s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r4, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)=r1) r5 = add_key$fscrypt_v1(&(0x7f0000000340), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c9d064bbd27b2aa57459cff33a3a9831ac46b8829b48fff3d63520d260804d0"}, 0x48, 0xfffffffffffffffd) keyctl$setperm(0x5, r5, 0x0) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r6, 0x0, 0x2) 8.027144495s ago: executing program 1: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_remove_blocks\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 5.879757345s ago: executing program 0: r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x0, &(0x7f0000000000)=0x9, 0x4) socket$inet6_tcp(0xa, 0x1, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = getpid() sched_setscheduler(r2, 0x1, &(0x7f0000000100)=0x5) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x3, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1}]}, &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, 0x0, 0x0) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @random="50a245d5cde0", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x32, 0x0, @empty, @broadcast}, @timestamp_reply={0x11}}}}}, 0x0) 5.755119554s ago: executing program 1: bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000480)='./file0\x00', 0xc0ed0006, &(0x7f0000000140)={[{@jqfmt_vfsold}, {@resgid={'resgid', 0x3d, 0xee00}}, {@bh}, {@noload}, {@data_err_ignore}, {@usrjquota}]}, 0xfe, 0x43e, &(0x7f00000004c0)="$eJzs3MtvG0UYAPBv7SR9k1DKo6WFQEFEPJImfdADFxBIHEBCgkMRp5CkVajboCZItIogcAhHVIk74ojEX8AJLgg4IXGFO6pUoVxaOBmtvZu6iZ3GiVOX7O8nbTvjHWvm292xZ2e8CaCwBtN/koi9EfFHRPTXs7cXGKz/d3NpfuKfpfmJJKrVt/9OauVuLM1P5EXz9+2pZ6rVLL+jSb2L70WMVypTl7L8yNyFD0dmL195YfrC+Lmpc1MXx06fPnH8SN+psZMdiTON68ahT2YOH3z93atvTpy5+v4v36Xt3Zvtb4yjUwbrR7eppztdWZfta0gnPV1sCG0pR0R6unpr/b8/yrFreV9/vPZ5VxsHbKlqtVpt9v2cWagC21gS3W4B0B35F316/5tvd2nocU+4/nL9BiiN+2a21ff0RCkr07vi/raTBiPizMK/X6dbbNE8BABAox/S8c/zzcZ/pXioodx92RrKQETcHxH7I+KBiDgQEQ9G1Mo+HBGPtFn/yhWS1eOf0rUNBbZO6fjvpWxt6/bxXz76i4FylttXi783OTtdmTqWHZOh6N2R5kfXqOPHV3//stW+xvFfuqX152PBrB3XelZM0E2Oz41vJuZG1z+LONTTLP4k8mWcJCIORsShDdYx/ey3h1vtu3P8a+jAOlP1m4hn6ud/IVbEn0tark+Ovnhq7OTIzqhMHRvJr4rVfv1t8a1W9W8q/g5Iz//uptf/cvwDyc6I2ctXztfWa2fbr2Pxzy9a3tNs9PrvS96ppfuy1z4en5u7NBrRl7yx+vWxW+/N83n5NP6ho837//64dSQejYj0Ij4SEY9FxONZ25+IiCcj4uga8f/8ylMftB//GrPyHZTGP3mn8x+N57/9RPn8T9+3H38uPf8naqmh7JX1fP6tt4GbOXYAAADwf1Gq/QY+KQ0vp0ul4eH6b/gPxO5SZWZ27rmzMx9dnKz/Vn4gekv5TFd/w3zoaDY3nOfHVuSPZ/PGX5V31fLDEzOVyW4HDwW3p0X/T/1V7nbrgC3neS0oLv0fikv/h+LS/6G49H8ormb9/9MutAO4+3z/Q3Hp/1Bc+j8Ul/4PhdTy2fjSph75l9j2iSjdE83Y/omedf8xiw0mdjTd1e1PJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgM74LwAA//9wiOSH") open(&(0x7f0000000340)='./bus\x00', 0x143142, 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000080)=@framed={{0x18, 0x3}, [@func={0x85, 0x0, 0x1, 0x0, 0x6}, @map_fd={0x18, 0x0, 0x1, 0x0, r2}, @generic={0x66}, @initr0, @exit, @alu={0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0x4}]}, &(0x7f0000000000)='GPL\x00'}, 0x90) recvmmsg$unix(r0, 0x0, 0x0, 0x0, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='pids.current\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) ftruncate(r3, 0xc17a) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r4 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0) ioctl$LOOP_SET_STATUS64(r4, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, "ee289f413bb90152f7d6d1ce5ca93c0f7c41499dc28ac63a01000000000000004faa2ad9c084a003ea00", "03bdbcef549ba19704007ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b7326736181c20c62df7a8d5da5c00000000ff030000fff2ff008900"}) bpf$PROG_LOAD(0x5, &(0x7f00000016c0)={0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$unix(r1, &(0x7f0000001600)={0x0, 0x0, &(0x7f0000001500)=[{&(0x7f0000000300)="81", 0x1}], 0x1}, 0x0) syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x10, &(0x7f0000000c80), 0xff, 0x249, &(0x7f0000000880)="$eJzs3T9oM2UcB/DvXRJr3jfIqy6C+AdERAvldRNcXifhBSlFRFChIuKitEJtcWudXBx0VunkUsTN6ihdiosiOFXtUBdBi4PFQYdIcqnUNuKf1Jz0Ph+43F1yz/2e4+77JBkuCdBYV5JcS9JKMpukk6Q4ucHd1XRltLrZ3V1M+v3HfyyG21XrleN2l5NsJHkoyU5Z5MV2srb99MHPe4/e98Zq5973tp/qTvUgRw4P9h87enf+9Q+vP7j2+Zffzxe5lt4fjuv8FWOeaxfJLf9Fsf+Jol13D/g7Fl794KtB7m9Ncs8w/52UqU7emys37HTywDt/1vatH764fZp9Bc5fv98ZvAdu9IHGKZP0UpRzSarlspybqz7Df926VL60vPLK7AvLq0vP1z1SAedl+L3345mPLp/K/3etKv/AxdVL9p9Y2PpmsHzUqrs3wFTcUc0G+Z99dv3+yD80jvxDc8k/NJf8Q3PJPzTSTOQfGk3+obnkH5pL/qG55B+a62T+AYBm6c+cuSW4GP4sAHDh1T3+AAAAAAAAAAAAAAAAAAAAZ212dxePp2nV/PTt5PCRJO1x9VvD/yNObhw+XvqpGGz2u6JqNpFn7ppwBxN6v+a7r2/6tqbC3Wr22Z011R9ZX0o2Xktytd0+e/0Vo+vv37v5L17vPDdhgX+oOLX+8JPTrX/ar1v11r++l3wyGH+ujht/ytw2nI8ff3qD8zdh/Zd/mXAHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATM1vAQAA//8mi2g4") mknod(&(0x7f0000000080)='./bus\x00', 0x0, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0) open$dir(&(0x7f00000001c0)='./file0/file0\x00', 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) execve(&(0x7f00000000c0)='./bus\x00', 0x0, 0x0) open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0) symlink(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000000)='./file0\x00') readlinkat(0xffffffffffffff9c, 0x0, 0xffffffffffffffff, 0x0) r5 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r5, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000002f80)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) 5.754843144s ago: executing program 3: syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() setrlimit(0xf, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0) setrlimit(0x8, &(0x7f0000000240)={0xfffffffffffffff9, 0x240}) r5 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)='pids.max\x00', 0x2, 0x0) sendmmsg$unix(r4, &(0x7f0000000d40)=[{{&(0x7f0000000880)=@abs={0x1, 0x0, 0x4e22}, 0x6e, 0x0, 0x0, &(0x7f0000000a80), 0x0, 0x24000880}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000800)="f48dda298a5b5cc10b82c90e3e885656a5", 0x11}], 0x1, &(0x7f0000000300)=[@rights={{0x24, 0x1, 0x1, [r0, r4, r4, r5, r1]}}], 0x28, 0x810}}], 0x2, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f00000005c0)={0x40, 0x4, 0x3}, 0x10) socket$tipc(0x1e, 0x2, 0x0) 4.498663847s ago: executing program 3: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0xe4}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000004a00010000000000000000000a04"], 0x1c}}, 0x0) 4.436225517s ago: executing program 3: r0 = socket$inet6_udp(0xa, 0x2, 0x0) getsockopt$IP6T_SO_GET_REVISION_TARGET(r0, 0x29, 0x45, 0x0, &(0x7f0000000040)) 4.374745856s ago: executing program 3: syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x2010000, &(0x7f0000000140)={[{@rodir}, {@fat=@usefree}, {@iocharset={'iocharset', 0x3d, 'cp865'}}, {@uni_xlate}, {@fat=@codepage={'codepage', 0x3d, '936'}}, {@utf8no}, {}, {@shortname_mixed}, {@numtail}, {@uni_xlateno}, {@fat=@check_strict}, {@shortname_winnt}]}, 0x25, 0x336, &(0x7f0000001200)="$eJzs3T1sW9UXAPDjviROI/VvD3+pgsmwIaGqCWKAKVFVpIoMUGTxtWDRlI/YVIqFpTDE9QJiBLEgwcTWAcbOiAEhNgZWioQKiIVulVrxkP1e7OeP0BThlI/fb4iOzj3H976Xq/glSm5eWo/tC4tx8caN67G8XIqF9TPrcbMU1TgWSWQuBwDwb3IzTePXNHPn6vdX9qOlOa8LAJifwfv/KydGifK9XA0AcBQO+f3/UzOzl+a2LABgjqbe/x8cG574Mf/C8HcCAIB/rmeef+HJjc2I87XackTrnU69U4/HR+MbF+O1aMZWnI5K3I7IHhSyp4X+xyfObZ49Xev7sRr1fkenHtHqdurZk8JGMugvx2pUopr3p8P+pN+/OuivRcTl7mD+aJU69cVYyef/biW2Yi0q8f+p/ohzm2fXavkL1Fv7/d2IXizvX0R//aeiEt+8HJeiGRei3zta/95qrXYm3Rzr71wpD+oAAAAAAAAAAAAAAAAAAAAAAGAeTtWGqsPzb9JWt/P2+cmC6tj5OPVsOD8fqJedD5SW90/neTeZPB9o/HyeTn0hjt3TKwcAAAAAAAAAAAAAAAAAAIC/j/buUjSaza2d9u5b28WgW8i88dWnXxyPyZrXk1EmFrKXG6vJc1HoSmLYng7b02SsJg+SiFHxlavDFRdrysOrmGrvB+WpoVK+pkazeeKBHz6a1fXbKJPE1G0ZD0r5/IWh1v+y1B90HRys3aHmWpqmB7XvfTjdFaWIhalP3F8RfHn91fseaZ98dJD5PD/04aGHK89e++CTn7cbzchvTbO5tNO+nf7puZLC/inl97k0YyfMDnqjTG+nvdtIvv3lufvf+3qiOJm9f9Ji5s2D5/psMrOUBf1lHuZKF2ds/tnBi7eGu/fub+bJj9cbV/e+/+mwXYUvEg7qAAAAAAAAAAAAAAAAAACAI1H4W/G78NjT81sRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABy90f//LwS9qcxhglvdmB4qb+20D5z8+JFeKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/2G/BwAA//9pxHjs") openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0) 3.903132049s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000f20000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000007f1600850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000000000406a05f80000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x9, "8306e9d9"}]}}, 0x0}, 0x0) 3.777868948s ago: executing program 3: r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200}}}}}}}]}}, 0x0) syz_usb_connect$printer(0x0, 0x2d, 0x0, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000000d00000000080000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a80)={&(0x7f0000000000)='sys_enter\x00', r2}, 0x10) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 3.522173268s ago: executing program 1: mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='sched_switch\x00', r2}, 0x10) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', 0x0, 0x0, &(0x7f0000000080)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r5}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r5}, &(0x7f0000000000), &(0x7f0000000040)}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_BR_MULTI_BOOLOPT={0xc, 0x2e, {0x3, 0x3}}]}}}]}, 0x40}}, 0x0) 2.897571264s ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x5f}, [@ldst={0x3, 0x0, 0x3}], {0x95, 0x0, 0x9}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 2.844056102s ago: executing program 4: r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) close(r1) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) close(r1) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x7, 0x10001, 0x9, 0x1}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r3, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000ac0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00', r5}, 0x10) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='jbd2_checkpoint_stats\x00', r4}, 0x10) ioctl$TUNSETOFFLOAD(r0, 0x40086607, 0x20001412) 2.840734233s ago: executing program 1: syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=") r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ffffff850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() setrlimit(0xf, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x89f0, 0x0) setrlimit(0x8, &(0x7f0000000240)={0xfffffffffffffff9, 0x240}) r5 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000280)='pids.max\x00', 0x2, 0x0) sendmmsg$unix(r4, &(0x7f0000000d40)=[{{&(0x7f0000000880)=@abs={0x1, 0x0, 0x4e22}, 0x6e, 0x0, 0x0, &(0x7f0000000a80), 0x0, 0x24000880}}, {{0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000800)="f48dda298a5b5cc10b82c90e3e885656a5", 0x11}], 0x1, &(0x7f0000000300)=[@rights={{0x24, 0x1, 0x1, [r0, r4, r4, r5, r1]}}], 0x28, 0x810}}], 0x2, 0x0) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f00000005c0)={0x40, 0x4, 0x3}, 0x10) socket$tipc(0x1e, 0x2, 0x0) 2.740593598s ago: executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000280)={0x0}, &(0x7f00000013c0)=0xc) sendmmsg$unix(r1, &(0x7f00000014c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)='8', 0x1}], 0x1, &(0x7f0000000580)=[@cred={{0x1c, 0x1, 0x2, {r2, 0xee00}}}, @rights={{0x14, 0x1, 0x1, [r1]}}], 0x38}}], 0x1, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r0, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4) splice(r0, 0x0, r3, 0x0, 0x39000, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f0000000300)={0x0, 0x110000}) r6 = dup(r5) ioctl$KVM_REGISTER_COALESCED_MMIO(r6, 0x4010ae67, &(0x7f0000000000)={0x6000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000340)) syz_emit_ethernet(0x5e, &(0x7f0000000a00)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "122d92", 0x28, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @loopback={0x0, 0x1ff0000aa}, @remote}}}}}}, 0x0) r7 = socket$inet_udplite(0x2, 0x2, 0x88) bind$inet(r3, &(0x7f00000001c0)={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) recvmmsg(r7, &(0x7f0000000480)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) sendto$inet(r7, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x2, 0x4e24, @empty}, 0x10) openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/debug/binder/transaction_log\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000004400)={0x2020}, 0xe9c9e6f) prctl$PR_SET_MM_EXE_FILE(0x23, 0xd, r4) 2.714653352s ago: executing program 4: r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0xe4}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000000c0)=ANY=[@ANYBLOB="1c0000004a00010000000000000000000a04"], 0x1c}}, 0x0) 2.683944197s ago: executing program 4: socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000040), &(0x7f0000000140)=r0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f00000002c0)='ext4_remove_blocks\x00', r2}, 0x10) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.current\x00', 0x275a, 0x0) write$cgroup_int(r3, &(0x7f0000000100), 0x1001) ioctl$SIOCSIFHWADDR(r3, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}}) 2.624893665s ago: executing program 4: mkdir(&(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000770000000e000000850000002a00000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000380)='9p_protocol_dump\x00', r0}, 0x10) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000001000000000000004b64ffecc50000006d000000850000002a00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RVERSION(r3, &(0x7f0000000700)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15) r4 = dup(r3) write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18) write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3]) mount$incfs(&(0x7f00000003c0)='./file0\x00', &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000340), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000140)='./bus\x00') openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0) 2.53176073s ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000f20000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000007f1600850000008200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="12010000000000406a05f80000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000000080)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x9, "8306e9d9"}]}}, 0x0}, 0x0) 2.516354093s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0x6, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='ext4_es_remove_extent\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='ext4_es_remove_extent\x00', r2}, 0x10) unlink(&(0x7f0000000140)='./cgroup\x00') 2.414201418s ago: executing program 2: prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080)={0x0, 0x20}, 0x18) r5 = syz_mount_image$fuse(&(0x7f0000000380), &(0x7f00000003c0)='./file0\x00', 0x1000c8, &(0x7f0000000540)=ANY=[@ANYBLOB='fd=', @ANYRESHEX, @ANYBLOB=',rootmode=00000000000000000020000,user_id', @ANYRESDEC=0xee00, @ANYBLOB=',group_id=', @ANYRESDEC=0xee01, @ANYBLOB=',max_read=0x0000000000000004,uid=', @ANYRESDEC, @ANYBLOB="2c636b66736465663d5c242c6f626a5f747970653d667363727970741c6b3a00"/47], 0x1, 0x0, &(0x7f0000000400)) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r5, 0x800c6613, &(0x7f0000000340)=@v1={0x0, @aes128, 0xa, @desc2}) add_key$fscrypt_v1(&(0x7f0000000040), &(0x7f0000000500)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c9d064bbd27b2aa57459cff33a3a9831ac46b8829b48fff3d63520d260804d0", 0x2b}, 0x48, 0xfffffffffffffffd) r6 = bpf$MAP_CREATE(0x0, 0x0, 0x0) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r7}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = memfd_create(&(0x7f0000000240)='+\x8b\x8a\xa9\x16\x11\x91J\xbc+ \x18\x17\xc2:}\xa3\x9bO\xdd\xdf\xdf\x92\xd5\xed\xb4\x17\xe5\xd6\x9a\xb2\xd8\x9ba\xde\xb2.F\xc0\x99}|\xaf\xd3\x1d\x84[*_\x9f\x9d\xb0rYP\x1b\x9f \xe0\x9cgq\x103\x89\x11\x87Rv\x169\xdf\xe3>B\x04\x00\x00\x00W\xd3\xec\xfb\xdf?\xa2\x90+\xa4!\xb2\xf2\xff\x90\a\xc3\x12\xc4;\xffh\xf1x=\xb9c\xce\x03h\xdap\x88U\x1788\x82\xd7\xfd\x83\x00Sx\x91%\x99_\xfe\xd4c\x83\x86\x0f\xa4a-\xaf\x9e\xd9\xef\xe0)]\x00F\xfa\x03\xbc4\xc4\x9a\v\x03\x8b\xa4\xf3\x8f\xf4\"\'\xd3\a9\x14H}j&~\xe9\x16\x83o\xbd\xab\xcd[\xbd\xcb\x04\xfc\xe7\xe3\x9e?\x12\xf0\xf4\x83M3\xd88\x92?@\v\xe6\xd1\xd2\xe4\xde\xdaUeJ\x9fR\xd1`\xfa\xc8\v\xed\xfd\x0e\xc8\x89W\x847\x88\x82\x94\x14\xe33\xb7H\xc8b\xd6@3F#\xb7\x04C\x8dm\t\x16a\x0fI\xf4\xfe\xf8\x06j\x19Pz&\xb8\x0f\x98`W\xdb\xc6\"81A\xa4\x8bT\xf1\xcb\xab\xa3\t\xef\xdf&\x0e\xad\x03\x123.\xc2V\xaa\xd5\xf8\xde\x8aV\xa4p{\xcez\xa2\x92\xdb8*wLO\f\x97X\x05\x9a\xc2\xe8\x85\x9d\xcb\xc8\xf0\xc4\x01\x03\xe3?\x9f1\xf4\xfb\xa5y`KB\xdf\xae#\x94C\a\x04\xea\xccG\xf2\b\x8f\xf7\xb1\xe96\x90\xf5P\xa4\'\xce\xe3\xa24\x196\xc5Q\xa1K\x95\xd6\xfal\xe9\xd1\\\r&\xb2c\xb3\x8d\xa7\xb7\xa8\x03S\xbd\xdd\b{\xae\f\x10\xc2\xbb\xd0\xdd*\xa3\xb4\fJ\x00X\xab`N; LF\xa5D\xee\xdf\x7f\x80p\xf6o\x1c\xbdXR\xf2\xa0\x81a\xa1\xe1B\x93Xn\xaf\xfc\x05?\xab\xac\x91x\xa8#\xe1\xbeQ\xd1^\x9b\xb9)\xd3\n\xf7(3!\x18\b\xc0\xaampRl\xfdQ\x03\x8c\xd5\xe4\\\xed\x9a\xd1?\xd21\xc8\x90\x1dl|\xd1\x14\xbc3\xe0\x1e\x0e\xe6\x88Y\x99K\x93\x1c@_P\x8c\xc7\x9eZ\xb74KT:\x8a\xdbJ#w\x18\x14\x00\x93\x86\xa5wo\xf6M\xe7D\xf4*\xe3X\x1d\x19\x83\xa7w\xc7+7\x89s\xed\x8a\xd7O\xdd\rhh`\xc0\xa8$\x06pu\xa0\xd0L\x0ez@I\xb8\x83\xb2f\x93j\a0I\xc8l\xe5\x9b\x06\xb5\xac`d\xa3\xcf/\x14\x10\xab\xab\t\xec\xc1c\fA\xaf\x14\xef\xbap@*7\x86\xdf\',\x03Y\xb1$\xf0\xb5}\xf0\x82%)9`\x8f\x04\x85m\x80\xd2\xcf@\x06}\xea\xe7w`\xa5\x11\x9f\x9b\x9e\x8f\xb7cb\x1a\xe1\xcf\x87\x1c\\\xf5\xc21\xf7\x82C*\xd5;\x00\x00\x00\x00\x03\xba\xe3\xdc\x92\'\x8e\xd5\x7fG\xfd.\x91\x89T\x99t\xd4d,\xd5\x92O\xf1\xafT!Y\x8e\\\xac\xf7\x11R\x05p\x1a\"\r\xe9\xe5\x8b&\x0f\x8c\xfb\xef\xf8\xd5\x18\xde\xeb\xe5\x19\xdd\xebQ8\xc5iS+\x06D\x16\xfe\xf5.\xe5\v\x89\xb0\"\xa3M\xe9\x81\x11P\xdb\xc4\xc2y\x14\x04\x06\xf6\f\xb0\xecz\x8d`\xb5\x9b\xb43\xcc1\xa7\x9e\xa8\xb5\'\xc6MAe\x0f\xd1\xfcG\xc2/\xe8\xe9t\xcaQ\xf1\fI\x1chM\xc1\x92\xe3\xc3\x01M\xc8/\xefJ\xcb\xd0]\f\xff\xf5\x92\xce\x97Z\xea\xe8\x99\xfa\x96\xce\xa7\x02\xad\xa2\xce\x955\xeaNg\x02\xcd\xfd\x1a}.\xd3\"x\x89/8H\xc2\x93B\na)\x86\xa9U\xa0\xb7\x18\xfb\xe9\xd1\x97', 0x3) write$binfmt_misc(r9, &(0x7f0000000740)=ANY=[], 0xff67) sendfile(r8, r9, &(0x7f0000000000), 0xfffb) fcntl$addseals(r9, 0x409, 0x8) lseek(r9, 0x0, 0x3) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x13, &(0x7f0000000280)=0x9c, 0x4) 1.16835814s ago: executing program 2: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x3, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x61, 0x10, 0x5f}, [@ldst={0x3, 0x0, 0x3}], {0x95, 0x0, 0x9}}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x85}, 0x52) 1.151855832s ago: executing program 0: r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000800)={0x1f, 0xffffffffffffffff, 0x2}, 0x6) setsockopt$bt_hci_HCI_TIME_STAMP(r0, 0x0, 0x3, 0x0, 0x0) 1.135963465s ago: executing program 2: r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) unshare(0x60600) ioctl$TCGETS2(r0, 0x540c, 0x0) 1.124539467s ago: executing program 0: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$TIPC_CMD_GET_MAX_PORTS(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r4, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', &(0x7f0000000080), 0x18) ioctl$TIOCSPGRP(0xffffffffffffffff, 0x5410, &(0x7f0000000000)=r1) r5 = add_key$fscrypt_v1(&(0x7f0000000340), &(0x7f00000000c0)={'fscrypt:', @desc1}, &(0x7f00000001c0)={0x0, "28d7b07d54891881fe02c1203fe49696b9f26f2da4149683f065714f8a61d1f32c9d064bbd27b2aa57459cff33a3a9831ac46b8829b48fff3d63520d260804d0"}, 0x48, 0xfffffffffffffffd) keyctl$setperm(0x5, r5, 0x0) r6 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0) getdents64(r6, 0x0, 0x2) 980.426969ms ago: executing program 2: r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a0000020a01040000000000000080070000000900010073797a3000000000140000001000010000000000100000000084000a9c7b05b35389306d08dc9feb72b9194b6fbe355d9bcb3a1db4438cccd2d5fe00129eac516088758a1b1103757a84cd8bcb348842d9eb7659af7a9d4828a07f55423091a97baf84d4898360837cece81ac8bff44af650f91d64ffc3339bcb363255a920fa5c1580f617fee701d4be009a32f10a963b2cfc7773904e1bffda9b0a7198586e9db9fb6dae71fbe4bdf00227f3bf5acd136abfb28f66c1b5f557c7d1e66373b141f7c52f808b19a9851f04e2fa5f304f28ebe10b4f4ee0001f630b54dfb9dc3b44be5e43b9599131db57acb21e04f97bfaf657a8771b23ca9c4c718e6a1caf8594ea5d6b2a60fce933f9d985d9d7c8bda06d1711ceb3061cd8109c4002581b42e4cb522c1ba0afaddf49b2f8e833c7b43b6eef5d6a08ed7099c3"], 0x68}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001800)=@base={0x5, 0x8002, 0x4, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000001c0)={{r1}, &(0x7f0000000140), &(0x7f0000000180), 0x2}, 0x20) 893.857622ms ago: executing program 2: bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x1e, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000010700000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000002300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) r4 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000004b74ffec850000006d000000850000000800000095"], &(0x7f0000000540)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000680)='virtio_transport_alloc_pkt\x00', r4}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x4, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000000000000000000100850000007600000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='virtio_transport_alloc_pkt\x00', r5}, 0x10) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000500)={0x28, 0x0, 0x0, @my=0x1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r7}, 0x10) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="3c00000010000100fdffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0048000090180200140003006272696467655f736c6176655f31000008000a00", @ANYRES32=0x0, @ANYBLOB="c51cad9214a30119486cd7535c324b34dba39659a8d2ed6bd0dc6c319c12baf268a01f778261dfbbd3fb7be79d74379ca8a14d7255eca18b5c05f28e92df69ed5a178a"], 0x3c}, 0x1, 0x0, 0x0, 0x4}, 0x8000) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48) 0s ago: executing program 0: r0 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/exec\x00', 0x2, 0x0) r1 = syz_open_dev$mouse(&(0x7f00000001c0), 0x80000001, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000180)={{r1}, &(0x7f0000000100), &(0x7f0000000140)='%ps \x00'}, 0x20) write$selinux_attr(r0, &(0x7f0000000080)='system_u:object_r:udev_var_run_t:s0\x00', 0x24) mkdirat(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x89}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x8, 0x10001, 0x9, 0x1}, 0x48) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000020000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f0000000d00)='sched_switch\x00', r5}, 0x10) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) mount$incfs(0x0, 0x0, &(0x7f0000000180), 0x0, 0x0) r6 = openat$cgroup_int(0xffffffffffffffff, &(0x7f0000000100)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_int(r6, &(0x7f0000000040), 0x1) execveat(0xffffffffffffffff, &(0x7f0000000040)='./file2\x00', 0x0, 0x0, 0x0) kernel console output (not intermixed with test programs): ject_r:device_t tclass=chr_file permissive=1 [ 120.814753][ T2447] loop3: detected capacity change from 0 to 256 [ 120.828530][ T28] audit: type=1400 audit(120.679:2079): avc: denied { ioctl } for pid=86 comm="acpid" path="/dev/input/event3" dev="devtmpfs" ino=446 ioctlcmd=0x4520 scontext=system_u:system_r:acpid_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 120.863742][ T2447] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 120.900771][ T2188] syz-executor.2: attempt to access beyond end of device [ 120.900771][ T2188] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 121.153573][ T2462] loop1: detected capacity change from 0 to 256 [ 121.336614][ T2472] loop1: detected capacity change from 0 to 2048 [ 121.379875][ T2472] loop1: p2 < > [ 121.400475][ T2472] loop1: p2 < > [ 121.428656][ T340] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 121.470155][ T717] device bridge_slave_1 left promiscuous mode [ 121.476192][ T717] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.505689][ T2474] syz-executor.2[2474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.505889][ T2474] syz-executor.2[2474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.517836][ T717] device bridge_slave_0 left promiscuous mode [ 121.539984][ T2474] syz-executor.2[2474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.540136][ T2474] syz-executor.2[2474] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 121.546106][ T717] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.603259][ T717] device veth1_macvtap left promiscuous mode [ 121.619164][ T717] device veth0_vlan left promiscuous mode [ 121.818729][ T340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 121.836652][ T340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 51, changing to 9 [ 121.864653][ T340] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 33540, setting to 1024 [ 121.882168][ T340] usb 5-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice=65.8c [ 121.900797][ T340] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 121.949152][ T340] usb 5-1: config 0 descriptor?? [ 121.989872][ T340] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 122.211039][ T2463] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.226611][ T2463] device bridge_slave_1 left promiscuous mode [ 122.241332][ T2463] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.269343][ T339] usb 5-1: USB disconnect, device number 7 [ 122.303268][ T2470] loop0: detected capacity change from 0 to 40427 [ 122.316416][ T2470] F2FS-fs (loop0): Invalid segment count (0) [ 122.328800][ T2470] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 122.347470][ T2470] F2FS-fs (loop0): invalid crc value [ 122.359493][ T2470] F2FS-fs (loop0): Found nat_bits in checkpoint [ 122.371465][ T2485] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.378417][ T2485] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.386457][ T2485] device bridge_slave_0 entered promiscuous mode [ 122.402301][ T2485] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.409468][ T2485] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.417557][ T2485] device bridge_slave_1 entered promiscuous mode [ 122.500997][ T2470] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 122.507975][ T2470] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 122.562528][ T2504] loop2: detected capacity change from 0 to 256 [ 122.569860][ T2470] input: syz0 as /devices/virtual/input/input10 [ 122.658829][ T2485] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.665747][ T2485] bridge0: port 2(bridge_slave_1) entered forwarding state [ 122.672980][ T2485] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.679882][ T2485] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.690208][ T2506] device veth1_macvtap left promiscuous mode [ 122.718558][ T1881] syz-executor.0: attempt to access beyond end of device [ 122.718558][ T1881] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 122.816635][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 122.832499][ T339] bridge0: port 1(bridge_slave_0) entered disabled state [ 122.840840][ T339] bridge0: port 2(bridge_slave_1) entered disabled state [ 122.873509][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 122.890118][ T339] bridge0: port 1(bridge_slave_0) entered blocking state [ 122.897037][ T339] bridge0: port 1(bridge_slave_0) entered forwarding state [ 122.930270][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 122.969413][ T339] bridge0: port 2(bridge_slave_1) entered blocking state [ 122.976314][ T339] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.010234][ T2519] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 123.027572][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 123.035937][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 123.080228][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 123.108628][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 123.116852][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 123.175949][ T2524] loop4: detected capacity change from 0 to 2048 [ 123.257600][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 123.268757][ T2524] loop4: p2 < > [ 123.286283][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 123.296590][ T2524] loop4: p2 < > [ 123.329100][ T2485] device veth0_vlan entered promiscuous mode [ 123.364474][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 123.374633][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 123.392458][ T2485] device veth1_macvtap entered promiscuous mode [ 123.416701][ T2530] loop0: detected capacity change from 0 to 256 [ 123.427062][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 123.435527][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 123.446753][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 123.466621][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 123.480416][ T2530] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d) [ 123.482187][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 123.603427][ T2541] loop2: detected capacity change from 0 to 512 [ 123.846976][ T2541] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #2: comm syz-executor.2: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 2(2) [ 123.966764][ T2541] EXT4-fs (loop2): get root inode failed [ 123.986616][ T2541] EXT4-fs (loop2): mount failed [ 124.006614][ T2549] device syzkaller0 entered promiscuous mode [ 124.309491][ T2565] loop1: detected capacity change from 0 to 2048 [ 124.369369][ T2565] loop1: p2 < > [ 124.373424][ T415] device bridge_slave_1 left promiscuous mode [ 124.382552][ T415] bridge0: port 2(bridge_slave_1) entered disabled state [ 124.391022][ T2565] loop1: p2 < > [ 124.397358][ T415] device bridge_slave_0 left promiscuous mode [ 124.403697][ T415] bridge0: port 1(bridge_slave_0) entered disabled state [ 124.414063][ T415] device veth1_macvtap left promiscuous mode [ 124.420482][ T415] device veth0_vlan left promiscuous mode [ 124.441861][ T28] kauditd_printk_skb: 2 callbacks suppressed [ 124.441888][ T28] audit: type=1400 audit(124.419:2082): avc: denied { write } for pid=2563 comm="syz-executor.3" name="loop-control" dev="devtmpfs" ino=113 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:loop_control_device_t tclass=chr_file permissive=1 [ 124.798303][ T2595] loop3: detected capacity change from 0 to 256 [ 127.271857][ T2557] bridge0: port 1(bridge_slave_0) entered blocking state [ 127.286891][ T2557] bridge0: port 1(bridge_slave_0) entered disabled state [ 127.305027][ T2557] device bridge_slave_0 entered promiscuous mode [ 127.324270][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.338736][ T2557] bridge0: port 2(bridge_slave_1) entered disabled state [ 127.346753][ T2557] device bridge_slave_1 entered promiscuous mode [ 127.534529][ T2633] loop2: detected capacity change from 0 to 256 [ 127.636421][ T2641] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.2'. [ 127.754355][ T2557] bridge0: port 2(bridge_slave_1) entered blocking state [ 127.761292][ T2557] bridge0: port 2(bridge_slave_1) entered forwarding state [ 127.816425][ T2651] loop4: detected capacity change from 0 to 256 [ 127.841208][ T2651] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 129.063542][ T28] audit: type=1400 audit(129.039:2083): avc: denied { write } for pid=2650 comm="syz-executor.4" name="file1" dev="loop4" ino=1048662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 129.098871][ T339] bridge0: port 2(bridge_slave_1) entered disabled state [ 129.119889][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 129.127617][ T339] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 129.135080][ T28] audit: type=1400 audit(129.039:2084): avc: denied { write } for pid=2650 comm="syz-executor.4" name="file1" dev="loop4" ino=1048662 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 129.191996][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 129.202216][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 129.215053][ T1669] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.221985][ T1669] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.229292][ T947] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 129.250646][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 129.259972][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 129.268381][ T1669] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.275328][ T1669] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.304552][ T2661] Zero length message leads to an empty skb [ 129.320385][ T28] audit: type=1400 audit(129.299:2085): avc: denied { shutdown } for pid=2660 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 129.348737][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 129.367370][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 129.375891][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 129.387774][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 129.436322][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 129.445476][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 129.469806][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 129.478366][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 129.491946][ T2557] device veth0_vlan entered promiscuous mode [ 129.501529][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 129.509848][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 129.529224][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 129.537690][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 129.549300][ T2557] device veth1_macvtap entered promiscuous mode [ 129.567443][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 129.576730][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 129.585571][ T1669] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 129.607134][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 129.615225][ T947] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 129.626731][ T340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 129.634713][ T947] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 129.652422][ T947] usb 3-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 129.762453][ T2676] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'. [ 129.831917][ T947] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 129.844908][ T947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.858637][ T947] usb 3-1: Product: syz [ 129.862650][ T947] usb 3-1: Manufacturer: syz [ 129.878891][ T947] usb 3-1: SerialNumber: syz [ 129.948752][ T1669] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 130.051309][ T2688] loop4: detected capacity change from 0 to 256 [ 130.070271][ T2688] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 130.181808][ T2667] loop1: detected capacity change from 0 to 40427 [ 130.196491][ T2667] F2FS-fs (loop1): invalid crc value [ 130.209796][ T2667] F2FS-fs (loop1): Found nat_bits in checkpoint [ 130.219509][ T947] usb 3-1: 0:2 : does not exist [ 130.227778][ T947] usb 3-1: USB disconnect, device number 6 [ 130.308804][ T1669] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 130.320780][ T1669] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 51, changing to 9 [ 130.332044][ T1669] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 33540, setting to 1024 [ 130.343461][ T1669] usb 1-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice=65.8c [ 130.352534][ T1669] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.363805][ T1669] usb 1-1: config 0 descriptor?? [ 130.410106][ T1669] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 130.444929][ T2698] loop4: detected capacity change from 0 to 8192 [ 130.448689][ T2667] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 130.475648][ T28] audit: type=1400 audit(130.449:2086): avc: denied { mounton } for pid=2697 comm="syz-executor.4" path="/root/syzkaller-testdir958325882/syzkaller.qU66Pj/54/file0/bus" dev="loop4" ino=1048669 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=file permissive=1 [ 130.705747][ T2673] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.732312][ T2673] device bridge_slave_1 left promiscuous mode [ 130.793160][ T2673] bridge0: port 2(bridge_slave_1) entered disabled state [ 130.847816][ T828] usb 1-1: USB disconnect, device number 10 [ 130.953235][ T2667] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 130.961923][ T2667] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 131.859027][ T318] syz-executor.1: attempt to access beyond end of device [ 131.859027][ T318] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 131.888114][ T28] audit: type=1400 audit(131.059:2087): avc: denied { append } for pid=2703 comm="syz-executor.4" name="001" dev="devtmpfs" ino=162 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 132.367549][ T2735] syz-executor.2[2735] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.367685][ T2735] syz-executor.2[2735] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.390229][ T2735] syz-executor.2[2735] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 132.656183][ T2735] syz-executor.2[2735] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 133.186273][ T2729] loop4: detected capacity change from 0 to 8192 [ 134.467732][ T2758] loop1: detected capacity change from 0 to 512 [ 134.499098][ T2758] EXT4-fs: Ignoring removed i_version option [ 134.518670][ T2758] EXT4-fs (loop1): #blocks per group too big: 4278190080 [ 135.594005][ T2777] syz-executor.1[2777] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.594161][ T2777] syz-executor.1[2777] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.636958][ T2777] syz-executor.1[2777] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.667035][ T2777] syz-executor.1[2777] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 135.862021][ T322] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 135.881137][ T2744] loop2: detected capacity change from 0 to 40427 [ 135.906498][ T2744] F2FS-fs (loop2): invalid crc value [ 135.920684][ T2744] F2FS-fs (loop2): Found nat_bits in checkpoint [ 136.339037][ T322] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 136.401866][ T322] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 51, changing to 9 [ 136.689539][ T322] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 33540, setting to 1024 [ 136.701481][ T322] usb 1-1: New USB device found, idVendor=05ac, idProduct=030a, bcdDevice=65.8c [ 136.711093][ T322] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.921198][ T322] usb 1-1: config 0 descriptor?? [ 136.959996][ T322] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 137.929357][ T6] usb 1-1: USB disconnect, device number 11 [ 138.054488][ T2816] loop3: detected capacity change from 0 to 512 [ 138.082555][ T2816] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 138.109483][ T2816] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 138.161055][ T2816] EXT4-fs (loop3): 1 orphan inode deleted [ 138.176894][ T2816] EXT4-fs (loop3): 1 truncate cleaned up [ 138.188882][ T2816] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 138.229362][ T2816] EXT4-fs error (device loop3): ext4_lookup:1855: inode #15: comm syz-executor.3: iget: bad extra_isize 46 (inode size 256) [ 138.253543][ T2816] EXT4-fs (loop3): Remounting filesystem read-only [ 138.317983][ T2485] EXT4-fs (loop3): unmounting filesystem. [ 138.359616][ T28] audit: type=1400 audit(138.339:2088): avc: denied { create } for pid=2826 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 138.728685][ T339] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 138.860142][ T2861] kvm: MWAIT instruction emulated as NOP! [ 139.128926][ T28] audit: type=1400 audit(139.081:2089): avc: denied { getopt } for pid=2872 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 139.149117][ T339] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.210542][ T339] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 139.298751][ T339] usb 4-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 139.579103][ T339] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 139.616321][ T339] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.698228][ T339] usb 4-1: Product: syz [ 139.804286][ T339] usb 4-1: Manufacturer: syz [ 139.808791][ T339] usb 4-1: SerialNumber: syz [ 139.842501][ T28] audit: type=1400 audit(139.821:2090): avc: denied { remount } for pid=2891 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 139.951074][ T2907] loop0: detected capacity change from 0 to 512 [ 139.961303][ T2910] syz-executor.4[2910] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.961434][ T2910] syz-executor.4[2910] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 139.974453][ T2907] EXT4-fs: Ignoring removed i_version option [ 140.003260][ T2907] EXT4-fs (loop0): #blocks per group too big: 4278190080 [ 140.138997][ T339] usb 4-1: 0:2 : does not exist [ 140.149694][ T339] usb 4-1: USB disconnect, device number 7 [ 141.145825][ T2940] syz-executor.3[2940] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.146025][ T2940] syz-executor.3[2940] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.245623][ T2946] loop0: detected capacity change from 0 to 512 [ 141.324440][ T2946] EXT4-fs (loop0): #blocks per group too big: 4278190080 [ 141.511733][ T2973] syz-executor.1[2973] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 141.511851][ T2973] syz-executor.1[2973] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.779107][ T28] audit: type=1400 audit(142.741:2091): avc: denied { read } for pid=2984 comm="syz-executor.2" dev="nsfs" ino=4026532314 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 142.876127][ T28] audit: type=1400 audit(142.741:2092): avc: denied { open } for pid=2984 comm="syz-executor.2" path="net:[4026532314]" dev="nsfs" ino=4026532314 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 142.900535][ T28] audit: type=1400 audit(142.751:2093): avc: denied { write } for pid=2984 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 142.920473][ T340] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 142.963350][ T3002] syz-executor.1[3002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 142.964946][ T3002] syz-executor.1[3002] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 143.260327][ T3005] device wireguard0 entered promiscuous mode [ 143.906435][ T3018] netlink: 'syz-executor.2': attribute type 3 has an invalid length. [ 143.925748][ T3018] loop2: detected capacity change from 0 to 16 [ 143.935341][ T3018] erofs: (device loop2): mounted with root inode @ nid 36. [ 143.963272][ T3018] IPv6: syztnl2: Disabled Multicast RS [ 143.969361][ T340] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 144.288285][ T3024] device pim6reg1 entered promiscuous mode [ 144.842276][ T340] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 144.851105][ T340] usb 1-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 144.910218][ T340] usb 1-1: string descriptor 0 read error: -71 [ 144.935247][ T340] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 144.944877][ T3039] syz-executor.2[3039] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.945030][ T3039] syz-executor.2[3039] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 144.957945][ T340] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.118886][ T340] usb 1-1: can't set config #1, error -71 [ 147.129072][ T340] usb 1-1: USB disconnect, device number 12 [ 147.516334][ T28] audit: type=1400 audit(147.491:2094): avc: denied { remount } for pid=3069 comm="syz-executor.4" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fs_t tclass=filesystem permissive=1 [ 147.844748][ T3076] device syzkaller0 entered promiscuous mode [ 149.480798][ T3071] EXT4-fs: error -4 creating inode table initialization thread [ 149.488447][ T3071] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 149.587054][ T3074] device pim6reg1 entered promiscuous mode [ 149.641258][ T3095] syz-executor.2[3095] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.641398][ T3095] syz-executor.2[3095] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.668251][ T3095] loop2: detected capacity change from 0 to 256 [ 149.716607][ T3102] syz-executor.0[3102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.716731][ T3102] syz-executor.0[3102] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 149.730433][ T3095] FAT-fs (loop2): Directory bread(block 64) failed [ 149.748772][ T3095] FAT-fs (loop2): Directory bread(block 65) failed [ 149.755349][ T3095] FAT-fs (loop2): Directory bread(block 66) failed [ 149.762048][ T3095] FAT-fs (loop2): Directory bread(block 67) failed [ 149.876420][ T3107] device wireguard0 entered promiscuous mode [ 150.121287][ T3095] FAT-fs (loop2): Directory bread(block 68) failed [ 150.391678][ T3095] FAT-fs (loop2): Directory bread(block 69) failed [ 150.480095][ T3095] FAT-fs (loop2): Directory bread(block 70) failed [ 150.581078][ T3095] FAT-fs (loop2): Directory bread(block 71) failed [ 150.587684][ T3095] FAT-fs (loop2): Directory bread(block 72) failed [ 150.594034][ T3095] FAT-fs (loop2): Directory bread(block 73) failed [ 151.805786][ T3141] device syzkaller0 entered promiscuous mode [ 152.311875][ T3151] device syzkaller0 entered promiscuous mode [ 152.708601][ T3156] device wireguard0 entered promiscuous mode [ 153.561715][ T3163] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 158.716498][ T3193] device wireguard0 entered promiscuous mode [ 158.835458][ T3200] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 158.957831][ T3213] loop1: detected capacity change from 0 to 256 [ 159.014079][ T3213] syz-executor.1: attempt to access beyond end of device [ 159.014079][ T3213] loop1: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 159.108751][ T28] audit: type=1326 audit(159.081:2095): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3224 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56c3e7cea9 code=0x0 [ 159.134097][ T3223] loop0: detected capacity change from 0 to 128 [ 160.304646][ T1669] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 160.320762][ T28] audit: type=1400 audit(160.301:2096): avc: denied { connect } for pid=3222 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 160.343232][ T3233] IPv6: sit1: Disabled Multicast RS [ 160.558765][ T1669] usb 5-1: Using ep0 maxpacket: 8 [ 160.600890][ T28] audit: type=1400 audit(160.581:2097): avc: denied { unmount } for pid=318 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=filesystem permissive=1 [ 163.301039][ T3253] device syzkaller0 entered promiscuous mode [ 163.388800][ T1669] usb 5-1: unable to read config index 0 descriptor/all [ 163.399363][ T1669] usb 5-1: can't read configurations, error -71 [ 163.525395][ T28] audit: type=1400 audit(163.501:2098): avc: denied { map } for pid=3271 comm="syz-executor.4" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 168.450024][ T3321] device syzkaller0 entered promiscuous mode [ 171.099160][ T3358] loop1: detected capacity change from 0 to 256 [ 171.174441][ T3358] syz-executor.1: attempt to access beyond end of device [ 171.174441][ T3358] loop1: rw=2049, sector=256, nr_sectors = 12 limit=256 [ 173.390166][ T3378] loop4: detected capacity change from 0 to 256 [ 175.737263][ T3396] device syzkaller0 entered promiscuous mode [ 178.111483][ T3404] loop4: detected capacity change from 0 to 2048 [ 178.169517][ T3404] loop4: p1 < > p4 [ 178.174264][ T3404] loop4: p4 size 8388608 extends beyond EOD, truncated [ 178.195221][ T28] audit: type=1400 audit(178.171:2099): avc: denied { mount } for pid=3403 comm="syz-executor.4" name="/" dev="selinuxfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:security_t tclass=filesystem permissive=1 [ 178.273179][ T3430] loop3: detected capacity change from 0 to 512 [ 178.285520][ T3430] ext4: Unknown parameter 'nouser_xattr' [ 178.485859][ T3436] fuse: blksize only supported for fuseblk [ 179.704412][ T3460] loop1: detected capacity change from 0 to 2048 [ 181.893992][ T3463] device syzkaller0 entered promiscuous mode [ 182.791582][ T3460] loop1: p1 < > p4 [ 182.824331][ T3460] loop1: p4 size 8388608 extends beyond EOD, truncated [ 182.931200][ T3474] loop2: detected capacity change from 0 to 1024 [ 182.946834][ T3474] EXT4-fs: Invalid want_extra_isize 2 [ 183.049508][ T3474] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 183.063356][ T3478] device syzkaller0 entered promiscuous mode [ 183.178928][ T321] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 183.269033][ T3490] SELinux: security_context_str_to_sid (Õ) failed with errno=-22 [ 183.325060][ T3498] loop4: detected capacity change from 0 to 2048 [ 183.623569][ T3498] loop4: p1 < > p4 [ 183.739115][ T3498] loop4: p4 size 8388608 extends beyond EOD, truncated [ 183.787961][ T3502] loop2: detected capacity change from 0 to 512 [ 183.861000][ T3502] ext4: Unknown parameter 'nouser_xattr' [ 184.378628][ T321] usb 4-1: Using ep0 maxpacket: 32 [ 184.394487][ T28] audit: type=1400 audit(184.371:2100): avc: denied { connect } for pid=3508 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 184.414534][ T3510] fuse: blksize only supported for fuseblk [ 184.462234][ T28] audit: type=1400 audit(184.441:2101): avc: denied { read } for pid=3511 comm="syz-executor.1" name="ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 184.484992][ T28] audit: type=1400 audit(184.441:2102): avc: denied { open } for pid=3511 comm="syz-executor.1" path="/dev/ptp0" dev="devtmpfs" ino=172 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 184.508338][ T28] audit: type=1400 audit(184.451:2103): avc: denied { ioctl } for pid=3511 comm="syz-executor.1" path="/dev/ptp0" dev="devtmpfs" ino=172 ioctlcmd=0x3d0c scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 184.533275][ T321] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 184.554373][ T321] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 184.562960][ T321] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 184.571811][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 184.581253][ T321] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 184.598478][ T321] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 184.608229][ T321] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 184.617998][ T321] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 184.644188][ T321] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 184.668622][ T321] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.719348][ T321] usb 4-1: config 0 descriptor?? [ 187.453497][ T3525] device syzkaller0 entered promiscuous mode [ 187.520898][ T321] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 9 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 187.611412][ T321] usb 4-1: USB disconnect, device number 9 [ 187.637658][ T321] usblp0: removed [ 187.646819][ T3531] loop2: detected capacity change from 0 to 1024 [ 187.658447][ T3531] EXT4-fs: Invalid want_extra_isize 2 [ 188.816251][ T3531] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 188.915132][ T28] audit: type=1400 audit(188.891:2104): avc: denied { getopt } for pid=3555 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 189.109310][ T3571] loop0: detected capacity change from 0 to 512 [ 189.157813][ T3571] ext4: Unknown parameter 'nouser_xattr' [ 190.152130][ T3379] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 190.189187][ T3584] loop1: detected capacity change from 0 to 1024 [ 190.196503][ T3584] EXT4-fs: quotafile must be on filesystem root [ 190.231993][ T3585] fuse: blksize only supported for fuseblk [ 190.832311][ T3588] device syzkaller0 entered promiscuous mode [ 191.128842][ T3379] usb 4-1: Using ep0 maxpacket: 32 [ 191.398382][ T3594] loop1: detected capacity change from 0 to 256 [ 191.594092][ T3379] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 191.602420][ T3379] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 191.610925][ T3379] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 191.619773][ T3379] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 191.629845][ T3379] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 191.639883][ T3379] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 191.649527][ T3379] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 191.659151][ T3379] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 191.672265][ T3379] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 191.681410][ T3379] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 191.781039][ T28] audit: type=1326 audit(191.751:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3593 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe62e67cea9 code=0x0 [ 191.832992][ T3379] usb 4-1: config 0 descriptor?? [ 192.510564][ T3379] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 192.538804][ T3379] usb 4-1: USB disconnect, device number 10 [ 192.546439][ T3379] usblp0: removed [ 192.631104][ T3605] loop0: detected capacity change from 0 to 1024 [ 192.638125][ T3605] EXT4-fs: Invalid want_extra_isize 2 [ 192.742727][ T3605] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 192.914912][ T3623] loop1: detected capacity change from 0 to 1024 [ 192.934988][ T3623] EXT4-fs: quotafile must be on filesystem root [ 192.955315][ T3625] loop0: detected capacity change from 0 to 2048 [ 192.999821][ T3625] loop0: p1 < > p4 [ 193.005192][ T3625] loop0: p4 size 8388608 extends beyond EOD, truncated [ 193.129317][ T3609] loop3: detected capacity change from 0 to 40427 [ 193.158729][ T3379] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 193.180284][ T3609] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 193.214557][ T3609] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 193.418568][ T3609] F2FS-fs (loop3): Found nat_bits in checkpoint [ 193.579094][ T3379] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 193.621663][ T3379] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 193.705091][ T3379] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 193.747850][ T3609] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 193.753657][ T3379] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 193.755011][ T3609] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 193.764297][ T3379] usb 3-1: config 0 descriptor?? [ 193.922905][ T3644] loop1: detected capacity change from 0 to 512 [ 193.935793][ T3644] EXT4-fs error (device loop1): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.1: inline data xattr refers to an external xattr inode [ 193.951182][ T3644] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 12 (err -117) [ 193.965548][ T3644] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 193.991429][ T318] EXT4-fs (loop1): unmounting filesystem. [ 194.013578][ T3651] loop1: detected capacity change from 0 to 256 [ 194.073038][ T3653] overlayfs: missing 'lowerdir' [ 194.101897][ T3654] loop0: detected capacity change from 0 to 512 [ 194.109614][ T3654] ext4: Unknown parameter 'nouser_xattr' [ 194.205277][ T339] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 194.289458][ T3656] fuse: blksize only supported for fuseblk [ 194.370531][ T28] audit: type=1326 audit(194.341:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3650 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe62e67cea9 code=0x0 [ 194.442023][ T3379] hid (null): bogus close delimiter [ 194.648909][ T3379] usb 3-1: language id specifier not provided by device, defaulting to English [ 194.928677][ T339] usb 5-1: Using ep0 maxpacket: 32 [ 195.048765][ T339] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 195.049692][ T3674] loop1: detected capacity change from 0 to 1024 [ 195.057050][ T339] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 195.064168][ T3674] EXT4-fs: Invalid want_extra_isize 2 [ 195.071915][ T339] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 195.086653][ T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 195.096208][ T339] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 195.105796][ T339] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 195.115452][ T339] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 195.134795][ T339] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 195.151618][ T339] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 195.161415][ T339] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.179124][ T339] usb 5-1: config 0 descriptor?? [ 195.190083][ T3674] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 195.207270][ T3678] loop3: detected capacity change from 0 to 2048 [ 195.259356][ T3678] loop3: p1 < > p4 [ 195.263949][ T3678] loop3: p4 size 8388608 extends beyond EOD, truncated [ 195.379137][ T3379] uclogic 0003:256C:006D.0009: v1 frame probing failed: -71 [ 195.387050][ T3379] uclogic 0003:256C:006D.0009: failed probing parameters: -71 [ 195.394754][ T3379] uclogic: probe of 0003:256C:006D.0009 failed with error -71 [ 195.410185][ T3379] usb 3-1: USB disconnect, device number 7 [ 196.160641][ T339] usblp 5-1:0.0: usblp0: USB Bidirectional printer dev 10 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 196.173766][ T339] usb 5-1: USB disconnect, device number 10 [ 196.181485][ T339] usblp0: removed [ 196.284745][ T3694] loop3: detected capacity change from 0 to 256 [ 196.612598][ T28] audit: type=1326 audit(196.581:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3693 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f55e567cea9 code=0x0 [ 196.635784][ T3379] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 197.899131][ T3379] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.967503][ T3379] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 197.992782][ T3718] loop2: detected capacity change from 0 to 512 [ 198.118053][ T3379] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 198.156462][ T3718] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode [ 198.227379][ T3379] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.287491][ T3718] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 12 (err -117) [ 198.326895][ T3379] usb 2-1: config 0 descriptor?? [ 198.384228][ T3718] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 198.578680][ T322] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 198.837477][ T2188] EXT4-fs (loop2): unmounting filesystem. [ 198.910226][ T3379] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 198.952668][ T3379] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 198.988961][ T322] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 199.035535][ T322] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 199.056292][ T3379] plantronics 0003:047F:FFFF.000A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 199.088656][ T322] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 199.102696][ T322] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 199.166340][ T322] usb 4-1: config 0 descriptor?? [ 199.463193][ T3726] usb 2-1: USB disconnect, device number 6 [ 199.707140][ T322] hid (null): bogus close delimiter [ 199.909090][ T322] usb 4-1: language id specifier not provided by device, defaulting to English [ 199.956926][ T3731] loop0: detected capacity change from 0 to 1024 [ 200.025622][ T3731] EXT4-fs: quotafile must be on filesystem root [ 200.253204][ T3744] loop2: detected capacity change from 0 to 256 [ 200.653352][ T28] audit: type=1326 audit(200.581:2108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3743 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56c3e7cea9 code=0x0 [ 200.750337][ T322] uclogic 0003:256C:006D.000B: v1 frame probing failed: -71 [ 200.781426][ T322] uclogic 0003:256C:006D.000B: failed probing parameters: -71 [ 200.827707][ T322] uclogic: probe of 0003:256C:006D.000B failed with error -71 [ 200.890024][ T322] usb 4-1: USB disconnect, device number 11 [ 201.685844][ T3768] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.2'. [ 201.832779][ T3766] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.841616][ T3766] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.849797][ T3766] device bridge_slave_0 entered promiscuous mode [ 201.857391][ T3766] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.864495][ T3766] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.873396][ T3766] device bridge_slave_1 entered promiscuous mode [ 201.893607][ T3777] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 202.814575][ T3785] loop0: detected capacity change from 0 to 256 [ 202.992183][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 203.009313][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 203.018233][ T3789] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 203.082402][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 203.090840][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 203.100265][ T38] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.107126][ T38] bridge0: port 1(bridge_slave_0) entered forwarding state [ 203.114455][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 203.123432][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 203.137621][ T38] bridge0: port 2(bridge_slave_1) entered blocking state [ 203.144519][ T38] bridge0: port 2(bridge_slave_1) entered forwarding state [ 203.152594][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 203.162622][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 203.173175][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 203.229464][ T28] audit: type=1326 audit(203.201:2109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3784 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b94a7cea9 code=0x0 [ 203.283859][ T3385] device bridge_slave_0 left promiscuous mode [ 203.293577][ T3385] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.315117][ T3385] device veth1_macvtap left promiscuous mode [ 203.321955][ T3385] device veth0_vlan left promiscuous mode [ 204.017100][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 204.051769][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 204.062223][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 204.070741][ T3809] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 204.085415][ T3766] device veth0_vlan entered promiscuous mode [ 204.094287][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 204.102785][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 204.118820][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 204.126666][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 204.134066][ T28] audit: type=1400 audit(204.111:2110): avc: denied { getattr } for pid=3812 comm="syz-executor.2" name="/" dev="9p" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 204.140035][ T3813] overlayfs: statfs failed on './file0' [ 204.172862][ T3766] device veth1_macvtap entered promiscuous mode [ 204.181098][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 204.191549][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 204.200091][ T38] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 204.225357][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 204.234968][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 204.244477][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 204.255203][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 204.297173][ T28] audit: type=1400 audit(204.271:2111): avc: denied { unlink } for pid=3819 comm="syz-executor.2" name="#1b" dev="tmpfs" ino=8 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=chr_file permissive=1 [ 204.606503][ T28] audit: type=1400 audit(204.581:2112): avc: denied { module_load } for pid=3838 comm="syz-executor.4" path="/root/syzkaller-testdir2489006184/syzkaller.LT6c1M/3/bus" dev="sda1" ino=1949 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_home_t tclass=system permissive=1 [ 204.717932][ T3845] overlayfs: statfs failed on './file0' [ 204.916610][ T3815] loop3: detected capacity change from 0 to 40427 [ 204.939718][ T3815] F2FS-fs (loop3): Invalid segment count (0) [ 204.977015][ T3815] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 204.988517][ T3815] F2FS-fs (loop3): invalid crc value [ 205.016518][ T3815] F2FS-fs (loop3): Found nat_bits in checkpoint [ 205.203101][ T3815] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 205.216084][ T3815] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 205.308361][ T2485] syz-executor.3: attempt to access beyond end of device [ 205.308361][ T2485] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 205.494825][ T3849] loop2: detected capacity change from 0 to 40427 [ 205.502511][ T3849] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 205.510352][ T3849] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 205.529969][ T3849] F2FS-fs (loop2): Found nat_bits in checkpoint [ 205.648763][ T3379] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 205.692872][ T3849] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 205.699866][ T3849] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 205.721962][ T3865] loop0: detected capacity change from 0 to 40427 [ 205.739855][ T3865] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 205.749168][ T3865] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 205.778082][ T3865] F2FS-fs (loop0): Found nat_bits in checkpoint [ 205.936511][ T3865] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 205.943652][ T3865] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 206.020989][ T3893] loop3: detected capacity change from 0 to 512 [ 206.028606][ T3893] EXT4-fs: journaled quota format not specified [ 206.048813][ T3379] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 206.062940][ T3379] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 206.080974][ T3379] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 206.090029][ T3379] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.100247][ T3379] usb 5-1: config 0 descriptor?? [ 206.114195][ T3894] overlayfs: missing 'lowerdir' [ 206.600781][ T3379] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0 [ 206.608581][ T3379] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving [ 206.636049][ T3379] plantronics 0003:047F:FFFF.000C: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 206.773545][ T3919] loop2: detected capacity change from 0 to 128 [ 206.780750][ T3919] FAT-fs (loop2): Unrecognized mount option "Úª~Nô¯=_ƒ]þPå§ú2ãXÍÒš 6È}û" or missing value [ 206.911501][ T828] usb 5-1: USB disconnect, device number 11 [ 206.958600][ T3926] loop2: detected capacity change from 0 to 256 [ 206.990621][ T3907] loop0: detected capacity change from 0 to 40427 [ 206.998030][ T3907] F2FS-fs (loop0): Invalid segment count (0) [ 207.003942][ T3907] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 207.013507][ T3907] F2FS-fs (loop0): invalid crc value [ 207.035483][ T3907] F2FS-fs (loop0): Found nat_bits in checkpoint [ 207.075014][ T3931] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 207.178500][ T3907] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 207.185662][ T3907] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 207.398893][ T28] audit: type=1326 audit(207.291:2113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3925 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f56c3e7cea9 code=0x0 [ 208.024654][ T2557] syz-executor.0: attempt to access beyond end of device [ 208.024654][ T2557] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 208.194312][ T3949] loop4: detected capacity change from 0 to 128 [ 208.211500][ T3949] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x00067272 (sector = 1) [ 208.238554][ T3952] loop3: detected capacity change from 0 to 512 [ 208.253188][ T3952] ext4: Unknown parameter 'nouser_xattr' [ 208.275111][ T3949] syz-executor.4: attempt to access beyond end of device [ 208.275111][ T3949] loop4: rw=3, sector=6950, nr_sectors = 2 limit=128 [ 208.288775][ T3949] syz-executor.4: attempt to access beyond end of device [ 208.288775][ T3949] loop4: rw=2051, sector=6952, nr_sectors = 942 limit=128 [ 208.384623][ T3955] fuse: blksize only supported for fuseblk [ 208.660448][ T3972] loop4: detected capacity change from 0 to 8192 [ 208.699457][ T3972] loop4: p1 < > [ 208.892651][ T3970] loop0: detected capacity change from 0 to 40427 [ 208.892951][ T28] audit: type=1400 audit(208.871:2114): avc: denied { setattr } for pid=3971 comm="syz-executor.4" name="loop4p1" dev="devtmpfs" ino=511 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=blk_file permissive=1 [ 208.921530][ T3970] F2FS-fs (loop0): Invalid segment count (0) [ 208.927486][ T3970] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 208.937662][ T3970] F2FS-fs (loop0): invalid crc value [ 208.945922][ T3970] F2FS-fs (loop0): Found nat_bits in checkpoint [ 209.054553][ T3970] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 209.061462][ T3970] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 209.142600][ T2557] syz-executor.0: attempt to access beyond end of device [ 209.142600][ T2557] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 209.543094][ T3990] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 209.934597][ T28] audit: type=1400 audit(209.911:2115): avc: denied { bind } for pid=3991 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 209.989880][ T28] audit: type=1326 audit(209.911:2116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=3991 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8b94a7cea9 code=0x0 [ 210.536301][ T3997] 9pnet_fd: Insufficient options for proto=fd [ 210.546950][ T3997] loop0: detected capacity change from 0 to 256 [ 210.553395][ T3997] FAT-fs (loop0): Unrecognized mount option "./file0" or missing value [ 211.558494][ T4022] loop2: detected capacity change from 0 to 128 [ 212.784162][ T4013] loop0: detected capacity change from 0 to 40427 [ 212.791990][ T4013] F2FS-fs (loop0): Invalid segment count (0) [ 212.797824][ T4013] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 212.808411][ T4013] F2FS-fs (loop0): invalid crc value [ 212.840051][ T4013] F2FS-fs (loop0): Found nat_bits in checkpoint [ 212.859194][ T4052] tmpfs: Unknown parameter 'nolazytimeÿÿ' [ 212.952613][ T4054] loop4: detected capacity change from 0 to 128 [ 213.040507][ T4061] tmpfs: Unknown parameter 'syzkaller' [ 213.064977][ T4013] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 213.071983][ T4013] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 213.168535][ T4073] loop3: detected capacity change from 0 to 512 [ 213.195505][ T4073] EXT4-fs (loop3): corrupt root inode, run e2fsck [ 213.205246][ T4073] EXT4-fs (loop3): mount failed [ 213.225112][ T4078] loop4: detected capacity change from 0 to 256 [ 213.229770][ T2557] syz-executor.0: attempt to access beyond end of device [ 213.229770][ T2557] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 213.246579][ T4073] loop3: detected capacity change from 0 to 256 [ 213.370283][ T4073] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 213.658898][ T28] audit: type=1326 audit(213.581:2117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4077 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f642de7cea9 code=0x0 [ 214.341625][ T28] audit: type=1400 audit(214.321:2118): avc: denied { name_bind } for pid=4088 comm="syz-executor.0" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 214.414577][ T4086] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.3'. [ 214.551259][ T4110] loop2: detected capacity change from 0 to 512 [ 214.559744][ T28] audit: type=1400 audit(214.541:2119): avc: denied { name_bind } for pid=4113 comm="syz-executor.0" src=20000 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:port_t tclass=rawip_socket permissive=1 [ 214.593393][ T4110] EXT4-fs (loop2): 1 truncate cleaned up [ 214.599420][ T4110] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 214.630692][ T2188] EXT4-fs (loop2): unmounting filesystem. [ 215.012517][ T4151] loop2: detected capacity change from 0 to 512 [ 215.026758][ T4151] EXT4-fs (loop2): 1 truncate cleaned up [ 215.045005][ T4151] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 215.106031][ T2188] EXT4-fs (loop2): unmounting filesystem. [ 215.216485][ T4166] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 215.337855][ T4166] netlink: 'syz-executor.0': attribute type 4 has an invalid length. [ 215.915577][ T4171] mmap: syz-executor.2 (4171) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 216.012066][ T4166] syz-executor.0 (4166) used greatest stack depth: 19008 bytes left [ 216.161845][ T4188] loop0: detected capacity change from 0 to 512 [ 216.191579][ T4188] EXT4-fs (loop0): 1 truncate cleaned up [ 216.197092][ T4188] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 216.221451][ T4198] syz-executor.2[4198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 216.221600][ T4198] syz-executor.2[4198] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 216.240167][ T2557] EXT4-fs (loop0): unmounting filesystem. [ 216.279408][ T4199] syz-executor.2[4199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 216.279600][ T4199] syz-executor.2[4199] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 216.360065][ T4182] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 216.569868][ T28] audit: type=1326 audit(216.551:2120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b94a7cea9 code=0x7ffc0000 [ 216.595216][ T28] audit: type=1326 audit(216.551:2121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b94a7cea9 code=0x7ffc0000 [ 216.619600][ T28] audit: type=1326 audit(216.551:2122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b94a7cea9 code=0x7ffc0000 [ 216.643238][ T28] audit: type=1326 audit(216.551:2123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b94a7cea9 code=0x7ffc0000 [ 218.073314][ T28] audit: type=1326 audit(216.551:2124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b94a7cea9 code=0x7ffc0000 [ 218.275678][ T28] audit: type=1326 audit(216.551:2125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8b94a7cea9 code=0x7ffc0000 [ 218.300953][ T4207] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 218.305682][ T28] audit: type=1326 audit(216.571:2126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4211 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8b94a7cea9 code=0x7ffc0000 [ 218.340258][ T4207] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 218.484950][ T4217] netlink: 36 bytes leftover after parsing attributes in process `syz-executor.2'. [ 218.544189][ T4224] loop3: detected capacity change from 0 to 512 [ 218.573598][ T4224] EXT4-fs error (device loop3): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.3: inline data xattr refers to an external xattr inode [ 218.589069][ T4224] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 12 (err -117) [ 218.601685][ T4224] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 218.762267][ T2485] EXT4-fs (loop3): unmounting filesystem. [ 218.770479][ T4237] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.0'. [ 218.843817][ T28] kauditd_printk_skb: 156 callbacks suppressed [ 218.843847][ T28] audit: type=1326 audit(218.821:2283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4243 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56c3e7cea9 code=0x7ffc0000 [ 218.894322][ T28] audit: type=1326 audit(218.821:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4243 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56c3e7cea9 code=0x7ffc0000 [ 218.929495][ T28] audit: type=1326 audit(218.821:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4243 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56c3e7cea9 code=0x7ffc0000 [ 218.953210][ T28] audit: type=1326 audit(218.821:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4243 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f56c3e7cea9 code=0x7ffc0000 [ 218.986221][ T4252] 9pnet: Could not find request transport: unixÿÿ [ 218.990398][ T4253] audit: audit_backlog=65 > audit_backlog_limit=64 [ 218.996051][ T4252] input: syz0 as /devices/virtual/input/input11 [ 219.004990][ T28] audit: type=1326 audit(218.861:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4243 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56c3e7cea9 code=0x7ffc0000 [ 219.009625][ T4253] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 219.042760][ T28] audit: type=1326 audit(218.861:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4243 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f56c3e7cea9 code=0x7ffc0000 [ 219.065997][ T4253] audit: backlog limit exceeded [ 219.066056][ T28] audit: type=1326 audit(218.861:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4243 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f56c3e7a627 code=0x7ffc0000 [ 219.439702][ T4247] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.4'. [ 220.009697][ T4292] loop2: detected capacity change from 0 to 256 [ 220.049655][ T4292] FAT-fs (loop2): Unrecognized mount option "gid=ë4H¯( ¹Oÿ•‹sÈuþÄU•¡'nJåy%­ Uº6ÓðJˆÁö7<ÒL8&‰š’\T ×j”C@" or missing value [ 220.155035][ T4262] 9pnet_fd: Insufficient options for proto=fd [ 220.165922][ T4262] loop3: detected capacity change from 0 to 256 [ 220.172486][ T4262] FAT-fs (loop3): Unrecognized mount option "./file0" or missing value [ 220.537074][ T4315] loop0: detected capacity change from 0 to 512 [ 220.553014][ T4315] EXT4-fs (loop0): 1 orphan inode deleted [ 220.558662][ T4315] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 220.728675][ T321] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 220.850711][ T4323] syz-executor.0[4323] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 220.851626][ T4323] syz-executor.0[4323] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 222.059597][ T2557] EXT4-fs (loop0): unmounting filesystem. [ 222.106347][ T4327] netlink: 'syz-executor.0': attribute type 1 has an invalid length. [ 222.283533][ T4313] loop3: detected capacity change from 0 to 40427 [ 222.291085][ T4313] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 222.298709][ T4313] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 222.308484][ T4313] F2FS-fs (loop3): invalid crc value [ 222.316448][ T4313] F2FS-fs (loop3): Found nat_bits in checkpoint [ 222.322704][ T321] usb 3-1: Using ep0 maxpacket: 8 [ 222.365275][ T4337] loop0: detected capacity change from 0 to 256 [ 222.372907][ T4337] FAT-fs (loop0): Unrecognized mount option "gid=ë4H¯( ¹Oÿ•‹sÈuþÄU•¡'nJåy%­ Uº6ÓðJˆÁö7<ÒL8&‰š’\T ×j”C@" or missing value [ 222.474977][ T4313] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 222.481955][ T4313] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 222.508771][ T321] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 95, changing to 7 [ 222.528628][ T321] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 25458, setting to 1024 [ 222.548728][ T321] usb 3-1: New USB device found, idVendor=1b3d, idProduct=0146, bcdDevice= 1.b8 [ 222.567324][ T321] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.581392][ T4313] syz-executor.3: attempt to access beyond end of device [ 222.581392][ T4313] loop3: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 222.619429][ T321] usb 3-1: config 0 descriptor?? [ 222.629786][ T2485] syz-executor.3: attempt to access beyond end of device [ 222.629786][ T2485] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 222.652752][ T3385] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 222.662996][ T321] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 222.671372][ T321] usb 3-1: Detected SIO [ 222.676208][ T3385] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 222.686270][ T321] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 223.516750][ T321] usb 3-1: USB disconnect, device number 8 [ 223.524378][ T321] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 223.534203][ T321] ftdi_sio 3-1:0.0: device disconnected [ 223.541901][ T4349] loop2: detected capacity change from 0 to 512 [ 223.571077][ T4349] EXT4-fs error (device loop2): ext4_find_inline_data_nolock:164: inode #12: comm syz-executor.2: inline data xattr refers to an external xattr inode [ 223.598830][ T4349] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 12 (err -117) [ 223.611578][ T4349] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 223.649089][ T4345] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 223.841630][ T4360] loop3: detected capacity change from 0 to 2048 [ 223.855068][ T4360] EXT4-fs (loop3): The Hurd can't support 64-bit file systems [ 223.865096][ T2188] EXT4-fs (loop2): unmounting filesystem. [ 224.192337][ T4379] loop3: detected capacity change from 0 to 512 [ 224.216687][ T4379] EXT4-fs (loop3): orphan cleanup on readonly fs [ 224.232152][ T4379] __quota_error: 108 callbacks suppressed [ 224.232181][ T4379] Quota error (device loop3): find_block_dqentry: Quota for id 0 referenced but not present [ 224.288800][ T4379] Quota error (device loop3): qtree_read_dquot: Can't read quota structure for id 0 [ 224.323299][ T4379] EXT4-fs (loop3): 1 truncate cleaned up [ 224.349839][ T4379] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 224.389752][ T4379] EXT4-fs warning (device loop3): read_mmp_block:115: Error -117 while reading MMP block 8 [ 224.461975][ T2485] EXT4-fs (loop3): unmounting filesystem. [ 224.546167][ T4382] device pim6reg1 entered promiscuous mode [ 224.932764][ T4393] input: syz0 as /devices/virtual/input/input12 [ 224.961139][ T4375] loop0: detected capacity change from 0 to 40427 [ 224.977600][ T4375] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 224.995369][ T4375] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 225.015541][ T4375] F2FS-fs (loop0): invalid crc value [ 225.060711][ T4375] F2FS-fs (loop0): Found nat_bits in checkpoint [ 225.426425][ T4375] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 225.433535][ T4375] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 225.559033][ T318] bridge0: port 3(syz_tun) entered disabled state [ 225.657035][ T318] device syz_tun left promiscuous mode [ 225.724209][ T318] bridge0: port 3(syz_tun) entered disabled state [ 226.254495][ T4384] loop2: detected capacity change from 0 to 40427 [ 226.283787][ T4384] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 226.301773][ T4375] syz-executor.0: attempt to access beyond end of device [ 226.301773][ T4375] loop0: rw=10241, sector=45096, nr_sectors = 8 limit=40427 [ 226.404867][ T4384] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 226.429394][ T2557] syz-executor.0: attempt to access beyond end of device [ 226.429394][ T2557] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427 [ 226.450466][ T4384] F2FS-fs (loop2): Found nat_bits in checkpoint [ 226.489041][ T3385] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix. [ 226.508996][ T3385] F2FS-fs (loop0): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix. [ 226.568204][ T4422] loop3: detected capacity change from 0 to 256 [ 226.590398][ T4422] FAT-fs (loop3): Unrecognized mount option "gid=ë4H¯( ¹Oÿ•‹sÈuþÄU•¡'nJåy%­ Uº6ÓðJˆÁö7<ÒL8&‰š’\T ×j”C@" or missing value [ 226.754579][ T4384] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 226.764926][ T4384] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 227.116159][ T352] device bridge_slave_0 left promiscuous mode [ 227.200512][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 227.587269][ T352] device veth0_vlan left promiscuous mode [ 228.076590][ T4384] overlayfs: missing 'lowerdir' [ 228.964698][ T4429] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.253813][ T4429] bridge0: port 1(bridge_slave_0) entered disabled state [ 229.275247][ T4429] device bridge_slave_0 entered promiscuous mode [ 229.283056][ T4429] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.289963][ T4429] bridge0: port 2(bridge_slave_1) entered disabled state [ 229.297906][ T4429] device bridge_slave_1 entered promiscuous mode [ 229.620852][ T4446] loop0: detected capacity change from 0 to 40427 [ 229.649903][ T4446] F2FS-fs (loop0): Wrong segment_count / block_count (64 > 16384) [ 229.657590][ T4446] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 229.725189][ T4446] F2FS-fs (loop0): Found nat_bits in checkpoint [ 229.811748][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 229.826410][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 229.857441][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 229.872842][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 229.888064][ T3198] bridge0: port 1(bridge_slave_0) entered blocking state [ 229.895004][ T3198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 229.918961][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 229.937273][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 229.963594][ T3198] bridge0: port 2(bridge_slave_1) entered blocking state [ 229.970535][ T3198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 230.002504][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 230.019236][ T4446] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 230.027989][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 230.046496][ T4446] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 230.055041][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 230.114974][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 230.137830][ T4429] device veth0_vlan entered promiscuous mode [ 230.170141][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 230.179916][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 230.187856][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 230.250409][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 230.264876][ T4429] device veth1_macvtap entered promiscuous mode [ 230.280815][ T4478] loop2: detected capacity change from 0 to 8192 [ 230.321163][ T4478] loop2: p1 < > [ 230.337321][ T4457] loop4: detected capacity change from 0 to 40427 [ 230.338256][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 230.353709][ T4457] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 230.362310][ T3379] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 230.371229][ T4457] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 230.406452][ T4457] F2FS-fs (loop4): invalid crc value [ 230.409039][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 230.425014][ T4492] loop3: detected capacity change from 0 to 256 [ 230.431955][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 230.444530][ T4457] F2FS-fs (loop4): Found nat_bits in checkpoint [ 230.456228][ T2557] syz-executor.0: attempt to access beyond end of device [ 230.456228][ T2557] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 230.463359][ T4492] exfat: Unknown parameter '' [ 230.546328][ T4497] loop1: detected capacity change from 0 to 512 [ 230.608813][ T4497] EXT4-fs (loop1): orphan cleanup on readonly fs [ 230.615929][ T4497] Quota error (device loop1): find_block_dqentry: Quota for id 0 referenced but not present [ 230.626281][ T4497] Quota error (device loop1): qtree_read_dquot: Can't read quota structure for id 0 [ 230.637560][ T4497] EXT4-fs (loop1): 1 truncate cleaned up [ 230.668888][ T4497] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 230.673684][ T4492] tipc: Failed to remove unknown binding: 66,1,1/0:3367975499/3367975501 [ 230.692011][ T4497] EXT4-fs warning (device loop1): read_mmp_block:115: Error -117 while reading MMP block 8 [ 230.709169][ T4457] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 230.717326][ T4492] tipc: Failed to remove unknown binding: 66,1,1/0:3367975499/3367975501 [ 230.719364][ T4457] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 230.725962][ T4492] tipc: Failed to remove unknown binding: 66,1,1/0:3367975499/3367975501 [ 230.746266][ T4429] EXT4-fs (loop1): unmounting filesystem. [ 230.758266][ T4492] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 231.091578][ T4504] syz-executor.4: attempt to access beyond end of device [ 231.091578][ T4504] loop4: rw=2049, sector=53248, nr_sectors = 408 limit=40427 [ 231.596872][ T4505] SELinux: Context system_u:object_r:apt_var_lib_t:s0 is not valid (left unmapped). [ 231.606632][ T3766] syz-executor.4: attempt to access beyond end of device [ 231.606632][ T3766] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 231.612988][ T28] audit: type=1400 audit(231.591:2398): avc: denied { relabelto } for pid=4501 comm="syz-executor.1" name="file0" dev="sda1" ino=1961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:apt_var_lib_t:s0" [ 231.704232][ T4509] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 231.787632][ T4509] netlink: 'syz-executor.2': attribute type 4 has an invalid length. [ 232.466504][ T4510] loop0: detected capacity change from 0 to 1024 [ 232.509777][ T4510] EXT4-fs: Ignoring removed i_version option [ 232.529430][ T4510] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 232.558843][ T28] audit: type=1400 audit(231.631:2399): avc: denied { setattr } for pid=4501 comm="syz-executor.1" name="file0" dev="sda1" ino=1961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:apt_var_lib_t:s0" [ 232.616431][ T4510] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 232.619180][ T28] audit: type=1400 audit(232.431:2400): avc: denied { unlink } for pid=4429 comm="syz-executor.1" name="file0" dev="sda1" ino=1961 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 trawcon="system_u:object_r:apt_var_lib_t:s0" [ 232.707481][ T28] audit: type=1400 audit(232.681:2401): avc: denied { setattr } for pid=4507 comm="syz-executor.0" name="pagemap" dev="proc" ino=33783 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=file permissive=1 [ 232.765049][ T2557] EXT4-fs (loop0): unmounting filesystem. [ 232.785621][ T28] audit: type=1400 audit(232.761:2402): avc: denied { listen } for pid=4522 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 232.829281][ T28] audit: type=1400 audit(232.781:2403): avc: denied { setopt } for pid=4522 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 232.898643][ T3379] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 232.955011][ T4536] loop0: detected capacity change from 0 to 256 [ 232.977902][ T4536] exfat: Unknown parameter '' [ 233.068444][ T4550] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 233.101865][ T4536] tipc: Failed to remove unknown binding: 66,1,1/0:412037384/412037386 [ 233.124290][ T4536] tipc: Failed to remove unknown binding: 66,1,1/0:412037384/412037386 [ 233.138296][ T4536] tipc: Failed to remove unknown binding: 66,1,1/0:412037384/412037386 [ 233.148430][ T4536] EXT4-fs warning (device sda1): ext4_group_extend:1869: can't shrink FS - resize aborted [ 233.159948][ T3379] usb 4-1: Using ep0 maxpacket: 32 [ 233.226939][ T28] audit: type=1400 audit(233.201:2404): avc: denied { create } for pid=4557 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 233.249856][ T4558] Unsupported ieee802154 address type: 0 [ 233.267544][ T28] audit: type=1400 audit(233.231:2405): avc: denied { bind } for pid=4557 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 233.291328][ T3379] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 233.310218][ T3379] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 233.331041][ T3379] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 233.358596][ T3379] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.393966][ T3379] usb 4-1: config 0 descriptor?? [ 233.448806][ T4515] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 233.469652][ T4573] netlink: 'syz-executor.1': attribute type 4 has an invalid length. [ 233.469904][ T3379] hub 4-1:0.0: USB hub found [ 233.489606][ T4573] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 233.612945][ T4573] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 233.622519][ T4580] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 233.718871][ T3379] hub 4-1:0.0: 2 ports detected [ 234.663867][ T4592] loop4: detected capacity change from 0 to 40427 [ 234.677100][ T4592] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 234.684805][ T4592] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 234.725202][ T4592] F2FS-fs (loop4): Found nat_bits in checkpoint [ 234.850745][ T4603] syz-executor.0[4603] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 234.850933][ T4603] syz-executor.0[4603] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 234.890570][ T4592] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 234.910156][ T4592] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 235.609031][ T3129] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 236.082578][ T4625] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'. [ 236.137950][ T4626] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 236.138783][ T4627] overlayfs: missing 'lowerdir' [ 236.226452][ T4632] netlink: 316 bytes leftover after parsing attributes in process `syz-executor.2'. [ 236.330607][ T3379] usb 4-1: USB disconnect, device number 12 [ 236.348806][ T3726] usb 4-1-port2: config error [ 237.006340][ T4641] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 237.093650][ T4644] syz-executor.4[4644] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 237.093803][ T4644] syz-executor.4[4644] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 239.298273][ T3379] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 239.353730][ T4661] bridge0: port 1(bridge_slave_0) entered blocking state [ 239.382476][ T4661] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.403943][ T4661] device bridge_slave_0 entered promiscuous mode [ 239.415028][ T4661] bridge0: port 2(bridge_slave_1) entered blocking state [ 239.428608][ T4661] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.436763][ T4661] device bridge_slave_1 entered promiscuous mode [ 239.505959][ T4678] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.4'. [ 239.516938][ T4676] loop2: detected capacity change from 0 to 1024 [ 239.539604][ T4676] EXT4-fs: Ignoring removed i_version option [ 239.558746][ T4676] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 239.578744][ T3379] usb 2-1: Using ep0 maxpacket: 32 [ 239.588539][ T4676] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 239.627440][ T2188] EXT4-fs (loop2): unmounting filesystem. [ 239.713996][ T4688] loop2: detected capacity change from 0 to 512 [ 239.718842][ T3379] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 239.740860][ T4688] EXT4-fs (loop2): orphan cleanup on readonly fs [ 239.746944][ T3379] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 239.750006][ T4688] EXT4-fs (loop2): 1 orphan inode deleted [ 239.759804][ T3379] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 239.812228][ T3379] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.842053][ T4688] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 239.853213][ T4688] EXT4-fs (loop2): unmounting filesystem. [ 239.855637][ T3379] usb 2-1: config 0 descriptor?? [ 239.866450][ T8] device bridge_slave_1 left promiscuous mode [ 239.874406][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 239.898742][ T4668] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 239.906409][ T8] device bridge_slave_0 left promiscuous mode [ 239.912590][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 239.921138][ T3379] hub 2-1:0.0: USB hub found [ 239.941707][ T8] device veth1_macvtap left promiscuous mode [ 239.947675][ T8] device veth0_vlan left promiscuous mode [ 239.958358][ T4688] loop2: detected capacity change from 0 to 512 [ 239.969070][ T4688] EXT4-fs error (device loop2): ext4_ext_check_inode:520: inode #15: comm syz-executor.2: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 239.987598][ T4688] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 15 (err -117) [ 240.001431][ T4688] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 240.011085][ T4688] EXT4-fs (loop2): unmounting filesystem. [ 240.138790][ T3379] hub 2-1:0.0: 2 ports detected [ 240.373456][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 240.382458][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 240.400692][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 240.420284][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 240.437246][ T3198] bridge0: port 1(bridge_slave_0) entered blocking state [ 240.444190][ T3198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 240.481297][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 240.535682][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 240.544125][ T3198] bridge0: port 2(bridge_slave_1) entered blocking state [ 240.551063][ T3198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 240.580712][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 241.343612][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 241.396549][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 241.407617][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 241.480991][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 241.509395][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 241.560387][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 241.589811][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 241.601092][ T4661] device veth0_vlan entered promiscuous mode [ 241.681597][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 241.691182][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 241.822538][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 241.877960][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 241.917457][ T4729] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'. [ 242.013699][ T4661] device veth1_macvtap entered promiscuous mode [ 242.262359][ T3726] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 242.290176][ T3726] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 242.367565][ T3726] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 242.535617][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 242.552037][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 242.621747][ T4736] netlink: 'syz-executor.3': attribute type 4 has an invalid length. [ 242.632289][ T4736] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.3'. [ 242.663964][ T4740] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 242.686370][ T4743] loop4: detected capacity change from 0 to 512 [ 242.696331][ T4743] EXT4-fs (loop4): orphan cleanup on readonly fs [ 242.705878][ T4743] EXT4-fs (loop4): 1 orphan inode deleted [ 242.711760][ T4745] Bluetooth: received HCILL_WAKE_UP_ACK in state 2 [ 242.719916][ T4743] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 242.733386][ T4743] EXT4-fs (loop4): unmounting filesystem. [ 242.743812][ T4740] netlink: 316 bytes leftover after parsing attributes in process `syz-executor.2'. [ 242.745185][ T24] usb 2-1: USB disconnect, device number 7 [ 242.758775][ T3379] usb 2-1-port2: config error [ 242.787126][ T4743] loop4: detected capacity change from 0 to 512 [ 242.797082][ T4743] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #15: comm syz-executor.4: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 242.815904][ T4743] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 242.829307][ T4743] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 242.840064][ T4743] EXT4-fs (loop4): unmounting filesystem. [ 243.958821][ T3379] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 244.689262][ T3379] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 244.702433][ T3379] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 244.716012][ T3379] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 244.725431][ T3129] Bluetooth: hci0: command 0x1003 tx timeout [ 244.731437][ T4579] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 244.738082][ T3379] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.758173][ T3379] usb 1-1: config 0 descriptor?? [ 244.794151][ T4790] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'. [ 244.871348][ T4790] netlink: 316 bytes leftover after parsing attributes in process `syz-executor.2'. [ 244.888491][ T4772] loop4: detected capacity change from 0 to 40427 [ 244.895907][ T4772] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 244.903508][ T4772] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 244.916290][ T4772] F2FS-fs (loop4): Found nat_bits in checkpoint [ 245.018850][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 245.022584][ T4772] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 245.033561][ T4772] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 245.298658][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 245.324871][ T4772] overlayfs: missing 'lowerdir' [ 245.428728][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 245.445528][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 245.456699][ T3379] usb 1-1: language id specifier not provided by device, defaulting to English [ 245.465711][ T24] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 245.474901][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.484585][ T24] usb 2-1: config 0 descriptor?? [ 245.519370][ T4785] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 245.539985][ T24] hub 2-1:0.0: USB hub found [ 245.759406][ T24] hub 2-1:0.0: 2 ports detected [ 245.908770][ T3379] uclogic 0003:256C:006D.000D: interface is invalid, ignoring [ 245.968085][ T4805] loop4: detected capacity change from 0 to 512 [ 245.999365][ T4805] EXT4-fs (loop4): orphan cleanup on readonly fs [ 246.017396][ T4805] EXT4-fs (loop4): 1 orphan inode deleted [ 246.037553][ T4805] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 246.059003][ T4805] EXT4-fs (loop4): unmounting filesystem. [ 246.117116][ T3198] usb 1-1: USB disconnect, device number 14 [ 246.137384][ T4805] loop4: detected capacity change from 0 to 512 [ 246.180152][ T4805] EXT4-fs error (device loop4): ext4_ext_check_inode:520: inode #15: comm syz-executor.4: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 246.208528][ T4805] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz-executor.4: couldn't read orphan inode 15 (err -117) [ 246.228634][ T4805] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 246.242840][ T4805] EXT4-fs (loop4): unmounting filesystem. [ 246.682687][ T4817] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.2'. [ 246.792984][ T4823] input: syz0 as /devices/virtual/input/input13 [ 246.855953][ T4828] netlink: 28 bytes leftover after parsing attributes in process `syz-executor.3'. [ 248.169896][ T6] usb 2-1: USB disconnect, device number 8 [ 248.178756][ T3379] usb 2-1-port2: config error [ 248.210075][ T4857] input: syz0 as /devices/virtual/input/input14 [ 248.278658][ T3198] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 249.448903][ T3198] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 249.489297][ T3198] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 249.528889][ T3198] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 249.548009][ T3198] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.567607][ T3198] usb 3-1: config 0 descriptor?? [ 249.591602][ T4869] loop1: detected capacity change from 0 to 512 [ 249.640317][ T4869] EXT4-fs (loop1): orphan cleanup on readonly fs [ 249.661787][ T4872] SELinux: security_context_str_to_sid (s) failed with errno=-22 [ 249.680354][ T4869] EXT4-fs (loop1): 1 orphan inode deleted [ 249.699407][ T4869] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 249.720129][ T4869] EXT4-fs (loop1): unmounting filesystem. [ 249.891950][ T4880] overlayfs: missing 'lowerdir' [ 249.907449][ T4869] loop1: detected capacity change from 0 to 512 [ 249.950728][ T4869] EXT4-fs error (device loop1): ext4_ext_check_inode:520: inode #15: comm syz-executor.1: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 249.973795][ T4869] EXT4-fs error (device loop1): ext4_orphan_get:1401: comm syz-executor.1: couldn't read orphan inode 15 (err -117) [ 249.989074][ T4869] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 250.374670][ T4869] EXT4-fs (loop1): unmounting filesystem. [ 250.998779][ T3198] usb 3-1: language id specifier not provided by device, defaulting to English [ 251.193626][ T4874] loop4: detected capacity change from 0 to 40427 [ 251.218649][ T4874] F2FS-fs (loop4): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 251.226527][ T4874] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 251.236692][ T4874] F2FS-fs (loop4): invalid crc value [ 251.260523][ T4874] F2FS-fs (loop4): Found nat_bits in checkpoint [ 251.308995][ T3198] uclogic 0003:256C:006D.000E: interface is invalid, ignoring [ 251.324088][ T4895] input: syz0 as /devices/virtual/input/input15 [ 251.474621][ T4874] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 251.481719][ T4874] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 251.519033][ T3198] usb 3-1: USB disconnect, device number 9 [ 252.742548][ T4905] syz-executor.4: attempt to access beyond end of device [ 252.742548][ T4905] loop4: rw=2049, sector=53248, nr_sectors = 408 limit=40427 [ 253.590057][ T3766] syz-executor.4: attempt to access beyond end of device [ 253.590057][ T3766] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 253.779494][ T4912] device wg2 entered promiscuous mode [ 254.654648][ T3726] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 254.687112][ T4921] loop1: detected capacity change from 0 to 128 [ 254.715105][ T4921] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 254.908896][ T3726] usb 4-1: Using ep0 maxpacket: 32 [ 255.029100][ T3726] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 255.091358][ T3726] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 255.213352][ T3726] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 255.316258][ T3726] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.052734][ T3726] usb 4-1: config 0 descriptor?? [ 257.068810][ T3726] usb 4-1: can't set config #0, error -71 [ 257.079525][ T3726] usb 4-1: USB disconnect, device number 13 [ 257.097918][ T4934] tmpfs: Unknown parameter './file0' [ 257.105664][ T4429] EXT4-fs (loop1): unmounting filesystem. [ 257.211210][ T4939] loop3: detected capacity change from 0 to 512 [ 257.220836][ T4939] EXT4-fs (loop3): orphan cleanup on readonly fs [ 257.229634][ T4939] EXT4-fs (loop3): 1 orphan inode deleted [ 257.246010][ T4939] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 257.256240][ T4939] EXT4-fs (loop3): unmounting filesystem. [ 257.319369][ T4946] syz-executor.0[4946] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.319522][ T4946] syz-executor.0[4946] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 257.747702][ T4939] loop3: detected capacity change from 0 to 512 [ 258.310307][ T4939] EXT4-fs error (device loop3): ext4_ext_check_inode:520: inode #15: comm syz-executor.3: pblk 0 bad header/extent: invalid eh_entries - magic f30a, entries 24833, max 4(4), depth 0(0) [ 258.359034][ T4939] EXT4-fs error (device loop3): ext4_orphan_get:1401: comm syz-executor.3: couldn't read orphan inode 15 (err -117) [ 258.391817][ T4939] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 258.412785][ T4939] EXT4-fs (loop3): unmounting filesystem. [ 258.568785][ T6] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 258.674819][ T4964] loop1: detected capacity change from 0 to 128 [ 258.710961][ T4964] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 258.802816][ T4429] EXT4-fs (loop1): unmounting filesystem. [ 258.928887][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid maxpacket 41811, setting to 64 [ 258.941077][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 259.108782][ T6] usb 5-1: New USB device found, idVendor=1b3d, idProduct=9310, bcdDevice= 0.c8 [ 259.124462][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 259.140209][ T6] usb 5-1: Product: syz [ 259.148760][ T6] usb 5-1: Manufacturer: syz [ 259.157704][ T6] usb 5-1: SerialNumber: syz [ 259.169364][ T6] usb 5-1: config 0 descriptor?? [ 259.220054][ T6] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 259.228067][ T6] usb 5-1: Detected SIO [ 259.245689][ T6] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 11 [ 259.268851][ T6] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 261.061086][ T3379] usb 5-1: USB disconnect, device number 12 [ 261.075516][ T3379] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 261.098892][ T3379] ftdi_sio 5-1:0.0: device disconnected [ 263.309812][ T5003] syz-executor.2[5003] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 263.309952][ T5003] syz-executor.2[5003] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 263.769925][ T5015] syz-executor.0[5015] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 263.815498][ T5015] syz-executor.0[5015] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 263.869517][ T4985] loop4: detected capacity change from 0 to 40427 [ 263.897491][ T4985] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 263.907588][ T4985] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 263.950634][ T4985] F2FS-fs (loop4): Found nat_bits in checkpoint [ 265.134072][ T5034] syz-executor.2[5034] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 265.134233][ T5034] syz-executor.2[5034] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.859069][ T5070] syz-executor.4[5070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 266.901341][ T5070] syz-executor.4[5070] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 267.714266][ T5036] loop2: detected capacity change from 0 to 40427 [ 267.948828][ T5036] F2FS-fs (loop2): Invalid Fs Meta Ino: node(1) meta(2) root(0) [ 267.966547][ T5036] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 268.005348][ T5036] F2FS-fs (loop2): invalid crc value [ 268.055829][ T5036] F2FS-fs (loop2): Found nat_bits in checkpoint [ 273.171705][ T3198] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 273.248888][ T947] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 274.059018][ T947] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.066144][ T5157] input: syz0 as /devices/virtual/input/input16 [ 274.248801][ T3198] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 274.259365][ T3198] usb 3-1: New USB device found, idVendor=050d, idProduct=011b, bcdDevice=6f.a4 [ 274.268273][ T3198] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.277366][ T3198] usb 3-1: config 0 descriptor?? [ 274.308761][ T947] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 274.318402][ T947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.320165][ T3198] rndis_host: probe of 3-1:0.0 failed with error -22 [ 274.326698][ T947] usb 1-1: Product: syz [ 274.336871][ T947] usb 1-1: Manufacturer: syz [ 274.354084][ T947] usb 1-1: SerialNumber: syz [ 274.367309][ T5166] loop4: detected capacity change from 0 to 16 [ 274.374679][ T5166] erofs: (device loop4): erofs_read_inode: unsupported chunk format ffff of nid 36 [ 274.423472][ T5171] syz-executor.4[5171] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 274.423585][ T5171] syz-executor.4[5171] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 274.501315][ T5179] loop3: detected capacity change from 0 to 512 [ 274.521816][ T5179] EXT4-fs: Ignoring removed bh option [ 274.530025][ T5179] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem [ 274.542207][ T5179] EXT4-fs (loop3): 1 truncate cleaned up [ 274.547739][ T5179] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 274.566250][ T28] audit: type=1400 audit(274.541:2406): avc: denied { mounton } for pid=5177 comm="syz-executor.3" path="/root/syzkaller-testdir1934180061/syzkaller.v8yqhT/36/file0/bus" dev="loop3" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 274.613050][ T28] audit: type=1400 audit(274.581:2407): avc: denied { map } for pid=5134 comm="syz-executor.2" path="socket:[36623]" dev="sockfs" ino=36623 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tcp_socket permissive=1 [ 274.638892][ T5179] loop3: detected capacity change from 512 to 0 [ 274.649282][ C0] I/O error, dev loop3, sector 18 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 274.658679][ C0] I/O error, dev loop3, sector 26 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.668123][ C0] I/O error, dev loop3, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.677506][ C0] I/O error, dev loop3, sector 22 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.686925][ C0] I/O error, dev loop3, sector 20 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.696391][ C0] I/O error, dev loop3, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.705759][ C0] I/O error, dev loop3, sector 14 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.715265][ C0] I/O error, dev loop3, sector 12 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.724628][ C0] I/O error, dev loop3, sector 10 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 274.735954][ T5177] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 274.769251][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 274.777293][ C0] I/O error, dev loop3, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 274.786664][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 274.794956][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 274.802327][ T5177] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 274.811133][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 274.819377][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 274.827546][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 274.834358][ T5177] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #19: comm syz-executor.3: mark_inode_dirty error [ 274.846779][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 274.854847][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 274.863102][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 274.870852][ T5177] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 274.884089][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 274.892098][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 274.900349][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 274.906980][ T5177] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 274.962956][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 274.972513][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 274.980671][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 274.988222][ T5177] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #19: comm syz-executor.3: mark_inode_dirty error [ 275.025384][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 275.034126][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 275.045797][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 275.052701][ T5177] EXT4-fs error (device loop3): ext4_check_bdev_write_error:218: comm syz-executor.3: Error while async write back metadata [ 275.066108][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 275.074510][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 275.082695][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 275.090642][ T5177] EXT4-fs error (device loop3): ext4_check_bdev_write_error:218: comm syz-executor.3: Error while async write back metadata [ 275.187356][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 275.242698][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 275.251582][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 275.461790][ T5177] EXT4-fs error (device loop3): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.3: unable to read itable block [ 275.527901][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 275.543864][ C1] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 275.552685][ T5177] EXT4-fs (loop3): I/O error while writing superblock [ 275.577816][ T5177] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: IO failure [ 275.888720][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 275.900010][ C0] Buffer I/O error on dev loop3, logical block 1, lost sync page write [ 275.982866][ T947] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 275.990992][ T947] cdc_ncm 1-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 275.998481][ T947] cdc_ncm 1-1:1.0: setting rx_max = 2048 [ 276.028958][ T6] usb 3-1: USB disconnect, device number 10 [ 276.070344][ T5179] EXT4-fs warning (device loop3): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.3: error -5 reading directory block [ 276.138888][ T947] cdc_ncm 1-1:1.0: setting tx_max = 184 [ 276.149293][ T947] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 276.164582][ T947] usb 1-1: USB disconnect, device number 15 [ 276.173618][ T947] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM (NO ZLP) [ 276.185489][ T4661] EXT4-fs warning (device loop3): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.3: error -5 reading directory block [ 276.200825][ T5204] loop2: detected capacity change from 0 to 16 [ 276.208376][ T5204] erofs: (device loop2): erofs_read_inode: unsupported chunk format ffff of nid 36 [ 276.229814][ C0] EXT4-fs warning (device loop3): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 129) [ 276.240992][ C0] Buffer I/O error on device loop3, logical block 129 [ 276.247595][ C0] Buffer I/O error on device loop3, logical block 130 [ 276.254193][ C0] Buffer I/O error on device loop3, logical block 131 [ 276.260788][ C0] Buffer I/O error on device loop3, logical block 132 [ 276.267427][ C0] Buffer I/O error on device loop3, logical block 133 [ 276.273983][ C0] Buffer I/O error on device loop3, logical block 134 [ 276.280577][ C0] Buffer I/O error on device loop3, logical block 135 [ 276.287177][ C0] Buffer I/O error on device loop3, logical block 136 [ 276.293837][ C0] Buffer I/O error on device loop3, logical block 137 [ 276.300364][ C0] Buffer I/O error on device loop3, logical block 138 [ 276.388690][ T5214] loop4: detected capacity change from 0 to 256 [ 276.407083][ T28] audit: type=1400 audit(276.381:2408): avc: denied { watch watch_reads } for pid=5213 comm="syz-executor.4" path="/root/syzkaller-testdir2489006184/syzkaller.LT6c1M/113/file1" dev="loop4" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 276.872500][ T5238] 9pnet_fd: Insufficient options for proto=fd [ 276.886088][ T5238] overlayfs: missing 'workdir' [ 277.292944][ T5242] syz-executor.0[5242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 277.296829][ T5242] syz-executor.0[5242] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 277.727837][ T28] audit: type=1400 audit(277.701:2409): avc: denied { mounton } for pid=5249 comm="syz-executor.3" path="/" dev="sda1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:root_t tclass=dir permissive=1 [ 277.771307][ T5248] loop2: detected capacity change from 0 to 256 [ 277.799434][ T5252] loop1: detected capacity change from 0 to 128 [ 277.911525][ T8] device bridge_slave_1 left promiscuous mode [ 277.917606][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 277.960915][ T8] device bridge_slave_0 left promiscuous mode [ 278.018802][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 278.030845][ T8] device veth1_macvtap left promiscuous mode [ 278.036979][ T8] device veth0_vlan left promiscuous mode [ 278.923732][ T6] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 279.298774][ T6] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.451069][ T5249] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.462480][ T5249] bridge0: port 1(bridge_slave_0) entered disabled state [ 279.478462][ T5249] device bridge_slave_0 entered promiscuous mode [ 279.488780][ T6] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 279.490599][ T5249] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.504886][ T5249] bridge0: port 2(bridge_slave_1) entered disabled state [ 279.517068][ T5249] device bridge_slave_1 entered promiscuous mode [ 279.519792][ T6] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 279.544309][ T6] usb 3-1: Product: syz [ 279.557844][ T6] usb 3-1: Manufacturer: syz [ 279.567803][ T6] usb 3-1: SerialNumber: syz [ 279.568634][ T455] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 279.901426][ T5249] bridge0: port 2(bridge_slave_1) entered blocking state [ 279.908355][ T5249] bridge0: port 2(bridge_slave_1) entered forwarding state [ 279.915584][ T5249] bridge0: port 1(bridge_slave_0) entered blocking state [ 279.922510][ T5249] bridge0: port 1(bridge_slave_0) entered forwarding state [ 279.958764][ T455] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.978876][ T455] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 280.004849][ T5290] loop1: detected capacity change from 0 to 256 [ 280.006558][ T455] usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 280.021964][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 280.029025][ T455] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.037066][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 280.045293][ T455] usb 5-1: config 0 descriptor?? [ 280.050338][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 280.071280][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 280.080306][ T3198] bridge0: port 1(bridge_slave_0) entered blocking state [ 280.087188][ T3198] bridge0: port 1(bridge_slave_0) entered forwarding state [ 280.095022][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 280.103387][ T3198] bridge0: port 2(bridge_slave_1) entered blocking state [ 280.110321][ T3198] bridge0: port 2(bridge_slave_1) entered forwarding state [ 280.142558][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 280.162369][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 280.191448][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 280.211251][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 280.221087][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 280.229013][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 280.244902][ T5249] device veth0_vlan entered promiscuous mode [ 280.269737][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 280.284395][ T5249] device veth1_macvtap entered promiscuous mode [ 280.302702][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 280.312671][ T3198] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 280.333790][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 280.343468][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 280.569330][ T455] hid (null): invalid report_count -639039869 [ 280.584965][ T455] wacom 0003:056A:00F8.000F: invalid report_count -639039869 [ 280.592816][ T455] wacom 0003:056A:00F8.000F: item 0 4 1 9 parsing failed [ 280.601523][ T455] wacom 0003:056A:00F8.000F: parse failed [ 282.058906][ T455] wacom: probe of 0003:056A:00F8.000F failed with error -22 [ 282.129811][ T455] usb 5-1: USB disconnect, device number 13 [ 282.909544][ T6] cdc_ncm 3-1:1.0: failed to get mac address [ 282.941353][ T5317] loop3: detected capacity change from 0 to 128 [ 282.955659][ T6] cdc_ncm 3-1:1.0: bind() failure [ 282.990014][ T5320] loop1: detected capacity change from 0 to 512 [ 282.997106][ T5320] EXT4-fs: Ignoring removed bh option [ 283.002536][ T6] cdc_ncm: probe of 3-1:1.1 failed with error -71 [ 283.017650][ T5320] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem [ 283.028955][ T6] cdc_mbim: probe of 3-1:1.1 failed with error -71 [ 283.039718][ T5320] EXT4-fs (loop1): 1 truncate cleaned up [ 283.045269][ T5320] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 283.053785][ T6] usb 3-1: USB disconnect, device number 11 [ 283.109168][ T5320] loop1: detected capacity change from 512 to 0 [ 283.151507][ C0] blk_print_req_error: 557 callbacks suppressed [ 283.151559][ C0] I/O error, dev loop1, sector 18 op 0x0:(READ) flags 0x3000 phys_seg 1 prio class 2 [ 283.167060][ C0] I/O error, dev loop1, sector 26 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 283.176518][ C0] I/O error, dev loop1, sector 24 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 283.186093][ C0] I/O error, dev loop1, sector 22 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 283.194155][ T5318] EXT4-fs error (device loop1): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.1: unable to read itable block [ 283.195438][ C0] I/O error, dev loop1, sector 20 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 283.208660][ T352] lo_write_bvec: 126 callbacks suppressed [ 283.208692][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 283.217686][ C0] I/O error, dev loop1, sector 16 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 283.223470][ C1] I/O error, dev loop1, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 283.231116][ C0] I/O error, dev loop1, sector 14 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 283.240516][ C1] I/O error, dev loop1, sector 2 op 0x1:(WRITE) flags 0x3800 phys_seg 1 prio class 2 [ 283.249793][ C0] I/O error, dev loop1, sector 12 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 283.259119][ C1] buffer_io_error: 125 callbacks suppressed [ 283.259143][ C1] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 283.291633][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 283.298599][ T5318] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: IO failure [ 283.331635][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 283.339891][ C0] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 283.348011][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 283.354761][ T5318] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #19: comm syz-executor.1: mark_inode_dirty error [ 283.367281][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 283.375491][ C0] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 283.479062][ T5325] EXT4-fs error (device loop1): ext4_check_bdev_write_error:218: comm ext4lazyinit: Error while async write back metadata [ 283.492457][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 283.515523][ T5318] EXT4-fs error (device loop1): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.1: unable to read itable block [ 283.582983][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 283.604290][ C1] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 283.612814][ T5325] EXT4-fs (loop1): I/O error while writing superblock [ 283.669332][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 283.690818][ C1] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 283.699459][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 283.736961][ T5318] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: IO failure [ 284.117006][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 284.142177][ C1] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 284.152167][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 284.160993][ T5318] EXT4-fs error (device loop1): ext4_dirty_inode:6074: inode #19: comm syz-executor.1: mark_inode_dirty error [ 284.198869][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 284.218190][ C1] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 284.226395][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 284.242496][ T5318] EXT4-fs error (device loop1): ext4_check_bdev_write_error:218: comm syz-executor.1: Error while async write back metadata [ 284.267942][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 284.276665][ C1] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 284.284843][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 284.298634][ T5318] EXT4-fs error (device loop1): ext4_check_bdev_write_error:218: comm syz-executor.1: Error while async write back metadata [ 284.308410][ T5341] loop3: detected capacity change from 0 to 256 [ 284.311958][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 284.349103][ T5341] FAT-fs (loop3): Directory bread(block 64) failed [ 284.355487][ T5341] FAT-fs (loop3): Directory bread(block 65) failed [ 284.372119][ T5341] FAT-fs (loop3): Directory bread(block 66) failed [ 284.378499][ T5341] FAT-fs (loop3): Directory bread(block 67) failed [ 284.395369][ T5341] FAT-fs (loop3): Directory bread(block 68) failed [ 284.401902][ C0] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 284.410084][ T5318] EXT4-fs (loop1): I/O error while writing superblock [ 284.427288][ T5318] EXT4-fs error (device loop1): ext4_get_inode_loc:4635: inode #19: block 9: comm syz-executor.1: unable to read itable block [ 284.450563][ T5341] FAT-fs (loop3): Directory bread(block 69) failed [ 284.456985][ T5341] FAT-fs (loop3): Directory bread(block 70) failed [ 284.483857][ T352] loop: Write error at byte offset 9223372036854776831, length 1024. [ 284.491857][ C0] Buffer I/O error on dev loop1, logical block 1, lost sync page write [ 284.495604][ T5341] FAT-fs (loop3): Directory bread(block 71) failed [ 284.506333][ T5341] FAT-fs (loop3): Directory bread(block 72) failed [ 284.512787][ T5341] FAT-fs (loop3): Directory bread(block 73) failed [ 284.563725][ T5320] EXT4-fs warning (device loop1): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.1: error -5 reading directory block [ 284.659891][ T4429] EXT4-fs warning (device loop1): htree_dirblock_to_tree:1082: inode #2: lblock 0: comm syz-executor.1: error -5 reading directory block [ 284.719079][ C0] EXT4-fs warning (device loop1): ext4_end_bio:347: I/O error 10 writing to inode 19 starting block 129) [ 284.730305][ C0] buffer_io_error: 2 callbacks suppressed [ 284.730329][ C0] Buffer I/O error on device loop1, logical block 129 [ 284.742491][ C0] Buffer I/O error on device loop1, logical block 130 [ 284.749089][ C0] Buffer I/O error on device loop1, logical block 131 [ 284.755678][ C0] Buffer I/O error on device loop1, logical block 132 [ 284.762353][ C0] Buffer I/O error on device loop1, logical block 133 [ 284.768872][ C0] Buffer I/O error on device loop1, logical block 134 [ 284.775478][ C0] Buffer I/O error on device loop1, logical block 135 [ 284.782067][ C0] Buffer I/O error on device loop1, logical block 136 [ 284.788711][ C0] Buffer I/O error on device loop1, logical block 137 [ 284.795267][ C0] Buffer I/O error on device loop1, logical block 138 [ 285.633674][ T5343] device bridge_slave_1 left promiscuous mode [ 285.650387][ T5343] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.798705][ T3379] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 286.067314][ T5368] incfs: Can't find or create .index dir in ./file0 [ 286.073998][ T5368] incfs: mount failed -14 [ 286.080126][ T5370] syz-executor.2[5370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 286.080960][ T5370] syz-executor.2[5370] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 286.161675][ T352] device bridge_slave_1 left promiscuous mode [ 286.179277][ T3379] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.193688][ T352] bridge0: port 2(bridge_slave_1) entered disabled state [ 286.203401][ T352] device bridge_slave_0 left promiscuous mode [ 286.217819][ T352] bridge0: port 1(bridge_slave_0) entered disabled state [ 286.239829][ T352] device veth1_macvtap left promiscuous mode [ 286.245805][ T352] device veth0_vlan left promiscuous mode [ 286.458688][ T6] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 286.515044][ T3379] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 286.540771][ T3379] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.706744][ T3379] usb 4-1: Product: syz [ 286.737120][ T3379] usb 4-1: Manufacturer: syz [ 286.825522][ T3379] usb 4-1: SerialNumber: syz [ 287.457732][ T5376] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.464823][ T5376] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.480825][ T5376] device bridge_slave_0 entered promiscuous mode [ 287.490596][ T5376] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.518901][ T5376] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.535162][ T5376] device bridge_slave_1 entered promiscuous mode [ 287.659032][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 287.689138][ T6] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 287.761644][ T6] usb 5-1: New USB device found, idVendor=056a, idProduct=00f8, bcdDevice= 0.00 [ 287.761856][ T5376] bridge0: port 2(bridge_slave_1) entered blocking state [ 287.777524][ T5376] bridge0: port 2(bridge_slave_1) entered forwarding state [ 287.778064][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 287.784768][ T5376] bridge0: port 1(bridge_slave_0) entered blocking state [ 287.799257][ T5376] bridge0: port 1(bridge_slave_0) entered forwarding state [ 287.800072][ T6] usb 5-1: config 0 descriptor?? [ 288.505338][ T19] bridge0: port 1(bridge_slave_0) entered disabled state [ 288.513054][ T19] bridge0: port 2(bridge_slave_1) entered disabled state [ 288.542328][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 288.558928][ T3379] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 288.575535][ T3379] cdc_ncm 4-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 288.582852][ T3379] cdc_ncm 4-1:1.0: setting rx_max = 2048 [ 288.641407][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 288.649575][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 288.659256][ T321] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 288.667639][ T321] bridge0: port 1(bridge_slave_0) entered blocking state [ 288.674556][ T321] bridge0: port 1(bridge_slave_0) entered forwarding state [ 288.828178][ T3379] cdc_ncm 4-1:1.0: setting tx_max = 184 [ 288.867639][ T3379] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 288.882539][ T3379] usb 4-1: USB disconnect, device number 14 [ 288.891301][ T3379] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP) [ 288.904587][ T455] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 288.913800][ T455] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 288.922225][ T455] bridge0: port 2(bridge_slave_1) entered blocking state [ 288.929142][ T455] bridge0: port 2(bridge_slave_1) entered forwarding state [ 288.936974][ T455] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 288.951527][ T455] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 288.961478][ T455] ================================================================== [ 288.969387][ T455] BUG: KASAN: use-after-free in worker_thread+0xa36/0x1260 [ 288.976426][ T455] Read of size 8 at addr ffff8881109f8ce0 by task kworker/1:4/455 [ 288.984143][ T455] [ 288.986313][ T455] CPU: 1 PID: 455 Comm: kworker/1:4 Not tainted 6.1.78-syzkaller-00009-g25216be1ac5e #0 [ 288.995860][ T455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 289.005759][ T455] Workqueue: 0x0 (events) [ 289.010014][ T455] Call Trace: [ 289.013135][ T455] [ 289.015913][ T455] dump_stack_lvl+0x151/0x1b7 [ 289.020427][ T455] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 289.025718][ T455] ? _printk+0xd1/0x111 [ 289.029715][ T455] ? __virt_addr_valid+0x242/0x2f0 [ 289.034664][ T455] print_report+0x158/0x4e0 [ 289.038999][ T455] ? __virt_addr_valid+0x242/0x2f0 [ 289.043966][ T455] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 289.050024][ T455] ? worker_thread+0xa36/0x1260 [ 289.054711][ T455] kasan_report+0x13c/0x170 [ 289.059067][ T455] ? worker_thread+0xa36/0x1260 [ 289.063746][ T455] __asan_report_load8_noabort+0x14/0x20 [ 289.069209][ T455] worker_thread+0xa36/0x1260 [ 289.073743][ T455] kthread+0x26d/0x300 [ 289.077626][ T455] ? worker_clr_flags+0x1a0/0x1a0 [ 289.082491][ T455] ? kthread_blkcg+0xd0/0xd0 [ 289.086914][ T455] ret_from_fork+0x1f/0x30 [ 289.091177][ T455] [ 289.094030][ T455] [ 289.096202][ T455] Allocated by task 3379: [ 289.100367][ T455] kasan_set_track+0x4b/0x70 [ 289.104792][ T455] kasan_save_alloc_info+0x1f/0x30 [ 289.109765][ T455] __kasan_kmalloc+0x9c/0xb0 [ 289.114170][ T455] __kmalloc_node+0xb4/0x1e0 [ 289.118610][ T455] kvmalloc_node+0x221/0x640 [ 289.123020][ T455] alloc_netdev_mqs+0x8c/0xf90 [ 289.127622][ T455] alloc_etherdev_mqs+0x36/0x40 [ 289.132316][ T455] usbnet_probe+0x207/0x27c0 [ 289.136738][ T455] usb_probe_interface+0x5b6/0xa90 [ 289.141684][ T455] really_probe+0x2b8/0x920 [ 289.146021][ T455] __driver_probe_device+0x1a0/0x310 [ 289.151144][ T455] driver_probe_device+0x54/0x3d0 [ 289.156009][ T455] __device_attach_driver+0x2e3/0x490 [ 289.161211][ T455] bus_for_each_drv+0x183/0x200 [ 289.165911][ T455] __device_attach+0x312/0x510 [ 289.170504][ T455] device_initial_probe+0x1a/0x20 [ 289.175386][ T455] bus_probe_device+0xbe/0x1e0 [ 289.179966][ T455] device_add+0xb60/0xf10 [ 289.184171][ T455] usb_set_configuration+0x190f/0x1e80 [ 289.189426][ T455] usb_generic_driver_probe+0x8b/0x150 [ 289.194814][ T455] usb_probe_device+0x144/0x260 [ 289.199496][ T455] really_probe+0x2b8/0x920 [ 289.203866][ T455] __driver_probe_device+0x1a0/0x310 [ 289.208969][ T455] driver_probe_device+0x54/0x3d0 [ 289.213815][ T455] __device_attach_driver+0x2e3/0x490 [ 289.219022][ T455] bus_for_each_drv+0x183/0x200 [ 289.223709][ T455] __device_attach+0x312/0x510 [ 289.228313][ T455] device_initial_probe+0x1a/0x20 [ 289.233170][ T455] bus_probe_device+0xbe/0x1e0 [ 289.237867][ T455] device_add+0xb60/0xf10 [ 289.242025][ T455] usb_new_device+0xf32/0x1810 [ 289.246624][ T455] hub_event+0x2db1/0x4830 [ 289.250884][ T455] process_one_work+0x73d/0xcb0 [ 289.255565][ T455] worker_thread+0xa60/0x1260 [ 289.260078][ T455] kthread+0x26d/0x300 [ 289.263986][ T455] ret_from_fork+0x1f/0x30 [ 289.268242][ T455] [ 289.270409][ T455] Freed by task 3379: [ 289.274254][ T455] kasan_set_track+0x4b/0x70 [ 289.278764][ T455] kasan_save_free_info+0x2b/0x40 [ 289.283629][ T455] ____kasan_slab_free+0x131/0x180 [ 289.288574][ T455] __kasan_slab_free+0x11/0x20 [ 289.293175][ T455] __kmem_cache_free+0x218/0x3b0 [ 289.297966][ T455] kfree+0x7a/0xf0 [ 289.301508][ T455] kvfree+0x35/0x40 [ 289.305153][ T455] netdev_freemem+0x3f/0x60 [ 289.309493][ T455] netdev_release+0x7f/0xb0 [ 289.313833][ T455] device_release+0x95/0x1c0 [ 289.318259][ T455] kobject_put+0x178/0x260 [ 289.322515][ T455] put_device+0x1f/0x30 [ 289.326507][ T455] free_netdev+0x393/0x480 [ 289.330761][ T455] usbnet_disconnect+0x245/0x390 [ 289.335548][ T455] usb_unbind_interface+0x1fa/0x8c0 [ 289.340569][ T455] device_release_driver_internal+0x53e/0x870 [ 289.346473][ T455] device_release_driver+0x19/0x20 [ 289.351417][ T455] bus_remove_device+0x2fa/0x360 [ 289.356193][ T455] device_del+0x663/0xe90 [ 289.360358][ T455] usb_disable_device+0x380/0x720 [ 289.365218][ T455] usb_disconnect+0x32a/0x890 [ 289.369733][ T455] hub_event+0x1ed8/0x4830 [ 289.373985][ T455] process_one_work+0x73d/0xcb0 [ 289.378674][ T455] worker_thread+0xd71/0x1260 [ 289.383186][ T455] kthread+0x26d/0x300 [ 289.387095][ T455] ret_from_fork+0x1f/0x30 [ 289.391348][ T455] [ 289.393517][ T455] Last potentially related work creation: [ 289.399071][ T455] kasan_save_stack+0x3b/0x60 [ 289.403586][ T455] __kasan_record_aux_stack+0xb4/0xc0 [ 289.408792][ T455] kasan_record_aux_stack_noalloc+0xb/0x10 [ 289.414444][ T455] insert_work+0x56/0x310 [ 289.418602][ T455] __queue_work+0x9b6/0xd70 [ 289.422942][ T455] queue_work_on+0x105/0x170 [ 289.427367][ T455] usbnet_link_change+0xeb/0x100 [ 289.432144][ T455] usbnet_probe+0x1dbe/0x27c0 [ 289.436656][ T455] usb_probe_interface+0x5b6/0xa90 [ 289.441603][ T455] really_probe+0x2b8/0x920 [ 289.445943][ T455] __driver_probe_device+0x1a0/0x310 [ 289.451064][ T455] driver_probe_device+0x54/0x3d0 [ 289.455926][ T455] __device_attach_driver+0x2e3/0x490 [ 289.461133][ T455] bus_for_each_drv+0x183/0x200 [ 289.465833][ T455] __device_attach+0x312/0x510 [ 289.470422][ T455] device_initial_probe+0x1a/0x20 [ 289.475328][ T455] bus_probe_device+0xbe/0x1e0 [ 289.479884][ T455] device_add+0xb60/0xf10 [ 289.484063][ T455] usb_set_configuration+0x190f/0x1e80 [ 289.489345][ T455] usb_generic_driver_probe+0x8b/0x150 [ 289.494640][ T455] usb_probe_device+0x144/0x260 [ 289.499348][ T455] really_probe+0x2b8/0x920 [ 289.503664][ T455] __driver_probe_device+0x1a0/0x310 [ 289.508788][ T455] driver_probe_device+0x54/0x3d0 [ 289.513663][ T455] __device_attach_driver+0x2e3/0x490 [ 289.518875][ T455] bus_for_each_drv+0x183/0x200 [ 289.523550][ T455] __device_attach+0x312/0x510 [ 289.528144][ T455] device_initial_probe+0x1a/0x20 [ 289.533004][ T455] bus_probe_device+0xbe/0x1e0 [ 289.537604][ T455] device_add+0xb60/0xf10 [ 289.541772][ T455] usb_new_device+0xf32/0x1810 [ 289.546374][ T455] hub_event+0x2db1/0x4830 [ 289.550625][ T455] process_one_work+0x73d/0xcb0 [ 289.555320][ T455] worker_thread+0xa60/0x1260 [ 289.559824][ T455] kthread+0x26d/0x300 [ 289.563730][ T455] ret_from_fork+0x1f/0x30 [ 289.567988][ T455] [ 289.570157][ T455] The buggy address belongs to the object at ffff8881109f8000 [ 289.570157][ T455] which belongs to the cache kmalloc-4k of size 4096 [ 289.584040][ T455] The buggy address is located 3296 bytes inside of [ 289.584040][ T455] 4096-byte region [ffff8881109f8000, ffff8881109f9000) [ 289.597324][ T455] [ 289.599496][ T455] The buggy address belongs to the physical page: [ 289.605755][ T455] page:ffffea0004427e00 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1109f8 [ 289.615828][ T455] head:ffffea0004427e00 order:3 compound_mapcount:0 compound_pincount:0 [ 289.623972][ T455] flags: 0x4000000000010200(slab|head|zone=1) [ 289.629909][ T455] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380 [ 289.638311][ T455] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000 [ 289.646713][ T455] page dumped because: kasan: bad access detected [ 289.652967][ T455] page_owner tracks the page as allocated [ 289.658516][ T455] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 5376, tgid 5376 (syz-executor.1), ts 286955257974, free_ts 286939182037 [ 289.681432][ T455] post_alloc_hook+0x213/0x220 [ 289.686034][ T455] prep_new_page+0x1b/0x110 [ 289.690373][ T455] get_page_from_freelist+0x27ea/0x2870 [ 289.695754][ T455] __alloc_pages+0x3a1/0x780 [ 289.700181][ T455] alloc_slab_page+0x6c/0xf0 [ 289.704611][ T455] new_slab+0x90/0x3e0 [ 289.708514][ T455] ___slab_alloc+0x6f9/0xb80 [ 289.712953][ T455] __slab_alloc+0x5d/0xa0 [ 289.717107][ T455] __kmem_cache_alloc_node+0x1af/0x250 [ 289.722402][ T455] kmalloc_trace+0x2a/0xa0 [ 289.726654][ T455] kobject_uevent_env+0x262/0x720 [ 289.731517][ T455] kobject_uevent+0x1f/0x30 [ 289.735860][ T455] netdev_queue_update_kobjects+0x235/0x4a0 [ 289.741586][ T455] netdev_register_kobject+0x270/0x320 [ 289.746881][ T455] register_netdevice+0xe43/0x1490 [ 289.751829][ T455] __ip_tunnel_create+0x322/0x430 [ 289.756690][ T455] page last free stack trace: [ 289.761204][ T455] free_unref_page_prepare+0x83d/0x850 [ 289.766499][ T455] free_unref_page+0xb2/0x5c0 [ 289.771010][ T455] __free_pages+0x61/0xf0 [ 289.775178][ T455] free_large_kmalloc+0xa9/0xe0 [ 289.779865][ T455] kfree+0x93/0xf0 [ 289.783423][ T455] kvfree+0x35/0x40 [ 289.787069][ T455] wg_destruct+0x2c0/0x300 [ 289.791321][ T455] netdev_run_todo+0xb43/0xd00 [ 289.795923][ T455] rtnl_unlock+0xe/0x10 [ 289.799915][ T455] default_device_exit_batch+0x97a/0xa00 [ 289.805382][ T455] cleanup_net+0x6c9/0xbf0 [ 289.809635][ T455] process_one_work+0x73d/0xcb0 [ 289.814324][ T455] worker_thread+0xa60/0x1260 [ 289.818837][ T455] kthread+0x26d/0x300 [ 289.822744][ T455] ret_from_fork+0x1f/0x30 [ 289.826993][ T455] [ 289.829167][ T455] Memory state around the buggy address: [ 289.834646][ T455] ffff8881109f8b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 289.842542][ T455] ffff8881109f8c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 289.850440][ T455] >ffff8881109f8c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 289.858330][ T455] ^ [ 289.865370][ T455] ffff8881109f8d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 289.873298][ T455] ffff8881109f8d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb 1970/01/01 00:04:49 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 289.881160][ T455] ================================================================== [ 289.889058][ T455] Disabling lock debugging due to kernel taint [ 289.986881][ T6] hid (null): invalid report_count -639039869 [ 289.995828][ T6] wacom 0003:056A:00F8.0010: invalid report_count -639039869 [ 290.003387][ T6] wacom 0003:056A:00F8.0010: item 0 4 1 9 parsing failed [ 290.010788][ T6] wacom 0003:056A:00F8.0010: parse failed [ 290.016416][ T6] wacom: probe of 0003:056A:00F8.0010 failed with error -22 [ 290.031977][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 290.049305][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 290.444651][ T947] usb 5-1: USB disconnect, device number 14