last executing test programs: 24.623020422s ago: executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48) timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000080)='mounts\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_misc(r2, &(0x7f0000000280)=ANY=[], 0xfffffcdd) sendfile(0xffffffffffffffff, r1, 0x0, 0x7f) r3 = memfd_create(&(0x7f00000004c0)='\xc0\x87:*\x18\xc1k\xa7\x87[\xa0o84I\xaaK\xa5\xd3\v\x86\xca<\x7f\xfd6\x8d}\xd8\xf2G\xb8\xeae)\x90\x86\xe3\x96\b\xe0\xfa\xb1\xd8N\xb2W\xcb\x8d}3lm8\xa57\xc9\x00HO\x00\x00\x00\x00R\xfc\xcb%u3\xec\xde%\x9d\xe4\x1d\rD\x82S\x17?\xd6\xb1\x9aF\xe2\xba[\xc7QR\x9f\x81\x8b\xdc\xc7\xdc\xdem\xbe\x7f2\x11\x17\xd8\xda@4\x9f\xc5*T\x1e^\xf7o\xff\xff\xff\xffwI\x02\xf3\xe3\x8d.\xd1=\xcf\xbf\x81\xb5\x8d%K\x1d\xe7_\xde\x87\xdd\xc1\xf0\x91\x1a!\xa5\xd3\v\xc9\x95d\xe3*\xa9\xfa\x99\xae\xb8\x89>\xc9\xf2/\x13{\x1a\x7f\x00\x00\x00\x00+$\xedX\xb7KV\x90\xc3D-\xf3\x8c\x9a\x15\x9c\xf5\xb4O\x17@d\x81+\xf6\xe6+\xed\r\xd2\xb3\xaa\x9b\x7fC\'\xa2\xf6\x12\xa1\x15Punfo\x7f\x92G\x0e.\xce\xd8h\xb9p2\xccC\xbaH\xc4\xdc\xe2\xa1%)\x85\xc7O]\'9\x92\x8f\xfbJ\x02\x1d\x91-\xc99\t&\xbdq\x06`T\xc8\x92\xaf\xad\x06\xdd\xaf\x84\xd4\"\x13\xcf\xe5\x93D\xad~F\xe5\x19\xaa\xaa\xb2\xb1\x03m\x82+\x06\x1bF^\xd3n\xc4F\xc1\xc08\x94\xe6\xe5\x1f\xa7\xf6\xcaA\x90T\xf1\x1b\xe6\xb9\xe7\xff\xc5H\x04\x93\xca\xad\x17UlY\x9a}\r4\xac\x93\xac\v2\xc6\xf9\xbe\xfeI\x8b\xd4/`\xab\x1e\xcf\x7f\b\x94\xfe2.{\xc1\xbe\x9bth~\xcb\xb9E\x10W\xed\xed51[z\xb6>\xd3\xe7Y*\xdb\xa7h\nt\xddP\n\xc5\xeb\xb1ux\x94@\x00\x00g\x02D9\x83\xa7\x97\xf4\xb25wL\x97\xfb\xb9\xccj\xb3\x96\xc1@\xee`{\x87\xa8]\x96\x9cjF^+\xcc1l\xcbmA,5\xc4J\xcab\xa6\x91\xa0\xeaU\x92\x01\x1f,\xfa\x10\"+\x01\x00\x91\xe9\x1cz\xd1f\x901\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00o\"\x85Np\xba\x0e4\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb8V\xe4\xa1C\x90\x17\xcc{\x9d\xf1\xbd\xb0\xca\x03\x96\x85h}\x8f\x1c)X\xc83rA\x90r\xb6\xba!;\x95\xaf\xe0\xcb\xec\xcd$\x02f\x8c4\x1aH\x8fC\xbfr\xd39\x92\x1fShu\x9e\b\xd4m\xa8\x16\xa6\xd5\xae\xcb\x03oFQ\"\xf7F\xb7\vp\xb6\xe5\x92\xe2O}.\x95A\x9bH\x8d\xa1\x80\x1b\x14u\xfdK\xce\xaf\x94i\xf1s\xf7\xb8Jq\xcb3=M\x84\x7f\x181/\x9bQ| Z\x19\xad_\x13\x99\xf7\xfdOD\xd3\x9d\x9d\xb8d5g\xf1\x84\xbd\xe5\xa2\xb3\xda\x82\x10n1\xed\xba\xe3\x96\x85\"\xb6\xa6n\xe7\xfd\xd4\a\x97\x85\x810/\xc4o\x11\xc8\x1b\xc0\f\xeec\xa4\x7f|P\x00\x00\x00\x000p\xaf\xfdk\xac\xcc\xac`\xc9\a<\xadIt\x9b\xeb\x8a\xfe\x9b\aO\xa5?h\xe1B\xa8C\x8e;/\xa8\x94\x1bs\xf0\xa9>\x9e\xff\xc9\xd2\x00h\xcb\xfb\xb6Y\xbfp\xd8\x90\x96\xec\x83N\x8bNnx\xb6\x16Y\xf8sU\xae\xa0\b\x8cLq\n\x1f\x99t\xb6\xffozu\xa0B(\xe9?\xcdA\xba\xa8\x13Qc\xda\x16?\xe8z\x8f\x862!\xbf\xa4\xb8\x9bC\xe9Od\xe8\xd32m\x06RX\x7f\xf7\xc2\n\x94\xe5P:l\xd9\xd5\xbd\rH6-\x8a\x12m\xff\xe9\xa0\r\tk\xda\xa4q(\xae\\\xb6\x14I\xf7\xe0z\xf10x0}) ptrace$poke(0x420e, r1, 0x0, 0xfffffffffffffffb) 1.68207273s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r1}, 0x10) syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000040)='./file0\x00', 0x1000801, &(0x7f00000000c0)=ANY=[@ANYRES64=0x0], 0x23, 0x203, &(0x7f0000000ec0)="$eJzsmT+IE0EUxr+Z3ducQQQbCxEsPDCit9ndqFxzhYKlIJx/GyF463G6d5FkhcuBRbCxsbQQbG0sLSxSWdjZ2WqhgmBhKrHUkZmdzU52k6BJlMC9H2Tyzbw3b+a9XV6zIAhiz/L504+Pj8+vXD4FYD+WUNLrX63Mhxv+H57eP/lk9cKzl++fv9k+8KCbj8cACPHn50v/1y+yuRCDu5eAnyJBasUVcJzQ+hoYXMvYrHeHYLihl+8ozZRu7NOLUchuNaL125tR6MnBl0MghxqQXcEG0OswrANY1Ecw436t9u7degQ0ExGFqVgQ6TkF09+KcfVT9zvHsWqUQD6v648eduTc1eseeL9+Pjh8rWtgWNN6BSW4rpuVxMj/sJ3Ftwr5zyDJfyEOLhdMN61ECPFLTB45zV6vXP0+6JO9Y3NQhP8iZLazjXxkhEnWdsojWH6FZY+y1T7U674t7voyH3WeSKjGBaBgeleOootTRHb0ez5oqpRz/YnZwHGjP9mw+/ZqvHWv2mrvLm9u1TfCjXA7CGpnvdOedyaoqkaUjGP636LqT2Uj/sIIX4c52KnHcdPfAeKm358HyWh03LVXjW9qD1f9j6NyLIkhXxWVdmn4GUz/uPqXqmKNvDxBEARBEARBEARBEARBEMRYnNz8KBj0FzOWfhMbQnBJef8OAAD//71rahU=") 1.522189335s ago: executing program 1: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b708000000df00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.controllers\x00', 0x275a, 0x0) flistxattr(r2, 0x0, 0x0) 1.489447889s ago: executing program 1: prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) 1.480962251s ago: executing program 1: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="1805000000000000000000004b64ffec8500000075000000040000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454da, &(0x7f0000000080)={'batadv0\x00'}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=ANY=[], 0x34}}, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_type(r4, &(0x7f00000000c0), 0x2, 0x0) preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000100)=""/185, 0xb9}], 0x1, 0x0, 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(0xffffffffffffffff, 0x4010ae67, 0x0) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) unshare(0x44000680) 934.430795ms ago: executing program 0: r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000080)=ANY=[], 0x8) getsockopt$inet6_opts(r0, 0x29, 0x39, 0x0, &(0x7f0000000180)) 923.179067ms ago: executing program 0: syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x2000480, &(0x7f00000001c0), 0x1, 0x76a, &(0x7f0000000fc0)="$eJzs3d9rW1UcAPDvTdt17aatIOh8KghaGEvtrJuCDxMfRHAw0Ge3kGZlNm1Gk461FNwQwRdBxQdBX/bsj/nmqz9e9b/wQTamdsOJD1K5adJla9KlW5MI+XzgNOfce9Nzvjn3nnuSe0kC6FsT6Z9MxKGI+CiJGKstTyJiqJobjDixud3t9bV8mpLY2Hjzj6S6za31tXw0PCd1oFZ4MiJ+fD/icGZ7veWV1flcsVhYqpWnKgvnp8orq0fOLeTmCnOFxWPTMzNHj79w/NjexfrXL6sHr3/82rPfnPjnvSeufvhTEifiYG1dYxx7ZSImaq/JUPoS3uXVva6sx5JeN4AHkh6aA5tHeRyKsRio5loY6WbLAIBOeTciNgCAPpM4/wNAn6l/DnBrfS1fT739RKK7brwSEfs3469f39xcM1i7Zre/eh109FZy15WRJCLG96D+iYj44ru3v0pTdOg6JEAzly5HxJnxie3jf7LtnoXdeq6NbSbuKRv/oHu+T+c/Lzab/2W25j/RZP4z3OTYfRD3P/4z1/agmpbS+d/LDfe23W6Iv2Z8oFZ6pDrnG0rOnisW0rHt0YiYjKHhtDy9Qx2TN/+92Wpd4/zvz0/e+TKtP328s0Xm2uDw3c+ZzVVyDxNzoxuXI54abBZ/stX/SYv576k263j9pQ8+b7UujT+Nt562x99ZG1cinmna/3fuaEt2vD9xqro7TNV3iia+/fWz0Vb1N/Z/mtL66+8FuiHt/9Gd4x9PGu/XLO++jp+vjP3Qat3942++/+9L3qrm99WWXcxVKkvTEfuSN7YvP3rnufVyffs0/smnmx//O+3/6XvCM23GP3j9968fPP7OSuOf3VX/7z5z9fb8QKv62+v/mWpusraknfGv3QY+zGsHAAAAAAAAAAAAAAAAAAAAAAAAAO3KRMTBSDLZrXwmk81u/ob34zGaKZbKlcNnS8uLs1H9rezxGMrUv+pyrOH7UKdr34dfLx+9p/x8RDwWEZ8Oj1TL2XypONvr4AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg5kCL3/9P/Tbc69YBAB2zv9cNAAC6zvkfAPrP7s7/Ix1rBwDQPd7/A0D/cf4HgP7j/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAECHnTp5Mk0bf6+v5dPy7IWV5fnShSOzhfJ8dmE5n82Xls5n50qluWIhmy8ttPxHlzYfiqXS+ZlYXL44VSmUK1PlldXTC6Xlxcrpcwu5ucLpwlDXIgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA9pVXVudzxWJhSUZGRmYr0zhKjPRugAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4n/svAAD//9EyKso=") r0 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0) ioctl$FS_IOC_GETFSMAP(r0, 0xc0406618, 0x0) 884.068153ms ago: executing program 0: r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0xe, 0x4, 0x8, 0x6, 0x0, 0x1}, 0x48) r1 = socket$inet6(0xa, 0x80002, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r0, &(0x7f0000000280), &(0x7f0000001840)=@udp6=r1}, 0x20) bpf$MAP_LOOKUP_ELEM(0x2, &(0x7f0000000200)={r0, &(0x7f0000000140), &(0x7f0000000000)=""/82}, 0x20) 867.067196ms ago: executing program 0: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file1\x00', 0xa18c14, &(0x7f0000000840)={[{@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@fat=@codepage={'codepage', 0x3d, '1255'}}, {@fat=@codepage={'codepage', 0x3d, '855'}}, {@utf8no}, {@shortname_win95}, {@shortname_win95}, {@numtail}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@rodir}, {@rodir}, {@numtail}]}, 0x81, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) 846.725299ms ago: executing program 0: r0 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x1ff, 0xa401) ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000000)={0x0, 0x0, "ec9fe44d4dbe56a65274d7c727e7e53c1bb714e315eeb406bfdd73835e57efa94b1a0275781c647aa7e3470c6028642b17832b10b386a6f73791011c26a9aa141f406e312295ee620a9a46577b9249b738fe7750bec83bf6ed5b67213fa7d6c0823fd154ed29ed7eff0d26ff199ee1ff379742c3f0b46caa357d70ee438f901d7645c3f87e4b21482b76f2ad8eaac090272081f98fd2e3e5a63e006204df635e731a5bfcf142f4529517454618de595cd179445b4bdbf698b9986356f0ebf7d25a57774ef474f86a3ad24ae9f0bf94b99e6b87de5f79d383d05bb32701daed400785a49788f08caecc9e0c48a3740bbe6e1c1fd400cfdfe756bcb7d08e36655c"}) ioctl$USBDEVFS_CONTROL(r0, 0xc0185500, &(0x7f00000001c0)={0xa1, 0xf, 0x0, 0x0, 0xfef6, 0x0, 0x0}) 837.818041ms ago: executing program 0: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000380)=ANY=[@ANYBLOB="120100009e173610ef171e7206de010203010902"], 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000022d900060000000077f2ab26850000002300000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10) syz_usb_control_io(r0, 0x0, &(0x7f00000009c0)={0x84, &(0x7f0000000000)=ANY=[@ANYBLOB="00000400000023cd04c8"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 599.698477ms ago: executing program 1: madvise(&(0x7f0000000000/0x600000)=nil, 0xffffffffffffffff, 0x10) r0 = socket(0x10, 0x803, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="4800000010000507000000000000040000000000", @ANYRES32=r3, @ANYBLOB="0000000000000000280012000900010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pfifo_fast={0xf}]}, 0x34}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000013c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=@getchain={0x24, 0x24, 0xffffffffffffffff, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0x0, 0xfff1}}}, 0x24}}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000140)='/sys/block/loop0', 0x2, 0x0) shutdown(0xffffffffffffffff, 0x0) write$FUSE_NOTIFY_STORE(0xffffffffffffffff, 0x0, 0x28) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) getpid() r4 = syz_pidfd_open(0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_usb_connect(0x0, 0xb, 0x0, 0x0) ioctl$BTRFS_IOC_ADD_DEV(r4, 0x5501, &(0x7f00000000c0)={{}, "c4005a51cf48a456fe399e96793568de827d6e3af15928143f77a2c2bf19506fac2c94a8808e7365569e94b6012f452ddbdb4acaadf3199a4fa57eab4549a87e05bb9a155f3d08704dc753cff79d5128dc113e58ecd5a19e0bc7bef139e74acaed4f126be4cc57e22d44a734c7f2c44b2b2dc3ecfb59318827549e5b2679b3cc4f9e5df2bc30b674fb5f8e181e7dab6cc37989c9911a3d5b32ac444ebf78c76d68c313ed1bcaa4bfcdddc200878c72704b48f4cda8c86a41c703694c1e57aaf73751f45d5ed54010c14c30ea8ca2f620ab57b6ad6bdf3263aeab2de44576b10a1040c6cc84fcf2cb5037e025b227baf26e0c5bda231531365c778ef42bc49fd603b98b7b5173f2f1669834e8cd5167092f5d56e6c2623165710ec863179f143dba38551641ea77676773f3a18e97ada500fe448f172e6e714e16079d8233626d4c5c08c9117c5872c5d815ae0d481c25f2cfd2c76c6723e5ee78d5941b7d49e3d123294dd4c04c2691c5d086393047e3fd027daebf2114d1e9da89a36a49f7a411638060e87593ed8e45fb4292ff888e2eb7b776c9428623a34454eb2f11a47b43707e4b161faa8b8dc0d9cb2a0ac253ab41d0172190749ae06af564cabff5a0ba5df004c44138b49d2e17944f6588839fdedcf6ddef583df85490fa3a956e416e02943d56f734c3d3aa8b4898544e8f417c79bb5532b4ab2393c6723488c627a285686a0dac4cd6df370ab806b80f251256cfc058f8c2c2b46dca533048a18315caca12ad5915f077285ffbe1a4b5f46f2af4e45695348200e1f5a57a698acae6b4f6124fc076af5f40c3461e91b2639a84be51abe62d27cde1642731d31ae1264d20a21011bd221f8d0e4fc9835ccb61405e1ba6fcd48b9d3487909f89a0f40f91abfd3d33876b707d908bd2b076d37f5b2e2d530210e3930cf0418c3a7d8d4ac8cd16b4d2b2d4ebf6134c88813a808d82c86a20b7beb6534bb112b374d5b0a2beacb4e37872a2df879ebd568f0b20ce7d4aeb5ef6c960093b8a3d0e0332d821fdd099269364539d876caf78e60232baf7cc26589453666f17f94ac05fc2b752546a9586f9f18288e5944effa6f912709652113377ee14d949842910b0af467706b42d969908840fe55857f526694cdacb7735f2e0bdc49ca50ca57193aec63535f679e1486185bae007a7cd345bf8d7428e1a2881f6d327ee34ef0bbd67b51d25000fc59ed894c001ca327898dc4a3e7c33e20542772f31e7f125eedec11604b6569f051e643bff91d616284d2ea0f25320c22caba4d681781a13bf341dc22f882540aaab75d5bba9bbfe8aa960705d1d903a7ed8b7a14cc18b2ec9d1640ba3b6cf9c2a6cde4f7b23d1eb42fa57d2b2206c6cd6f84a5b7d682a09064e341c844edd3361f2e457a5057e1c3d97916190d9749adbadb70797f1729cc01c6146a23942e245021fe02748e2235582b36df8236c8b25fa94d1ed7e495f0df447b36f609b17526b2c8c43f1ded38f99344f2553fd911deed701d89fdf92ed6368d74f6f09ce2d26a3916f28eda4fac022f043aff14bab96f3841980533b2f935cfe7e40ad9cc77557d50a32a73aa71ae37a0cece6580887608d028b55fa7a1a1cf214098fe13c1a32ee5890e3d2c9a4d23041f89bac353aa1641df4375080b2181555e9667082a35b041645be39a47298b747eed9d127d8d342b620d0ecd2a48a86bd7dbfa04b3cfad62f5b1055b2259dc64b02d27599fff87c8303b47174e3ee66645d1eaaa05d63bad90ef4fdb97d21b478b37c313571d5776495460b57ba25dc2a5def286c8e81a3fdaa3dfb1dfb9deec86aa3629a03b9722bd95a96972a32552ba5d74f03989c73598b3ba0ef19151631ba4cf90d1bcc35c7cd2fecd6c271564df5ed232581417488454f5878f09523ce1b966162808d13a86872ad04bc777544ae4477459d197c6aaecf52e229a6cc94d151e014b589311f8e5bb7eb57605a80c11a7df2110b70735ae34a21e467f7bd8c3f81c1f9dfcf9464365566786b086637717df597c05b45249b04faa2269ca5a3fca2f1797682f24a34c9f70c27b6dd47fe9f6f006c934481524985afeec903f160c4e2c36c2bbe2081ff33733ca17ca2a2d794fd3af80d5a1adcbfa384e1ba851f4a554433e532f321b332d640513c9df326ddaa4691201f94d1b4b82b82f9bb986e00242fce6588d906cd820640a59707cecf78533496fdc49d90effde5769812ae474ef31adb849542ef23359a640eeeadecf273713a46e96c836823012fc190c8d1dd88d965fbe11074da36375c11fedc648160b55b8b8bc830b72a6f98b1396a72d96f06fab40ddd4729dc162d30e8a34c4041cc22fd62eb501fa685ae7d53376cca12e40f53edd0ae8abbb666c75a6ca8658b4ef8810931158868afb757831d14e81cdadc995fcb98e2da29300480ca03494f81b59985dbe3da8634a3c4a00626d08d6f1f997ccd63a1a103d292d29cdf15b2c4bca2f34ba406a47d9a184ed712356257ec45aa9a8ed8b8daca20f6a2edb1494a2af100000000000000006f1bfeb0edfdb1f10b66753f3fe900b95be3aafbfb5e2976de8b2c6b485243770da0cdc8f4d7384b6f39817f5661429442b20cab08cc28cf814ebf10d7ad4de140241ec169d70781524127a9454e5f1ee9fd5652818683a2f7ff0b11c8fea2ff7398e01df48c8eb62123f2630d561470003d020f4cc8923654fcf65d400ed0792af6bf1876099951e938adc275f47b9ba178b8ae3e9b295fab66c144ad8ad2fd29bced367833b76b2f0ded8dfead5dfccfc9ba2d658688abeb41f53eaf6efa82e5947f8d7a6e1010517032443507f5bd419317324000ca02e49db1cb985f8f11149496bfe54629f3f759c3100e0ab50c95446fd390a87b884930763ac810bdcdaee81b64343b955eba24d34d816bcf3eb5df1b6b44317e033a9015640942da607e3ea61727b97eab7511ff680dc5f4e54fa19e07c0023152272edc066010e661de98f73f913bc04983b325ff62134b41081dce65528af69b5206f9522b3e09f78dea218621e60f5ca9c58212526d96aace431133528b8a5354b213ef4883ef271e488bf629284c277843202bf7a41dbe2616e8338ab14f83bd6da1d1c4a4b50b6372564187a497036f2040f77c099bd0d98d3e4eebd4bf433360c518fc965e966642a22a335f3a9688336bd254dc9fe32632d4c1599c6b72fca290d9cae38548f4ad5d2a165053b7d392276d81ff26e97ebcfa210eddc832240de22bbfc6623929aa2d8bad6c41db54e2125063f9153e98b2316ae5e9d51a3a9efe5a81242f7045dbafa8db63cafad19e32b767dcd5adfd5e5459dce45c71f61a18a3e6a7de43bd61d6015fac48dcecb60795e02b30dc04cc4a408abc2dee10a97fb387a229ba5c07cebc63037c0102c846393b2bf865db38e51ce44b5cede8d530cb6496e5a34b9b0b060b8bd6f98cd53169518a1732d92af494c351f8ce753754f7d944865de345d8520a9232a1c5e516e61f23c39e09bac5d7c70a478e0b7a3208f61f090f69b9ab33da7a8ae16626c3d26f11065fd46851eff2c5968f937e90abe02555cad9e54b4bcaf3ee55aba96406cd457e27c1ad5b9cc640afff1d94d7d5f854fd50a66bf37355c548f840129ae0d81dc23202e4d7921236172d1c4920c1bf5e7bfad21740acd8f5fa278b6de2336276e271045d0ef0a9a566ae988269cb16f7eee941941d3a9f05d754cbb92a27ad9cb374872c3566a9db35920d63f0cfa69ef8dfc41f307f7c1f1ae712e3f6001e57e1de99777212ede107b692182c507b168c77a3824f0cd663f6d2ffe73e3d90587b3444e9a3cb093ddefd2869db927938ecf6cbd16a85d0849b7c829a37b70b24868e7ab1aa2adc012d85a8bf374225281b50882a40e6bed667f0538d8c85768cc9d8537bedfebe64cddf937a150c565e3824a75f5e7a173fed0ed3b3aa8750fde47ce1c219d5fc1977abc24c7a28aa8251e29a17eee3405d4c1f1f5e8b53df9425d6dde4b9de4715097c58062a977637b42974a40f0bf24dcca060871b759e5f42a12da7d89a494468f6c91c47ac17e7bfd61e62872541fd5d3941c0f0ebca3de06ca63cb52b186737fc61ade4eaed0fd5dd1eb4b8e2d2ebb689741fb354c8bbdc9092f68a156952395585113d78254ec826ba49204d76b8dcd854c4cf942c50c38ad5f8db2bf032d5eced178b25e56f9b39961aea03785119cab42fffbbbeaa15f0c21511f441fd72ab25014dbe5a35dfe295486e0d2e5803304deff8736e1d8df7886e4725321bc450c68459f01b5b3014735e81f989945e59b4c5e367976e90124e9cf422cc0f0d624627ab83ccd65ac7c1b91424672ebb3d91d932994c6e215a9d60efb6ed87eb579951668273e9a38f9089179459d2f670a21bd999a97c968891c59402d188dc601ef033fb9af3291b8778f2a38d379913a02d2215f2960f80847afe4d65f1fc7bcd1995e83fc88d87d799af0bf16060780efc8dbd08b041d8c2f646ca18ea18d3d295e172b344b6aea8d2a2620b6379c5c368459fee07bfcc83c83acaf3dc67755bbe8fe58b1a39051ef2327b30c886a0a5183e38c199e32365cb8194deade3262ea5ffa559b789da10f2948e135ce5858e1b016c153b14795a085b5bef350f95487a3f748afa943179d87a1e8828edc33804c2ea49979074fe162a8a36689286c390585d9f83645be3b921c4a6678b8ffd7edfb7a85265d5796ce4f12595b364fcc81b58c267beaa85dd47ad8c55783fe526d6dd0e3cc1f70a7e88d6f826b18aeab8282ff8e2a13ee8f03fab41be97af13c87883f87e6f0bdda04deebc05e35b601a55cc984478a997725d3faab2101cd9596c757c659e6b6c9178f620fbdcb87e399404f4bcd9b57dd1013818e58a785bed0a7fd1f5e5e355816ceba6745a42e10a145c87aedede2e0bed7bc75015a8354ba95a226c87df41d41e4ae368c4e84e8a032c48977601d71eae547f95375746e1f9c86135481bd09a08fee04db26b96cc9327bbde61cec27a56d114cc0e6459170e6cc44d846a2a55046b505e14dbdac32aa759e5d0268fe819a3dc503247b6c24c1607b4742671f5ad63c21812b1904b3c39ec8734fb1ee77a124a29c50154f53c89754f5e4719cc0279c851a63fc33e16f2393e5134568b78126b5680664fcd1fbf9d88f4efdadc120bbb4f21ddd7bf4c445a534631c5f2c4b51d7842743493b4a13bb99f160987284bc7960aaa6d40dbe05e20f42ff48425d1c8166b7fd457d33d808b456b7b11d3d3c1f445a9698ee8a473fb116c5c4824fa224088fa6f031f07f2972e62592d59536dc4cbe3c1cb33e922b0f35f79f1df10ab43e1d3e5dc480bdd8a7039f71ee9c73f976809ec2853ad0c18e4f0ee73fd1361591375d3db6c822e7baae597fc454aae7b426922e9fd9a87fe52a25d5cd03434d7ffb9f319fbeb403c0836f2117cf851bf7660ecb567a6cd918e85190683c1c0a79da1cd92b8527400008f047a436a4859be0e7b9469c6830a81d81f93ea8ba1b614de4386296089c9b34f4b8116ae7afedd43f6a82abf4302e4d8a9fba0b87347df1f5bb676f496bf29bf9ea9e3ea4bd1dd3f3d4feb7609f96424f35035b5a13fd6efd0441dea1c1f17feae7d5a1ef77aa05537fc87cc2021c92d5cbbbd159258a45972e112e123e306ef0daa36e1ff069be815c5d0b74b6b41c6d5b76c04057de0a43c2e40b04fc11b60f0f1e7ff0b88fb600d79e03cc8b73fed0af95601acca"}) socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, &(0x7f0000000180)=0x7, 0x4) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) r5 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x7, 0x10001}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000040000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$TIOCSTI(0xffffffffffffffff, 0x80047437, &(0x7f00000000c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xffffffffffffffbb, &(0x7f0000000040)={&(0x7f0000000000)=ANY=[@ANYBLOB="00010000", @ANYRES16, @ANYBLOB="c88845e7e05ae52d00009300000008001317"], 0x1c}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'lo\x00'}) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8b28, &(0x7f0000000000)={'wlan1\x00'}) 243.070932ms ago: executing program 4: bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000807b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f00000005c0)='kfree_skb\x00', r1}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) close(r3) sendmsg$unix(r2, &(0x7f0000000800)={0x0, 0x0, 0x0}, 0x0) 229.215225ms ago: executing program 4: r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000500)) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) syz_emit_ethernet(0x3a, &(0x7f0000000180)=ANY=[@ANYBLOB="0180c200000000000000000008004500002c00a35b000011"], 0x0) write$cgroup_subtree(r0, &(0x7f0000000180)=ANY=[], 0x240) 169.742414ms ago: executing program 2: r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x5, &(0x7f0000000a80)=ANY=[@ANYBLOB="180000000000002000000000ff000000850000000f000000850000000500000095"], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=@ipv6_newaddrlabel={0x30, 0x18, 0x1, 0x0, 0x0, {0xa, 0x37}, [@IFAL_ADDRESS={0x14, 0x5, @remote}]}, 0x30}}, 0x0) 160.884805ms ago: executing program 2: openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) syz_mount_image$vfat(&(0x7f0000000540), &(0x7f0000000040)='./file1\x00', 0xa18c14, &(0x7f0000000840)={[{@iocharset={'iocharset', 0x3d, 'iso8859-5'}}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@fat=@codepage={'codepage', 0x3d, '1255'}}, {@fat=@codepage={'codepage', 0x3d, '855'}}, {@utf8no}, {@shortname_win95}, {@shortname_win95}, {@numtail}, {@shortname_lower}, {@iocharset={'iocharset', 0x3d, 'maccenteuro'}}, {@rodir}, {@rodir}, {@numtail}]}, 0x81, 0x29b, &(0x7f0000000580)="$eJzs3c9qK1UYAPBv0iRNVEgWrkRwQBeuwr33CW6QChezUrLQjV5sC5KEQgMB/2Dsyr3gynfwHXwAN76BC5eCO7sQR5KZSdI0bY3EVOrvt5kvc74v509OWyjMyUevjgbHZ+PTiy9+jkYjicrTeBqXSbSjEqWvAgB4SC6zLH7LcnflVqMeEVmreFXZw/AAgH/BNn//AYCH4b33P3in2+sdvZumjYjR15N+Evk1b++exicxjJN4FK34IyJbyOOXnvWOopqm5T8DJs3oR4w+/LF43f01Yl7/OFrRXq+vF1npXLwxmk76s55n11q8kER0syRPeRKteDkiq0XxJvnl7We9oyfp9fro1+PN178rxv/nSXSiFT99HGcxjOP5Wyzrv3ycpm9l3/7+eT6DfkQynfQP53lL2cFePhAAAAAAAAAAAAAAAAAAAAAAAP4XOulCe/X8nPI0wE5nc/uN5wMVJ/xMV87XeZSmaXmMz6Rfi7y+Gq9Uo3p/MwcAAAAAAAAAAAAAAAAAAID/jvGnnw2eD4cn51eCH7JZ0Lw1Zz2ortwpH+u/u2pzMPg+YvuqvxPEQTG0YXKti6Rs2kFfh9skNzd1GpWb1rA6jHzw32w/sNd2NcFbg3J3DZ4ncUdyY/MmWdl15TY8HydbbMhsw9Id3FhV39Hc6y/+0/LmxoWazbi2WMyrVY3ZJ7lyp7bjn5Q1yc5/9wAAAAAAAAAAAAAAAAAAAFctH/qNX641XtzLkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg75bf/78Ior1+Zz2YFsXzO5Xbkw/Pxxu6be95mgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxwfwUAAP//5OlVhQ==") r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0) write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3591bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d4a7baeb62972f1a814f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bd1277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd6929bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabafcd647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15a83217e03d02a4054f34af3a65ff6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bcddf42bfd174d29b540161b4113c4e1a13f3a628c638ec4d3a884dfbc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b390b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815513681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add28a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889ff629f7834586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba373a88d09dc00cdf4453cc6ba78572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7794757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11ca67f1f8d50c8eefa5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a0388f2f1bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa295640679f1eab1e6a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a", 0x1000}}, 0x1006) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000440)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) 139.922378ms ago: executing program 2: syz_emit_ethernet(0x3e, &(0x7f00000000c0)=ANY=[@ANYBLOB="ffffffffa2ffbbbbbbbbbbbb86dd607f00ef00082f0000000000000000000000000000000000ff020000000000000000000001200088be"], 0x0) 131.796289ms ago: executing program 2: socketpair$unix(0x1, 0x0, 0x0, 0x0) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000002500)=ANY=[@ANYBLOB="b7000000010003c3bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000056040200000012ff2d400500000000003400000001ed00000f030000000000001d440000000000007a0a00fe00ffffffbc03000000000070b5000000000000009500000000000000023bc065b78111c6dfa041b63af4a3912435f1a864a710aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e51815548000000000000000275daf51efd601b6bf00000000b526375ee4dd6fcd82e4fee5bef7af9aa0d7f300c095199fe3ff3128e599b0eaebbdbd732c9cc00eec36574a8f6456e2ccae25ea21714eca8cf5d803e04d83b46e21557c0afc646cb7790b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2400000000000000800643a98d9ec21ead2ed51b104d4d91af25b845b9f75dd08d123deda8ebc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987af1714e72ba7616536fd9aa58f2477184b6a89adaf17b0baf587aef370a2d426449949f8f728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d64364c82770c8204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7d26b34381fcb59b854e9d5a17f4720082f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67051d355d84ce97bb0c6b4a595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d38df9ba60248d9a0d61282dfb15eb6841bb64a1b3045024a982f3c48153baae2c4e7bf37548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c3560811ea6c3560a43364d402ccdd9069bd50b994fd6a34ee18022a579dfc0229cc0dc9881610270928eaeb883418f562ae00003ea96d10f172c0374d6eed826407000000000000004a9c5a90ff59d54d1f92ecc48899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0c1e02b6e4114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d851680f6f2f9a6a8906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f4ca2195234648e0a1ca50db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa19faf67256b56a41fd355b6a686b50f0937f778af083e055f6138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145eb6dc5f6a9037d2283c42efc54fa84323a3304f41ff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f928ba7554ba583fef3ec7932f5954f31a878e2fae6691df8b4b7ecd27ce82f7df3e7d1daac43738612e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c2571f983e96735600000554f327a353511ccedde99493c31ac05a7b57f03ca91a01ba2c60ca99e8ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d40460780000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120968308c31db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd0000000069ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9e0600f86909bc90addb7b9aee813df534aac4b32fd691b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a000000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca3f0a18ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1efd78e578dc6b3fb84f3738a4b6caa84feda91f3edb32231ec75300000000000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a50f2d0455cf79a43746979f99f6a1527f004f1e37a3926937e84fb478199dc1020f4beb98b88b5e7885e9a617aa6c8e10d4202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba43972e00000000000000a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a2744c46570e8f46da1ab990ca053cbfe801000000000000000000000000000000d55d7182af2ea5f8d0ad495e3eb9421963a5a683c3dcb2d300aa3b2cfe946d2348c35f5d67d68ac07c8f84b3679e77c2e629ecec7c12c35d6b6971b8ae13cc00956d2227db60c0a461ed2b3ecfb16d19037c8c88c91dda05904fbbc864e95ad43d6dd6d5eadbcea25682ba4b91e14c3fbfdfd1d680aa1af102d97681656bf56ff0674237ce097d39008cc3257778de878bcd37467386f993be6d20c93a7791e7f2a155ce379b4cda2500108052aeb9bd03ff6d4c5dbda9ff485d6576a492d436d52edcd420e7deaa4343a0add3941ae7c5f58af43866ca64750f43e583ca1ceb3a805e46beef9dca77a4edcbb42aa0caf0bbd6cec72d85540293cb4849b0610800000000000000000000000000000000f9814d5f6c8673c143ff2f901e71b8818665b56f7a03afe3d900007656859db4cb06b4af9f02cfab5b9e61cc00e8e19429921b8df4c4c53bddea4cc48737842952ff08aeac15685df194ca89da8cf6d29a2be9779181fd5d105af5786094d9130f5826b18b9667b971a994f3fd069629a1052f441e96884f90c91f4a974242aabfc8adbadc9ca27955b5c90f0bd9a46ed044272383d3768871a9c8cfd7948aea445c55684351002ed481af45341de8e5e1f33624bd2ec1591dd00bbe05000000f89a928662e9b9449db34394fc5e946fadaee576e28ac0feab4e3585ed43d206218f524083840a78b7236bb7f5e42b5376642f8ad4028d4ead407240e7467d1b37afe20690d7672c7e926fded95cf805516ad836eb730619a05af36fb28329d6feb33219cc9164461a8ba3afd5949b9a6046c53663df30a049414089c1ae8f3476236b05dde8dda4843a62c591f8d2b1a62d0db8dc826219bd87398b33e140792297d023ef52de2e75b9dbbfb8712ccc15c69cfb4c6c1bc2ae74621e536b9d3f09a15dada1561a8192d65cc59d7ed5a6bd61000000000000000000000000000000000000000000000000000000000000000000000000f637782e317d492b2392fd0ea81397a80227f271bad21d688af35a2bd02c15d20f3d62a50e20260642c25f304c8034a5f4d8e45e701dbd84294d1096e715662b8223e10e98c4c38451fc5c702084e3fa9b184e0d0fba44acf3bb8a846cf680dfbf312cddfdb2043288fa6b67fa762c8b75d4478756ef240f2b314e4d77a3afb4fcec92248327004d1dac7ac87a6f8cb04d82acc307d60e4713bd9a8f29091d3048c669a5f5439e0a906ce098d177b9579882586511cfe6a23e57c44d1654899f077b5636e4181f3de6b814bedcac5290ad8018bbe4424edc6d9b0e61b404bb7a2d4883bbc200de8332029cbc04a0bc52"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00}, 0x48) 124.019681ms ago: executing program 2: syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./file1\x00', 0x200000, &(0x7f0000000280)={[{@noblock_validity}, {}, {@sysvgroups}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@orlov}, {@errors_continue}, {@noauto_da_alloc}, {@nomblk_io_submit}]}, 0x3, 0x56a, &(0x7f0000000680)="$eJzs3c9rHFUcAPDvbJL+1qZQinqQQA9WajdN4o8KQutRtFjQe12SaSjZdEt2U5pYaHuwFy9SBBEL4h/g3WPxH/CvKGihSAl68BKZzWy7TbL5uXW3zucD0743M5s3b998335nZ5cNoLBGsn9KEa9GxDdJxOG2bYORbxxZ2W/p8Y3JbEliefmzP5NI8nWt/ZP8/4N55ZWI+PWriJOlte3WFxZnKtVqOpfXRxuzV0frC4unLs9WptPp9Mr4xMSZdybG33/v3a719c0Lf3//6f2Pznx9fOm7nx8euZvEuTiUb2vvxy7caq+MxEj+nAzFuVU7jnWhsX6S9PoA2JGBPM6HIpsDDsdAHvXA/9/NiFgGCioR/1BQrTygdW3fpevgF8ajD1cugNb2f3DlvZHY17w2OrCUPHNllF3vDneh/ayNX/64dzdbYpP3IW52oT2Allu3I+L04ODa+S/J57+dO91883hjq9so2usP9NL9LP95a738p/Qk/4l18p+D68TuTmwe/6WHXWimoyz/+2Dd/PfJ1DU8kNdeauZ8Q8mly9X0dES8HBEnYmhvVt/ofs6ZpQfLnba153/ZkrXfygXz43g4uPfZx0xVGpXd9Lndo9sRrz3Nf5NYM//va+a6q8c/ez4ubLGNY+m91ztt27z/7bqfAS//FPHGuuP/9I5WsvH9ydHm+TDaOivW+uvOsd86tb+9/ndfNv4HNu7/cNJ+v7a+/TZ+3PdP2mnbTs//PcnnzfKefN31SqMxNxaxJ/lk7frxp49t1Vv7Z/0/cXzj+W+9839/RHyxxf7fOXqn4679MP5T2xr/7RcefPzlD53a39r4v90sncjXbGX+2+oB7ua5AwAAAAAAgH5TiohDkZTKT8qlUrm88vmOo3GgVK3VGycv1eavTEXzu7LDMVRq3ek+3PZ5iLH887Ct+viq+kREHImIbwf2N+vlyVp1qtedBwAAAAAAAAAAAAAAAAAAgD5xsMP3/zO/D/T66IDnzk9+Q3FtGv/d+KUnoC95/YfiEv9QXOIfikv8Q3GJfygu8Q/FJf6huMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAAdNWF8+ezZXnp8Y3JrD51bWF+pnbt1FRanynPzk+WJ2tzV8vTtdp0NS1P1mY3+3vVWu3q2HjMXx9tpPXGaH1h8eJsbf5K4+Ll2cp0ejEd+k96BQAAAAAAAAAAAAAAAAAAAC+W+sLiTKVaTecUOhbORl8cxo4LyWajfDY/GXbUxGDvO6jwHAo9npgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoM2/AQAA///fKTPH") chdir(&(0x7f0000000000)='./file0\x00') creat(&(0x7f0000000040)='./bus\x00', 0x0) mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0) r0 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0) mmap(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x2, 0x28011, r0, 0x0) readv(0xffffffffffffffff, &(0x7f0000001f80)=[{0x0}, {0x0}, {0xffffffffffffffff}], 0x3) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0) 114.501563ms ago: executing program 4: mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000)='devpts\x00', 0x0, 0x0) mount$binder(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0xa0, &(0x7f00000000c0)=ANY=[@ANYBLOB='max=18446744873']) 101.255414ms ago: executing program 4: syz_mount_image$vfat(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB='iocharset=cp865,utf8=1,utf8=0,utf8=1,iocharset=cp12fi,utf8=1,utf8=1,iocharset=cp869,uni_xlate=1,nonumtail=0,\x00'], 0x1, 0x16f, &(0x7f0000000240)="$eJzs271qFFEABeCzMWrUYrewEosBG6slmycwSARxQVC2UBAUkwXJSMDAghYmnYUv4eNY+ySWKYQrycT8MSkskoHs9zVz4M6Be4v5uQPz9v7HzfWt7emb6c8s9XpZeJQqe70MspB/dgMAXCV7peR3KaXc3M2tHymldD0jAOCief4DwPx5+er1s9XxeO1FVS0l9bfZZDZpjs346jQfUmcjy+nnT/ZfEA41+cnT8dpydWCQ7/XOYX9nNrl2uj9KP4P2/qjpV6f713P7ZH8l/dxt76+09m/k4YMT/WH6+fU+W6mznv3ucf/rqKoePx+f6d85OA8AAACugmF1pHX/PhyeN970/+P7wJn99WLuLXa7dgCYV9ufv2y+q+uNT4IgCEeh6zsTcNGOL/quZwIAAAAAAAAAAAAAAJznMn4n6nqNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMyfvwEAAP//hLKYFQ==") unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) fchmodat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file1/file4\x00', 0x2) 66.84867ms ago: executing program 4: r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10) r2 = creat(&(0x7f0000000080)='./bus\x00', 0x0) fsetxattr$system_posix_acl(r2, &(0x7f0000000000)='system.posix_acl_default\x00', &(0x7f00000000c0)=ANY=[@ANYBLOB="0200000010"], 0xfe44, 0x0) 35.593154ms ago: executing program 2: r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000030000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000e8ff0500850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$PROG_BIND_MAP(0xa, &(0x7f00000002c0)={r0}, 0xc) 7.365599ms ago: executing program 4: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x52) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_deliver\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="180000000500000000000000000000001801000020a0702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffbf02000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000003c0)='signal_deliver\x00', r2}, 0x10) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) 0s ago: executing program 1: open(&(0x7f0000000200)='./file0\x00', 0x4048840, 0x0) pipe2(&(0x7f0000001440)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(0xffffffffffffffff, 0x4018620d, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x5}, 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10) io_submit(0x0, 0x0, 0x0) splice(r2, 0x0, r1, 0x0, 0x6, 0x0) pipe(&(0x7f0000000080)) fcntl$setpipe(r0, 0x407, 0x0) mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f00000001c0)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}}) sendmsg$NFNL_MSG_CTHELPER_GET(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)={0x14, 0x1, 0x9, 0x101}, 0x14}}, 0x0) creat(&(0x7f0000000040)='./bus\x00', 0x0) kernel console output (not intermixed with test programs): F(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 91.283672][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 91.292141][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 91.299467][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 91.307047][ T3534] device veth0_vlan entered promiscuous mode [ 91.318240][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 91.327576][ T3534] device veth1_macvtap entered promiscuous mode [ 91.337419][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 91.349085][ T1428] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.360659][ T1428] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.370338][ T331] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 91.378447][ T1428] usb 4-1: New USB device found, idVendor=056a, idProduct=00fa, bcdDevice= 0.00 [ 91.387506][ T1428] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 91.396443][ T1428] usb 4-1: config 0 descriptor?? [ 91.599492][ T345] device bridge_slave_1 left promiscuous mode [ 91.605494][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 91.613089][ T345] device bridge_slave_0 left promiscuous mode [ 91.619205][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 91.627344][ T345] device veth1_macvtap left promiscuous mode [ 91.633262][ T345] device veth0_vlan left promiscuous mode [ 91.639040][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 91.650655][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 91.696180][ T28] audit: type=1400 audit(2000000026.260:961): avc: denied { write } for pid=3552 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 91.749285][ T24] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 91.758165][ T24] usb 5-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 91.766219][ T24] usb 5-1: Product: syz [ 91.772730][ T24] usb 5-1: config 0 descriptor?? [ 91.780484][ T3557] binder: BINDER_SET_CONTEXT_MGR already set [ 91.786335][ T3557] binder: 3556:3557 ioctl 4018620d 20000040 returned -16 [ 91.810835][ T3561] input: syz1 as /devices/virtual/input/input22 [ 91.891468][ T1428] wacom 0003:056A:00FA.0018: hidraw0: USB HID v0.00 Device [HID 056a:00fa] on usb-dummy_hcd.3-1/input0 [ 92.091898][ T6] usb 4-1: USB disconnect, device number 14 [ 92.189841][ T28] audit: type=1400 audit(2000000026.760:962): avc: denied { mounton } for pid=3585 comm="syz-executor.0" path="/root/syzkaller-testdir4168288326/syzkaller.Rn2R1G/21/file0" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=dir permissive=1 [ 92.216754][ T28] audit: type=1400 audit(2000000026.760:963): avc: denied { lock } for pid=3585 comm="syz-executor.0" path="socket:[31836]" dev="sockfs" ino=31836 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 92.259524][ T24] konepure 0003:1E7D:2DB4.0019: unknown main item tag 0x0 [ 92.266460][ T24] konepure 0003:1E7D:2DB4.0019: collection stack underflow [ 92.288899][ T24] konepure 0003:1E7D:2DB4.0019: item 0 2 0 12 parsing failed [ 92.296256][ T24] konepure 0003:1E7D:2DB4.0019: parse failed [ 92.308906][ T24] konepure: probe of 0003:1E7D:2DB4.0019 failed with error -22 [ 92.565293][ T24] usb 5-1: USB disconnect, device number 17 [ 92.775295][ T3600] loop3: detected capacity change from 0 to 2048 [ 92.790660][ T3600] EXT4-fs error (device loop3): ext4_orphan_get:1422: comm syz-executor.3: bad orphan inode 8192 [ 92.803563][ T3600] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 92.833083][ T3600] EXT4-fs error (device loop3) in ext4_reserve_inode_write:5870: Out of memory [ 92.842097][ T3600] EXT4-fs error (device loop3): ext4_dirty_inode:6074: inode #18: comm syz-executor.3: mark_inode_dirty error [ 92.857763][ T2382] EXT4-fs error (device loop3): ext4_readdir:260: inode #2: block 16: comm syz-executor.3: path /root/syzkaller-testdir3362649969/syzkaller.NwTPy3/82/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 92.868977][ T19] usbhid 3-1:0.0: can't add hid device: -71 [ 92.888398][ T19] usbhid: probe of 3-1:0.0 failed with error -71 [ 92.895652][ T19] usb 3-1: USB disconnect, device number 9 [ 92.902538][ T2382] EXT4-fs (loop3): unmounting filesystem. [ 92.961589][ T3616] syz-executor.2[3616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.961697][ T3616] syz-executor.2[3616] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 92.996478][ T3619] input: syz1 as /devices/virtual/input/input26 [ 93.072181][ T28] audit: type=1400 audit(2000000027.640:964): avc: denied { read } for pid=3627 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 93.124940][ T3626] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.136816][ T3626] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.141758][ T3634] loop4: detected capacity change from 0 to 2048 [ 93.149975][ T3626] device bridge_slave_0 entered promiscuous mode [ 93.162388][ T3626] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.169347][ T3634] EXT4-fs error (device loop4): ext4_orphan_get:1422: comm syz-executor.4: bad orphan inode 8192 [ 93.172385][ T3626] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.183241][ T3634] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 93.195736][ T3626] device bridge_slave_1 entered promiscuous mode [ 93.239594][ T3634] EXT4-fs error (device loop4) in ext4_reserve_inode_write:5870: Out of memory [ 93.248766][ T3634] EXT4-fs error (device loop4): ext4_dirty_inode:6074: inode #18: comm syz-executor.4: mark_inode_dirty error [ 93.271450][ T308] EXT4-fs error (device loop4): ext4_readdir:260: inode #2: block 16: comm syz-executor.4: path /root/syzkaller-testdir3720897290/syzkaller.5meQuq/312/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 93.307323][ T308] EXT4-fs (loop4): unmounting filesystem. [ 93.358353][ T3626] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.365238][ T3626] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.372342][ T3626] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.379118][ T3626] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.403556][ T28] audit: type=1400 audit(2000000027.970:965): avc: denied { ioctl } for pid=3648 comm="syz-executor.0" path="anon_inode:[userfaultfd]" dev="anon_inodefs" ino=31092 ioctlcmd=0xaa3f scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 93.409630][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 93.453572][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.470532][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.495039][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 93.510799][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.517762][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 93.525783][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 93.533864][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.540725][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 93.574185][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 93.583239][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 93.606668][ T3626] device veth0_vlan entered promiscuous mode [ 93.617095][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 93.627931][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 93.635874][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 93.644133][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 93.665788][ T3626] device veth1_macvtap entered promiscuous mode [ 93.672681][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 93.691770][ T462] device bridge_slave_1 left promiscuous mode [ 93.697780][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 93.705455][ T462] device bridge_slave_0 left promiscuous mode [ 93.711631][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.722683][ T462] device veth1_macvtap left promiscuous mode [ 93.728530][ T462] device veth0_vlan left promiscuous mode [ 93.752102][ T3669] loop2: detected capacity change from 0 to 2048 [ 93.775037][ T3673] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 93.775408][ T3669] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz-executor.2: bad orphan inode 8192 [ 93.784285][ T3673] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.0'. [ 93.797232][ T3669] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 93.803879][ T3673] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 93.819874][ T3673] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.0'. [ 93.859135][ T3669] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Out of memory [ 93.868091][ T3669] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #18: comm syz-executor.2: mark_inode_dirty error [ 93.884487][ T3040] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor.2: path /root/syzkaller-testdir1341801254/syzkaller.JkNprE/59/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 93.912557][ T3040] EXT4-fs (loop2): unmounting filesystem. [ 93.943894][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 93.951945][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 93.960411][ T3664] bridge0: port 1(bridge_slave_0) entered blocking state [ 93.967264][ T3664] bridge0: port 1(bridge_slave_0) entered disabled state [ 93.974542][ T3664] device bridge_slave_0 entered promiscuous mode [ 93.984931][ T3664] bridge0: port 2(bridge_slave_1) entered blocking state [ 93.992017][ T3664] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.000763][ T3664] device bridge_slave_1 entered promiscuous mode [ 94.007222][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 94.015514][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 94.053983][ T28] audit: type=1400 audit(2000000028.620:966): avc: denied { map } for pid=3680 comm="syz-executor.3" path="/dev/zero" dev="devtmpfs" ino=5 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:zero_device_t tclass=chr_file permissive=1 [ 94.271539][ T3664] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.278508][ T3664] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.285586][ T3664] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.292381][ T3664] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.311934][ T3697] syz-executor.3[3697] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.312001][ T3697] syz-executor.3[3697] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 94.337146][ T3691] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.355784][ T3691] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.363248][ T3691] device bridge_slave_0 entered promiscuous mode [ 94.370017][ T3691] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.376855][ T3691] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.384039][ T3691] device bridge_slave_1 entered promiscuous mode [ 94.401949][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.409211][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.416402][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 94.423596][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.443529][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.451797][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.458617][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.465772][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.474339][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.481173][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.520292][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.536072][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.567460][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.577208][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 94.586940][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.594703][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.602777][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.613869][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 94.621844][ T428] bridge0: port 1(bridge_slave_0) entered blocking state [ 94.628667][ T428] bridge0: port 1(bridge_slave_0) entered forwarding state [ 94.636073][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 94.643633][ T3664] device veth0_vlan entered promiscuous mode [ 94.660068][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 94.668371][ T520] bridge0: port 2(bridge_slave_1) entered blocking state [ 94.675200][ T520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 94.682337][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 94.690690][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 94.705805][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 94.718071][ T3691] device veth0_vlan entered promiscuous mode [ 94.724895][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 94.732633][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 94.739826][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 94.749368][ T3664] device veth1_macvtap entered promiscuous mode [ 94.764295][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 94.773232][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.784162][ T3691] device veth1_macvtap entered promiscuous mode [ 94.791440][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 94.799378][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 94.820508][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 94.831360][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 94.854307][ T3702] loop2: detected capacity change from 0 to 512 [ 94.861251][ T3702] EXT4-fs (loop2): unsupported inode size: 264 [ 94.867203][ T3702] EXT4-fs (loop2): blocksize: 1024 [ 94.905452][ T3702] loop2: detected capacity change from 0 to 1024 [ 94.912416][ T3702] EXT4-fs: Ignoring removed mblk_io_submit option [ 94.930452][ T3702] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 94.941481][ T28] audit: type=1400 audit(2000000029.510:967): avc: denied { execute } for pid=3701 comm="syz-executor.2" path="/root/syzkaller-testdir3975963566/syzkaller.gbrZPm/0/file1/bus" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 94.969070][ T462] device bridge_slave_1 left promiscuous mode [ 94.969129][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 94.969926][ T462] device bridge_slave_0 left promiscuous mode [ 94.988768][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 94.998403][ T462] device bridge_slave_1 left promiscuous mode [ 95.004596][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 95.005582][ T3691] EXT4-fs (loop2): unmounting filesystem. [ 95.017208][ T462] device bridge_slave_0 left promiscuous mode [ 95.023436][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 95.031661][ T462] device veth1_macvtap left promiscuous mode [ 95.037470][ T462] device veth0_vlan left promiscuous mode [ 95.043396][ T462] device veth1_macvtap left promiscuous mode [ 95.049215][ T462] device veth0_vlan left promiscuous mode [ 96.616062][ T3713] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.2'. [ 96.626945][ T3713] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.2'. [ 96.636240][ T3713] netlink: 'syz-executor.2': attribute type 5 has an invalid length. [ 96.644221][ T3713] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.2'. [ 96.671635][ T3718] loop3: detected capacity change from 0 to 16 [ 96.678742][ T3718] erofs: (device loop3): mounted with root inode @ nid 36. [ 96.686902][ T3718] erofs: (device loop3): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 96.696751][ T3718] syz-executor.3: attempt to access beyond end of device [ 96.696751][ T3718] loop3: rw=0, sector=296, nr_sectors = 8 limit=16 [ 96.722188][ T3718] erofs: (device loop3): z_erofs_read_folio: failed to read, err [-117] [ 96.766009][ T3731] loop4: detected capacity change from 0 to 512 [ 96.772823][ T3731] EXT4-fs (loop4): unsupported inode size: 264 [ 96.778796][ T3731] EXT4-fs (loop4): blocksize: 1024 [ 96.873295][ T3731] loop4: detected capacity change from 0 to 1024 [ 96.925000][ T3731] EXT4-fs: Ignoring removed mblk_io_submit option [ 96.941161][ T3731] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 96.970768][ T3664] EXT4-fs (loop4): unmounting filesystem. [ 96.980560][ T3733] loop2: detected capacity change from 0 to 40427 [ 96.981155][ T3741] Zero length message leads to an empty skb [ 97.000223][ T3733] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 97.008323][ T3733] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 97.020021][ T3733] F2FS-fs (loop2): invalid crc value [ 97.026712][ T3733] F2FS-fs (loop2): Found nat_bits in checkpoint [ 97.069002][ T3733] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 97.075957][ T3733] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4 [ 97.086213][ T28] audit: type=1400 audit(2000000031.650:968): avc: denied { ioctl } for pid=3732 comm="syz-executor.2" path="/root/syzkaller-testdir3975963566/syzkaller.gbrZPm/4/bus/file0" dev="loop2" ino=10 ioctlcmd=0x660b scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1 [ 97.114952][ T3691] syz-executor.2: attempt to access beyond end of device [ 97.114952][ T3691] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 97.168416][ T3754] loop4: detected capacity change from 0 to 16 [ 97.185714][ T3754] erofs: (device loop4): mounted with root inode @ nid 36. [ 97.195481][ T3754] erofs: (device loop4): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36 [ 97.206740][ T3754] syz-executor.4: attempt to access beyond end of device [ 97.206740][ T3754] loop4: rw=0, sector=296, nr_sectors = 8 limit=16 [ 97.223743][ T3754] erofs: (device loop4): z_erofs_read_folio: failed to read, err [-117] [ 97.237833][ T3767] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.3'. [ 97.247008][ T3767] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.3'. [ 97.256134][ T3767] netlink: 'syz-executor.3': attribute type 5 has an invalid length. [ 97.264335][ T3767] netlink: 43 bytes leftover after parsing attributes in process `syz-executor.3'. [ 97.344789][ T3780] loop2: detected capacity change from 0 to 2048 [ 97.360460][ T3780] EXT4-fs error (device loop2): ext4_orphan_get:1422: comm syz-executor.2: bad orphan inode 8192 [ 97.371137][ T3780] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 97.405314][ T3780] EXT4-fs error (device loop2) in ext4_reserve_inode_write:5870: Out of memory [ 97.414340][ T3780] EXT4-fs error (device loop2): ext4_dirty_inode:6074: inode #18: comm syz-executor.2: mark_inode_dirty error [ 97.432026][ T3691] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor.2: path /root/syzkaller-testdir3975963566/syzkaller.gbrZPm/8/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=2048 fake=0 [ 97.461165][ T3691] EXT4-fs (loop2): unmounting filesystem. [ 97.545574][ T3793] netlink: 44 bytes leftover after parsing attributes in process `syz-executor.0'. [ 97.555244][ T3793] netlink: 'syz-executor.0': attribute type 5 has an invalid length. [ 97.569006][ T24] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 97.683307][ T3799] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.690299][ T3799] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.697904][ T3799] device bridge_slave_0 entered promiscuous mode [ 97.704948][ T3799] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.712167][ T3799] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.719785][ T3799] device bridge_slave_1 entered promiscuous mode [ 97.792035][ T3799] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.798931][ T3799] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.805987][ T3799] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.812791][ T3799] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.840188][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 97.847561][ T520] bridge0: port 1(bridge_slave_0) entered disabled state [ 97.854906][ T520] bridge0: port 2(bridge_slave_1) entered disabled state [ 97.865775][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 97.874403][ T520] bridge0: port 1(bridge_slave_0) entered blocking state [ 97.881256][ T520] bridge0: port 1(bridge_slave_0) entered forwarding state [ 97.888401][ T520] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 97.896467][ T520] bridge0: port 2(bridge_slave_1) entered blocking state [ 97.903304][ T520] bridge0: port 2(bridge_slave_1) entered forwarding state [ 97.919607][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 97.928507][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 97.946768][ T3799] device veth0_vlan entered promiscuous mode [ 97.961403][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 97.970096][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 97.973216][ T3824] loop0: detected capacity change from 0 to 512 [ 97.984515][ T3826] loop3: detected capacity change from 0 to 256 [ 97.993499][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 98.001021][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 98.014137][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 98.021495][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 98.022130][ T3824] loop0: detected capacity change from 0 to 128 [ 98.028556][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 98.043749][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.046695][ T3799] device veth1_macvtap entered promiscuous mode [ 98.058588][ T24] usb 5-1: config 0 descriptor?? [ 98.092469][ T3830] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 98.125468][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 98.139450][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 98.147578][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 98.251998][ T43] device bridge_slave_1 left promiscuous mode [ 98.259702][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 98.307550][ T43] device bridge_slave_0 left promiscuous mode [ 98.369829][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 98.445164][ T43] device veth1_macvtap left promiscuous mode [ 98.455371][ T43] device veth0_vlan left promiscuous mode [ 98.550921][ T24] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 98.567773][ T24] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 98.582010][ T24] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 98.598571][ T24] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 98.662592][ T24] plantronics 0003:047F:FFFF.001A: unknown main item tag 0x0 [ 98.670355][ T24] plantronics 0003:047F:FFFF.001A: No inputs registered, leaving [ 98.679107][ T24] plantronics 0003:047F:FFFF.001A: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 98.759887][ T24] usb 5-1: USB disconnect, device number 18 [ 99.501785][ T3869] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 99.533403][ T3873] __nla_validate_parse: 2 callbacks suppressed [ 99.533418][ T3873] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'. [ 99.566851][ T3879] loop4: detected capacity change from 0 to 256 [ 99.591831][ T3885] request_module fs-cifs succeeded, but still no fs? [ 99.609646][ T28] audit: type=1400 audit(2000000034.180:969): avc: denied { getopt } for pid=3888 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 99.662550][ T3891] loop2: detected capacity change from 0 to 512 [ 99.669476][ T3891] EXT4-fs: Ignoring removed bh option [ 99.674885][ T3891] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 99.687915][ T3891] EXT4-fs error (device loop2): __ext4_iget:5046: inode #11: block 1: comm syz-executor.2: invalid block [ 99.699426][ T3891] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz-executor.2: couldn't read orphan inode 11 (err -117) [ 99.712447][ T3891] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 99.723764][ T28] audit: type=1400 audit(2000000034.290:970): avc: denied { unlink } for pid=3890 comm="syz-executor.2" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop2" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=lnk_file permissive=1 [ 99.777141][ T3799] EXT4-fs (loop2): unmounting filesystem. [ 99.884240][ T3909] loop0: detected capacity change from 0 to 256 [ 99.910929][ T3911] set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 99.981551][ T3921] loop0: detected capacity change from 0 to 512 [ 99.988424][ T3921] EXT4-fs (loop0): bad block size 65536 [ 100.027001][ T3927] loop0: detected capacity change from 0 to 512 [ 100.035645][ T3927] EXT4-fs: Ignoring removed bh option [ 100.041163][ T3927] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 100.061028][ T3927] EXT4-fs error (device loop0): __ext4_iget:5046: inode #11: block 1: comm syz-executor.0: invalid block [ 100.081020][ T3927] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz-executor.0: couldn't read orphan inode 11 (err -117) [ 100.099960][ T3927] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 100.128828][ T3534] EXT4-fs (loop0): unmounting filesystem. [ 100.416334][ T3938] loop0: detected capacity change from 0 to 40427 [ 100.428876][ T3938] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 100.436555][ T3938] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 100.473663][ T3938] F2FS-fs (loop0): Found nat_bits in checkpoint [ 100.559131][ T3938] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 100.566096][ T3938] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 100.850713][ T3957] overlayfs: statfs failed on './file0' [ 100.863144][ T3959] loop3: detected capacity change from 0 to 512 [ 100.870340][ T3959] EXT4-fs (loop3): bad block size 65536 [ 100.936720][ T3969] loop0: detected capacity change from 0 to 512 [ 100.982297][ T3969] loop0: detected capacity change from 0 to 128 [ 101.722551][ T3978] loop2: detected capacity change from 0 to 40427 [ 101.732294][ T3978] F2FS-fs (loop2): Found nat_bits in checkpoint [ 101.793610][ T3978] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 101.804404][ T3978] syz-executor.2: attempt to access beyond end of device [ 101.804404][ T3978] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 101.830352][ T3799] syz-executor.2: attempt to access beyond end of device [ 101.830352][ T3799] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 101.851097][ T3998] overlayfs: statfs failed on './file0' [ 101.884806][ T28] audit: type=1400 audit(2000000036.450:971): avc: denied { bind } for pid=4002 comm="syz-executor.3" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 101.962114][ T28] audit: type=1400 audit(2000000036.530:972): avc: denied { write } for pid=4010 comm="syz-executor.0" name="snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 101.970871][ T4011] random: crng reseeded on system resumption [ 101.992364][ T28] audit: type=1400 audit(2000000036.540:973): avc: denied { open } for pid=4010 comm="syz-executor.0" path="/dev/snapshot" dev="devtmpfs" ino=91 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:acpi_bios_t tclass=chr_file permissive=1 [ 102.051201][ T4019] netlink: 'syz-executor.2': attribute type 1 has an invalid length. [ 102.076723][ T4021] loop2: detected capacity change from 0 to 512 [ 102.143569][ T4021] loop2: detected capacity change from 0 to 128 [ 102.348970][ T428] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 102.626343][ T4031] overlayfs: statfs failed on './file0' [ 102.789017][ T428] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 102.800016][ T428] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 102.812944][ T428] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 102.822171][ T428] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.833892][ T428] usb 4-1: config 0 descriptor?? [ 103.120861][ T4047] random: crng reseeded on system resumption [ 103.519903][ T428] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 103.528174][ T428] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 103.535564][ T428] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 103.543065][ T428] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 103.550304][ T428] plantronics 0003:047F:FFFF.001B: unknown main item tag 0x0 [ 103.557649][ T428] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving [ 103.565833][ T428] plantronics 0003:047F:FFFF.001B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 103.598946][ T757] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 103.724727][ T428] usb 4-1: USB disconnect, device number 15 [ 103.838933][ T757] usb 1-1: Using ep0 maxpacket: 32 [ 103.958950][ T757] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.969991][ T757] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 103.981693][ T757] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 104.013246][ T757] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.059510][ T757] hub 1-1:4.0: USB hub found [ 104.106102][ T4077] syz-executor.2[4077] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.106191][ T4077] syz-executor.2[4077] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.121043][ T4077] syz-executor.2[4077] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.132873][ T4077] syz-executor.2[4077] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.174711][ T4079] syz-executor.2[4079] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.186570][ T4079] syz-executor.2[4079] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.200353][ T4079] syz-executor.2[4079] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.213116][ T4079] syz-executor.2[4079] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 104.278948][ T757] hub 1-1:4.0: 2 ports detected [ 104.509452][ T28] audit: type=1400 audit(2000000039.080:974): avc: denied { create } for pid=4056 comm="syz-executor.0" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 104.529194][ T757] hub 1-1:4.0: hub_hub_status failed (err = -71) [ 104.535686][ T757] hub 1-1:4.0: config failed, can't get hub status (err -71) [ 104.545571][ T28] audit: type=1326 audit(2000000039.120:975): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700247cf69 code=0x7ffc0000 [ 104.569160][ T757] usb 1-1: USB disconnect, device number 16 [ 104.574978][ T28] audit: type=1326 audit(2000000039.120:976): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700247cf69 code=0x7ffc0000 [ 104.598704][ T28] audit: type=1326 audit(2000000039.120:977): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f700247cf69 code=0x7ffc0000 [ 104.622380][ T28] audit: type=1326 audit(2000000039.120:978): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700247cf69 code=0x7ffc0000 [ 104.646357][ T28] audit: type=1326 audit(2000000039.120:979): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700247cf69 code=0x7ffc0000 [ 104.670066][ T28] audit: type=1326 audit(2000000039.120:980): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f700247cf69 code=0x7ffc0000 [ 104.694013][ T28] audit: type=1326 audit(2000000039.260:981): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f700247cf69 code=0x7ffc0000 [ 104.717773][ T28] audit: type=1326 audit(2000000039.260:982): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f700247a6e7 code=0x7ffc0000 [ 104.741752][ T28] audit: type=1326 audit(2000000039.260:983): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f70024403b9 code=0x7ffc0000 [ 104.765392][ T28] audit: type=1326 audit(2000000039.260:984): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f700247a6e7 code=0x7ffc0000 [ 104.789264][ T28] audit: type=1326 audit(2000000039.260:985): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f70024403b9 code=0x7ffc0000 [ 104.794557][ T4083] random: crng reseeded on system resumption [ 104.813144][ T28] audit: type=1326 audit(2000000039.260:986): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f700247a6e7 code=0x7ffc0000 [ 104.843735][ T28] audit: type=1326 audit(2000000039.260:987): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4085 comm="syz-executor.4" exe="/root/syz-executor.4" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f70024403b9 code=0x7ffc0000 [ 104.846430][ T4090] loop2: detected capacity change from 0 to 512 [ 104.880878][ T4090] EXT4-fs: journaled quota format not specified [ 105.222721][ T4111] loop2: detected capacity change from 0 to 512 [ 105.240511][ T4111] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=2802c018, mo2=0002] [ 105.248481][ T4111] System zones: 0-2, 18-18, 34-35 [ 105.254412][ T4111] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 105.263312][ T4111] ext4 filesystem being mounted at /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0 supports timestamps until 2038 (0x7fffffff) [ 105.328908][ T4111] loop2: detected capacity change from 512 to 0 [ 105.335605][ T4116] EXT4-fs warning (device loop2): ext4_group_extend:1893: will only finish group (16384 blocks, 16256 new) [ 105.352067][ T3799] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 3: comm syz-executor.2: path /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=60, inode=113, rec_len=0, size=2048 fake=0 [ 105.378311][ T3799] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 12: comm syz-executor.2: path /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0 [ 105.403941][ T3799] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 13: comm syz-executor.2: path /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0 [ 105.429911][ T3799] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 14: comm syz-executor.2: path /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 105.455050][ T3799] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 15: comm syz-executor.2: path /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0 [ 105.480160][ T3799] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 16: comm syz-executor.2: path /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0 [ 105.506207][ T3799] EXT4-fs error (device loop2): ext4_readdir:260: inode #2: block 17: comm syz-executor.2: path /root/syzkaller-testdir3329835758/syzkaller.nmzIlh/41/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0 [ 105.532611][ T3799] EXT4-fs error (device loop2): ext4_map_blocks:607: inode #2: block 18: comm syz-executor.2: lblock 23 mapped to illegal pblock 18 (length 1) [ 105.591407][ T3799] EXT4-fs (loop2): unmounting filesystem. [ 105.766885][ T4120] rtc_cmos 00:00: Alarms can be up to one day in the future [ 105.777120][ T4122] loop4: detected capacity change from 0 to 512 [ 105.787469][ T4122] EXT4-fs: journaled quota format not specified [ 105.849631][ T4123] bridge0: port 1(bridge_slave_0) entered blocking state [ 105.858792][ T4123] bridge0: port 1(bridge_slave_0) entered disabled state [ 105.866062][ T4123] device bridge_slave_0 entered promiscuous mode [ 105.879652][ T4123] bridge0: port 2(bridge_slave_1) entered blocking state [ 105.886554][ T4123] bridge0: port 2(bridge_slave_1) entered disabled state [ 105.896392][ T4123] device bridge_slave_1 entered promiscuous mode [ 105.901703][ T757] rtc_cmos 00:00: Alarms can be up to one day in the future [ 105.910166][ T757] rtc_cmos 00:00: Alarms can be up to one day in the future [ 105.919323][ T757] rtc_cmos 00:00: Alarms can be up to one day in the future [ 105.928678][ T757] rtc_cmos 00:00: Alarms can be up to one day in the future [ 105.936130][ T757] rtc rtc0: __rtc_set_alarm: err=-22 [ 106.004908][ T4123] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.011791][ T4123] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.018938][ T4123] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.025802][ T4123] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.053990][ T428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.063280][ T428] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.072208][ T428] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.090119][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 106.098145][ T2732] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.105106][ T2732] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.112388][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.120717][ T2732] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.127833][ T2732] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.129051][ T6] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 106.144233][ T345] device bridge_slave_1 left promiscuous mode [ 106.150298][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.157557][ T345] device bridge_slave_0 left promiscuous mode [ 106.163617][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.171344][ T345] device veth1_macvtap left promiscuous mode [ 106.177296][ T345] device veth0_vlan left promiscuous mode [ 106.289584][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.297330][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.333544][ T4134] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.340579][ T4134] bridge0: port 1(bridge_slave_0) entered disabled state [ 106.347884][ T4134] device bridge_slave_0 entered promiscuous mode [ 106.355200][ T4134] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.362164][ T4134] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.369259][ T4134] device bridge_slave_1 entered promiscuous mode [ 106.379710][ T6] usb 5-1: Using ep0 maxpacket: 32 [ 106.385213][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 106.410789][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 106.418599][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 106.425919][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 106.435794][ T4123] device veth0_vlan entered promiscuous mode [ 106.469927][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 106.481662][ T4123] device veth1_macvtap entered promiscuous mode [ 106.493585][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 106.498975][ T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 106.512308][ T6] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 106.521844][ T6] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 106.530963][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 106.540535][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 106.559462][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 106.569002][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 106.577264][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 106.585422][ T6] hub 5-1:4.0: USB hub found [ 106.593241][ T330] bridge0: port 1(bridge_slave_0) entered blocking state [ 106.600108][ T330] bridge0: port 1(bridge_slave_0) entered forwarding state [ 106.607530][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 106.629363][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 106.637457][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 106.645536][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 106.652381][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 106.660080][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 106.667984][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 106.681872][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 106.689803][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 106.697615][ T4146] device pim6reg1 entered promiscuous mode [ 106.713352][ T4134] device veth0_vlan entered promiscuous mode [ 106.719451][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 106.727593][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 106.736206][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 106.743862][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 106.752298][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 106.759587][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 106.776451][ T4134] device veth1_macvtap entered promiscuous mode [ 106.783260][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 106.791329][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 106.799182][ T6] hub 5-1:4.0: 2 ports detected [ 106.804178][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 106.818521][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 106.826961][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 106.835297][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 106.843270][ T2732] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 106.877364][ T4150] device bridge_slave_1 left promiscuous mode [ 106.883694][ T4150] bridge0: port 2(bridge_slave_1) entered disabled state [ 106.891075][ T4150] device bridge_slave_0 left promiscuous mode [ 106.896978][ T4150] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.059670][ T6] hub 5-1:4.0: hub_hub_status failed (err = -71) [ 107.065848][ T6] hub 5-1:4.0: config failed, can't get hub status (err -71) [ 107.099628][ T6] usb 5-1: USB disconnect, device number 19 [ 107.157299][ T4163] loop3: detected capacity change from 0 to 40427 [ 107.170060][ T4163] F2FS-fs (loop3): Found nat_bits in checkpoint [ 107.213763][ T4163] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 107.229509][ T345] device bridge_slave_1 left promiscuous mode [ 107.232354][ T4163] syz-executor.3: attempt to access beyond end of device [ 107.232354][ T4163] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 107.235465][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.256874][ T345] device bridge_slave_0 left promiscuous mode [ 107.264359][ T4134] syz-executor.3: attempt to access beyond end of device [ 107.264359][ T4134] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427 [ 107.264382][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.286273][ T345] device veth1_macvtap left promiscuous mode [ 107.292160][ T345] device veth0_vlan left promiscuous mode [ 107.431514][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.432864][ T4176] overlayfs: statfs failed on './file0' [ 107.438535][ T4169] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.454794][ T4169] device bridge_slave_0 entered promiscuous mode [ 107.461909][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.468827][ T4169] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.476461][ T4169] device bridge_slave_1 entered promiscuous mode [ 107.537964][ T4169] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.544858][ T4169] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.551934][ T4169] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.558735][ T4169] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.580004][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.589543][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.604901][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 107.612785][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 107.622675][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 107.715335][ T4185] loop4: detected capacity change from 0 to 512 [ 107.725711][ T4185] EXT4-fs: journaled quota format not specified [ 107.859926][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 107.868034][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 107.874881][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 107.882227][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 107.890381][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 107.898309][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 107.905147][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 107.924985][ T4187] device bridge_slave_1 left promiscuous mode [ 107.931093][ T4187] bridge0: port 2(bridge_slave_1) entered disabled state [ 107.938465][ T4187] device bridge_slave_0 left promiscuous mode [ 107.944859][ T4187] bridge0: port 1(bridge_slave_0) entered disabled state [ 107.990075][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 107.998502][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 108.006408][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 108.006704][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 108.031237][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 108.039450][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 108.051681][ T4198] loop4: detected capacity change from 0 to 256 [ 108.052536][ T4169] device veth0_vlan entered promiscuous mode [ 108.064103][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 108.064442][ T4198] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 108.072522][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 108.096842][ T4169] device veth1_macvtap entered promiscuous mode [ 108.105142][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 108.114256][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 108.121770][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 108.130200][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 108.138407][ T757] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 108.140384][ T4200] loop4: detected capacity change from 0 to 2048 [ 108.161041][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 108.174556][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 108.182895][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 108.193993][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 108.194724][ T4200] loop4: p2 p3 p7 [ 108.223597][ T4208] loop2: detected capacity change from 0 to 256 [ 108.240989][ T4208] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 108.829903][ T4231] loop3: detected capacity change from 0 to 256 [ 108.838486][ T4231] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 108.879845][ T345] device bridge_slave_1 left promiscuous mode [ 108.886802][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 108.894619][ T345] device bridge_slave_0 left promiscuous mode [ 108.901479][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 108.910532][ T345] device veth1_macvtap left promiscuous mode [ 108.916547][ T345] device veth0_vlan left promiscuous mode [ 109.169051][ T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 109.213671][ T4247] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=4247 comm=syz-executor.0 [ 109.749228][ T24] usb 4-1: New USB device found, idVendor=0499, idProduct=1003, bcdDevice=a0.fc [ 109.758219][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 109.766018][ T24] usb 4-1: Product: syz [ 109.770025][ T24] usb 4-1: Manufacturer: syz [ 109.774425][ T24] usb 4-1: SerialNumber: syz [ 109.785183][ T24] usb 4-1: config 0 descriptor?? [ 109.830805][ T24] snd-usb-audio: probe of 4-1:0.0 failed with error -2 [ 109.985211][ T28] kauditd_printk_skb: 119 callbacks suppressed [ 109.985225][ T28] audit: type=1400 audit(2000000044.550:1107): avc: denied { audit_write } for pid=4257 comm="syz-executor.0" capability=29 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 110.014856][ T28] audit: type=1107 audit(2000000044.550:1108): pid=4257 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t msg='' [ 110.041425][ T6] usb 4-1: USB disconnect, device number 16 [ 110.072862][ T4266] loop4: detected capacity change from 0 to 2048 [ 110.104773][ T4266] loop4: p2 p3 p7 [ 110.202342][ T4276] loop2: detected capacity change from 0 to 128 [ 110.436429][ T4281] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.444420][ T4281] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.456018][ T4281] device bridge_slave_0 entered promiscuous mode [ 110.462900][ T4281] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.469948][ T4281] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.477204][ T4281] device bridge_slave_1 entered promiscuous mode [ 110.624886][ T4281] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.631772][ T4281] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.638866][ T4281] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.645636][ T4281] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.681979][ T4286] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.689007][ T4286] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.696333][ T4286] device bridge_slave_0 entered promiscuous mode [ 110.708143][ T4286] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.715074][ T4286] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.722290][ T4286] device bridge_slave_1 entered promiscuous mode [ 110.763730][ T6] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.771051][ T6] bridge0: port 2(bridge_slave_1) entered disabled state [ 110.794268][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 110.803505][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 110.817341][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 110.825726][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 110.833675][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 110.840520][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 110.850817][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 110.859515][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 110.868202][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 110.875162][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 110.897818][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 110.905636][ T4308] loop3: detected capacity change from 0 to 128 [ 110.913739][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 110.922563][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 110.930780][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 110.968373][ T4311] syz-executor.3[4311] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.968453][ T4311] syz-executor.3[4311] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 110.983392][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 111.000975][ T4314] loop0: detected capacity change from 0 to 512 [ 111.005846][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.022176][ T4281] device veth0_vlan entered promiscuous mode [ 111.035214][ T345] device veth1_macvtap left promiscuous mode [ 111.038674][ T4314] EXT4-fs (loop0): 1 orphan inode deleted [ 111.043609][ T345] device veth0_vlan left promiscuous mode [ 111.046876][ T4314] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 111.061196][ T4314] ext4 filesystem being mounted at /root/syzkaller-testdir3404476866/syzkaller.k8KPjB/5/file1 supports timestamps until 2038 (0x7fffffff) [ 111.134512][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 111.142441][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.143604][ T4314] EXT4-fs warning (device loop0): ext4_read_block_bitmap_nowait:486: Cannot get buffer for block bitmap - block_group = 0, block_bitmap = 175 [ 111.156624][ T4281] device veth1_macvtap entered promiscuous mode [ 111.170495][ T4314] EXT4-fs error (device loop0) in ext4_mb_clear_bb:6157: Out of memory [ 111.180356][ T4314] EXT4-fs (loop0): Remounting filesystem read-only [ 111.186919][ T4314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 111.196953][ T4314] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz-executor.0: mark_inode_dirty error [ 111.304203][ T4314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 111.350742][ T4314] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #16: comm syz-executor.0: mark_inode_dirty error [ 111.385062][ T4286] device veth0_vlan entered promiscuous mode [ 111.391815][ T4314] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 111.401300][ T1428] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 111.445621][ T4314] EXT4-fs error (device loop0): ext4_punch_hole:4142: inode #16: comm syz-executor.0: mark_inode_dirty error [ 111.460521][ T4286] device veth1_macvtap entered promiscuous mode [ 111.625702][ T4169] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor.0: path /root/syzkaller-testdir3404476866/syzkaller.k8KPjB/5/file1: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=4096 fake=0 [ 111.626311][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 111.659596][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 111.667973][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.668028][ T4169] EXT4-fs (loop0): unmounting filesystem. [ 111.675318][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 111.688224][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 111.696254][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 111.703561][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 111.710768][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 111.718711][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 111.726775][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 111.734215][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 111.742404][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 111.750563][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.758574][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 111.766797][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 111.774118][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 111.781399][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 111.789474][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 111.797393][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.804234][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 111.811768][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 111.820078][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 111.828057][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.834895][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 111.842105][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 111.849980][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 111.857729][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 111.865621][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 111.874485][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 111.903237][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 111.911816][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 111.920009][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 111.933037][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 111.950992][ T4327] overlayfs: statfs failed on './file0' [ 111.989356][ T1428] usb 5-1: New USB device found, idVendor=0499, idProduct=1003, bcdDevice=a0.fc [ 112.003050][ T1428] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.019736][ T1428] usb 5-1: Product: syz [ 112.027019][ T1428] usb 5-1: Manufacturer: syz [ 112.049049][ T1428] usb 5-1: SerialNumber: syz [ 112.061058][ T1428] usb 5-1: config 0 descriptor?? [ 112.068572][ T4340] loop1: detected capacity change from 0 to 2048 [ 112.100944][ T1428] snd-usb-audio: probe of 5-1:0.0 failed with error -2 [ 112.126759][ T4340] loop1: p2 p3 p7 [ 112.201520][ T4331] loop3: detected capacity change from 0 to 40427 [ 112.231276][ T4331] F2FS-fs (loop3): Found nat_bits in checkpoint [ 112.304695][ T1428] usb 5-1: USB disconnect, device number 20 [ 112.324930][ T4331] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 112.335155][ T4353] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.342063][ T4353] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.349331][ T4353] device bridge_slave_0 entered promiscuous mode [ 112.356348][ T4353] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.363316][ T4353] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.370388][ T4134] syz-executor.3: attempt to access beyond end of device [ 112.370388][ T4134] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 112.370803][ T4353] device bridge_slave_1 entered promiscuous mode [ 112.573015][ T4353] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.577168][ T4373] overlayfs: statfs failed on './file0' [ 112.579926][ T4353] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.580019][ T4353] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.580033][ T4353] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.766154][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 112.809800][ T4325] bridge0: port 1(bridge_slave_0) entered disabled state [ 112.844343][ T4325] bridge0: port 2(bridge_slave_1) entered disabled state [ 112.901437][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 112.927989][ T313] bridge0: port 1(bridge_slave_0) entered blocking state [ 112.934880][ T313] bridge0: port 1(bridge_slave_0) entered forwarding state [ 112.944007][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 112.952235][ T313] bridge0: port 2(bridge_slave_1) entered blocking state [ 112.959125][ T313] bridge0: port 2(bridge_slave_1) entered forwarding state [ 112.987949][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 113.002006][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 113.032341][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 113.042680][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 113.057393][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 113.072884][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 113.082075][ T4353] device veth0_vlan entered promiscuous mode [ 113.092283][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 113.099996][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 113.114746][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 113.123396][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 113.133933][ T345] device bridge_slave_1 left promiscuous mode [ 113.140622][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.148224][ T345] device bridge_slave_0 left promiscuous mode [ 113.154963][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.162797][ T345] device bridge_slave_1 left promiscuous mode [ 113.168776][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 113.175962][ T345] device bridge_slave_0 left promiscuous mode [ 113.182018][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 113.189895][ T345] device veth1_macvtap left promiscuous mode [ 113.195746][ T345] device veth0_vlan left promiscuous mode [ 113.201659][ T345] device veth1_macvtap left promiscuous mode [ 113.207464][ T345] device veth0_vlan left promiscuous mode [ 113.401844][ T4353] device veth1_macvtap entered promiscuous mode [ 113.441934][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 113.457828][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 113.465990][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 113.493418][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 113.502651][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 113.514549][ T4414] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.0'. [ 113.552314][ T4417] loop4: detected capacity change from 0 to 2048 [ 113.585802][ T4410] kvm [4409]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x800 [ 113.602382][ T4417] loop4: p2 p3 p7 [ 113.855677][ T4444] overlayfs: statfs failed on './file0' [ 113.924155][ T4452] loop0: detected capacity change from 0 to 256 [ 114.164781][ T28] audit: type=1400 audit(2000000048.730:1109): avc: denied { rename } for pid=4451 comm="syz-executor.0" name="file1" dev="loop0" ino=1048750 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 114.388915][ T19] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 114.796007][ T19] usb 4-1: config 255 has too many interfaces: 230, using maximum allowed: 32 [ 114.806523][ T19] usb 4-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 114.823926][ T19] usb 4-1: config 255 has 0 interfaces, different from the descriptor's value: 230 [ 114.833599][ T4467] syz-executor.0[4467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.833665][ T4467] syz-executor.0[4467] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 114.848978][ T19] usb 4-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 114.889132][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.909310][ T4476] netlink: 'syz-executor.2': attribute type 16 has an invalid length. [ 114.917383][ T4476] netlink: 'syz-executor.2': attribute type 17 has an invalid length. [ 114.929683][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 114.936857][ T4476] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 115.168978][ T19] usb 4-1: string descriptor 0 read error: -71 [ 115.175300][ T19] usb 4-1: USB disconnect, device number 17 [ 115.220043][ T4506] syz-executor.4[4506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.220104][ T4506] syz-executor.4[4506] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.354580][ T28] audit: type=1400 audit(2000000049.920:1110): avc: denied { wake_alarm } for pid=4521 comm="syz-executor.1" capability=35 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 115.387745][ T24] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 115.471986][ T4539] syz-executor.0[4539] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.472052][ T4539] syz-executor.0[4539] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 115.799299][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 115.847063][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 115.858967][ T24] usb 3-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 115.870844][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.879292][ T24] usb 3-1: config 0 descriptor?? [ 116.105882][ T4571] kvm [4570]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x800 [ 116.158962][ T313] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 116.359234][ T24] hid (null): bogus close delimiter [ 116.539121][ T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 116.568980][ T313] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 116.578546][ T313] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 116.591353][ T24] usb 3-1: language id specifier not provided by device, defaulting to English [ 116.628929][ T313] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 116.648957][ T313] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 116.660464][ T313] usb 1-1: config 0 descriptor?? [ 116.775873][ T4587] bridge0: port 1(bridge_slave_0) entered blocking state [ 116.783189][ T4587] bridge0: port 1(bridge_slave_0) entered disabled state [ 116.799696][ T4587] device bridge_slave_0 entered promiscuous mode [ 116.817154][ T4587] bridge0: port 2(bridge_slave_1) entered blocking state [ 116.837017][ T4587] bridge0: port 2(bridge_slave_1) entered disabled state [ 116.854069][ T4587] device bridge_slave_1 entered promiscuous mode [ 117.021116][ T24] input: HID 256c:006d Pen as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.001C/input/input28 [ 117.044972][ T4593] loop4: detected capacity change from 0 to 256 [ 117.048222][ T4587] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.057912][ T4587] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.065038][ T4587] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.071809][ T4587] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.085690][ T24] input: HID 256c:006d Pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.001C/input/input29 [ 117.119857][ T24] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.001C/input/input30 [ 117.139891][ T313] plantronics 0003:047F:FFFF.001D: No inputs registered, leaving [ 117.160297][ T24] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:256C:006D.001C/input/input31 [ 117.172375][ T313] plantronics 0003:047F:FFFF.001D: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 117.188557][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 117.200161][ T330] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.210690][ T24] uclogic 0003:256C:006D.001C: input,hiddev97,hidraw1: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.2-1/input0 [ 117.223337][ T330] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.241141][ T24] usb 3-1: USB disconnect, device number 10 [ 117.249734][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 117.260330][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 117.277202][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 117.284092][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 117.307777][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 117.323730][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 117.338068][ T6] bridge0: port 2(bridge_slave_1) entered blocking state [ 117.344957][ T6] bridge0: port 2(bridge_slave_1) entered forwarding state [ 117.383383][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 117.393456][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 117.419982][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 117.427934][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 117.443071][ T345] device bridge_slave_1 left promiscuous mode [ 117.458967][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 117.466230][ T345] device bridge_slave_0 left promiscuous mode [ 117.472596][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 117.494389][ T345] device veth1_macvtap left promiscuous mode [ 117.510768][ T345] device veth0_vlan left promiscuous mode [ 117.862666][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 117.874353][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 117.897129][ T4587] device veth0_vlan entered promiscuous mode [ 117.905379][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 117.914241][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 117.929488][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 117.943035][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 117.963328][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 117.974710][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 117.988303][ T4587] device veth1_macvtap entered promiscuous mode [ 117.996287][ T4610] syz-executor.3[4610] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 117.996353][ T4610] syz-executor.3[4610] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.011674][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 118.030919][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 118.039240][ T4610] syz-executor.3[4610] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.039304][ T4610] syz-executor.3[4610] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 118.050938][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 118.065096][ T4608] loop2: detected capacity change from 0 to 40427 [ 118.078914][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 118.083102][ T4608] F2FS-fs (loop2): Found nat_bits in checkpoint [ 118.087057][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 118.142770][ T4608] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 118.151988][ T4620] netlink: 'syz-executor.1': attribute type 16 has an invalid length. [ 118.160500][ T4620] netlink: 'syz-executor.1': attribute type 17 has an invalid length. [ 118.171650][ T4620] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 118.179566][ T4620] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready [ 118.197879][ T4281] syz-executor.2: attempt to access beyond end of device [ 118.197879][ T4281] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 118.328485][ T4637] Bluetooth: hci0: sending frame failed (-49) [ 118.334634][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -49 [ 118.358952][ C1] plantronics 0003:047F:FFFF.001D: usb_submit_urb(ctrl) failed: -1 [ 118.591182][ T28] audit: type=1400 audit(2000000053.160:1111): avc: denied { connect } for pid=4645 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 118.624233][ T28] audit: type=1400 audit(2000000053.180:1112): avc: denied { write } for pid=4645 comm="syz-executor.2" path="socket:[37440]" dev="sockfs" ino=37440 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1 [ 118.697742][ T4651] loop2: detected capacity change from 0 to 512 [ 118.705864][ T4651] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 118.714060][ T4651] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 118.722494][ T4651] EXT4-fs (loop2): 1 truncate cleaned up [ 118.728156][ T4651] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 118.744048][ T4651] EXT4-fs error (device loop2): ext4_append:79: inode #2: comm syz-executor.2: Logical block already allocated [ 118.755815][ T4651] EXT4-fs (loop2): Remounting filesystem read-only [ 118.813749][ T4281] EXT4-fs (loop2): unmounting filesystem. [ 118.880855][ T462] Bluetooth: hci0: Frame reassembly failed (-84) [ 119.158954][ T330] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 119.179726][ T313] usb 1-1: USB disconnect, device number 17 [ 119.356172][ T4689] syz-executor.1[4689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.356222][ T4689] syz-executor.1[4689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.368671][ T4689] syz-executor.1[4689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.380293][ T4689] syz-executor.1[4689] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 119.520190][ T330] usb 5-1: config 255 has too many interfaces: 230, using maximum allowed: 32 [ 119.540454][ T330] usb 5-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 119.550416][ T330] usb 5-1: config 255 has 0 interfaces, different from the descriptor's value: 230 [ 119.559520][ T330] usb 5-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 119.568411][ T330] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.852268][ T330] usb 5-1: string descriptor 0 read error: -71 [ 119.859010][ T330] usb 5-1: USB disconnect, device number 21 [ 119.864769][ T6] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 120.113026][ T28] audit: type=1400 audit(2000000054.675:1113): avc: denied { map } for pid=4717 comm="syz-executor.2" path="socket:[38700]" dev="sockfs" ino=38700 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=unix_dgram_socket permissive=1 [ 120.143420][ T4720] syz-executor.2[4720] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.143509][ T4720] syz-executor.2[4720] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 120.184679][ T28] audit: type=1400 audit(2000000054.745:1114): avc: denied { append } for pid=4721 comm="syz-executor.2" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 120.255523][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 120.266232][ T6] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 120.275777][ T6] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 120.288559][ T6] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 120.297463][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.306240][ T6] usb 2-1: config 0 descriptor?? [ 120.384269][ T4733] loop2: detected capacity change from 0 to 512 [ 120.392369][ T4733] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 120.400299][ T4733] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 120.408775][ T4733] EXT4-fs (loop2): 1 truncate cleaned up [ 120.414371][ T4733] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 120.430360][ T4733] EXT4-fs error (device loop2): ext4_append:79: inode #2: comm syz-executor.2: Logical block already allocated [ 120.442279][ T4733] EXT4-fs (loop2): Remounting filesystem read-only [ 120.492405][ T4281] EXT4-fs (loop2): unmounting filesystem. [ 120.787892][ T6] plantronics 0003:047F:FFFF.001E: No inputs registered, leaving [ 120.796320][ T6] plantronics 0003:047F:FFFF.001E: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 120.939871][ T4759] bridge0: port 1(bridge_slave_0) entered blocking state [ 120.946803][ T4759] bridge0: port 1(bridge_slave_0) entered disabled state [ 120.946977][ T4637] Bluetooth: hci0: command 0x1003 tx timeout [ 120.953860][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 120.960111][ T4759] device bridge_slave_0 entered promiscuous mode [ 120.979007][ T4759] bridge0: port 2(bridge_slave_1) entered blocking state [ 120.985947][ T4759] bridge0: port 2(bridge_slave_1) entered disabled state [ 120.996538][ T4759] device bridge_slave_1 entered promiscuous mode [ 121.065871][ T4759] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.072771][ T4759] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.079892][ T4759] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.086643][ T4759] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.115639][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 121.124838][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.132511][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.147555][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 121.155693][ T4604] bridge0: port 1(bridge_slave_0) entered blocking state [ 121.162563][ T4604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 121.169759][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 121.177729][ T4765] mmap: syz-executor.0 (4765) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 121.190446][ T4604] bridge0: port 2(bridge_slave_1) entered blocking state [ 121.197308][ T4604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 121.217484][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 121.225383][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 121.241707][ T4759] device veth0_vlan entered promiscuous mode [ 121.248461][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 121.256705][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 121.264760][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 121.280424][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 121.288176][ T4768] loop4: detected capacity change from 0 to 16 [ 121.297180][ T4768] erofs: (device loop4): mounted with root inode @ nid 36. [ 121.301717][ T4759] device veth1_macvtap entered promiscuous mode [ 121.311392][ T28] audit: type=1400 audit(2000000055.869:1115): avc: denied { mounton } for pid=4767 comm="syz-executor.4" path="/root/syzkaller-testdir1318430042/syzkaller.w4mncA/92/file2/file0" dev="loop4" ino=46 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 121.341317][ T28] audit: type=1400 audit(2000000055.899:1116): avc: denied { mount } for pid=4767 comm="syz-executor.4" name="/" dev="configfs" ino=7369 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:configfs_t tclass=filesystem permissive=1 [ 121.364791][ T1428] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 121.380937][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 121.389542][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 121.467767][ T462] device bridge_slave_1 left promiscuous mode [ 121.474051][ T462] bridge0: port 2(bridge_slave_1) entered disabled state [ 121.481883][ T462] device bridge_slave_0 left promiscuous mode [ 121.488065][ T462] bridge0: port 1(bridge_slave_0) entered disabled state [ 121.496095][ T462] device veth1_macvtap left promiscuous mode [ 121.502176][ T462] device veth0_vlan left promiscuous mode [ 121.608308][ T6] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 121.850033][ T6] usb 5-1: Using ep0 maxpacket: 16 [ 121.971063][ T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 121.979894][ T6] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 121.989372][ T6] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 121.999116][ T6] usb 5-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 122.008776][ T6] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 122.018377][ T6] usb 5-1: config 1 interface 0 has no altsetting 0 [ 122.024793][ T6] usb 5-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 122.033802][ T6] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.051627][ C1] plantronics 0003:047F:FFFF.001E: usb_submit_urb(ctrl) failed: -1 [ 122.082220][ T6] ums-sddr09 5-1:1.0: USB Mass Storage device detected [ 122.308056][ T6] scsi host1: usb-storage 5-1:1.0 [ 122.330393][ T28] audit: type=1326 audit(2000000056.882:1117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.370015][ T28] audit: type=1326 audit(2000000056.912:1118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.414440][ T28] audit: type=1326 audit(2000000056.912:1119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.457446][ T28] audit: type=1326 audit(2000000056.912:1120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.501525][ T28] audit: type=1326 audit(2000000056.912:1121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.528031][ T4768] SELinux: security_context_str_to_sid (Õ!ƒ!ÔÆ Œ ÁPq vXØ@‚ÉÿR) failed with errno=-22 [ 122.544797][ T28] audit: type=1326 audit(2000000056.912:1122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.546266][ T6] usb 5-1: USB disconnect, device number 22 [ 122.596349][ T28] audit: type=1326 audit(2000000056.912:1123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.643282][ T28] audit: type=1326 audit(2000000056.912:1124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4797 comm="syz-executor.0" exe="/root/syz-executor.0" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68e2c7cf69 code=0x7ffc0000 [ 122.958960][ T24] usb 2-1: reset high-speed USB device number 12 using dummy_hcd [ 122.999028][ T24] usb 2-1: device reset changed ep0 maxpacket size! [ 123.005707][ T332] usb 2-1: USB disconnect, device number 12 [ 123.104551][ T3664] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 305 [ 123.115983][ T3664] erofs: (device loop4): erofs_read_inode: bogus i_mode (0) @ nid 305 [ 123.132871][ T4830] loop2: detected capacity change from 0 to 512 [ 123.141365][ T4830] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2 [ 123.149497][ T4830] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2 [ 123.157824][ T4830] EXT4-fs (loop2): 1 truncate cleaned up [ 123.163679][ T332] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 123.171153][ T4830] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 123.192942][ T4830] EXT4-fs error (device loop2): ext4_append:79: inode #2: comm syz-executor.2: Logical block already allocated [ 123.235115][ T4830] EXT4-fs (loop2): Remounting filesystem read-only [ 123.237622][ T4824] loop0: detected capacity change from 0 to 40427 [ 123.264255][ T4824] F2FS-fs (loop0): Found nat_bits in checkpoint [ 123.333174][ T4824] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 123.349230][ T4759] EXT4-fs (loop2): unmounting filesystem. [ 123.377038][ T4353] syz-executor.0: attempt to access beyond end of device [ 123.377038][ T4353] loop0: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 123.408548][ T4838] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.411354][ T332] usb 2-1: Using ep0 maxpacket: 8 [ 123.423506][ T4838] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.431373][ T4838] device bridge_slave_0 entered promiscuous mode [ 123.440179][ T4838] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.447550][ T4838] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.454869][ T4838] device bridge_slave_1 entered promiscuous mode [ 123.531550][ T332] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 123.533064][ T4838] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.539627][ T332] usb 2-1: config 179 has no interface number 0 [ 123.539654][ T332] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 123.546504][ T4838] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.546587][ T4838] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.577311][ T4838] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.581886][ T332] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 123.602369][ T332] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 123.627003][ T332] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 123.631514][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 123.644203][ T332] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 123.658474][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.661176][ T332] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 123.674334][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.685654][ T332] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.697586][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 123.705802][ T24] bridge0: port 1(bridge_slave_0) entered blocking state [ 123.712651][ T24] bridge0: port 1(bridge_slave_0) entered forwarding state [ 123.719879][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 123.731218][ T24] bridge0: port 2(bridge_slave_1) entered blocking state [ 123.738088][ T24] bridge0: port 2(bridge_slave_1) entered forwarding state [ 123.745237][ T4809] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 123.755681][ T345] device bridge_slave_1 left promiscuous mode [ 123.762056][ T345] bridge0: port 2(bridge_slave_1) entered disabled state [ 123.771006][ T345] device bridge_slave_0 left promiscuous mode [ 123.777201][ T345] bridge0: port 1(bridge_slave_0) entered disabled state [ 123.785185][ T345] device veth1_macvtap left promiscuous mode [ 123.792701][ T345] device veth0_vlan left promiscuous mode [ 123.945131][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 123.952992][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 123.963357][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 123.971226][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 124.022731][ T4838] device veth0_vlan entered promiscuous mode [ 124.029345][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 124.038008][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 124.046253][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 124.054040][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 124.069349][ T4838] device veth1_macvtap entered promiscuous mode [ 124.089111][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 124.096719][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 124.110131][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 124.118819][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 124.127710][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 124.135379][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 124.144076][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 124.152297][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 124.160587][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 124.165099][ T4325] usb 2-1: USB disconnect, device number 13 [ 124.176555][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 124.199456][ T4866] loop0: detected capacity change from 0 to 2048 [ 124.231488][ T4866] loop0: p2 p3 p7 [ 124.315004][ T4862] loop4: detected capacity change from 0 to 40427 [ 124.322141][ T4862] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 124.329783][ T4862] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 124.338960][ T4862] F2FS-fs (loop4): invalid crc value [ 124.345519][ T4862] F2FS-fs (loop4): Found nat_bits in checkpoint [ 124.394591][ T4862] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0 [ 124.402383][ T4862] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 124.675576][ T4891] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 124.927983][ T4889] kvm [4882]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0x187 data 0x800 [ 125.163650][ T4899] loop0: detected capacity change from 0 to 256 [ 125.309721][ T4899] loop0: detected capacity change from 0 to 512 [ 125.316583][ T4899] EXT4-fs: Ignoring removed i_version option [ 125.322462][ T4899] journal_path: Lookup failure for './file0' [ 125.328287][ T4899] EXT4-fs: error: could not find journal device path [ 125.682950][ T345] Bluetooth: hci0: Frame reassembly failed (-84) [ 125.843615][ T4921] loop1: detected capacity change from 0 to 256 [ 126.480837][ T4932] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 127.304630][ T4954] loop0: detected capacity change from 0 to 256 [ 127.326018][ T4948] loop1: detected capacity change from 0 to 40427 [ 127.333006][ T4948] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 127.340578][ T4948] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 127.361038][ T4948] F2FS-fs (loop1): invalid crc value [ 127.377849][ T4948] F2FS-fs (loop1): Found nat_bits in checkpoint [ 127.445861][ T4948] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 127.452814][ T4948] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 127.485510][ T4954] loop0: detected capacity change from 0 to 512 [ 127.502306][ T4954] EXT4-fs: Ignoring removed i_version option [ 127.517055][ T4954] journal_path: Lookup failure for './file0' [ 127.531666][ T4954] EXT4-fs: error: could not find journal device path [ 127.555282][ T28] kauditd_printk_skb: 42 callbacks suppressed [ 127.555297][ T28] audit: type=1326 audit(2000000062.074:1167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=4963 comm="syz-executor.1" exe="/root/syz-executor.1" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f177ec7cf69 code=0x0 [ 127.713562][ T4637] Bluetooth: hci0: command 0x1003 tx timeout [ 127.719413][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 128.712498][ T4978] loop4: detected capacity change from 0 to 40427 [ 128.719018][ T28] audit: type=1400 audit(2000000063.225:1168): avc: denied { mounton } for pid=4977 comm="syz-executor.4" path="/root/syzkaller-testdir1892292320/syzkaller.oxQxH1/12/file0/bus" dev="tmpfs" ino=3 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=dir permissive=1 [ 128.719267][ T4978] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 128.753729][ T4978] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 128.761961][ T4978] F2FS-fs (loop4): Unrecognized mount option "" or missing value [ 128.880515][ T28] audit: type=1326 audit(2000000063.384:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5006 comm="syz-executor.0" exe="/root/syz-executor.0" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f68e2c7cf69 code=0x0 [ 129.091973][ T5023] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 129.394607][ T5021] loop4: detected capacity change from 0 to 40427 [ 129.403379][ T5021] F2FS-fs (loop4): Found nat_bits in checkpoint [ 129.437173][ T5021] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 129.495484][ T4838] syz-executor.4: attempt to access beyond end of device [ 129.495484][ T4838] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427 [ 129.920912][ T5048] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4293967296 (8587934592 ns) > initial count (394 ns). Using initial count to start timer. [ 129.952930][ T5048] kvm: pic: non byte write [ 130.294156][ T5093] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.4'. [ 130.335965][ T5074] loop2: detected capacity change from 0 to 40427 [ 130.343003][ T5074] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12 [ 130.350613][ T5074] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock [ 130.367122][ T5074] F2FS-fs (loop2): invalid crc value [ 130.386409][ T5074] F2FS-fs (loop2): Found nat_bits in checkpoint [ 130.395557][ T5095] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4293967296 (8587934592 ns) > initial count (394 ns). Using initial count to start timer. [ 130.421222][ T28] audit: type=1400 audit(2000000064.913:1170): avc: denied { execute } for pid=5114 comm="syz-executor.4" path="/root/syzkaller-testdir1892292320/syzkaller.oxQxH1/27/file0/bus" dev="ramfs" ino=41126 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:ramfs_t tclass=file permissive=1 [ 130.449493][ T5095] kvm: pic: non byte write [ 130.480871][ T5074] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0 [ 130.488631][ T5074] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 130.500664][ T5124] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.1'. [ 130.675331][ T5147] input: syz1 as /devices/virtual/input/input33 [ 130.770725][ T5175] futex_wake_op: syz-executor.1 tries to shift op by -1; fix this program [ 130.831895][ T5186] input: syz1 as /devices/virtual/input/input34 [ 130.917481][ T5200] devpts: called with bogus options [ 130.938040][ T5202] bpf_get_probe_write_proto: 8 callbacks suppressed [ 130.938059][ T5202] syz-executor.2[5202] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 130.945130][ T5202] syz-executor.2[5202] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 130.951533][ T5209] input: syz1 as /devices/virtual/input/input35 [ 131.126500][ T5232] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4293967296 (8587934592 ns) > initial count (394 ns). Using initial count to start timer. [ 131.151057][ T5232] kvm: pic: non byte write [ 131.297576][ T5252] input: syz1 as /devices/virtual/input/input36 [ 131.349911][ T5266] input: syz1 as /devices/virtual/input/input37 [ 131.418503][ T5271] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4293967296 (8587934592 ns) > initial count (394 ns). Using initial count to start timer. [ 131.419614][ T5279] syz-executor.4[5279] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.435289][ T5279] syz-executor.4[5279] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 131.457882][ T5271] kvm: pic: non byte write [ 131.544137][ T5287] SELinux: Context Ü is not valid (left unmapped). [ 131.590957][ T28] audit: type=1400 audit(2000000066.082:1171): avc: denied { getopt } for pid=5294 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 131.717927][ T5312] loop1: detected capacity change from 0 to 1024 [ 131.725014][ T5312] EXT4-fs: Ignoring removed bh option [ 131.730440][ T5312] EXT4-fs (loop1): Test dummy encryption mode enabled [ 131.738760][ T5312] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 131.866324][ T5322] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4293967296 (8587934592 ns) > initial count (394 ns). Using initial count to start timer. [ 131.916457][ T5322] kvm: pic: non byte write [ 132.102150][ T4587] EXT4-fs (loop1): unmounting filesystem. [ 132.226836][ T28] audit: type=1400 audit(2000000066.722:1172): avc: denied { execute } for pid=5350 comm="syz-executor.2" dev="tmpfs" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 132.268450][ T5337] loop0: detected capacity change from 0 to 40427 [ 132.270421][ T28] audit: type=1400 audit(2000000066.722:1173): avc: denied { execute_no_trans } for pid=5350 comm="syz-executor.2" path=2F6D656D66643A5B0BDB58AE5B1AA9FDFAADD16D64C8854858A9250C1A65E0202864656C6574656429 dev="tmpfs" ino=125 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 132.275556][ T5337] F2FS-fs (loop0): Invalid log blocks per segment (4278190089) [ 132.311860][ T5337] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 132.321296][ T5337] F2FS-fs (loop0): invalid crc value [ 132.332941][ T5337] F2FS-fs (loop0): Found nat_bits in checkpoint [ 132.383759][ T5371] loop4: detected capacity change from 0 to 1024 [ 132.390582][ T5371] EXT4-fs: Ignoring removed bh option [ 132.396849][ T5371] EXT4-fs (loop4): Test dummy encryption mode enabled [ 132.400592][ T5337] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 132.405536][ T5371] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 132.410379][ T5337] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 132.430091][ T5337] syz-executor.0: attempt to access beyond end of device [ 132.430091][ T5337] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 132.448566][ T4353] syz-executor.0: attempt to access beyond end of device [ 132.448566][ T4353] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 132.858913][ T28] audit: type=1400 audit(2000000067.352:1174): avc: denied { getopt } for pid=5416 comm="syz-executor.1" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 132.881513][ T4838] EXT4-fs (loop4): unmounting filesystem. [ 132.964691][ T5426] VFS: Lookup of 'file0' in fuse fuse would have caused loop [ 133.005828][ T28] audit: type=1400 audit(2000000067.502:1175): avc: denied { read } for pid=5439 comm="syz-executor.4" path="socket:[41792]" dev="sockfs" ino=41792 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_netfilter_socket permissive=1 [ 133.053827][ T5444] loop1: detected capacity change from 0 to 256 [ 133.097782][ T5446] loop4: detected capacity change from 0 to 1024 [ 133.104669][ T5446] EXT4-fs: Ignoring removed bh option [ 133.110270][ T5446] EXT4-fs (loop4): Test dummy encryption mode enabled [ 133.129402][ T5446] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 133.699958][ T4838] EXT4-fs (loop4): unmounting filesystem. [ 133.803665][ T332] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 133.875171][ T5479] VFS: Lookup of 'file0' in fuse fuse would have caused loop [ 134.043684][ T332] usb 1-1: Using ep0 maxpacket: 32 [ 134.096141][ T4759] ------------[ cut here ]------------ [ 134.101484][ T4759] WARNING: CPU: 1 PID: 4759 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0 [ 134.111660][ T4759] Modules linked in: [ 134.115739][ T4759] CPU: 1 PID: 4759 Comm: syz-executor.2 Not tainted 6.1.78-syzkaller-00148-g62a4d78ddaf1 #0 [ 134.126811][ T4759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 134.136866][ T4759] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 134.142591][ T4759] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b 45 56 ff <0f> 0b e9 06 ff ff ff e8 8f 45 56 ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 134.162481][ T4759] RSP: 0018:ffffc90001f57ae0 EFLAGS: 00010293 [ 134.163728][ T332] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.168433][ T4759] RAX: ffffffff821f2e65 RBX: 0000000000000000 RCX: ffff88813bba0000 [ 134.179914][ T5512] VFS: Lookup of 'file0' in fuse fuse would have caused loop [ 134.187298][ T4759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 134.187316][ T4759] RBP: ffffc90001f57b10 R08: ffffffff821f2d64 R09: ffffed1023f60262 [ 134.187330][ T4759] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813c4eb440 [ 134.201239][ T332] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.202394][ T4759] R13: ffff88813c4eb470 R14: 1ffff1102789d68e R15: ffff88811fb01268 [ 134.202412][ T4759] FS: 0000555555918480(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000 [ 134.220128][ T332] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 134.227585][ T4759] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 134.227603][ T4759] CR2: 0000000020ae9000 CR3: 000000011ab2d000 CR4: 00000000003506a0 [ 134.227618][ T4759] Call Trace: [ 134.227623][ T4759] [ 134.227630][ T4759] ? show_regs+0x58/0x60 [ 134.237448][ T332] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 134.244165][ T4759] ? __warn+0x160/0x3d0 [ 134.244195][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.244221][ T4759] ? report_bug+0x4d5/0x7d0 [ 134.244245][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.244269][ T4759] ? handle_bug+0x41/0x70 [ 134.244287][ T4759] ? exc_invalid_op+0x1b/0x50 [ 134.244310][ T4759] ? asm_exc_invalid_op+0x1b/0x20 [ 134.244328][ T4759] ? ovl_dir_modified+0xa4/0x1e0 [ 134.255342][ T332] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 134.261289][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.269197][ T332] usb 1-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 134.272224][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.275083][ T332] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.279083][ T4759] ovl_do_remove+0x7fc/0xbf0 [ 134.279107][ T4759] ? ovl_set_redirect+0x670/0x670 [ 134.362496][ T332] usb 1-1: config 0 descriptor?? [ 134.365455][ T4759] ? selinux_inode_rmdir+0x22/0x30 [ 134.384450][ T4759] ovl_rmdir+0x1a/0x20 [ 134.388345][ T4759] vfs_rmdir+0x398/0x500 [ 134.392427][ T4759] incfs_kill_sb+0x113/0x230 [ 134.396876][ T4759] deactivate_locked_super+0xad/0x110 [ 134.402062][ T4759] deactivate_super+0xbe/0xf0 [ 134.406593][ T4759] cleanup_mnt+0x485/0x510 [ 134.410822][ T4759] ? user_path_at_empty+0x14e/0x1a0 [ 134.415868][ T4759] __cleanup_mnt+0x19/0x20 [ 134.420108][ T4759] task_work_run+0x24d/0x2e0 [ 134.424560][ T4759] ? task_work_cancel+0x2b0/0x2b0 [ 134.429396][ T4759] ? __x64_sys_umount+0x122/0x170 [ 134.434274][ T4759] exit_to_user_mode_loop+0x94/0xa0 [ 134.439288][ T4759] exit_to_user_mode_prepare+0x5a/0xa0 [ 134.444595][ T4759] syscall_exit_to_user_mode+0x26/0x140 [ 134.449966][ T4759] do_syscall_64+0x49/0xb0 [ 134.454647][ T4759] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.460371][ T4759] RIP: 0033:0x7f92c847e297 [ 134.464753][ T4759] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 134.484178][ T4759] RSP: 002b:00007ffd0e40e008 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 134.492405][ T4759] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f92c847e297 [ 134.500318][ T4759] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd0e40e0c0 [ 134.508125][ T4759] RBP: 00007ffd0e40e0c0 R08: 0000000000000000 R09: 0000000000000000 [ 134.515934][ T4759] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd0e40f170 [ 134.523743][ T4759] R13: 00007f92c84d9636 R14: 0000000000020b59 R15: 000000000000000b [ 134.531548][ T4759] [ 134.534445][ T4759] ---[ end trace 0000000000000000 ]--- [ 134.540182][ T4759] ------------[ cut here ]------------ [ 134.545488][ T4759] WARNING: CPU: 0 PID: 4759 at fs/overlayfs/util.c:484 ovl_dir_modified+0x1a5/0x1e0 [ 134.554658][ T4759] Modules linked in: [ 134.558382][ T4759] CPU: 0 PID: 4759 Comm: syz-executor.2 Tainted: G W 6.1.78-syzkaller-00148-g62a4d78ddaf1 #0 [ 134.569768][ T4759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 134.579654][ T4759] RIP: 0010:ovl_dir_modified+0x1a5/0x1e0 [ 134.585125][ T4759] Code: 00 00 fc ff df 80 3c 08 00 74 08 4c 89 ff e8 42 44 9d ff 49 ff 07 48 83 c4 08 5b 41 5c 41 5d 41 5e 41 5f 5d c3 e8 9b 45 56 ff <0f> 0b e9 06 ff ff ff e8 8f 45 56 ff 0f 0b e9 3d ff ff ff 44 89 e1 [ 134.604579][ T4759] RSP: 0018:ffffc90001f57ae0 EFLAGS: 00010293 [ 134.610452][ T4759] RAX: ffffffff821f2e65 RBX: 0000000000000000 RCX: ffff88813bba0000 [ 134.618368][ T4759] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 134.626226][ T4759] RBP: ffffc90001f57b10 R08: ffffffff821f2d64 R09: ffffed1023f60262 [ 134.633991][ T4759] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff88813c4eb440 [ 134.641784][ T4759] R13: ffff88813c4eb470 R14: 1ffff1102789d68e R15: ffff88811fb01268 [ 134.649612][ T4759] FS: 0000555555918480(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000 [ 134.658519][ T4759] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 134.664958][ T4759] CR2: 0000001b31e26000 CR3: 000000011ab2d000 CR4: 00000000003506b0 [ 134.672751][ T4759] Call Trace: [ 134.675882][ T4759] [ 134.678650][ T4759] ? show_regs+0x58/0x60 [ 134.682728][ T4759] ? __warn+0x160/0x3d0 [ 134.686738][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.691582][ T4759] ? report_bug+0x4d5/0x7d0 [ 134.695961][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.700781][ T4759] ? handle_bug+0x41/0x70 [ 134.704980][ T4759] ? exc_invalid_op+0x1b/0x50 [ 134.709458][ T4759] ? asm_exc_invalid_op+0x1b/0x20 [ 134.714332][ T4759] ? ovl_dir_modified+0xa4/0x1e0 [ 134.719095][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.723966][ T4759] ? ovl_dir_modified+0x1a5/0x1e0 [ 134.728816][ T4759] ovl_do_remove+0x7fc/0xbf0 [ 134.733244][ T4759] ? ovl_set_redirect+0x670/0x670 [ 134.738119][ T4759] ? selinux_inode_rmdir+0x22/0x30 [ 134.743049][ T4759] ovl_rmdir+0x1a/0x20 [ 134.746970][ T4759] vfs_rmdir+0x398/0x500 [ 134.751033][ T4759] incfs_kill_sb+0x1b4/0x230 [ 134.755477][ T4759] deactivate_locked_super+0xad/0x110 [ 134.760668][ T4759] deactivate_super+0xbe/0xf0 [ 134.765295][ T4759] cleanup_mnt+0x485/0x510 [ 134.769537][ T4759] ? user_path_at_empty+0x14e/0x1a0 [ 134.774589][ T4759] __cleanup_mnt+0x19/0x20 [ 134.778825][ T4759] task_work_run+0x24d/0x2e0 [ 134.783252][ T4759] ? task_work_cancel+0x2b0/0x2b0 [ 134.788131][ T4759] ? __x64_sys_umount+0x122/0x170 [ 134.792971][ T4759] exit_to_user_mode_loop+0x94/0xa0 [ 134.798022][ T4759] exit_to_user_mode_prepare+0x5a/0xa0 [ 134.803298][ T4759] syscall_exit_to_user_mode+0x26/0x140 [ 134.808703][ T4759] do_syscall_64+0x49/0xb0 [ 134.812938][ T4759] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 134.818678][ T4759] RIP: 0033:0x7f92c847e297 [ 134.822915][ T4759] Code: b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b0 ff ff ff f7 d8 64 89 02 b8 [ 134.842377][ T4759] RSP: 002b:00007ffd0e40e008 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6 [ 134.850613][ T4759] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f92c847e297 [ 134.858425][ T4759] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd0e40e0c0 [ 134.866267][ T4759] RBP: 00007ffd0e40e0c0 R08: 0000000000000000 R09: 0000000000000000 [ 134.874051][ T4759] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd0e40f170 [ 134.882017][ T4759] R13: 00007f92c84d9636 R14: 0000000000020b59 R15: 000000000000000b [ 134.889847][ T4759] [ 134.892696][ T4759] ---[ end trace 0000000000000000 ]--- [ 134.916290][ T5525] loop2: detected capacity change from 0 to 256 [ 134.935081][ T332] ntrig 0003:1B96:000A.001F: hidraw0: USB HID v0.00 Device [HID 1b96:000a] on usb-dummy_hcd.0-1/input0 [ 135.202924][ T5536] loop1: detected capacity change from 0 to 1024 [ 135.233848][ T5536] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 135.286761][ T332] usb 1-1: USB disconnect, device number 18 [ 135.295988][ T4587] EXT4-fs (loop1): unmounting filesystem. [ 135.379536][ T5544] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 135.753667][ T4604] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 136.124323][ T5568] loop0: detected capacity change from 0 to 1024 [ 136.135278][ T5568] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 136.150239][ T4353] EXT4-fs (loop0): unmounting filesystem. [ 136.155870][ T4604] usb 2-1: Using ep0 maxpacket: 8 [ 136.263303][ T5575] EXT4-fs (sda1): re-mounted. Quota mode: none. [ 136.273729][ T4604] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 136.281813][ T4604] usb 2-1: config 179 has no interface number 0 [ 136.287918][ T4604] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 136.298799][ T4604] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 136.309913][ T4604] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 136.321969][ T4604] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 136.333184][ T4604] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 136.348512][ T4604] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 136.357609][ T4604] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.384017][ T5552] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 136.430820][ T5586] loop0: detected capacity change from 0 to 256 [ 136.919451][ T5600] loop2: detected capacity change from 0 to 1024 [ 136.928392][ T5600] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 136.990113][ T1428] usb 2-1: USB disconnect, device number 14 [ 137.003667][ C0] xpad 2-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 137.024031][ T4637] Bluetooth: hci0: command 0x1003 tx timeout [ 137.024111][ T45] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 137.506589][ T5614] loop0: detected capacity change from 0 to 1024 [ 137.526896][ T5614] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 137.544842][ T4353] EXT4-fs (loop0): unmounting filesystem. [ 137.595024][ T5622] loop0: detected capacity change from 0 to 512 [ 137.615524][ T5622] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 137.624327][ T5622] ext4 filesystem being mounted at /root/syzkaller-testdir157289117/syzkaller.DeuLGt/106/file0 supports timestamps until 2038 (0x7fffffff) [ 137.640307][ T28] audit: type=1400 audit(2000000072.132:1176): avc: denied { rename } for pid=5621 comm="syz-executor.0" name="file0" dev="loop0" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 137.641351][ T5622] EXT4-fs error (device loop0): ext4_get_first_dir_block:3562: inode #12: comm syz-executor.0: directory missing '..' [ 137.942825][ T4353] EXT4-fs (loop0): unmounting filesystem. [ 137.987339][ T5600] syz-executor.2 (5600) used greatest stack depth: 19056 bytes left [ 137.996528][ T4759] EXT4-fs (loop2): unmounting filesystem. [ 138.011025][ T5636] loop4: detected capacity change from 0 to 16 [ 138.013017][ T5634] incfs: Options parsing error. -22 [ 138.017838][ T5636] erofs: (device loop4): mounted with root inode @ nid 36. [ 138.022073][ T5634] incfs: mount failed -22 [ 138.501608][ T5650] loop0: detected capacity change from 0 to 40427 [ 138.509151][ T5650] F2FS-fs (loop0): Invalid log blocks per segment (4278190089) [ 138.516639][ T5650] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 138.526913][ T5650] F2FS-fs (loop0): invalid crc value [ 138.535540][ T5650] F2FS-fs (loop0): Found nat_bits in checkpoint [ 138.573683][ T1428] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 138.577671][ T5650] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 138.588000][ T5650] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 138.608655][ T5650] syz-executor.0: attempt to access beyond end of device [ 138.608655][ T5650] loop0: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 138.627457][ T4353] syz-executor.0: attempt to access beyond end of device [ 138.627457][ T4353] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 138.833755][ T1428] usb 5-1: Using ep0 maxpacket: 8 [ 138.963771][ T1428] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 138.979458][ T1428] usb 5-1: config 179 has no interface number 0 [ 138.987760][ T1428] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 139.001926][ T1428] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 139.017144][ T1428] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 139.028400][ T1428] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 139.039690][ T1428] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 139.052698][ T1428] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 139.053473][ T5694] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.061513][ T1428] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.076574][ T5694] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.083750][ T5643] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 139.090909][ T5694] device bridge_slave_0 entered promiscuous mode [ 139.093009][ T5709] loop1: detected capacity change from 0 to 16 [ 139.105832][ T5709] erofs: (device loop1): erofs_fc_fill_super: rootino(nid 36) is not a directory(i_mode 125300) [ 139.106808][ T5694] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.123075][ T5694] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.130488][ T5694] device bridge_slave_1 entered promiscuous mode [ 139.149611][ T5715] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.2'. [ 139.212371][ T5694] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.219250][ T5694] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.226347][ T5694] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.233159][ T5694] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.259735][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 139.267516][ T332] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.275439][ T332] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.292682][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 139.312377][ T4604] bridge0: port 1(bridge_slave_0) entered blocking state [ 139.319250][ T4604] bridge0: port 1(bridge_slave_0) entered forwarding state [ 139.326412][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 139.334685][ T4604] bridge0: port 2(bridge_slave_1) entered blocking state [ 139.341511][ T4604] bridge0: port 2(bridge_slave_1) entered forwarding state [ 139.348680][ T4604] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 139.360350][ T332] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 139.509247][ T1428] usb 5-1: USB disconnect, device number 23 [ 139.533695][ C1] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 139.571135][ T5694] device veth0_vlan entered promiscuous mode [ 139.582082][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 139.590317][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 139.598134][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 139.605336][ T330] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 139.630175][ T5694] device veth1_macvtap entered promiscuous mode [ 139.638492][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 139.651183][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 139.659354][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 139.774866][ T5732] serio: Serial port pts0 [ 139.782937][ T5734] loop0: detected capacity change from 0 to 2048 [ 139.795804][ T5734] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 139.809866][ T5694] EXT4-fs (loop0): unmounting filesystem. [ 139.831697][ T5741] loop0: detected capacity change from 0 to 256 [ 139.864426][ T8] device bridge_slave_1 left promiscuous mode [ 139.870485][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 139.877805][ T8] device bridge_slave_0 left promiscuous mode [ 139.884013][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 139.891660][ T8] device veth1_macvtap left promiscuous mode [ 139.898071][ T8] device veth0_vlan left promiscuous mode [ 140.065121][ T28] audit: type=1400 audit(2000000074.562:1177): avc: denied { map } for pid=5751 comm="syz-executor.2" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=159 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1 [ 140.152623][ T5756] netlink: 24 bytes leftover after parsing attributes in process `syz-executor.1'. [ 140.274244][ T5767] loop2: detected capacity change from 0 to 2048 [ 140.285637][ T5767] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 140.300425][ T4759] EXT4-fs (loop2): unmounting filesystem. [ 140.305122][ T5773] device syzkaller0 entered promiscuous mode [ 140.375311][ T5787] loop4: detected capacity change from 0 to 256 [ 140.414799][ T5795] loop4: detected capacity change from 0 to 128 [ 140.417335][ T28] audit: type=1400 audit(2000000074.912:1178): avc: denied { remount } for pid=5796 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:devpts_t tclass=filesystem permissive=1 [ 140.483063][ T5805] device syzkaller0 entered promiscuous mode [ 140.538577][ T5813] loop2: detected capacity change from 0 to 256 [ 140.577616][ T5819] loop2: detected capacity change from 0 to 1024 [ 140.584997][ T5819] EXT4-fs: Ignoring removed orlov option [ 140.590494][ T5819] EXT4-fs: Ignoring removed nomblk_io_submit option [ 140.602140][ T5823] loop4: detected capacity change from 0 to 128 [ 140.605396][ T5819] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 140.624354][ T5819] EXT4-fs error (device loop2): get_max_inline_xattr_value_size:69: inode #12: comm syz-executor.2: corrupt xattr in inline inode [ 140.638019][ T5819] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #12: comm syz-executor.2: corrupted in-inode xattr [ 140.659733][ T28] audit: type=1400 audit(2000000075.152:1179): avc: denied { unlink } for pid=4759 comm="syz-executor.2" name="file0" dev="loop2" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 140.682544][ T4759] ================================================================== [ 140.690431][ T4759] BUG: KASAN: use-after-free in ext4_xattr_delete_inode+0xcd0/0xce0 [ 140.698246][ T4759] Read of size 4 at addr ffff888136a1e000 by task syz-executor.2/4759 [ 140.706224][ T4759] [ 140.708400][ T4759] CPU: 1 PID: 4759 Comm: syz-executor.2 Tainted: G W 6.1.78-syzkaller-00148-g62a4d78ddaf1 #0 [ 140.719762][ T4759] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/02/2024 [ 140.729659][ T4759] Call Trace: [ 140.732790][ T4759] [ 140.735562][ T4759] dump_stack_lvl+0x151/0x1b7 [ 140.740071][ T4759] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 140.745365][ T4759] ? _printk+0xd1/0x111 [ 140.749359][ T4759] ? __virt_addr_valid+0x242/0x2f0 [ 140.754395][ T4759] print_report+0x158/0x4e0 [ 140.758733][ T4759] ? __virt_addr_valid+0x242/0x2f0 [ 140.763680][ T4759] ? kasan_addr_to_slab+0xd/0x80 [ 140.768454][ T4759] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 140.773919][ T4759] kasan_report+0x13c/0x170 [ 140.778262][ T4759] ? ext4_xattr_delete_inode+0xcd0/0xce0 [ 140.783734][ T4759] __asan_report_load4_noabort+0x14/0x20 [ 140.789195][ T4759] ext4_xattr_delete_inode+0xcd0/0xce0 [ 140.794491][ T4759] ? sb_end_intwrite+0x130/0x130 [ 140.799268][ T4759] ? ext4_expand_extra_isize_ea+0x1c40/0x1c40 [ 140.805167][ T4759] ? __kasan_check_read+0x11/0x20 [ 140.810024][ T4759] ? ext4_inode_is_fast_symlink+0x295/0x3d0 [ 140.815754][ T4759] ? ext4_evict_inode+0xbc2/0x1550 [ 140.820702][ T4759] ext4_evict_inode+0xef9/0x1550 [ 140.825474][ T4759] ? _raw_spin_unlock+0x4c/0x70 [ 140.830168][ T4759] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 140.835890][ T4759] ? _raw_spin_unlock+0x4c/0x70 [ 140.840587][ T4759] ? inode_io_list_del+0x18b/0x1a0 [ 140.845523][ T4759] ? ext4_inode_is_fast_symlink+0x3d0/0x3d0 [ 140.851252][ T4759] evict+0x2a3/0x630 [ 140.854988][ T4759] iput+0x642/0x870 [ 140.858645][ T4759] vfs_rmdir+0x3c2/0x500 [ 140.862712][ T4759] do_rmdir+0x3ab/0x630 [ 140.866703][ T4759] ? d_delete_notify+0x160/0x160 [ 140.871481][ T4759] __x64_sys_unlinkat+0xdf/0xf0 [ 140.876163][ T4759] do_syscall_64+0x3d/0xb0 [ 140.880418][ T4759] entry_SYSCALL_64_after_hwframe+0x63/0xcd [ 140.886310][ T4759] RIP: 0033:0x7f92c847c747 [ 140.890556][ T4759] Code: 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 07 01 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48 [ 140.910000][ T4759] RSP: 002b:00007ffd0e40be28 EFLAGS: 00000207 ORIG_RAX: 0000000000000107 [ 140.918248][ T4759] RAX: ffffffffffffffda RBX: 0000000000000065 RCX: 00007f92c847c747 [ 140.926060][ T4759] RDX: 0000000000000200 RSI: 00007ffd0e40cfd0 RDI: 00000000ffffff9c [ 140.933864][ T4759] RBP: 00007f92c84d9636 R08: 0000000000000000 R09: 0000000000000000 [ 140.941765][ T4759] R10: 0000000000000100 R11: 0000000000000207 R12: 00007ffd0e40cfd0 [ 140.949573][ T4759] R13: 00007f92c84d9636 R14: 00000000000224be R15: 0000000000000009 [ 140.957480][ T4759] [ 140.960338][ T4759] [ 140.962506][ T4759] The buggy address belongs to the physical page: [ 140.968772][ T4759] page:ffffea0004da8780 refcount:0 mapcount:0 mapping:0000000000000000 index:0x1 pfn:0x136a1e [ 140.978827][ T4759] flags: 0x4000000000000000(zone=1) [ 140.983866][ T4759] raw: 4000000000000000 ffffea0004d9f008 ffffea0004da8708 0000000000000000 [ 140.992279][ T4759] raw: 0000000000000001 0000000000000000 00000000ffffffff 0000000000000000 [ 141.000695][ T4759] page dumped because: kasan: bad access detected [ 141.006953][ T4759] page_owner tracks the page as freed [ 141.012158][ T4759] page last allocated via order 0, migratetype Movable, gfp_mask 0x8140dca(GFP_HIGHUSER_MOVABLE|__GFP_COMP|__GFP_ZERO|__GFP_CMA), pid 5776, tgid 5776 (syz-executor.2), ts 140332298742, free_ts 140344315578 [ 141.031940][ T4759] post_alloc_hook+0x213/0x220 [ 141.036540][ T4759] prep_new_page+0x1b/0x110 [ 141.040877][ T4759] get_page_from_freelist+0x27ea/0x2870 [ 141.046258][ T4759] __alloc_pages+0x3a1/0x780 [ 141.050685][ T4759] __folio_alloc+0x15/0x40 [ 141.054941][ T4759] wp_page_copy+0x23b/0x1690 [ 141.059364][ T4759] do_wp_page+0xc25/0xdf0 [ 141.063542][ T4759] handle_mm_fault+0x15a2/0x2f40 [ 141.068306][ T4759] exc_page_fault+0x3b3/0x700 [ 141.072820][ T4759] asm_exc_page_fault+0x27/0x30 [ 141.077506][ T4759] page last free stack trace: [ 141.082019][ T4759] free_unref_page_prepare+0x83d/0x850 [ 141.087312][ T4759] free_unref_page_list+0xf1/0x7b0 [ 141.092367][ T4759] release_pages+0xf7f/0xfe0 [ 141.096788][ T4759] folio_batch_move_lru+0x3cf/0x4a0 [ 141.101822][ T4759] lru_add_drain_cpu+0xf4/0x4e0 [ 141.106508][ T4759] lru_add_drain+0x3d/0xc0 [ 141.110760][ T4759] exit_mmap+0x27c/0x940 [ 141.114839][ T4759] __mmput+0x95/0x310 [ 141.118661][ T4759] mmput+0x56/0x170 [ 141.122343][ T4759] do_exit+0xb29/0x2b80 [ 141.126296][ T4759] do_group_exit+0x21a/0x2d0 [ 141.130722][ T4759] get_signal+0x169d/0x1820 [ 141.135061][ T4759] arch_do_signal_or_restart+0xb0/0x16f0 [ 141.140530][ T4759] exit_to_user_mode_loop+0x74/0xa0 [ 141.145564][ T4759] exit_to_user_mode_prepare+0x5a/0xa0 [ 141.150858][ T4759] syscall_exit_to_user_mode+0x26/0x140 [ 141.156240][ T4759] [ 141.158411][ T4759] Memory state around the buggy address: [ 141.163880][ T4759] ffff888136a1df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 141.171777][ T4759] ffff888136a1df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 141.179821][ T4759] >ffff888136a1e000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 141.187740][ T4759] ^ 2033/05/18 03:34:35 SYZFATAL: failed to recv *flatrpc.HostMessageRaw: EOF [ 141.191617][ T4759] ffff888136a1e080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 141.199513][ T4759] ffff888136a1e100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 141.207409][ T4759] ================================================================== [ 141.289809][ T4759] Disabling lock debugging due to kernel taint