last executing test programs: 4.254645302s ago: executing program 0 (id=818): r0 = socket$inet6(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@private1, 0x800, 0x0, 0x103, 0x1, 0x0, 0x4}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000180)=0x1, 0x4) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x180000, @empty}, 0x1c) 4.243835383s ago: executing program 0 (id=819): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005345c0f63cdc2e82818254950ee03568b8809a1f04c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab66c1aae9314d7381fcfeb970bea672010000000000000043144648a07a975bd89dc398712376610faa54f12495b4659be8673086f6f3543205d4bc4ce05b8b961103673dff7f158052e62bfbdcddde6985f3f1ac5d9a94cc53207899762a07282a1914452d11858e795a3ca30a101af5574f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5ed44039aab46419496362e54cfad05b4004ac71a003d7b85d07191bed4e5a8908263722d4146f7ed569985439baa355cf3d8731f5e7a237bc06d035a8d601f21746d880819f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c5b9f87d988c9fbd2b9d9b4e2d71753b1549fa734f0b2e5fcf9549804cddad721971637f9c9730a9cc384eed30345979db9c93e1c52f42cad0a4d4f9436d3f39b0ed09c395dc6e970366087a8e4daeeb1b017006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f710c490ecd085d2811a7555c53030000007f00000000bfa6478eb96b079c277e2910b7ccdc3d672ed34aa65278c549e2abb549ad954884289130bc71cee2b7de62bf48129ae1af052a2d46a6165eb0954dac7265f1f425735acf6377793946b3229e861d8ea49806b3b533345d36ecef9df700000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c000000aaae37f044bcadeb0f6846582b7653665aa336db9f0384d3c7ddf79c2e0000000000000000000000000000000000000000000000e154aa0d3e41986a668ee1e5ef93a8ceac75f44aae95e26742f895f287111f8ee86f7e3ffb63cfb0e345cf7fc63dd2b0d30977899c6f03640040af4db71f7452bfc79a05118d8bb42b63b195771e42f9942ec626bd4b5461b74324012164e8"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x70) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)={@cgroup=r1, r0, 0x2, 0x6, 0x4000, @void, @value}, 0x10) 4.234624244s ago: executing program 0 (id=820): r0 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$TCPDIAG_GETSOCK(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c00000012003b77"], 0x4c}}, 0x0) sendmsg$nl_generic(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)={0x1c, 0x52, 0x1, 0x0, 0x400008, {0x2}, [@typed={0x8, 0x1, 0x0, 0x0, @fd}]}, 0x1c}}, 0x0) 4.208293456s ago: executing program 0 (id=821): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000003c0)=@newlink={0x38, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_LINK={0x8}]]}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) 4.199998957s ago: executing program 0 (id=822): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010bd28710000000000000109022400010000000009040100010300000009210200000122050009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000080)={0x0, 0xd, 0x5, {0x5, 0x22, "4a20ee"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000700)={0x24, 0x0, &(0x7f0000000580)={0x0, 0x3, 0xd, @string={0xd, 0x3, "48abd1c171855e761978a9"}}, 0x0, 0x0}, 0x0) 1.015883304s ago: executing program 2 (id=878): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='sys_enter\x00', r0}, 0x10) r1 = syz_clone3(&(0x7f0000000440)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58) r2 = syz_pidfd_open(r1, 0x0) pidfd_send_signal(r2, 0x9, 0x0, 0x0) 1.002716655s ago: executing program 2 (id=879): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) fsetxattr$security_capability(0xffffffffffffffff, &(0x7f0000000000), 0x0, 0x0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) fgetxattr(r1, &(0x7f0000000000)=ANY=[], 0x0, 0x0) 960.844389ms ago: executing program 0 (id=880): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000000000086a053541cc0000000001090224000100000000090400000103000000092100000001220b0009058103"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="10000b0000000b200093ffb3"], 0x0, 0x0, 0x0, 0x0}, 0x0) 960.318149ms ago: executing program 2 (id=881): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @fallback=0x2e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000240)={0x1d, r1}, 0x10) write$binfmt_script(r0, &(0x7f0000000100), 0x10) 928.118021ms ago: executing program 2 (id=882): r0 = syz_open_dev$tty20(0xc, 0x4, 0x1) ioctl$TCSETA(r0, 0x5406, &(0x7f0000000200)={0xff07, 0x0, 0x0, 0x0, 0x0, "5f330000a90100f9"}) r1 = syz_open_dev$tty20(0xc, 0x4, 0x1) poll(&(0x7f0000000100)=[{r1}], 0x1, 0xe7f1) ioctl$TIOCL_GETMOUSEREPORTING(r1, 0x5412, &(0x7f0000000080)=0xa) 645.519875ms ago: executing program 4 (id=892): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000100)=@framed, &(0x7f00000000c0)='syzkaller\x00', 0x4, 0x9d, &(0x7f0000000000)=""/157, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f00000000c0)='block_bio_remap\x00', r0}, 0x10) r2 = dup(r1) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x1000001, 0x32, 0xffffffffffffffff, 0x0) bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000023c0)={r2, 0x58, &(0x7f0000000200)}, 0x10) 625.864237ms ago: executing program 4 (id=894): bpf$ENABLE_STATS(0x20, 0x0, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=@framed={{0x18, 0x5}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0}, {0x7, 0x0, 0xb, 0x4}, {0x85, 0x0, 0x0, 0x95}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1f, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000400)={r1, 0x0, 0x0}, 0x10) 610.749518ms ago: executing program 4 (id=895): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0x8, &(0x7f0000001b40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f6fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe508185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff90326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c6be0ed9257851ed916219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c5b901dbd7387f49e0b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000053046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3abe0fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25132a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a068c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238e3fee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e89884cb73f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182060e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000008835196ed0c6a1c1d4c140e5ff0000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd574d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88c3c44b3b7486f979e8a3174b531f573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d0104361c37c61a43b5afd865b60d4cae891b73220f17d25979a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fcd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d372e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36d3cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e64701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867ec92d13a4faa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a2689217380400a9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000020bd79e41c682139c58ac1deb039a691ad640e12c12fe11d70fe495906f200d71778acbd4eee53a3996cb0de84bd2b059d60c0f96a53ea44e0b293865aa68df494f87db976e36ad6c06912244d4c883c4aaa60b4a1392ce0b2f2c519663b4652ff871e0f6dfff9f7d34ecf04be0a58c3d53174b67d1886e34b81ad8c60da56acc64739c3acab24aa8d0ac92d465074f915608b1b60a948bad401b1a7fb3627bbe6c45123ed44bfdf8cc143bd1b7a663dc3d0476b8e39becffc429e41f66b1e37ae52aacaff0f1dc8ea70b68c25072e20586b19127d75fa71577f265c5100000000000000000000000000028bfaaf1dce7970ae04e33a3d130761c0c0a53997716ebfa0e03c0acdb52e4af877a339d154fea243453e69bc89bb18fc501cf3a623bb871047060234ebc21155d0dc6efa64749afb63a0f8a9c28f62861e826ddf243bd9dda895a9b24d38641856dc058040a418e15139c0b13d52258254eacf045386abe27e8756c29758330146da2e25822afd92467974f70fa71a971517be63845c1eeb1a7a39a8e01750a67925746ffbc35c0046a1d660ebe5967bbc0496d0c9ba9758f9fcf46ecbd2e07523af5e56ff1d8eee549ecc92b0d13ad2edb0149b25debe70d227afb1ad45991bfb63f7cf6a8b5bcabf504d7fe21df0a23e8615055df856d88b7379a4c4499d01221d10c286c10b12ff5c89903806eab61c18721be6edc3d0fdbe2448f130b87b375f0de009ac38fd159a9f54771388f54b50caf5caf896ceb214b298b524c6cfeca9e0343038c68de8856772de2c498e191b9da24cc2a4b722c88a0fd2cca32ea9445e06549d1b5e9c1c90f4de9ce818694c1ced8354729bbec6a828876dae455e24f0f40490aaf80825d0fcdd8620b43da6b7f94c82aac9b256a469312aff3411ac73a377f01f7329a8027d9b47212c2ae9f2038152d0e99b4622a6eb35ba206e43cfbb50ef80b84a1854208c8414b309eb8a3408050772e161beac866e7247b3dc245c9ea14965f2a1a4a97c8baa5a4dd9f8904d47"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x49) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000380)={&(0x7f0000000340)='mmap_lock_acquire_returned\x00', r0}, 0x10) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) munlock(&(0x7f0000bac000/0x4000)=nil, 0x4000) 464.511691ms ago: executing program 4 (id=903): prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x3, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000009500000000000000ae685c0b163ef93d95c7e307963117b5a705fd4a74bc49e24a9ae8c22842f85899c62ca3a6ff691f1df44c614a5fd33f6f8a4eb689d0910000000096d3635567c2d514698af29411dd54da063469b0e756f0555a15f5c39cbc6fc096f52406aff201b1057a8fc25a4e33b1a296875642eb3a7b732cda1ba46a2a42c4c333abc80e00fb000000004e4c4263efd12b257fdf9d292ba48e3aa93faeb7a3973a6dd9cf527332eb4a5dda77ad0e925d0a9c004dcb78410a3100c44cb61c92d40e31577a4e64c1155008241709504b573381f79b890a2aedbe60114760df9a5feb47115ac44625090590c275a5f2cf4f8789450b8303e8fdb7449565e01a331f061e143b26ab8905449942ca2c339ffbe92f821d84b2dd89069e6b66174903a7e94fa7a055b52b1dc2f4d76ec4d98432d6cf396b9d61858bcd5ff958da1ff886e43ffbcb2d972f43031769718daaa6105a5188ed990122303d201404e179144da06ed1e7ddff0fac2edd58ea986b3b375a57d8e37a2952902d357386884e3e548196f1f1a3e59edcd7b9ced9b2782c41724b738a8d47236983a2db1146b7a925a02ebf7739f63057c4ae701c74622be55bd113a415f7b36818647ce0d39e3aeb2002d51ff70c1e464c5f5e26aa1af3e7299d23be"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000002c0)='bdi_dirty_ratelimit\x00', r0}, 0x10) r2 = gettid() bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000380)={r2, r1, 0x0, 0x1, 0xfffffffffffffffe}, 0x42) 446.058822ms ago: executing program 4 (id=905): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$int_in(r0, 0x5452, &(0x7f0000000300)=0x208) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r0, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a", 0x83, 0x0, 0x0, 0x0) 428.107654ms ago: executing program 4 (id=906): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0xe8f, 0x12, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x3}}}}]}}]}}, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000000c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xe}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x3, {0x3, 0x0, "e6"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 161.379226ms ago: executing program 1 (id=924): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) setsockopt$sock_int(r1, 0x1, 0x8, &(0x7f0000000000), 0x4) sendmsg$TCPDIAG_GETSOCK(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c00000012003b77"], 0x4c}}, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={0x1c, 0x52, 0x1, 0x0, 0x0, {0xa}, [@typed={0x8, 0x1, 0x0, 0x0, @fd=r0}]}, 0x1c}}, 0x0) 133.302218ms ago: executing program 3 (id=925): r0 = socket(0x11, 0x3, 0x9) getsockopt$bt_BT_SECURITY(r0, 0x107, 0x11, 0x0, 0x20000002) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000038c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2edcaea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da97e22f4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000000000007d5ad897ef3b7cda42013d53046da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ad0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bff3b89c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4958ea8e4aa37094191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c2ed01faa7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d76331945ecefa26b8471d42645288d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497dad64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6fba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd2310801570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb414c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d93e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a000000000000000000000000000000000000000000000000000000a0cc2b89ce1525748ce167cbabb881f060599a6a59f645edca1d5c24b2f6b8c997a8f3e1b7679984a566d98d4d31198ee4c5ea7be0d99cf89bba4a6fd0bec12e7792bec3c5038e13b1982f80cdecd07f8908a983a7c9fb81c2ba7f7e87c991f30e50d1b3bbe4cf2a2f5d4571b6568ada51bc121c9139d2a8e0638c84066b1759081802"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r1}, 0x10) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x812, 0x0, 0xffffffffffffffff, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x100000, 0x0, 0x0, @void, @value, @void, @value}, 0x50) 127.461519ms ago: executing program 1 (id=926): r0 = socket$inet6(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @loopback, 0xffffff09}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffeffffff7f7e, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000800)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000280)="85da", 0x2}], 0x1}}], 0x1, 0x400c081) recvmmsg(r0, &(0x7f0000006840)=[{{0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000040)=""/35, 0x23}], 0x1}, 0x6}], 0x1, 0x3, 0x0) 119.721159ms ago: executing program 3 (id=927): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000a40)={&(0x7f0000000980)='sys_enter\x00', r1}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r0}, &(0x7f0000000600), &(0x7f0000000640)=r1}, 0x20) llistxattr(0x0, 0x0, 0x0) 109.972181ms ago: executing program 1 (id=928): bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_udp_encap(r0, 0x11, 0x64, &(0x7f0000000000)=0x2, 0x4) syz_emit_ethernet(0x33, &(0x7f00000002c0)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e20, 0x11, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}, "9419eaf07a"}}}}}}, 0x0) 102.739491ms ago: executing program 3 (id=929): r0 = openat$selinux_validatetrans(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0x8, 0xc, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r1}, 0x10) write$selinux_validatetrans(r0, 0x0, 0x6c) 94.702712ms ago: executing program 1 (id=930): r0 = openat$kvm(0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0x2000ae01, 0x0) 74.046733ms ago: executing program 1 (id=931): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='oom_score_adj_update\x00', r0}, 0x10) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1) 73.584793ms ago: executing program 3 (id=932): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000006d000000850000000700000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000100)='kfree\x00', r0}, 0x10) r1 = add_key$fscrypt_v1(&(0x7f0000000000), &(0x7f0000000040)={'fscrypt:', @desc4}, &(0x7f00000002c0)={0x0, "de442bfc7910e10ac69ac014b0fa7807b11d2c99ed1f40d47a6edb3367b5cc888e1fd5102ae2d3d05f251f8d49025ceab4152b6e6d87cd6088e97a9d06d29143"}, 0x48, 0xffffffffffffffff) keyctl$chown(0x4, r1, 0xee01, 0xee00) keyctl$chown(0x4, r1, 0x0, 0x0) 59.756855ms ago: executing program 1 (id=933): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00', r0}, 0x10) rt_sigprocmask(0x0, &(0x7f0000000000)={[0xfffffffffffffffd]}, 0x0, 0x8) io_setup(0x4, &(0x7f0000000040)=0x0) io_pgetevents(r1, 0x0, 0x0, 0x0, &(0x7f0000000080), &(0x7f0000000340)={&(0x7f0000000300), 0x8}) 54.381075ms ago: executing program 3 (id=934): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000300)='proc\x00', 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) lseek(r0, 0x101, 0x0) getdents64(r0, 0x0, 0x44) 46.622236ms ago: executing program 3 (id=935): r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x6, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000004000000000000000000190095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000000c0)={r0, r2}, 0x10) syz_emit_ethernet(0x3e, &(0x7f0000002340)={@multicast, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "711e8f", 0x8, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x4, 0x0}, @ipv4={'\x00', '\xff\xff', @dev}, {[], @echo_request={0x80, 0x0, 0x0, 0x0, 0x5}}}}}}, 0x0) 20.082518ms ago: executing program 2 (id=936): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000001040)={'ipvlan1\x00', 0x0}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000000)=ANY=[@ANYBLOB='0\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01000000000000000000030000000c00018008000100", @ANYRES32=r3, @ANYBLOB="0500050007000000050003"], 0x30}}, 0x0) 0s ago: executing program 2 (id=937): syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x800, &(0x7f0000000040)={[{@jqfmt_vfsv0}, {@test_dummy_encryption}]}, 0x1, 0x453, &(0x7f0000000a40)="$eJzs3E1PXNUbAPDnXqDNn/YvVfENW0VbW7QKQhU1MU3YuSC60IXbCVBs5EULJrYhBhIXbk3sB9C4tR/BaBNfNroy3arRhZoQU1g0sYsxd94Y6AztKPQa5vdL7vScO2d6zr1Pnzt3Tk9uAG2rP3tJIg5GxA8R0VOubm7QX/5j/erSRLYlUSy++mdSard2dWmi2rT6uQPZSxoxkEak7yfxYIN+F85feLMwMzN1rlIfWpx9a2jh/IWnzs4Wpqemp+aGTw2Pjj737PMjw9sNv+9gC8f60vfrv37S+fLcpxfX5q6dHunOxlv9fP1x7JT+6N98Lusc3+nOcnZPXTnpzHEgtKQjIrJwdZXyvyc6YiN4PfHNT7kODthVxcz+pm8vF4E9LIm8RwDko/pFn/3+rW4N7gP+Ku7WDQi5Wh0r/wBcq8ztrNfi3xlpufD28a++3PT7fif1R8Tr468cybbYpXkYAAAAgHb2xVhEPNlo/i+Ne+vaZeX7IuL+iHggIvoiSut6DkfEkYh4KCIerq4nasHW9lvmf5r/zyQ7YnUs4sW6tV3rdfGvONRRqf0/q0RXcubszNTTEXFHRAxE1/6svt0qrdk3Ct81e29j/u9yd3nP0kR1LrAyjj86t/wrmCwsFv7xAbPJ6kpEX2ej+Ce1lUBJRDwSEY/eyl/4dWlF3XTvpeu1XS98cPeVZs3r53+zLet/c/zZTcWPI040zP+VWptk+/WZQ6XrwVD1qnCjby+Oftasf/HPV5b/3Q3jX1u5eiipX6+70Hofl3t//rHZe9eLxeL28W98/d+XvFYa4L7KvncLi4vnhiP2JeM37h9pfcx7VfV8VM9XFv+Boxvx32iZxl2VUnZCj0bEsYh4rLJ2+UTpuz/i8Yh4IiJObtPn8vQvTe/j5H++svhPtpT/rRd+X/nwWLP+bx7/LP+fKQ1moLLH/d/N3WqA8h4nAAAAAAAAADsjLT0DL0kHa+U0HRwsP8OvN7rTmfmFxZNn5t+Zmyw/K+9QdKXVlV49detBh0vljfrIlvqpiLgzIj7q+F+pPjgxPzOZ98FDmzvQJP8zv3XkPTpg13leK7Qv+Q/tS/5D+5L/0L7kP7Qv+Q/tS/5D+6rk/3Le4wBuv63f/+9dGT997fPDl3IaDnAbuf+HtvRvnuunoKCwVwt5X5kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/hv+DgAA///vYdKh") syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000)) chdir(&(0x7f00000003c0)='./bus\x00') r0 = creat(&(0x7f0000000540)='./file1\x00', 0xd) ioctl$FS_IOC_FSSETXATTR(r0, 0x40086602, &(0x7f0000000000)={0x20052fa}) kernel console output (not intermixed with test programs): rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 21.656501][ T311] usb 5-1: Using ep0 maxpacket: 16 [ 21.671899][ T375] EXT4-fs (loop2): Remounting filesystem read-only [ 21.684225][ T375] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.24: couldn't read orphan inode 11 (err -117) [ 21.750029][ T375] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 21.786571][ T311] usb 5-1: config 0 has no interfaces? [ 21.788726][ T375] EXT4-fs error (device loop2): htree_dirblock_to_tree:1082: inode #2: comm syz.2.24: Directory hole found for htree leaf block [ 21.791865][ T311] usb 5-1: New USB device found, idVendor=1e7d, idProduct=31ce, bcdDevice= 0.00 [ 21.826493][ T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 21.847958][ T311] usb 5-1: config 0 descriptor?? [ 21.867413][ T354] bridge0: port 2(bridge_slave_1) entered blocking state [ 21.874265][ T354] bridge0: port 2(bridge_slave_1) entered forwarding state [ 21.881391][ T354] bridge0: port 1(bridge_slave_0) entered blocking state [ 21.888175][ T354] bridge0: port 1(bridge_slave_0) entered forwarding state [ 21.899013][ T375] EXT4-fs (loop2): Remounting filesystem read-only [ 21.914561][ T381] EXT4-fs error (device loop2): htree_dirblock_to_tree:1082: inode #2: comm syz.2.24: Directory hole found for htree leaf block [ 21.948072][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 21.955397][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 21.970647][ T290] EXT4-fs (loop2): unmounting filesystem. [ 22.006371][ T388] L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 22.030219][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 22.037905][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 22.057248][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 22.065883][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 22.074394][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 22.081245][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 22.098461][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 22.109394][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 22.119090][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 22.125928][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 22.133956][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 22.142584][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 22.177102][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 22.185034][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 22.215921][ T354] device veth0_vlan entered promiscuous mode [ 22.226617][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 22.237938][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 22.247792][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 22.255557][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 22.270306][ T354] device veth1_macvtap entered promiscuous mode [ 22.279738][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 22.287852][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 22.295100][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 22.304789][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 22.314077][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 22.332213][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 22.341374][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 22.352711][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 22.360116][ T401] loop1: detected capacity change from 0 to 512 [ 22.363501][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 22.367110][ T353] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 22.380476][ T401] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support! [ 22.383122][ T353] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 22.398685][ T401] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 22.426849][ T311] usb 5-1: USB disconnect, device number 2 [ 22.435356][ T401] EXT4-fs (loop1): 1 truncate cleaned up [ 22.440984][ T404] Illegal XDP return value 4291141632 on prog (id 10) dev N/A, expect packet loss! [ 22.441041][ T401] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 22.466517][ T19] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 22.488517][ T292] EXT4-fs (loop1): unmounting filesystem. [ 22.510303][ T411] netlink: 8 bytes leftover after parsing attributes in process `syz.0.36'. [ 22.797171][ T6] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 22.826573][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 22.841943][ T19] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 22.846545][ T60] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 22.855246][ T19] usb 4-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 22.867728][ T19] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 22.876173][ T19] usb 4-1: config 0 descriptor?? [ 23.116514][ T60] usb 2-1: Using ep0 maxpacket: 16 [ 23.127048][ T28] kauditd_printk_skb: 94 callbacks suppressed [ 23.127061][ T28] audit: type=1400 audit(1729283339.055:170): avc: denied { append } for pid=85 comm="syslogd" name="messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 23.154900][ T28] audit: type=1400 audit(1729283339.055:171): avc: denied { open } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 23.177104][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 97, changing to 10 [ 23.177138][ T28] audit: type=1400 audit(1729283339.055:172): avc: denied { getattr } for pid=85 comm="syslogd" path="/tmp/messages" dev="tmpfs" ino=2 scontext=system_u:system_r:syslogd_t tcontext=system_u:object_r:tmpfs_t tclass=file permissive=1 [ 23.188022][ T6] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24929, setting to 1024 [ 23.210717][ T24] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 23.221541][ T6] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 23.237531][ T6] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.245848][ T6] usb 1-1: config 0 descriptor?? [ 23.286588][ T311] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 23.296567][ T60] usb 2-1: config 0 has an invalid interface number: 2 but max is 0 [ 23.304438][ T60] usb 2-1: config 0 has no interface number 0 [ 23.310328][ T60] usb 2-1: config 0 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 23.319860][ T60] usb 2-1: config 0 interface 2 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 23.347748][ T19] hid-steam 0003:28DE:1142.0001: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 23.359595][ T19] hid-steam 0003:28DE:1142.0002: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.3-1/input0 [ 23.436531][ T19] hid-steam 0003:28DE:1142.0001: Steam wireless receiver connected [ 23.466560][ T60] usb 2-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice= 0.88 [ 23.475416][ T60] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 23.483302][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 23.488160][ T60] usb 2-1: Product: syz [ 23.492060][ T60] usb 2-1: SerialNumber: syz [ 23.497280][ T60] usb 2-1: config 0 descriptor?? [ 23.526554][ T311] usb 5-1: Using ep0 maxpacket: 16 [ 23.556472][ T313] usb 4-1: USB disconnect, device number 2 [ 23.564136][ T313] hid-steam 0003:28DE:1142.0001: Steam wireless receiver disconnected [ 23.616555][ T24] usb 3-1: unable to get BOS descriptor or descriptor too short [ 23.646542][ T311] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 23.657588][ T311] usb 5-1: New USB device found, idVendor=0e8f, idProduct=0003, bcdDevice= 0.00 [ 23.666349][ T311] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 23.674803][ T311] usb 5-1: config 0 descriptor?? [ 23.687255][ T24] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 23.694680][ T24] usb 3-1: can't read configurations, error -71 [ 23.727025][ T6] keytouch 0003:0926:3333.0003: fixing up Keytouch IEC report descriptor [ 23.736168][ T6] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0003/input/input5 [ 23.759550][ T60] snd-usb-audio: probe of 2-1:0.2 failed with error -12 [ 23.804244][ T319] udevd[319]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.2/sound/card0/controlC0/../uevent} for writing: No such file or directory [ 23.820165][ T6] keytouch 0003:0926:3333.0003: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0 [ 23.963289][ T313] usb 2-1: USB disconnect, device number 2 [ 23.966518][ C0] usb 1-1: input irq status -75 received [ 24.091068][ T28] audit: type=1400 audit(1729283340.015:173): avc: denied { setopt } for pid=451 comm="syz.3.53" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 24.133197][ T459] loop3: detected capacity change from 0 to 128 [ 24.142455][ T459] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 24.151132][ T459] ext4 filesystem being mounted at /11/mnt supports timestamps until 2038 (0x7fffffff) [ 24.151517][ T311] pantherlord 0003:0E8F:0003.0004: unknown main item tag 0x0 [ 24.176389][ T311] pantherlord 0003:0E8F:0003.0004: unknown main item tag 0x0 [ 24.195022][ T311] pantherlord 0003:0E8F:0003.0004: collection stack underflow [ 24.204559][ T28] audit: type=1400 audit(1729283340.135:174): avc: denied { create } for pid=461 comm="syz.2.57" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 24.228916][ T311] pantherlord 0003:0E8F:0003.0004: item 0 0 0 12 parsing failed [ 24.241462][ T28] audit: type=1400 audit(1729283340.165:175): avc: denied { setopt } for pid=464 comm="syz.2.58" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 24.251041][ T311] pantherlord 0003:0E8F:0003.0004: parse failed [ 24.276911][ T311] pantherlord: probe of 0003:0E8F:0003.0004 failed with error -22 [ 24.289647][ T293] EXT4-fs (loop3): unmounting filesystem. [ 24.293191][ T311] usb 1-1: USB disconnect, device number 2 [ 24.318294][ T471] loop3: detected capacity change from 0 to 1024 [ 24.337778][ T471] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 24.371817][ T293] EXT4-fs (loop3): unmounting filesystem. [ 24.381389][ T313] usb 5-1: USB disconnect, device number 3 [ 24.396062][ T28] audit: type=1400 audit(1729283340.315:176): avc: denied { create } for pid=476 comm="syz.3.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 24.430631][ T28] audit: type=1400 audit(1729283340.325:177): avc: denied { setopt } for pid=476 comm="syz.3.63" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=ieee802154_socket permissive=1 [ 24.503739][ T473] loop2: detected capacity change from 0 to 40427 [ 24.511306][ T473] F2FS-fs (loop2): invalid crc value [ 24.518937][ T473] F2FS-fs (loop2): Found nat_bits in checkpoint [ 24.542827][ T473] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 24.586913][ T290] syz-executor: attempt to access beyond end of device [ 24.586913][ T290] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 24.588056][ T28] audit: type=1400 audit(1729283340.515:178): avc: denied { read } for pid=487 comm="syz.1.67" name="rtc0" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 24.637132][ T28] audit: type=1400 audit(1729283340.515:179): avc: denied { open } for pid=487 comm="syz.1.67" path="/dev/rtc0" dev="devtmpfs" ino=171 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:clock_device_t tclass=chr_file permissive=1 [ 24.666588][ T295] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 24.670894][ T493] loop1: detected capacity change from 0 to 256 [ 26.036446][ C1] sched: RT throttling activated [ 26.036750][ T295] usb 4-1: Using ep0 maxpacket: 16 [ 26.050129][ T507] usb usb6: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 26.176563][ T295] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 26.189175][ T295] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 26.198811][ T295] usb 4-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00 [ 26.209886][ T295] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.222127][ T295] usb 4-1: config 0 descriptor?? [ 26.312881][ T548] syz.2.93[548] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.312954][ T548] syz.2.93[548] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 26.348630][ T556] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 26.377142][ T311] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 26.707569][ T295] apple 0003:05AC:0246.0005: unknown main item tag 0xd [ 26.714393][ T295] apple 0003:05AC:0246.0005: unexpected long global item [ 26.721564][ T295] apple 0003:05AC:0246.0005: parse failed [ 26.727135][ T295] apple: probe of 0003:05AC:0246.0005 failed with error -22 [ 26.736169][ T591] netlink: 'syz.2.113': attribute type 10 has an invalid length. [ 26.736606][ T311] usb 2-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 26.757578][ T311] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 26.775079][ T311] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 26.784196][ T311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 26.786487][ T60] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 26.911168][ T24] usb 4-1: USB disconnect, device number 3 [ 27.066520][ T60] usb 1-1: Using ep0 maxpacket: 32 [ 27.066534][ T311] usb 2-1: string descriptor 0 read error: -71 [ 27.066904][ T311] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 27.087684][ T311] usb 2-1: USB disconnect, device number 3 [ 27.206631][ T60] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 27.217384][ T60] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 27.366632][ T60] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 27.375584][ T60] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 27.383777][ T60] usb 1-1: Product: syz [ 27.387765][ T60] usb 1-1: Manufacturer: syz [ 27.427434][ T60] hub 1-1:4.0: USB hub found [ 27.515144][ T620] loop3: detected capacity change from 0 to 40427 [ 27.523476][ T620] F2FS-fs (loop3): Wrong SIT boundary, start(1536) end(50334208) blocks(1024) [ 27.532233][ T620] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 27.540797][ T620] F2FS-fs (loop3): invalid crc value [ 27.546854][ T620] F2FS-fs (loop3): Found nat_bits in checkpoint [ 27.570299][ T620] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 27.577177][ T620] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 27.596072][ T620] overlayfs: failed to set xattr on upper [ 27.606152][ T293] syz-executor: attempt to access beyond end of device [ 27.606152][ T293] loop3: rw=524288, sector=45064, nr_sectors = 8 limit=40427 [ 27.620194][ T293] syz-executor: attempt to access beyond end of device [ 27.620194][ T293] loop3: rw=0, sector=45064, nr_sectors = 8 limit=40427 [ 27.645437][ T8] kworker/u4:0: attempt to access beyond end of device [ 27.645437][ T8] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427 [ 27.659388][ T60] hub 1-1:4.0: config failed, hub has too many ports! (err -19) [ 27.892991][ T638] loop1: detected capacity change from 0 to 1024 [ 27.901362][ T638] EXT4-fs: Ignoring removed i_version option [ 27.908275][ T638] EXT4-fs: Ignoring removed bh option [ 27.916189][ T638] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 69: comm syz.1.136: lblock 8 mapped to illegal pblock 69 (length 1) [ 27.930708][ T638] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 68: comm syz.1.136: lblock 7 mapped to illegal pblock 68 (length 1) [ 27.944743][ T638] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 67: comm syz.1.136: lblock 6 mapped to illegal pblock 67 (length 1) [ 27.958762][ T638] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 48: comm syz.1.136: lblock 0 mapped to illegal pblock 48 (length 1) [ 27.972944][ T638] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.136: Failed to acquire dquot type 0 [ 27.984307][ T638] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 27.993843][ T638] EXT4-fs error (device loop1): ext4_evict_inode:279: inode #11: comm syz.1.136: mark_inode_dirty error [ 28.004940][ T295] usb 1-1: USB disconnect, device number 3 [ 28.005956][ T638] EXT4-fs warning (device loop1): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 28.020739][ T638] EXT4-fs (loop1): 1 orphan inode deleted [ 28.020754][ T639] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.020768][ T639] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.026302][ T638] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 28.033586][ T639] device bridge_slave_0 entered promiscuous mode [ 28.040449][ T10] EXT4-fs error (device loop1): ext4_map_blocks:607: inode #3: block 1: comm kworker/u4:1: lblock 1 mapped to illegal pblock 1 (length 1) [ 28.049100][ T639] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.066342][ T10] EXT4-fs error (device loop1): ext4_release_dquot:6787: comm kworker/u4:1: Failed to release dquot type 0 [ 28.076664][ T639] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.094994][ T639] device bridge_slave_1 entered promiscuous mode [ 28.097863][ T638] EXT4-fs (loop1): re-mounted. Quota mode: none. [ 28.115805][ T292] EXT4-fs (loop1): unmounting filesystem. [ 28.121707][ T292] EXT4-fs error (device loop1) in ext4_reserve_inode_write:5870: Corrupt filesystem [ 28.131105][ T292] EXT4-fs error (device loop1): ext4_quota_off:7053: inode #3: comm syz-executor: mark_inode_dirty error [ 28.149641][ T647] netlink: 12 bytes leftover after parsing attributes in process `syz.1.137'. [ 28.159091][ T647] netlink: 12 bytes leftover after parsing attributes in process `syz.1.137'. [ 28.200893][ T653] Zero length message leads to an empty skb [ 28.238118][ T28] kauditd_printk_skb: 37 callbacks suppressed [ 28.238127][ T28] audit: type=1400 audit(1729283344.165:211): avc: denied { write } for pid=639 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.252061][ T639] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.264564][ T28] audit: type=1400 audit(1729283344.175:212): avc: denied { read } for pid=639 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 28.271017][ T639] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.271099][ T639] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.304941][ T639] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.339120][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 28.346414][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.354918][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.369155][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 28.377189][ T19] bridge0: port 1(bridge_slave_0) entered blocking state [ 28.384024][ T19] bridge0: port 1(bridge_slave_0) entered forwarding state [ 28.391235][ T669] loop4: detected capacity change from 0 to 128 [ 28.391351][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 28.413989][ T28] audit: type=1326 audit(1729283344.335:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=670 comm="syz.0.148" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6a3157dff9 code=0x0 [ 28.414249][ T19] bridge0: port 2(bridge_slave_1) entered blocking state [ 28.443266][ T19] bridge0: port 2(bridge_slave_1) entered forwarding state [ 28.454514][ T8] device bridge_slave_1 left promiscuous mode [ 28.460867][ T28] audit: type=1400 audit(1729283344.375:214): avc: denied { mounton } for pid=668 comm="syz.4.147" path="/25/file0/bus" dev="loop4" ino=1048607 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=dir permissive=1 [ 28.461389][ T8] bridge0: port 2(bridge_slave_1) entered disabled state [ 28.495400][ T8] device bridge_slave_0 left promiscuous mode [ 28.501544][ T8] bridge0: port 1(bridge_slave_0) entered disabled state [ 28.509105][ T8] device veth1_macvtap left promiscuous mode [ 28.514936][ T8] device veth0_vlan left promiscuous mode [ 28.602097][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 28.609848][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 28.621567][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 28.633714][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 28.641452][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 28.648965][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 28.657981][ T639] device veth0_vlan entered promiscuous mode [ 28.668125][ T639] device veth1_macvtap entered promiscuous mode [ 28.676615][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 28.684992][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 28.693832][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 28.702186][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 28.724721][ T676] loop3: detected capacity change from 0 to 128 [ 28.747526][ T678] loop3: detected capacity change from 0 to 256 [ 28.755973][ T678] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x1a9973fb, utbl_chksum : 0xe619d30d) [ 28.768540][ T19] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 28.783595][ T28] audit: type=1400 audit(1729283344.705:215): avc: denied { write } for pid=677 comm="syz.3.150" name="/" dev="loop3" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.805010][ T28] audit: type=1400 audit(1729283344.705:216): avc: denied { add_name } for pid=677 comm="syz.3.150" name="cpu.stat" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 28.825910][ T28] audit: type=1400 audit(1729283344.705:217): avc: denied { associate } for pid=677 comm="syz.3.150" name="cpu.stat" scontext=root:object_r:unlabeled_t tcontext=system_u:object_r:unlabeled_t tclass=filesystem permissive=1 [ 28.847594][ T28] audit: type=1400 audit(1729283344.705:218): avc: denied { append } for pid=677 comm="syz.3.150" path="/1/file0/cpu.stat" dev="loop3" ino=1048615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 28.871545][ T28] audit: type=1400 audit(1729283344.705:219): avc: denied { map } for pid=677 comm="syz.3.150" path="/1/file0/cpu.stat" dev="loop3" ino=1048615 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 29.136734][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 29.151597][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 29.161432][ T19] usb 5-1: New USB device found, idVendor=04e7, idProduct=0030, bcdDevice= 0.00 [ 29.170342][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 29.178569][ T19] usb 5-1: config 0 descriptor?? [ 29.205389][ T695] loop1: detected capacity change from 0 to 1024 [ 29.212133][ T695] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 29.217370][ T295] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 29.223764][ T695] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 29.243348][ T28] audit: type=1400 audit(1729283345.165:220): avc: denied { setattr } for pid=694 comm="syz.1.157" name="/" dev="loop1" ino=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 29.244157][ T695] EXT4-fs error (device loop1): ext4_expand_extra_isize_ea:2740: inode #2: comm syz.1.157: corrupted in-inode xattr [ 29.282552][ T695] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2810: Unable to expand inode 2. Delete some EAs or run e2fsck. [ 29.295421][ T702] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2213: inode #2: comm syz.1.157: corrupted in-inode xattr [ 29.337406][ T292] EXT4-fs (loop1): unmounting filesystem. [ 29.355090][ T709] loop1: detected capacity change from 0 to 512 [ 29.365002][ T709] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 29.367232][ T711] loop0: detected capacity change from 0 to 512 [ 29.380508][ T709] EXT4-fs error (device loop1): ext4_orphan_get:1422: comm syz.1.162: bad orphan inode 131083 [ 29.391487][ T711] EXT4-fs: Ignoring removed nomblk_io_submit option [ 29.391935][ T709] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 29.398716][ T711] EXT4-fs (loop0): Test dummy encryption mode enabled [ 29.418326][ T711] EXT4-fs error (device loop0): ext4_orphan_get:1396: inode #17: comm syz.0.164: iget: bogus i_mode (0) [ 29.429670][ T711] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.164: couldn't read orphan inode 17 (err -117) [ 29.441862][ T711] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 29.442831][ T292] EXT4-fs (loop1): unmounting filesystem. [ 29.472787][ T711] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni" [ 29.481027][ T711] EXT4-fs error (device loop0): ext4_validate_block_bitmap:429: comm syz.0.164: bg 0: block 7: invalid block bitmap [ 29.493556][ T711] incfs: Can't find or create .index dir in ./file0 [ 29.500119][ T711] incfs: mount failed -28 [ 29.515844][ T354] EXT4-fs (loop0): unmounting filesystem. [ 29.596901][ T295] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has an invalid bInterval 0, changing to 7 [ 29.609213][ T295] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 29.612915][ T738] loop1: detected capacity change from 0 to 512 [ 29.630077][ T738] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.175: inode #1: comm syz.1.175: iget: illegal inode # [ 29.642882][ T738] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.175: error while reading EA inode 1 err=-117 [ 29.655286][ T738] EXT4-fs error (device loop1): ext4_xattr_inode_iget:404: comm syz.1.175: inode #1: comm syz.1.175: iget: illegal inode # [ 29.668127][ T738] EXT4-fs error (device loop1): ext4_xattr_inode_iget:409: comm syz.1.175: error while reading EA inode 1 err=-117 [ 29.668852][ T19] elo 0003:04E7:0030.0006: item fetching failed at offset 5/7 [ 29.681885][ T738] EXT4-fs (loop1): 1 orphan inode deleted [ 29.687931][ T19] elo 0003:04E7:0030.0006: parse failed [ 29.693351][ T738] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 29.698477][ T19] elo: probe of 0003:04E7:0030.0006 failed with error -22 [ 29.729220][ T292] EXT4-fs (loop1): unmounting filesystem. [ 29.785647][ T748] netlink: 8 bytes leftover after parsing attributes in process `syz.1.178'. [ 29.794437][ T295] usb 4-1: New USB device found, idVendor=1b5c, idProduct=0105, bcdDevice= 1.f1 [ 29.803657][ T295] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 29.813352][ T295] usb 4-1: Product: syz [ 29.815980][ T750] loop1: detected capacity change from 0 to 256 [ 29.817579][ T295] usb 4-1: Manufacturer: syz [ 29.823922][ T750] exfat: Deprecated parameter 'namecase' [ 29.831291][ T295] usb 4-1: SerialNumber: syz [ 29.833579][ T750] exfat: Deprecated parameter 'namecase' [ 29.846773][ T295] usb 4-1: config 0 descriptor?? [ 29.846829][ T750] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x1fdf94bc, utbl_chksum : 0xe619d30d) [ 29.873774][ T750] syz.1.179: attempt to access beyond end of device [ 29.873774][ T750] loop1: rw=0, sector=34225520824, nr_sectors = 1 limit=256 [ 29.887157][ T295] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 29.895544][ T295] usb 4-1: Detected SIO [ 29.895643][ T24] usb 5-1: USB disconnect, device number 4 [ 29.899863][ T295] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 4 [ 29.912715][ T295] ftdi_sio ttyUSB0: Overriding wMaxPacketSize on endpoint 7 [ 29.920695][ T295] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 29.947590][ T754] loop1: detected capacity change from 0 to 256 [ 29.953884][ T754] exfat: Deprecated parameter 'utf8' [ 29.959124][ T754] exfat: Deprecated parameter 'utf8' [ 29.966281][ T754] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d) [ 30.083243][ T765] 9pnet: Limiting 'msize' to 1048576 as this is the maximum supported by transport fd [ 30.106710][ T60] usb 4-1: USB disconnect, device number 4 [ 30.113076][ T60] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 30.123135][ T60] ftdi_sio 4-1:0.0: device disconnected [ 30.485095][ T783] loop4: detected capacity change from 0 to 512 [ 30.497854][ T783] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 30.506765][ T783] ext4 filesystem being mounted at /30/file0 supports timestamps until 2038 (0x7fffffff) [ 30.528995][ T294] EXT4-fs (loop4): unmounting filesystem. [ 30.551347][ T791] loop4: detected capacity change from 0 to 128 [ 30.617354][ T799] loop0: detected capacity change from 0 to 16 [ 30.631664][ T799] erofs: (device loop0): mounted with root inode @ nid 36. [ 30.660735][ T804] loop3: detected capacity change from 0 to 128 [ 30.668989][ T804] FAT-fs (loop3): Unrecognized mount option "18446744073709551615" or missing value [ 30.744962][ T813] loop0: detected capacity change from 0 to 2048 [ 30.745726][ T818] loop3: detected capacity change from 0 to 256 [ 30.754749][ T813] SELinux: security_context_str_to_sid (staff_u) failed with errno=-22 [ 30.762303][ T818] exFAT-fs (loop3): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x53fda505, utbl_chksum : 0xe619d30d) [ 30.778062][ T818] exFAT-fs (loop3): bogus allocation bitmap size(need : 2, cur : 17179869186) [ 30.860704][ T828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.214'. [ 30.886231][ T830] loop3: detected capacity change from 0 to 1024 [ 30.907009][ T830] EXT4-fs: Ignoring removed orlov option [ 30.913097][ T830] EXT4-fs (loop3): Test dummy encryption mode enabled [ 30.940509][ T840] loop4: detected capacity change from 0 to 2048 [ 30.946982][ T840] EXT4-fs: Ignoring removed nobh option [ 30.947369][ T830] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 30.952344][ T840] EXT4-fs: Ignoring removed mblk_io_submit option [ 30.978577][ T840] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 31.007717][ T639] EXT4-fs (loop3): unmounting filesystem. [ 31.035809][ T294] EXT4-fs (loop4): unmounting filesystem. [ 31.830689][ T874] A link change request failed with some changes committed already. Interface wg0 may have been left with an inconsistent configuration, please check. [ 31.866623][ T321] device bridge_slave_1 left promiscuous mode [ 31.872568][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 31.888607][ T321] device bridge_slave_0 left promiscuous mode [ 31.894647][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 31.904255][ T321] device veth1_macvtap left promiscuous mode [ 31.910189][ T321] device veth0_vlan left promiscuous mode [ 32.134680][ T875] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.141708][ T875] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.149273][ T875] device bridge_slave_0 entered promiscuous mode [ 32.160035][ T875] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.167127][ T875] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.174270][ T875] device bridge_slave_1 entered promiscuous mode [ 32.180777][ T876] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.187692][ T876] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.194904][ T876] device bridge_slave_0 entered promiscuous mode [ 32.203102][ T876] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.210029][ T876] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.210339][ T911] usb usb8: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 32.217684][ T876] device bridge_slave_1 entered promiscuous mode [ 32.302728][ T877] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.309914][ T877] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.317499][ T877] device bridge_slave_0 entered promiscuous mode [ 32.344095][ T877] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.351060][ T877] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.358607][ T877] device bridge_slave_1 entered promiscuous mode [ 32.465210][ T876] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.472080][ T876] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.479183][ T876] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.485960][ T876] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.509323][ T875] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.516186][ T875] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.523300][ T875] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.530087][ T875] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.539835][ T877] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.546694][ T877] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.553787][ T877] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.560677][ T877] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.601522][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.610767][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.618134][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.630428][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.638574][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.651949][ T60] bridge0: port 1(bridge_slave_0) entered disabled state [ 32.663199][ T60] bridge0: port 2(bridge_slave_1) entered disabled state [ 32.686770][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 32.694016][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.701914][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.710477][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.717329][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.757199][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 32.777783][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.785741][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.792588][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.799721][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.807612][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.814432][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.821630][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.829344][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.837129][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 32.845023][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 32.851773][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 32.858938][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.866921][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.873736][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.880945][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 32.888885][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 32.896217][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 32.903399][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.911126][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 32.930662][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 32.946045][ T876] device veth0_vlan entered promiscuous mode [ 32.960715][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 32.968581][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 32.975730][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 32.983056][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 32.993315][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 33.001253][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.012176][ T875] device veth0_vlan entered promiscuous mode [ 33.021235][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.029141][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.036381][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.051294][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 33.060545][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.077504][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.085473][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 33.093527][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 33.100763][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 33.112107][ T876] device veth1_macvtap entered promiscuous mode [ 33.119056][ T877] device veth0_vlan entered promiscuous mode [ 33.128868][ T875] device veth1_macvtap entered promiscuous mode [ 33.138581][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.147600][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.166581][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.174576][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.182709][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 33.190780][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 33.199116][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.207155][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.215183][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.223333][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.234033][ T321] device bridge_slave_1 left promiscuous mode [ 33.240106][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.247672][ T321] device bridge_slave_0 left promiscuous mode [ 33.253651][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.261720][ T321] device bridge_slave_1 left promiscuous mode [ 33.269041][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 33.277533][ T321] device bridge_slave_0 left promiscuous mode [ 33.283643][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 33.293155][ T321] device veth1_macvtap left promiscuous mode [ 33.299037][ T321] device veth0_vlan left promiscuous mode [ 33.304846][ T321] device veth1_macvtap left promiscuous mode [ 33.311404][ T321] device veth0_vlan left promiscuous mode [ 33.481164][ T877] device veth1_macvtap entered promiscuous mode [ 33.515256][ T941] xt_hashlimit: size too large, truncated to 1048576 [ 33.525105][ T942] loop3: detected capacity change from 0 to 512 [ 33.540381][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 33.555133][ T942] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 33.564418][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 33.593253][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 33.616615][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 33.616876][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 33.656753][ T875] EXT4-fs (loop3): unmounting filesystem. [ 33.741688][ T28] kauditd_printk_skb: 34 callbacks suppressed [ 33.741702][ T28] audit: type=1400 audit(1729283349.665:255): avc: denied { map } for pid=957 comm="syz.4.268" path="/dev/binderfs/binder0" dev="binder" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=chr_file permissive=1 [ 33.790667][ T28] audit: type=1400 audit(1729283349.715:256): avc: denied { create } for pid=963 comm="syz.1.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 33.819267][ T28] audit: type=1400 audit(1729283349.715:257): avc: denied { connect } for pid=963 comm="syz.1.270" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 33.839381][ T28] audit: type=1400 audit(1729283349.715:258): avc: denied { bind } for pid=963 comm="syz.1.270" lport=1 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=icmp_socket permissive=1 [ 33.859229][ T28] audit: type=1400 audit(1729283349.715:259): avc: denied { node_bind } for pid=963 comm="syz.1.270" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=icmp_socket permissive=1 [ 33.913990][ T28] audit: type=1400 audit(1729283349.775:260): avc: denied { map } for pid=969 comm="syz.1.273" path="/dev/ashmem" dev="devtmpfs" ino=177 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 33.949488][ T28] audit: type=1326 audit(1729283349.815:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=975 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11fb7dff9 code=0x7ffc0000 [ 33.972719][ T28] audit: type=1326 audit(1729283349.815:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=975 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=100 compat=0 ip=0x7fb11fb7dff9 code=0x7ffc0000 [ 33.999301][ T984] loop4: detected capacity change from 0 to 512 [ 34.019795][ T984] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 34.031709][ T28] audit: type=1326 audit(1729283349.815:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=975 comm="syz.4.276" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb11fb7dff9 code=0x7ffc0000 [ 34.056179][ T984] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2 [ 34.064213][ T984] EXT4-fs error (device loop4): ext4_free_branches:1030: inode #13: comm syz.4.280: invalid indirect mapped block 2683928664 (level 1) [ 34.078806][ T984] EXT4-fs (loop4): Remounting filesystem read-only [ 34.085274][ T984] EXT4-fs (loop4): 1 truncate cleaned up [ 34.090850][ T984] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 34.109408][ T28] audit: type=1400 audit(1729283350.035:264): avc: denied { link } for pid=981 comm="syz.4.280" name="file0" dev="incremental-fs" ino=13 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 34.113473][ T877] EXT4-fs error (device loop4): htree_dirblock_to_tree:1111: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len is too small for name_len - offset=92, inode=16, rec_len=16, size=1024 fake=0 [ 34.152459][ T877] EXT4-fs (loop4): Remounting filesystem read-only [ 34.159969][ T877] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 34.179661][ T877] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2213: inode #15: comm syz-executor: corrupted in-inode xattr [ 34.239340][ T877] EXT4-fs (loop4): unmounting filesystem. [ 34.325302][ T974] loop1: detected capacity change from 0 to 40427 [ 34.343873][ T997] syz.0.288[997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.343944][ T997] syz.0.288[997] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 34.367040][ T974] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 34.396641][ T974] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 34.443270][ T974] F2FS-fs (loop1): Found nat_bits in checkpoint [ 34.497931][ T974] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 34.504849][ T974] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 34.518081][ T999] bridge0: port 1(bridge_slave_0) entered blocking state [ 34.525642][ T999] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.533163][ T999] device bridge_slave_0 entered promiscuous mode [ 34.540098][ T999] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.547095][ T999] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.554389][ T999] device bridge_slave_1 entered promiscuous mode [ 34.705097][ T1024] loop3: detected capacity change from 0 to 256 [ 34.713831][ T1024] exfat: Deprecated parameter 'utf8' [ 34.727753][ T321] device bridge_slave_1 left promiscuous mode [ 34.733690][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 34.744020][ T321] device bridge_slave_0 left promiscuous mode [ 34.756162][ T1024] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 34.768558][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 34.791011][ T321] device veth1_macvtap left promiscuous mode [ 34.803743][ T1030] loop1: detected capacity change from 0 to 512 [ 34.815369][ T321] device veth0_vlan left promiscuous mode [ 34.836914][ T1030] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended [ 34.887093][ T1030] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.299: bg 0: block 64: padding at end of block bitmap is not set [ 34.911405][ T1030] EXT4-fs error (device loop1): ext4_acquire_dquot:6764: comm syz.1.299: Failed to acquire dquot type 0 [ 34.922936][ T1030] EXT4-fs (loop1): 1 truncate cleaned up [ 34.928807][ T1030] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 34.968495][ T292] EXT4-fs (loop1): unmounting filesystem. [ 34.977065][ T1030] syz.1.299 (1030) used greatest stack depth: 19848 bytes left [ 34.984871][ T999] bridge0: port 2(bridge_slave_1) entered blocking state [ 34.991729][ T999] bridge0: port 2(bridge_slave_1) entered forwarding state [ 34.998835][ T999] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.005606][ T999] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.044288][ T1041] tun0: tun_chr_ioctl cmd 2147767521 [ 35.076961][ T24] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 35.094514][ T1049] loop3: detected capacity change from 0 to 1024 [ 35.104996][ T24] bridge0: port 1(bridge_slave_0) entered disabled state [ 35.130851][ T24] bridge0: port 2(bridge_slave_1) entered disabled state [ 35.142397][ T1049] EXT4-fs: Ignoring removed nomblk_io_submit option [ 35.159473][ T1049] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 35.160037][ T1063] loop0: detected capacity change from 0 to 512 [ 35.181153][ T1063] EXT4-fs (loop0): Test dummy encryption mode enabled [ 35.197066][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 35.197415][ T1063] EXT4-fs error (device loop0): __ext4_iget:5046: inode #11: block 1: comm syz.0.314: invalid block [ 35.205017][ T295] bridge0: port 1(bridge_slave_0) entered blocking state [ 35.215682][ T1063] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.314: couldn't read orphan inode 11 (err -117) [ 35.222322][ T295] bridge0: port 1(bridge_slave_0) entered forwarding state [ 35.243167][ T1063] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 35.243949][ T875] EXT4-fs error (device loop3): ext4_empty_dir:3087: inode #11: comm syz-executor: invalid size [ 35.261890][ T875] EXT4-fs (loop3): Remounting filesystem read-only [ 35.269991][ T875] EXT4-fs (loop3): unmounting filesystem. [ 35.273045][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 35.283880][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 35.290750][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 35.311606][ T876] EXT4-fs (loop0): unmounting filesystem. [ 35.318515][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 35.326419][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 35.335292][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 35.343247][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 35.362379][ T1073] SELinux: syz.0.317 (1073) set checkreqprot to 1. This is deprecated and will be rejected in a future kernel release. [ 35.363232][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 35.382665][ T1073] SELinux: https://github.com/SELinuxProject/selinux-kernel/wiki/DEPRECATE-checkreqprot [ 35.383439][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 35.404680][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 35.412682][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 35.420725][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 35.428188][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 35.436005][ T999] device veth0_vlan entered promiscuous mode [ 35.445939][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 35.453864][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 35.463529][ T999] device veth1_macvtap entered promiscuous mode [ 35.479861][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 35.486431][ T1075] loop1: detected capacity change from 0 to 512 [ 35.493971][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 35.502224][ T311] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 35.504861][ T1075] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 35.528854][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 35.531112][ T1079] loop3: detected capacity change from 0 to 256 [ 35.537547][ T19] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 35.553321][ T1075] EXT4-fs error (device loop1): ext4_get_branch:178: inode #11: block 4294967295: comm syz.1.318: invalid block [ 35.561708][ T1082] capability: warning: `syz.4.287' uses deprecated v2 capabilities in a way that may be insecure [ 35.565816][ T1075] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.318: invalid indirect mapped block 4294967295 (level 1) [ 35.590835][ T1075] EXT4-fs error (device loop1): ext4_free_branches:1030: inode #11: comm syz.1.318: invalid indirect mapped block 4294967295 (level 1) [ 35.615549][ T1075] EXT4-fs (loop1): 2 truncates cleaned up [ 35.621465][ T1075] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 35.661443][ T1084] loop4: detected capacity change from 0 to 8192 [ 35.668993][ T1084] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 35.688077][ T292] EXT4-fs (loop1): unmounting filesystem. [ 35.883619][ T1103] loop3: detected capacity change from 0 to 40427 [ 35.890327][ T1103] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 35.897951][ T1103] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 35.906565][ T1103] F2FS-fs (loop3): invalid crc value [ 35.912930][ T1103] F2FS-fs (loop3): Found nat_bits in checkpoint [ 35.936847][ T1103] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 35.943728][ T1103] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 35.976513][ T19] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 36.020759][ T1109] loop3: detected capacity change from 0 to 512 [ 36.029030][ T1109] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 36.043883][ T875] EXT4-fs (loop3): unmounting filesystem. [ 36.216561][ T19] usb 2-1: Using ep0 maxpacket: 16 [ 36.336578][ T19] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 36.345594][ T19] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 36.355337][ T19] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 36.365022][ T19] usb 2-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 36.374708][ T19] usb 2-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 36.384385][ T19] usb 2-1: config 1 interface 0 has no altsetting 0 [ 36.390905][ T19] usb 2-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 36.400529][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 36.430553][ T1147] xt_hashlimit: size too large, truncated to 1048576 [ 36.446971][ T19] ums-sddr09 2-1:1.0: USB Mass Storage device detected [ 36.550307][ T1154] netlink: 4 bytes leftover after parsing attributes in process `syz.3.349'. [ 36.567897][ T1156] loop3: detected capacity change from 0 to 256 [ 36.576414][ T1156] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d) [ 36.646355][ T1167] loop4: detected capacity change from 0 to 512 [ 36.653701][ T1167] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 36.664645][ T1167] EXT4-fs (loop4): 1 truncate cleaned up [ 36.667081][ T19] scsi host1: usb-storage 2-1:1.0 [ 36.670334][ T1167] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 36.693934][ T999] EXT4-fs (loop4): unmounting filesystem. [ 36.792962][ T1190] loop3: detected capacity change from 0 to 512 [ 36.805263][ T1190] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode [ 36.820399][ T1190] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.365: invalid indirect mapped block 4294967295 (level 0) [ 36.834380][ T1190] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #16: comm syz.3.365: invalid indirect mapped block 4294967295 (level 1) [ 36.848603][ T1190] EXT4-fs (loop3): 1 orphan inode deleted [ 36.854123][ T1190] EXT4-fs (loop3): 1 truncate cleaned up [ 36.859865][ T1190] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 36.874207][ T60] usb 2-1: USB disconnect, device number 4 [ 36.877708][ T1190] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters [ 36.901056][ T875] EXT4-fs (loop3): unmounting filesystem. [ 36.956356][ T1200] loop3: detected capacity change from 0 to 512 [ 36.963296][ T1200] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled [ 36.977944][ T1200] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback. [ 36.986715][ T1200] ext4 filesystem being mounted at /48/file0 supports timestamps until 2038 (0x7fffffff) [ 37.006052][ T875] EXT4-fs (loop3): unmounting filesystem. [ 37.083967][ T1208] loop3: detected capacity change from 0 to 512 [ 37.090225][ T24] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 37.104643][ T1208] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #13: comm syz.3.373: attempt to clear invalid blocks 2 len 1 [ 37.118010][ T1208] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 216 vs 220 free clusters [ 37.132611][ T1208] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.373: invalid indirect mapped block 1819239214 (level 0) [ 37.146864][ T1208] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #13: comm syz.3.373: invalid indirect mapped block 1819239214 (level 1) [ 37.148653][ T1206] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.167392][ T1206] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.174607][ T1206] device bridge_slave_0 entered promiscuous mode [ 37.181387][ T1208] EXT4-fs (loop3): 1 truncate cleaned up [ 37.186959][ T1208] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 37.195982][ T1206] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.202979][ T1206] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.210350][ T1206] device bridge_slave_1 entered promiscuous mode [ 37.235662][ T875] EXT4-fs (loop3): unmounting filesystem. [ 37.288293][ T1206] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.295149][ T1206] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.302271][ T1206] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.309034][ T1206] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.328625][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 37.337238][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.344401][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.356499][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 37.369083][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 37.377626][ T60] bridge0: port 1(bridge_slave_0) entered blocking state [ 37.384474][ T60] bridge0: port 1(bridge_slave_0) entered forwarding state [ 37.392102][ T60] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 37.400220][ T60] bridge0: port 2(bridge_slave_1) entered blocking state [ 37.407084][ T60] bridge0: port 2(bridge_slave_1) entered forwarding state [ 37.426291][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 37.434121][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 37.459516][ T1206] device veth0_vlan entered promiscuous mode [ 37.472157][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 37.480661][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 37.489322][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 37.496523][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 37.496886][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 37.523213][ T1206] device veth1_macvtap entered promiscuous mode [ 37.531955][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 37.559635][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 37.576866][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 37.622768][ T1231] SELinux: Context #! ./cgroup/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa [ 37.638096][ T1233] xt_bpf: check failed: parse error [ 37.737946][ T1235] loop2: detected capacity change from 0 to 1024 [ 37.766544][ T24] usb 5-1: New USB device found, idVendor=045e, idProduct=0721, bcdDevice=90.c4 [ 37.776778][ T317] I/O error, dev loop2, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2 [ 37.785582][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 37.800360][ T24] usb 5-1: Product: syz [ 37.808783][ T24] usb 5-1: Manufacturer: syz [ 37.816900][ T24] usb 5-1: SerialNumber: syz [ 37.827210][ T24] usb 5-1: config 0 descriptor?? [ 37.833388][ T1245] bridge0: port 2(bridge_slave_1) entered listening state [ 37.841808][ T321] device bridge_slave_1 left promiscuous mode [ 37.847939][ T321] bridge0: port 2(bridge_slave_1) entered disabled state [ 37.856879][ T1247] loop3: detected capacity change from 0 to 256 [ 37.865939][ T321] device bridge_slave_0 left promiscuous mode [ 37.869313][ T1247] FAT-fs (loop3): Directory bread(block 64) failed [ 37.872336][ T321] bridge0: port 1(bridge_slave_0) entered disabled state [ 37.879108][ T1247] FAT-fs (loop3): Directory bread(block 65) failed [ 37.891695][ T1247] FAT-fs (loop3): Directory bread(block 66) failed [ 37.898213][ T321] device veth1_macvtap left promiscuous mode [ 37.898242][ T1247] FAT-fs (loop3): Directory bread(block 67) failed [ 37.904126][ T321] device veth0_vlan left promiscuous mode [ 37.910711][ T1247] FAT-fs (loop3): Directory bread(block 68) failed [ 37.922420][ T1247] FAT-fs (loop3): Directory bread(block 69) failed [ 37.928883][ T1247] FAT-fs (loop3): Directory bread(block 70) failed [ 37.935205][ T1247] FAT-fs (loop3): Directory bread(block 71) failed [ 37.941637][ T1247] FAT-fs (loop3): Directory bread(block 72) failed [ 37.947907][ T1247] FAT-fs (loop3): Directory bread(block 73) failed [ 38.129181][ T1268] Â: renamed from pim6reg1 [ 38.326603][ T24] usb 5-1: Found UVC 0.00 device syz (045e:0721) [ 38.332933][ T24] usb 5-1: No valid video chain found. [ 38.347057][ T24] usb 5-1: USB disconnect, device number 5 [ 38.417690][ T1312] netlink: 104 bytes leftover after parsing attributes in process `syz.2.416'. [ 38.468303][ T1320] loop1: detected capacity change from 0 to 256 [ 38.481099][ T1320] exfat: Bad value for 'uid' [ 38.630365][ T1333] usb usb7: Requested nonsensical USBDEVFS_URB_SHORT_NOT_OK. [ 38.637829][ T1333] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 38.684682][ T1339] loop1: detected capacity change from 0 to 4096 [ 38.693244][ T1339] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 38.712716][ T292] EXT4-fs (loop1): unmounting filesystem. [ 38.819753][ T28] kauditd_printk_skb: 110 callbacks suppressed [ 38.819766][ T28] audit: type=1400 audit(2000000004.350:373): avc: denied { unmount } for pid=999 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tmpfs_t tclass=filesystem permissive=1 [ 38.869365][ T1348] loop4: detected capacity change from 0 to 8192 [ 38.895183][ T28] audit: type=1400 audit(2000000004.420:374): avc: denied { getopt } for pid=1349 comm="syz.4.434" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 38.920803][ T28] audit: type=1400 audit(2000000004.450:375): avc: denied { setopt } for pid=1351 comm="syz.4.435" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 38.963518][ T28] audit: type=1400 audit(2000000004.490:376): avc: denied { map } for pid=1357 comm="syz.4.438" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=20960 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 38.984064][ T1360] netlink: 'syz.4.439': attribute type 9 has an invalid length. [ 38.992466][ T28] audit: type=1400 audit(2000000004.490:377): avc: denied { read write } for pid=1357 comm="syz.4.438" path="anon_inode:[io_uring]" dev="anon_inodefs" ino=20960 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:sysadm_t tclass=anon_inode permissive=1 [ 39.020606][ T19] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 39.021007][ T28] audit: type=1400 audit(2000000004.490:378): avc: denied { ioctl } for pid=1359 comm="syz.4.439" path="socket:[20969]" dev="sockfs" ino=20969 ioctlcmd=0x8955 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 39.030599][ T1364] loop3: detected capacity change from 0 to 512 [ 39.064406][ T28] audit: type=1400 audit(2000000004.590:379): avc: denied { bind } for pid=1361 comm="syz.4.441" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=packet_socket permissive=1 [ 39.069419][ T1364] EXT4-fs error (device loop3): __ext4_fill_super:5386: inode #2: comm syz.3.440: casefold flag without casefold feature [ 39.092276][ T1367] netlink: 'syz.4.442': attribute type 7 has an invalid length. [ 39.096214][ T1364] EXT4-fs (loop3): warning: mounting fs with errors, running e2fsck is recommended [ 39.118046][ T1364] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 39.134185][ T28] audit: type=1400 audit(2000000004.660:380): avc: denied { create } for pid=1362 comm="syz.3.440" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 39.164022][ T28] audit: type=1400 audit(2000000004.660:381): avc: denied { unlink } for pid=1362 comm="syz.3.440" name=E91F7189591E9233614B dev="loop3" ino=19 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=sock_file permissive=1 [ 39.164505][ T875] EXT4-fs (loop3): unmounting filesystem. [ 39.200958][ T1372] loop3: detected capacity change from 0 to 128 [ 39.212874][ T28] audit: type=1400 audit(2000000004.740:382): avc: denied { remount } for pid=1371 comm="syz.3.444" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:dosfs_t tclass=filesystem permissive=1 [ 39.306592][ T19] usb 2-1: Using ep0 maxpacket: 16 [ 39.386508][ T24] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 39.396350][ T1398] loop2: detected capacity change from 0 to 16 [ 39.403583][ T1398] erofs: (device loop2): mounted with root inode @ nid 36. [ 39.417881][ T1398] syz.2.456: attempt to access beyond end of device [ 39.417881][ T1398] loop2: rw=524288, sector=16, nr_sectors = 16 limit=16 [ 39.429171][ T1402] loop3: detected capacity change from 0 to 256 [ 39.433206][ T19] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 39.448014][ T1398] syz.2.456: attempt to access beyond end of device [ 39.448014][ T1398] loop2: rw=524288, sector=8, nr_sectors = 16 limit=16 [ 39.449827][ T19] usb 2-1: config 0 has no interface number 0 [ 39.463351][ T1402] FAT-fs (loop3): Directory bread(block 64) failed [ 39.467309][ T19] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 39.473676][ T1402] FAT-fs (loop3): Directory bread(block 65) failed [ 39.483919][ T19] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 39.490276][ T1402] FAT-fs (loop3): Directory bread(block 66) failed [ 39.505978][ T1402] FAT-fs (loop3): Directory bread(block 67) failed [ 39.512522][ T1402] FAT-fs (loop3): Directory bread(block 68) failed [ 39.519211][ T1402] FAT-fs (loop3): Directory bread(block 69) failed [ 39.525553][ T1402] FAT-fs (loop3): Directory bread(block 70) failed [ 39.531964][ T1402] FAT-fs (loop3): Directory bread(block 71) failed [ 39.538697][ T1402] FAT-fs (loop3): Directory bread(block 72) failed [ 39.545222][ T1402] FAT-fs (loop3): Directory bread(block 73) failed [ 39.600849][ T1417] netlink: 8 bytes leftover after parsing attributes in process `syz.3.465'. [ 39.655489][ T1427] loop3: detected capacity change from 0 to 256 [ 39.661735][ T19] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 39.673915][ T19] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 39.682068][ T19] usb 2-1: Product: syz [ 39.686095][ T19] usb 2-1: Manufacturer: syz [ 39.690964][ T19] usb 2-1: SerialNumber: syz [ 39.696223][ T19] usb 2-1: config 0 descriptor?? [ 39.716542][ T1342] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 39.723498][ T1342] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 39.769734][ T1423] loop2: detected capacity change from 0 to 40427 [ 39.777533][ T1423] F2FS-fs (loop2): invalid crc value [ 39.783903][ T1423] F2FS-fs (loop2): Found nat_bits in checkpoint [ 39.796550][ T24] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 39.807363][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 39.813616][ T1423] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 39.818254][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 39.840515][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 39.853528][ T24] usb 5-1: New USB device found, idVendor=04d8, idProduct=c002, bcdDevice= 0.00 [ 39.866584][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 39.878637][ T24] usb 5-1: config 0 descriptor?? [ 39.938500][ T1342] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 39.945464][ T1342] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 39.966496][ T6] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 40.206504][ T6] usb 4-1: Using ep0 maxpacket: 8 [ 40.226569][ T295] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 40.326574][ T6] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 40.336524][ T6] usb 4-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d [ 40.345331][ T6] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.353798][ T6] usb 4-1: config 0 descriptor?? [ 40.396590][ T19] asix 2-1:0.251 (unnamed net_device) (uninitialized): Interface mode not supported by driver [ 40.406532][ T24] hid-picolcd 0003:04D8:C002.0007: No report with id 0x11 found [ 40.407603][ T19] asix: probe of 2-1:0.251 failed with error -524 [ 40.566249][ T60] usb 5-1: USB disconnect, device number 6 [ 40.596648][ T295] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 40.606563][ T24] usb 4-1: USB disconnect, device number 6 [ 40.608063][ T295] usb 3-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 40.622172][ T295] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 40.630772][ T295] usb 3-1: config 0 descriptor?? [ 40.646389][ T313] usb 2-1: USB disconnect, device number 5 [ 41.127966][ T295] elecom 0003:056E:00E6.0008: unknown main item tag 0x0 [ 41.134754][ T295] elecom 0003:056E:00E6.0008: unknown main item tag 0x0 [ 41.161183][ T295] elecom 0003:056E:00E6.0008: unknown main item tag 0x1 [ 41.168185][ T295] elecom 0003:056E:00E6.0008: unexpected long global item [ 41.175276][ T295] elecom: probe of 0003:056E:00E6.0008 failed with error -22 [ 41.186698][ T1468] syz.3.487[1468] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.186770][ T1468] syz.3.487[1468] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 41.191724][ T1467] loop4: detected capacity change from 0 to 1024 [ 41.245596][ T1467] EXT4-fs: Ignoring removed nomblk_io_submit option [ 41.289069][ T1467] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback. [ 41.337499][ T19] usb 3-1: USB disconnect, device number 4 [ 41.363562][ T999] EXT4-fs (loop4): unmounting filesystem. [ 41.379542][ T1464] loop1: detected capacity change from 0 to 40427 [ 41.396951][ T1464] F2FS-fs (loop1): invalid crc value [ 41.410135][ T1464] F2FS-fs (loop1): Found nat_bits in checkpoint [ 41.463515][ T1494] loop3: detected capacity change from 0 to 16 [ 41.469770][ T1464] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 41.478141][ T1494] erofs: (device loop3): erofs_read_inode: unsupported chunk format 7fff of nid 36 [ 41.505716][ T1464] syz.1.486: attempt to access beyond end of device [ 41.505716][ T1464] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 41.603132][ T1503] loop3: detected capacity change from 0 to 256 [ 41.705624][ T1490] loop0: detected capacity change from 0 to 40427 [ 41.758109][ T1490] F2FS-fs (loop0): Found nat_bits in checkpoint [ 41.833656][ T1527] IPv6: NLM_F_REPLACE set, but no existing node found! [ 41.846653][ T1490] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 41.901366][ T1530] loop2: detected capacity change from 0 to 2048 [ 41.907940][ T876] syz-executor: attempt to access beyond end of device [ 41.907940][ T876] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 41.941749][ T1530] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 41.976591][ T1530] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038 (0x7fffffff) [ 42.067895][ T1206] EXT4-fs (loop2): unmounting filesystem. [ 42.251346][ T1525] loop3: detected capacity change from 0 to 40427 [ 44.039172][ T1525] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12 [ 44.046837][ T1525] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 44.064203][ T1525] F2FS-fs (loop3): Found nat_bits in checkpoint [ 45.039313][ T952] Bluetooth: hci0: Opcode 0x1003 failed: -110 [ 45.094094][ T28] kauditd_printk_skb: 56 callbacks suppressed [ 45.094108][ T28] audit: type=1400 audit(2000000010.620:439): avc: denied { create } for pid=1574 comm="syz.1.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 45.120267][ T28] audit: type=1400 audit(2000000010.620:440): avc: denied { write } for pid=1574 comm="syz.1.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 45.176984][ T28] audit: type=1400 audit(2000000010.620:441): avc: denied { nlmsg_write } for pid=1574 comm="syz.1.529" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_xfrm_socket permissive=1 [ 45.178579][ T1579] loop2: detected capacity change from 0 to 2048 [ 45.207508][ T1579] Alternate GPT is invalid, using primary GPT. [ 45.213525][ T1579] loop2: p1 p2 p3 [ 45.263387][ T1587] process 'syz.3.536' launched './file1' with NULL argv: empty string added [ 45.276865][ T28] audit: type=1400 audit(2000000010.810:442): avc: denied { execute } for pid=1586 comm="syz.3.536" name="file1" dev="tmpfs" ino=548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 45.277907][ T1589] netlink: 24 bytes leftover after parsing attributes in process `syz.2.534'. [ 45.311882][ T317] udevd[317]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 45.318301][ T28] audit: type=1400 audit(2000000010.830:443): avc: denied { execute_no_trans } for pid=1586 comm="syz.3.536" path="/102/file1" dev="tmpfs" ino=548 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=file permissive=1 [ 45.337042][ T317] udevd[317]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory [ 45.349548][ T437] udevd[437]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory [ 45.356698][ T313] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 45.388234][ T28] audit: type=1400 audit(2000000010.830:444): avc: denied { module_request } for pid=1586 comm="syz.3.536" kmod="binfmt-464c" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 45.410864][ T1601] loop0: detected capacity change from 0 to 128 [ 45.421689][ T28] audit: type=1400 audit(2000000010.910:445): avc: denied { name_bind } for pid=1595 comm="syz.0.539" src=20004 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unreserved_port_t tclass=udp_socket permissive=1 [ 45.432439][ T1601] FAT-fs (loop0): error, invalid FAT chain (i_pos 548, last_block 8) [ 45.451983][ T19] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 45.457886][ T1601] FAT-fs (loop0): Filesystem has been set read-only [ 45.465767][ T1601] FAT-fs (loop0): error, corrupted file size (i_pos 548, 522) [ 45.503598][ T1606] loop0: detected capacity change from 0 to 4096 [ 45.510133][ T1606] EXT4-fs: Ignoring removed nomblk_io_submit option [ 45.532397][ T1606] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback. [ 45.563134][ T28] audit: type=1400 audit(2000000011.090:446): avc: denied { write } for pid=1605 comm="syz.0.544" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 45.587858][ T28] audit: type=1400 audit(2000000011.090:447): avc: denied { open } for pid=1605 comm="syz.0.544" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 45.598727][ T1619] loop2: detected capacity change from 0 to 1024 [ 45.612872][ T1606] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #15: comm syz.0.544: corrupted inode contents [ 45.619347][ T1619] EXT4-fs: Ignoring removed orlov option [ 45.627973][ T1606] EXT4-fs error (device loop0): ext4_dirty_inode:6074: inode #15: comm syz.0.544: mark_inode_dirty error [ 45.633042][ T1619] EXT4-fs: Ignoring removed nomblk_io_submit option [ 45.645514][ T1606] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #15: comm syz.0.544: corrupted inode contents [ 45.663375][ T1606] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #15: comm syz.0.544: mark_inode_dirty error [ 45.663513][ T1606] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #15: comm syz.0.544: corrupted inode contents [ 45.663612][ T1606] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #15: comm syz.0.544: mark_inode_dirty error [ 45.663718][ T1606] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #15: comm syz.0.544: corrupted inode contents [ 45.663830][ T1606] EXT4-fs error (device loop0): ext4_truncate:4302: inode #15: comm syz.0.544: mark_inode_dirty error [ 45.663946][ T1606] EXT4-fs error (device loop0) in ext4_setattr:5613: Corrupt filesystem [ 45.664141][ T28] audit: type=1400 audit(2000000011.200:448): avc: denied { remove_name } for pid=1605 comm="syz.0.544" name="file1" dev="loop0" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 45.664369][ T1620] EXT4-fs error (device loop0): ext4_do_update_inode:5212: inode #15: comm syz.0.544: corrupted inode contents [ 45.678927][ T1619] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a802e018, mo2=0002] [ 45.770874][ T1619] System zones: 0-1, 3-12 [ 45.771073][ T876] EXT4-fs warning (device loop0): ext4_evict_inode:282: couldn't mark inode dirty (err -117) [ 45.775432][ T1619] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 45.785948][ T876] EXT4-fs (loop0): unmounting filesystem. [ 45.799001][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.809887][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.819570][ T313] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00 [ 45.828525][ T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.836961][ T313] usb 5-1: config 0 descriptor?? [ 45.843255][ T1206] EXT4-fs (loop2): unmounting filesystem. [ 45.926542][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 45.937299][ T19] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 45.946814][ T19] usb 2-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 45.955645][ T19] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 45.964025][ T19] usb 2-1: config 0 descriptor?? [ 46.318062][ T313] logitech-hidpp-device 0003:046D:C086.0009: ignoring exceeding usage max [ 46.327645][ T313] logitech-hidpp-device 0003:046D:C086.0009: hidraw0: USB HID v0.00 Device [HID 046d:c086] on usb-dummy_hcd.4-1/input0 [ 46.436974][ T19] belkin 0003:1020:0006.000A: report_id 0 is invalid [ 46.443526][ T19] belkin 0003:1020:0006.000A: item 0 0 1 8 parsing failed [ 46.450590][ T19] belkin 0003:1020:0006.000A: parse failed [ 46.456251][ T19] belkin: probe of 0003:1020:0006.000A failed with error -22 [ 46.519890][ T313] usb 5-1: USB disconnect, device number 7 [ 46.639260][ T19] usb 2-1: USB disconnect, device number 6 [ 46.717098][ T295] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 46.757072][ T1643] loop2: detected capacity change from 0 to 512 [ 46.763582][ T1643] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 46.774177][ T1643] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 46.782118][ T1643] System zones: 1-12 [ 46.786258][ T1643] EXT4-fs (loop2): 1 truncate cleaned up [ 46.791747][ T1643] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 46.807951][ T1206] EXT4-fs error (device loop2): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 46.823154][ T1206] EXT4-fs (loop2): unmounting filesystem. [ 46.867818][ T1654] loop2: detected capacity change from 0 to 256 [ 46.876153][ T1654] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x39626d3b, utbl_chksum : 0xe619d30d) [ 46.916007][ T1658] loop2: detected capacity change from 0 to 16 [ 46.922442][ T1658] erofs: (device loop2): EXPERIMENTAL compressed fragments feature in use. Use at your own risk! [ 46.932930][ T1658] erofs: (device loop2): EXPERIMENTAL global deduplication feature in use. Use at your own risk! [ 46.943482][ T1658] erofs: (device loop2): mounted with root inode @ nid 36. [ 46.954233][ T1658] netlink: 252 bytes leftover after parsing attributes in process `syz.2.565'. [ 46.976493][ T295] usb 4-1: Using ep0 maxpacket: 16 [ 47.095279][ T1682] loop4: detected capacity change from 0 to 512 [ 47.101852][ T1682] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 47.112108][ T295] usb 4-1: config 0 has no interfaces? [ 47.115413][ T1682] EXT4-fs (loop4): 1 truncate cleaned up [ 47.123166][ T1682] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 47.160060][ T999] EXT4-fs (loop4): unmounting filesystem. [ 47.164925][ T1689] tap0: tun_chr_ioctl cmd 1074812118 [ 47.224136][ T1701] loop1: detected capacity change from 0 to 512 [ 47.253559][ T1701] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback. [ 47.262500][ T1701] ext4 filesystem being mounted at /137/file0 supports timestamps until 2038 (0x7fffffff) [ 47.270921][ T1711] loop2: detected capacity change from 0 to 2048 [ 47.283075][ T292] EXT4-fs (loop1): unmounting filesystem. [ 47.295352][ T1711] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 47.299406][ T1715] sit: Dst spoofed 0.0.0.0/2002::bfd8:a5dd -> 224.0.0.1/2002:c021:42c4:3911:45ba:dd28:fd7f:ffc [ 47.311088][ T1711] EXT4-fs (loop2): re-mounted. Quota mode: none. [ 47.320134][ T295] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 47.336491][ T295] usb 4-1: New USB device strings: Mfr=1, Product=121, SerialNumber=1 [ 47.349034][ T295] usb 4-1: Product: syz [ 47.353345][ T295] usb 4-1: Manufacturer: syz [ 47.362435][ T295] usb 4-1: SerialNumber: syz [ 47.362791][ T1206] EXT4-fs (loop2): unmounting filesystem. [ 47.374406][ T1723] tun0: tun_chr_ioctl cmd 1074025677 [ 47.380291][ T1723] tun0: linktype set to 65534 [ 47.382972][ T295] r8152-cfgselector 4-1: config 0 descriptor?? [ 47.408916][ T1728] loop2: detected capacity change from 0 to 128 [ 47.445200][ T1734] futex_wake_op: syz.2.598 tries to shift op by 32; fix this program [ 47.516519][ T313] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 47.568038][ T1732] loop1: detected capacity change from 0 to 40427 [ 47.574826][ T1732] F2FS-fs (loop1): Invalid Fs Meta Ino: node(0) meta(2) root(0) [ 47.582451][ T1732] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 47.590938][ T1732] F2FS-fs (loop1): invalid crc value [ 47.597388][ T1732] F2FS-fs (loop1): Found nat_bits in checkpoint [ 47.620353][ T1732] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 47.627281][ T1732] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 47.648826][ T292] syz-executor: attempt to access beyond end of device [ 47.648826][ T292] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 47.867352][ T295] usb 4-1: USB disconnect, device number 7 [ 47.876525][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 47.887282][ T313] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 47.896768][ T313] usb 5-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 47.905637][ T313] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 47.914221][ T313] usb 5-1: config 0 descriptor?? [ 47.996944][ C1] bridge0: port 2(bridge_slave_1) entered learning state [ 48.387943][ T1749] syz.2.603 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 48.391655][ T1748] loop1: detected capacity change from 0 to 1024 [ 48.398810][ T313] belkin 0003:1020:0006.000B: report_id 0 is invalid [ 48.423978][ T1748] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 48.431244][ T313] belkin 0003:1020:0006.000B: item 0 0 1 8 parsing failed [ 48.447973][ T313] belkin 0003:1020:0006.000B: parse failed [ 48.453619][ T313] belkin: probe of 0003:1020:0006.000B failed with error -22 [ 48.527877][ T1746] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 48.542625][ T1746] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 48.554927][ T1746] EXT4-fs (loop1): This should not happen!! Data will be lost [ 48.554927][ T1746] [ 48.564418][ T1746] EXT4-fs (loop1): Total free blocks count 0 [ 48.570292][ T1746] EXT4-fs (loop1): Free/Dirty block details [ 48.575913][ T1746] EXT4-fs (loop1): free_blocks=68451041280 [ 48.581653][ T1746] EXT4-fs (loop1): dirty_blocks=32 [ 48.586618][ T1746] EXT4-fs (loop1): Block reservation details [ 48.592399][ T1746] EXT4-fs (loop1): i_reserved_data_blocks=2 [ 48.603641][ T1764] syz.2.608[1764] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.603719][ T1764] syz.2.608[1764] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 48.626211][ T292] EXT4-fs (loop1): unmounting filesystem. [ 48.639602][ T313] usb 5-1: USB disconnect, device number 8 [ 48.711261][ T1779] loop3: detected capacity change from 0 to 2048 [ 48.727693][ T1779] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none. [ 48.736244][ T1779] ext4 filesystem being mounted at /118/file0 supports timestamps until 2038 (0x7fffffff) [ 48.768924][ T875] EXT4-fs (loop3): unmounting filesystem. [ 48.772000][ T1787] loop1: detected capacity change from 0 to 512 [ 48.790095][ T1787] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode [ 48.807662][ T1787] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a002c018, mo2=0002] [ 48.819505][ T1787] System zones: 1-12 [ 48.825808][ T1787] EXT4-fs (loop1): 1 truncate cleaned up [ 48.831316][ T1787] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 48.845005][ T1796] loop2: detected capacity change from 0 to 1024 [ 48.860869][ T292] EXT4-fs error (device loop1): mb_free_blocks:1815: group 0, inode 16: block 35:freeing already freed block (bit 34); block bitmap corrupt. [ 48.876304][ T292] EXT4-fs (loop1): unmounting filesystem. [ 48.883057][ T1796] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 48.973436][ T1815] netlink: 8 bytes leftover after parsing attributes in process `syz.0.631'. [ 48.982437][ T1795] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 48.999535][ T1818] netlink: 8 bytes leftover after parsing attributes in process `syz.0.632'. [ 49.002002][ T1795] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 49.020770][ T1795] EXT4-fs (loop2): This should not happen!! Data will be lost [ 49.020770][ T1795] [ 49.030342][ T1795] EXT4-fs (loop2): Total free blocks count 0 [ 49.036141][ T1795] EXT4-fs (loop2): Free/Dirty block details [ 49.041888][ T1795] EXT4-fs (loop2): free_blocks=68451041280 [ 49.047534][ T1795] EXT4-fs (loop2): dirty_blocks=32 [ 49.052423][ T1795] EXT4-fs (loop2): Block reservation details [ 49.058299][ T1795] EXT4-fs (loop2): i_reserved_data_blocks=2 [ 49.069297][ T1206] EXT4-fs (loop2): unmounting filesystem. [ 49.090110][ T1828] loop2: detected capacity change from 0 to 16 [ 49.096714][ T1828] erofs: (device loop2): mounted with root inode @ nid 36. [ 49.108196][ T1828] erofs: (device loop2): z_erofs_fill_inode_lazy: unknown HEAD1 format 15 for nid 36, please upgrade kernel [ 49.120171][ T1828] erofs: (device loop2): z_erofs_fill_inode_lazy: unknown HEAD1 format 15 for nid 36, please upgrade kernel [ 49.132036][ T1828] erofs: (device loop2): z_erofs_read_folio: failed to read, err [-95] [ 49.187570][ T1838] loop2: detected capacity change from 0 to 512 [ 49.202154][ T1838] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value [ 49.213697][ T1838] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it [ 49.223957][ T1838] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz.2.641: Corrupt directory, running e2fsck is recommended [ 49.237510][ T1838] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -117 [ 49.245953][ T1838] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2213: inode #15: comm syz.2.641: corrupted in-inode xattr [ 49.258121][ T1838] EXT4-fs (loop2): Remounting filesystem read-only [ 49.264463][ T1838] EXT4-fs error (device loop2): ext4_orphan_get:1401: comm syz.2.641: couldn't read orphan inode 15 (err -117) [ 49.278415][ T1838] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 49.287307][ T295] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 49.307132][ T1206] EXT4-fs (loop2): unmounting filesystem. [ 49.317501][ T1843] mmap: syz.4.640 (1843) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 49.381150][ T1851] loop0: detected capacity change from 0 to 1024 [ 49.415080][ T1851] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 49.536491][ T295] usb 2-1: Using ep0 maxpacket: 8 [ 49.553353][ T1850] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters [ 49.568357][ T1850] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28 [ 49.580536][ T1850] EXT4-fs (loop0): This should not happen!! Data will be lost [ 49.580536][ T1850] [ 49.590120][ T1850] EXT4-fs (loop0): Total free blocks count 0 [ 49.595998][ T1850] EXT4-fs (loop0): Free/Dirty block details [ 49.601856][ T1850] EXT4-fs (loop0): free_blocks=68451041280 [ 49.607635][ T1850] EXT4-fs (loop0): dirty_blocks=32 [ 49.612550][ T1850] EXT4-fs (loop0): Block reservation details [ 49.618468][ T1850] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 49.629498][ T876] EXT4-fs (loop0): unmounting filesystem. [ 49.672268][ T1865] loop4: detected capacity change from 0 to 512 [ 49.679116][ T1865] EXT4-fs: Ignoring removed i_version option [ 49.685001][ T1865] journal_path: Lookup failure for './bus/file0' [ 49.691419][ T1865] EXT4-fs: error: could not find journal device path [ 49.707419][ T295] usb 2-1: unable to get BOS descriptor or descriptor too short [ 49.728351][ T1869] netlink: 'syz.3.654': attribute type 5 has an invalid length. [ 49.735807][ T1869] netlink: 'syz.3.654': attribute type 4 has an invalid length. [ 49.743537][ T1869] netlink: 'syz.3.654': attribute type 5 has an invalid length. [ 49.754410][ T1865] xt_hashlimit: size too large, truncated to 1048576 [ 49.756522][ T19] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 49.764387][ T1869] netlink: 'syz.3.654': attribute type 1 has an invalid length. [ 49.786116][ T1869] netlink: 'syz.3.654': attribute type 1 has an invalid length. [ 49.804265][ T1869] bridge0: port 1(bridge_slave_0) entered disabled state [ 49.826648][ T295] usb 2-1: config 0 has an invalid interface number: 125 but max is 2 [ 49.844795][ T295] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 49.864207][ T295] usb 2-1: config 0 has no interface number 0 [ 49.876614][ T295] usb 2-1: config 0 interface 125 altsetting 2 has 8 endpoint descriptors, different from the interface descriptor's value: 1 [ 49.891854][ T1863] loop0: detected capacity change from 0 to 40427 [ 49.898643][ T295] usb 2-1: config 0 interface 125 has no altsetting 0 [ 49.905262][ T1863] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12 [ 49.912998][ T1863] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock [ 49.922279][ T1863] F2FS-fs (loop0): invalid crc value [ 49.933758][ T1863] F2FS-fs (loop0): Found nat_bits in checkpoint [ 50.002203][ T1863] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0 [ 50.012535][ T1863] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 50.066568][ T295] usb 2-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 50.082012][ T295] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 50.090083][ T295] usb 2-1: Product: syz [ 50.094205][ T295] usb 2-1: Manufacturer: syz [ 50.098915][ T295] usb 2-1: SerialNumber: syz [ 50.111543][ T28] kauditd_printk_skb: 56 callbacks suppressed [ 50.111558][ T28] audit: type=1400 audit(2000000015.640:505): avc: denied { bpf } for pid=1885 comm="syz.4.660" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 50.138920][ T295] usb 2-1: config 0 descriptor?? [ 50.146938][ T28] audit: type=1400 audit(2000000015.640:506): avc: denied { map_create } for pid=1885 comm="syz.4.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 50.171193][ T1820] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 50.180476][ T28] audit: type=1400 audit(2000000015.640:507): avc: denied { perfmon } for pid=1885 comm="syz.4.660" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 50.186392][ T1892] loop3: detected capacity change from 0 to 256 [ 50.201565][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 50.217919][ T19] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 50.232529][ T19] usb 3-1: New USB device found, idVendor=1020, idProduct=0006, bcdDevice= 0.00 [ 50.243414][ T28] audit: type=1400 audit(2000000015.640:508): avc: denied { map_read map_write } for pid=1885 comm="syz.4.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 50.263002][ T19] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 50.268570][ T1892] exFAT-fs (loop3): failed to load upcase table (idx : 0x00011a39, chksum : 0xd7c18d7b, utbl_chksum : 0xe619d30d) [ 50.275590][ T1898] loop4: detected capacity change from 0 to 256 [ 50.289605][ T28] audit: type=1400 audit(2000000015.650:509): avc: denied { create } for pid=1887 comm="syz.3.661" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rawip_socket permissive=1 [ 50.294459][ T19] usb 3-1: config 0 descriptor?? [ 50.311456][ T1898] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 50.329790][ T1898] exFAT-fs (loop4): Medium has reported failures. Some data may be lost. [ 50.330565][ T28] audit: type=1400 audit(2000000015.670:510): avc: denied { prog_load } for pid=1885 comm="syz.4.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 50.353076][ T1898] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d) [ 50.359068][ T28] audit: type=1400 audit(2000000015.670:511): avc: denied { prog_run } for pid=1885 comm="syz.4.660" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 50.393161][ T28] audit: type=1400 audit(2000000015.760:512): avc: denied { read } for pid=1893 comm="syz.4.664" dev="nsfs" ino=4026532321 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.417704][ T28] audit: type=1400 audit(2000000015.760:513): avc: denied { open } for pid=1893 comm="syz.4.664" path="net:[4026532321]" dev="nsfs" ino=4026532321 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:nsfs_t tclass=file permissive=1 [ 50.441571][ T295] hub 2-1:0.125: bad descriptor, ignoring hub [ 50.447737][ T295] hub: probe of 2-1:0.125 failed with error -5 [ 50.454534][ T28] audit: type=1400 audit(2000000015.760:514): avc: denied { create } for pid=1893 comm="syz.4.664" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 50.486548][ T295] usb 2-1: Found UVC 15.ff device syz (17dc:0202) [ 50.492872][ T295] usb 2-1: No valid video chain found. [ 50.526740][ T295] usb 2-1: USB disconnect, device number 7 [ 50.815154][ T1944] netlink: 8 bytes leftover after parsing attributes in process `syz.4.686'. [ 50.842538][ T1948] loop4: detected capacity change from 0 to 1024 [ 50.849768][ T19] belkin 0003:1020:0006.000C: report_id 0 is invalid [ 50.856354][ T19] belkin 0003:1020:0006.000C: item 0 0 1 8 parsing failed [ 50.863439][ T19] belkin 0003:1020:0006.000C: parse failed [ 50.864916][ T1948] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 50.869594][ T19] belkin: probe of 0003:1020:0006.000C failed with error -22 [ 50.887978][ T1948] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none. [ 50.908639][ T999] EXT4-fs (loop4): unmounting filesystem. [ 50.924356][ T19] kernel write not supported for file 145/task/146/clear_refs (pid: 19 comm: kworker/0:1) [ 51.080908][ T24] usb 3-1: USB disconnect, device number 5 [ 51.100477][ T1962] netlink: 104 bytes leftover after parsing attributes in process `syz.4.693'. [ 51.196918][ T313] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 51.234011][ T1974] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.240890][ T1974] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.386520][ T19] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 51.536510][ T60] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 51.566518][ T313] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 51.600519][ T1980] syz.2.702[1980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.600586][ T1980] syz.2.702[1980] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 51.646572][ T19] usb 5-1: Using ep0 maxpacket: 16 [ 51.674629][ T1987] loop2: detected capacity change from 0 to 256 [ 51.736940][ T313] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 51.749558][ T313] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 51.757651][ T313] usb 2-1: Product: syz [ 51.761623][ T313] usb 2-1: Manufacturer: syz [ 51.766206][ T313] usb 2-1: SerialNumber: syz [ 51.776475][ T60] usb 4-1: Using ep0 maxpacket: 8 [ 51.806664][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 51.817068][ T313] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 51.818235][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 51.834979][ T19] usb 5-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 51.844308][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 51.852758][ T19] usb 5-1: config 0 descriptor?? [ 51.863732][ T1989] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.870746][ T1989] bridge0: port 1(bridge_slave_0) entered disabled state [ 51.878179][ T1989] device bridge_slave_0 entered promiscuous mode [ 51.887297][ T1989] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.894122][ T1989] bridge0: port 2(bridge_slave_1) entered disabled state [ 51.901389][ T1989] device bridge_slave_1 entered promiscuous mode [ 51.936531][ T60] usb 4-1: unable to get BOS descriptor or descriptor too short [ 51.948933][ T1989] bridge0: port 2(bridge_slave_1) entered blocking state [ 51.955883][ T1989] bridge0: port 2(bridge_slave_1) entered forwarding state [ 51.963006][ T1989] bridge0: port 1(bridge_slave_0) entered blocking state [ 51.969770][ T1989] bridge0: port 1(bridge_slave_0) entered forwarding state [ 51.989972][ T313] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 51.997602][ T313] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.004642][ T313] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.013419][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 52.016561][ T60] usb 4-1: config 0 has an invalid interface number: 125 but max is 2 [ 52.022681][ T6] bridge0: port 1(bridge_slave_0) entered blocking state [ 52.034693][ T60] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 52.036163][ T6] bridge0: port 1(bridge_slave_0) entered forwarding state [ 52.044911][ T60] usb 4-1: config 0 has no interface number 0 [ 52.057861][ T60] usb 4-1: config 0 interface 125 altsetting 2 has 8 endpoint descriptors, different from the interface descriptor's value: 1 [ 52.073822][ T60] usb 4-1: config 0 interface 125 has no altsetting 0 [ 52.080765][ T313] usb 2-1: USB disconnect, device number 8 [ 52.088882][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 52.097018][ T295] bridge0: port 2(bridge_slave_1) entered blocking state [ 52.103869][ T295] bridge0: port 2(bridge_slave_1) entered forwarding state [ 52.111143][ T295] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 52.126867][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 52.134983][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 52.145268][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 52.153124][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 52.160545][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 52.170233][ T1989] device veth0_vlan entered promiscuous mode [ 52.179609][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 52.188457][ T1989] device veth1_macvtap entered promiscuous mode [ 52.197644][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 52.208954][ T6] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 52.236583][ T60] usb 4-1: New USB device found, idVendor=17dc, idProduct=0202, bcdDevice=8a.dd [ 52.245721][ T60] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 52.253762][ T60] usb 4-1: Product: syz [ 52.257887][ T60] usb 4-1: Manufacturer: syz [ 52.262294][ T60] usb 4-1: SerialNumber: syz [ 52.277782][ T43] device bridge_slave_1 left promiscuous mode [ 52.277893][ T60] usb 4-1: config 0 descriptor?? [ 52.286630][ T43] bridge0: port 2(bridge_slave_1) entered disabled state [ 52.295880][ T43] device bridge_slave_0 left promiscuous mode [ 52.302395][ T43] bridge0: port 1(bridge_slave_0) entered disabled state [ 52.304272][ T1999] loop2: detected capacity change from 0 to 8192 [ 52.316300][ T1999] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck. [ 52.326837][ T43] device veth1_macvtap left promiscuous mode [ 52.326861][ T1978] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 52.332788][ T43] device veth0_vlan left promiscuous mode [ 52.348159][ T19] ntrig 0003:1B96:0008.000D: unbalanced collection at end of report description [ 52.359941][ T19] ntrig 0003:1B96:0008.000D: parse failed [ 52.366121][ T19] ntrig: probe of 0003:1B96:0008.000D failed with error -22 [ 52.410284][ T1999] FAT-fs (loop2): error, fat_get_cluster: invalid cluster chain (i_pos 1052) [ 52.423460][ T1999] FAT-fs (loop2): Filesystem has been set read-only [ 52.497435][ T2006] loop2: detected capacity change from 0 to 256 [ 52.509109][ T2006] FAT-fs (loop2): Directory bread(block 64) failed [ 52.515438][ T2006] FAT-fs (loop2): Directory bread(block 65) failed [ 52.521904][ T2006] FAT-fs (loop2): Directory bread(block 66) failed [ 52.528320][ T2006] FAT-fs (loop2): Directory bread(block 67) failed [ 52.534597][ T2006] FAT-fs (loop2): Directory bread(block 68) failed [ 52.541172][ T2006] FAT-fs (loop2): Directory bread(block 69) failed [ 52.547983][ T2006] FAT-fs (loop2): Directory bread(block 70) failed [ 52.554314][ T2006] FAT-fs (loop2): Directory bread(block 71) failed [ 52.561355][ T2006] FAT-fs (loop2): Directory bread(block 72) failed [ 52.568514][ T2006] FAT-fs (loop2): Directory bread(block 73) failed [ 52.577103][ T24] usb 5-1: USB disconnect, device number 9 [ 52.606684][ T60] hub 4-1:0.125: bad descriptor, ignoring hub [ 52.612595][ T60] hub: probe of 4-1:0.125 failed with error -5 [ 52.643490][ T2015] loop1: detected capacity change from 0 to 2048 [ 52.658069][ T2015] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none. [ 52.666910][ T60] usb 4-1: Found UVC 15.ff device syz (17dc:0202) [ 52.669537][ T2021] loop2: detected capacity change from 0 to 512 [ 52.673328][ T60] usb 4-1: No valid video chain found. [ 52.693151][ T2015] EXT4-fs (loop1): re-mounted. Quota mode: none. [ 52.701381][ T2021] EXT4-fs (loop2): 1 orphan inode deleted [ 52.708147][ T2021] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback. [ 52.708602][ T60] usb 4-1: USB disconnect, device number 8 [ 52.717756][ T292] EXT4-fs (loop1): unmounting filesystem. [ 52.723057][ T2021] ext4 filesystem being mounted at /7/file1 supports timestamps until 2038 (0x7fffffff) [ 52.760837][ T2027] syz.1.721[2027] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.760910][ T2027] syz.1.721[2027] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 52.772862][ T1989] EXT4-fs (loop2): unmounting filesystem. [ 52.909922][ T2046] loop1: detected capacity change from 0 to 16 [ 52.916395][ T2046] erofs: (device loop1): mounted with root inode @ nid 36. [ 53.029724][ T2070] netlink: 8 bytes leftover after parsing attributes in process `syz.2.741'. [ 53.038637][ T2070] netlink: 48 bytes leftover after parsing attributes in process `syz.2.741'. [ 53.072270][ T2074] loop2: detected capacity change from 0 to 2048 [ 53.112892][ T2074] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none. [ 53.126846][ T2074] EXT4-fs error (device loop2): ext4_ext_precache:627: inode #2: comm syz.2.743: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 5(5) [ 53.172200][ T1989] EXT4-fs (loop2): unmounting filesystem. [ 53.277456][ T2110] netlink: 8 bytes leftover after parsing attributes in process `syz.3.757'. [ 53.299507][ T2114] netlink: 165 bytes leftover after parsing attributes in process `syz.2.760'. [ 53.400500][ T2129] raw_sendmsg: syz.2.767 forgot to set AF_INET. Fix it! [ 53.450913][ T2136] loop2: detected capacity change from 0 to 16 [ 53.459724][ T2136] erofs: Unknown parameter 'ÿÿÿÿ' [ 53.498250][ T2136] incfs: Options parsing error. -22 [ 53.503451][ T2136] incfs: mount failed -22 [ 53.519104][ T2138] syz.4.771[2138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.519176][ T2138] syz.4.771[2138] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 53.536801][ T2138] SELinux: Context system_u:object_r:hald_dccm_exec_t:s0 is not valid (left unmapped). [ 53.576635][ T6] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 53.598061][ T2150] netlink: 8 bytes leftover after parsing attributes in process `syz.4.777'. [ 53.607688][ T2150] netlink: 28 bytes leftover after parsing attributes in process `syz.4.777'. [ 53.620962][ T60] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 53.709608][ T2170] loop0: detected capacity change from 0 to 2048 [ 53.727938][ T2170] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none. [ 53.741250][ T2170] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters [ 53.755929][ T2170] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 32 with error 28 [ 53.768122][ T2170] EXT4-fs (loop0): This should not happen!! Data will be lost [ 53.768122][ T2170] [ 53.777869][ T2170] EXT4-fs (loop0): Total free blocks count 0 [ 53.783692][ T2170] EXT4-fs (loop0): Free/Dirty block details [ 53.789576][ T2170] EXT4-fs (loop0): free_blocks=2415919504 [ 53.795128][ T2170] EXT4-fs (loop0): dirty_blocks=32 [ 53.800197][ T2170] EXT4-fs (loop0): Block reservation details [ 53.806007][ T2170] EXT4-fs (loop0): i_reserved_data_blocks=2 [ 53.817372][ T876] EXT4-fs (loop0): unmounting filesystem. [ 53.856618][ T6] usb 2-1: Using ep0 maxpacket: 8 [ 53.926711][ T320] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 53.976612][ T19] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 53.986620][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 53.998039][ T60] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 54.009653][ T60] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c0d, bcdDevice= 0.00 [ 54.009771][ T6] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 54.019056][ T60] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.028946][ T6] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 54.040122][ T60] usb 4-1: config 0 descriptor?? [ 54.085038][ T2200] 9pnet_virtio: no channels available for device syz [ 54.100896][ T2202] device veth1_macvtap left promiscuous mode [ 54.141455][ T6] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 54.150529][ T6] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 54.158369][ T6] usb 2-1: SerialNumber: syz [ 54.205818][ T6] cdc_ether: probe of 2-1:1.0 failed with error -22 [ 54.253477][ T2210] ip_tunnel: non-ECT from 0.0.0.0 with TOS=0x3 [ 54.408701][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 54.440550][ T19] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 54.442581][ T2214] loop0: detected capacity change from 0 to 40427 [ 54.450200][ T19] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.09 [ 54.450224][ T19] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 54.475928][ T2214] F2FS-fs (loop0): Found nat_bits in checkpoint [ 54.477824][ T6] usb 2-1: USB disconnect, device number 9 [ 54.488613][ T19] usb 5-1: config 0 descriptor?? [ 54.509393][ T2214] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5 [ 54.531181][ T876] syz-executor: attempt to access beyond end of device [ 54.531181][ T876] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 54.558780][ T320] usb 3-1: New USB device found, idVendor=067b, idProduct=23c3, bcdDevice=18.a2 [ 54.559964][ T60] hid-generic 0003:1B1C:1C0D.000E: hidraw0: USB HID v0.00 Device [HID 1b1c:1c0d] on usb-dummy_hcd.3-1/input0 [ 54.568016][ T320] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 54.586944][ T320] usb 3-1: Product: syz [ 54.595049][ T320] usb 3-1: Manufacturer: syz [ 54.599524][ T320] usb 3-1: SerialNumber: syz [ 54.616018][ T320] usb 3-1: config 0 descriptor?? [ 54.655413][ T320] pl2303 3-1:0.0: required endpoints missing [ 54.765801][ T2233] wireguard: wg0: Could not create IPv4 socket [ 54.831143][ T320] usb 4-1: USB disconnect, device number 9 [ 54.852198][ T2245] netlink: 12 bytes leftover after parsing attributes in process `syz.0.820'. [ 54.860979][ T2245] netlink: 12 bytes leftover after parsing attributes in process `syz.0.820'. [ 54.893929][ T60] usb 3-1: USB disconnect, device number 6 [ 54.997409][ T19] logitech-hidpp-device 0003:046D:C086.000F: unbalanced collection at end of report description [ 55.007877][ T19] logitech-hidpp-device 0003:046D:C086.000F: hidpp_probe:parse failed [ 55.015835][ T19] logitech-hidpp-device: probe of 0003:046D:C086.000F failed with error -22 [ 55.054268][ T2255] tap0: tun_chr_ioctl cmd 2148553947 [ 55.226619][ T60] usb 5-1: USB disconnect, device number 10 [ 55.390662][ T2282] loop3: detected capacity change from 0 to 128 [ 55.398694][ T2282] ext4 filesystem being mounted at /147/mnt supports timestamps until 2038 (0x7fffffff) [ 55.451454][ T2289] loop2: detected capacity change from 0 to 512 [ 55.473027][ T2289] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038 (0x7fffffff) [ 55.485492][ T28] kauditd_printk_skb: 95 callbacks suppressed [ 55.485505][ T28] audit: type=1400 audit(2000000020.928:610): avc: denied { read write } for pid=2288 comm="syz.2.840" name="file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 55.520750][ T28] audit: type=1400 audit(2000000020.938:611): avc: denied { open } for pid=2288 comm="syz.2.840" path="/31/file0/file1" dev="loop2" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 55.520793][ T321] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters [ 55.558131][ T321] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 1 with error 28 [ 55.570781][ T321] EXT4-fs (loop2): This should not happen!! Data will be lost [ 55.570781][ T321] [ 55.580674][ T321] EXT4-fs (loop2): Total free blocks count 0 [ 55.586653][ T321] EXT4-fs (loop2): Free/Dirty block details [ 55.592607][ T321] EXT4-fs (loop2): free_blocks=65280 [ 55.597980][ T321] EXT4-fs (loop2): dirty_blocks=1 [ 55.602883][ T321] EXT4-fs (loop2): Block reservation details [ 55.608794][ T321] EXT4-fs (loop2): i_reserved_data_blocks=1 [ 55.636610][ T2311] loop3: detected capacity change from 0 to 1024 [ 55.649912][ T2311] ext4 filesystem being mounted at /158/file1 supports timestamps until 2038 (0x7fffffff) [ 55.664566][ T28] audit: type=1400 audit(2000000021.097:612): avc: denied { remove_name } for pid=2310 comm="syz.3.850" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1 [ 55.687018][ T28] audit: type=1400 audit(2000000021.097:613): avc: denied { unlink } for pid=2310 comm="syz.3.850" name="file1" dev="loop3" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1 [ 55.768489][ T2323] loop3: detected capacity change from 0 to 512 [ 55.783309][ T2323] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349) [ 55.793179][ T2323] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=c802e11c, mo2=0002] [ 55.801322][ T2323] EXT4-fs (loop3): orphan cleanup on readonly fs [ 55.807624][ T2323] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.855: bg 0: block 361: padding at end of block bitmap is not set [ 55.822006][ T2323] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6173: Corrupt filesystem [ 55.830911][ T2323] EXT4-fs error (device loop3): ext4_clear_blocks:883: inode #11: comm syz.3.855: attempt to clear invalid blocks 33619980 len 1 [ 55.844388][ T2323] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.855: invalid indirect mapped block 1811939328 (level 0) [ 55.858315][ T2323] EXT4-fs error (device loop3): ext4_free_branches:1030: inode #11: comm syz.3.855: invalid indirect mapped block 2185560079 (level 1) [ 55.872271][ T2323] EXT4-fs (loop3): 1 truncate cleaned up [ 55.898848][ T28] audit: type=1400 audit(2000000021.312:614): avc: denied { listen } for pid=2329 comm="syz.3.858" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 55.918515][ T320] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 55.932120][ T2332] loop3: detected capacity change from 0 to 2048 [ 56.054187][ T2336] loop3: detected capacity change from 0 to 40427 [ 56.062220][ T2336] F2FS-fs (loop3): Small segment_count (9 < 1 * 24) [ 56.068723][ T2336] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock [ 56.076800][ T6] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 56.078487][ T2336] F2FS-fs (loop3): Found nat_bits in checkpoint [ 56.107935][ T2336] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0 [ 56.114820][ T2336] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5 [ 56.131466][ T2336] syz.3.860: attempt to access beyond end of device [ 56.131466][ T2336] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427 [ 56.148108][ T875] syz-executor: attempt to access beyond end of device [ 56.148108][ T875] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427 [ 56.193892][ T320] usb 3-1: Using ep0 maxpacket: 32 [ 56.322184][ T320] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 56.330079][ T320] usb 3-1: config 0 has no interface number 0 [ 56.335972][ T320] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.346660][ T6] usb 5-1: Using ep0 maxpacket: 8 [ 56.352051][ T320] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 56.363566][ T320] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 56.372520][ T320] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 56.380926][ T320] usb 3-1: config 0 descriptor?? [ 56.503908][ T6] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 56.512460][ T6] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 56.522367][ T6] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 56.546594][ T60] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 56.739137][ T6] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 56.748042][ T6] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 56.755839][ T6] usb 5-1: Product: syz [ 56.759801][ T6] usb 5-1: Manufacturer: syz [ 56.764270][ T6] usb 5-1: SerialNumber: syz [ 56.931517][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 56.942263][ T60] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 57.027715][ T60] usb 2-1: New USB device found, idVendor=0419, idProduct=0600, bcdDevice= 0.00 [ 57.036634][ T60] usb 2-1: New USB device strings: Mfr=0, Product=23, SerialNumber=0 [ 57.044621][ T60] usb 2-1: Product: syz [ 57.049355][ T60] usb 2-1: config 0 descriptor?? [ 57.123974][ T320] uclogic 0003:28BD:0094.0010: pen parameters not found [ 57.132824][ T320] uclogic 0003:28BD:0094.0010: interface is invalid, ignoring [ 57.156400][ T2355] loop3: detected capacity change from 0 to 512 [ 57.164553][ T2355] EXT4-fs (loop3): Cannot turn on journaled quota: type 0: error -2 [ 57.172820][ T2355] EXT4-fs (loop3): 1 truncate cleaned up [ 57.182752][ T2355] EXT4-fs (loop3): re-mounted. Quota mode: writeback. [ 57.341534][ T40] usb 3-1: USB disconnect, device number 7 [ 57.519598][ T6] usb 5-1: 0:2 : does not exist [ 57.541583][ T2366] loop3: detected capacity change from 0 to 131072 [ 57.550597][ T2366] F2FS-fs (loop3): Found nat_bits in checkpoint [ 57.563093][ T60] samsung 0003:0419:0600.0011: unknown main item tag 0x0 [ 57.570136][ T60] samsung 0003:0419:0600.0011: unknown main item tag 0x0 [ 57.577269][ T60] samsung 0003:0419:0600.0011: item fetching failed at offset 2/5 [ 57.585315][ T60] samsung 0003:0419:0600.0011: parse failed [ 57.587180][ T2366] F2FS-fs (loop3): Mounted with checkpoint version = 753bd00b [ 57.591030][ T60] samsung: probe of 0003:0419:0600.0011 failed with error -22 [ 57.616193][ T28] audit: type=1400 audit(2000000022.921:615): avc: denied { create } for pid=2365 comm="syz.3.872" name="encrypted_dir" scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=dir permissive=1 [ 57.740614][ T60] usb 5-1: USB disconnect, device number 11 [ 57.778798][ T40] usb 2-1: USB disconnect, device number 10 [ 58.097669][ T28] audit: type=1400 audit(2000000023.370:616): avc: denied { create } for pid=2386 comm="syz.2.879" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1 [ 58.125480][ T28] audit: type=1400 audit(2000000023.388:617): avc: denied { ioctl } for pid=2390 comm="syz.2.881" path="socket:[25972]" dev="sockfs" ino=25972 ioctlcmd=0x8933 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 58.149858][ T28] audit: type=1400 audit(2000000023.388:618): avc: denied { bind } for pid=2390 comm="syz.2.881" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=can_socket permissive=1 [ 58.297588][ T28] audit: type=1400 audit(2000000023.557:619): avc: denied { read write } for pid=2397 comm="syz.4.884" name="ppp" dev="devtmpfs" ino=138 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1 [ 58.372629][ T2405] loop1: detected capacity change from 0 to 2048 [ 58.379106][ T2405] EXT4-fs: Ignoring removed mblk_io_submit option [ 58.406283][ T2405] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm syz.1.888: bg 0: block 234: padding at end of block bitmap is not set [ 58.420458][ T2405] EXT4-fs (loop1): Remounting filesystem read-only [ 58.637959][ T2445] loop3: detected capacity change from 0 to 256 [ 58.645514][ T2445] exfat: Deprecated parameter 'namecase' [ 58.651101][ T2445] exfat: Deprecated parameter 'utf8' [ 58.664702][ T2445] exfat: Deprecated parameter 'namecase' [ 58.671284][ T2445] exfat: Deprecated parameter 'utf8' [ 58.684427][ T2445] exFAT-fs (loop3): failed to load upcase table (idx : 0x00012153, chksum : 0x555ffa9e, utbl_chksum : 0xe619d30d) [ 58.793407][ T2472] I/O error, dev loop3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2 [ 58.806164][ T2472] FAT-fs (loop3): unable to read boot sector [ 58.879535][ T2483] loop1: detected capacity change from 0 to 512 [ 58.890351][ T2483] EXT4-fs (loop1): Cannot turn on journaled quota: type 0: error -2 [ 58.898788][ T2483] EXT4-fs (loop1): 1 truncate cleaned up [ 58.908493][ T2483] EXT4-fs (loop1): re-mounted. Quota mode: writeback. [ 58.925241][ T2488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.924'. [ 58.934083][ T2488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.924'. [ 58.994740][ T19] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 59.041645][ T2510] ================================================================== [ 59.049540][ T2510] BUG: KASAN: use-after-free in cpu_map_enqueue+0xb4/0x370 [ 59.049570][ T2510] Read of size 8 at addr ffff88812d291a08 by task syz.3.935/2510 [ 59.049585][ T2510] [ 59.049590][ T2510] CPU: 0 PID: 2510 Comm: syz.3.935 Not tainted 6.1.99-syzkaller-00048-g299cc91948f1 #0 [ 59.075902][ T2510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.085807][ T2510] Call Trace: [ 59.088920][ T2510] [ 59.091134][ T2514] loop2: detected capacity change from 0 to 512 [ 59.091695][ T2510] dump_stack_lvl+0x151/0x1b7 [ 59.102287][ T2510] ? nf_tcp_handle_invalid+0x3f1/0x3f1 [ 59.107579][ T2510] ? _printk+0xd1/0x111 [ 59.111571][ T2510] ? __virt_addr_valid+0x242/0x2f0 [ 59.116514][ T2510] print_report+0x158/0x4e0 [ 59.120856][ T2510] ? __virt_addr_valid+0x242/0x2f0 [ 59.125803][ T2510] ? kasan_complete_mode_report_info+0x90/0x1b0 [ 59.131879][ T2510] ? cpu_map_enqueue+0xb4/0x370 [ 59.136572][ T2510] kasan_report+0x13c/0x170 [ 59.140912][ T2510] ? cpu_map_enqueue+0xb4/0x370 [ 59.145595][ T2510] ? __alloc_pages+0x780/0x780 [ 59.150190][ T2510] __asan_report_load8_noabort+0x14/0x20 [ 59.155662][ T2510] cpu_map_enqueue+0xb4/0x370 [ 59.160173][ T2510] xdp_do_redirect+0x5b0/0xc60 [ 59.164775][ T2510] tun_xdp_act+0xdb/0xc00 [ 59.168939][ T2510] ? avc_denied+0x1b0/0x1b0 [ 59.173278][ T2510] ? finish_task_switch+0x207/0x7b0 [ 59.178313][ T2510] ? tun_flow_update+0x560/0x560 [ 59.183087][ T2510] ? copy_page_from_iter+0x23b/0x2b0 [ 59.188207][ T2510] tun_get_user+0xb35/0x3a90 [ 59.192635][ T2510] ? tun_get_user+0x7e6/0x3a90 [ 59.197234][ T2510] ? tun_do_read+0x2000/0x2000 [ 59.201831][ T2510] ? ref_tracker_alloc+0x31d/0x450 [ 59.206781][ T2510] ? file_has_perm+0x508/0x6c0 [ 59.211383][ T2510] ? futex_wait_setup+0x330/0x330 [ 59.216241][ T2510] ? tun_get+0xe9/0x120 [ 59.220232][ T2510] tun_chr_write_iter+0x129/0x210 [ 59.225093][ T2510] vfs_write+0xaf6/0xed0 [ 59.229173][ T2510] ? file_end_write+0x1c0/0x1c0 [ 59.233859][ T2510] ? do_futex+0x55a/0x9a0 [ 59.238025][ T2510] ? __fget_files+0x2cb/0x330 [ 59.242540][ T2510] ? __fdget_pos+0x204/0x390 [ 59.246965][ T2510] ? ksys_write+0x77/0x2c0 [ 59.251219][ T2510] ksys_write+0x199/0x2c0 [ 59.255385][ T2510] ? __ia32_sys_read+0x90/0x90 [ 59.259985][ T2510] ? fpregs_restore_userregs+0x130/0x290 [ 59.265453][ T2510] __x64_sys_write+0x7b/0x90 [ 59.270056][ T2510] x64_sys_call+0x2f/0x9a0 [ 59.274305][ T2510] do_syscall_64+0x3b/0xb0 [ 59.278557][ T2510] ? clear_bhb_loop+0x55/0xb0 [ 59.283071][ T2510] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.288802][ T2510] RIP: 0033:0x7f0fc0d7cadf [ 59.293053][ T2510] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 59.312582][ T2510] RSP: 002b:00007f0fc1be6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 59.320825][ T2510] RAX: ffffffffffffffda RBX: 00007f0fc0f35f80 RCX: 00007f0fc0d7cadf [ 59.328642][ T2510] RDX: 000000000000003e RSI: 0000000020002340 RDI: 00000000000000c8 [ 59.336450][ T2510] RBP: 00007f0fc0df0296 R08: 0000000000000000 R09: 0000000000000000 [ 59.344260][ T2510] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000000 [ 59.352071][ T2510] R13: 0000000000000000 R14: 00007f0fc0f35f80 R15: 00007ffd9434a2a8 [ 59.359901][ T2510] [ 59.362750][ T2510] [ 59.364918][ T2510] Allocated by task 103: [ 59.368998][ T2510] kasan_set_track+0x4b/0x70 [ 59.373424][ T2510] kasan_save_alloc_info+0x1f/0x30 [ 59.378373][ T2510] __kasan_kmalloc+0x9c/0xb0 [ 59.382802][ T2510] kmalloc_trace+0x44/0xa0 [ 59.387049][ T2510] kernfs_fop_open+0x350/0xb10 [ 59.391648][ T2510] do_dentry_open+0x891/0x1250 [ 59.396257][ T2510] vfs_open+0x73/0x80 [ 59.400074][ T2510] path_openat+0x2532/0x2d60 [ 59.404497][ T2510] do_filp_open+0x230/0x480 [ 59.408833][ T2510] do_sys_openat2+0x151/0x870 [ 59.413349][ T2510] __x64_sys_openat+0x243/0x290 [ 59.418035][ T2510] x64_sys_call+0x6bf/0x9a0 [ 59.422376][ T2510] do_syscall_64+0x3b/0xb0 [ 59.426628][ T2510] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.432357][ T2510] [ 59.434528][ T2510] Freed by task 103: [ 59.438257][ T2510] kasan_set_track+0x4b/0x70 [ 59.442684][ T2510] kasan_save_free_info+0x2b/0x40 [ 59.447547][ T2510] ____kasan_slab_free+0x131/0x180 [ 59.452491][ T2510] __kasan_slab_free+0x11/0x20 [ 59.457092][ T2510] __kmem_cache_free+0x218/0x3b0 [ 59.461864][ T2510] kfree+0x7a/0xf0 [ 59.465424][ T2510] kernfs_fop_release+0x28c/0x310 [ 59.470284][ T2510] __fput+0x1e5/0x870 [ 59.474107][ T2510] ____fput+0x15/0x20 [ 59.477923][ T2510] task_work_run+0x24d/0x2e0 [ 59.482348][ T2510] exit_to_user_mode_loop+0x94/0xa0 [ 59.487381][ T2510] exit_to_user_mode_prepare+0x5a/0xa0 [ 59.492676][ T2510] syscall_exit_to_user_mode+0x26/0x130 [ 59.498058][ T2510] do_syscall_64+0x47/0xb0 [ 59.502309][ T2510] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 59.508039][ T2510] [ 59.510208][ T2510] Last potentially related work creation: [ 59.515765][ T2510] kasan_save_stack+0x3b/0x60 [ 59.520276][ T2510] __kasan_record_aux_stack+0xb4/0xc0 [ 59.525485][ T2510] kasan_record_aux_stack_noalloc+0xb/0x10 [ 59.531127][ T2510] insert_work+0x56/0x310 [ 59.535292][ T2510] __queue_work+0x9b6/0xd70 [ 59.539634][ T2510] queue_work_on+0x105/0x170 [ 59.544058][ T2510] cpu_map_free+0x1e7/0x2c0 [ 59.548398][ T2510] bpf_map_free_deferred+0xf7/0x1b0 [ 59.553432][ T2510] process_one_work+0x73d/0xcb0 [ 59.558118][ T2510] worker_thread+0xa60/0x1260 [ 59.562632][ T2510] kthread+0x26d/0x300 [ 59.566539][ T2510] ret_from_fork+0x1f/0x30 [ 59.570795][ T2510] [ 59.572960][ T2510] Second to last potentially related work creation: [ 59.579390][ T2510] kasan_save_stack+0x3b/0x60 [ 59.583921][ T2510] __kasan_record_aux_stack+0xb4/0xc0 [ 59.589104][ T2510] kasan_record_aux_stack_noalloc+0xb/0x10 [ 59.594746][ T2510] call_rcu+0xee/0x1340 [ 59.598780][ T2510] cpu_map_free+0x109/0x2c0 [ 59.603076][ T2510] bpf_map_free_deferred+0xf7/0x1b0 [ 59.608112][ T2510] process_one_work+0x73d/0xcb0 [ 59.612799][ T2510] worker_thread+0xa60/0x1260 [ 59.617311][ T2510] kthread+0x26d/0x300 [ 59.621225][ T2510] ret_from_fork+0x1f/0x30 [ 59.625492][ T2510] [ 59.627640][ T2510] The buggy address belongs to the object at ffff88812d291a00 [ 59.627640][ T2510] which belongs to the cache kmalloc-192 of size 192 [ 59.641528][ T2510] The buggy address is located 8 bytes inside of [ 59.641528][ T2510] 192-byte region [ffff88812d291a00, ffff88812d291ac0) [ 59.654460][ T2510] [ 59.656629][ T2510] The buggy address belongs to the physical page: [ 59.662891][ T2510] page:ffffea0004b4a440 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88812d291700 pfn:0x12d291 [ 59.674250][ T2510] flags: 0x4000000000000200(slab|zone=1) [ 59.679724][ T2510] raw: 4000000000000200 ffffea0004762708 ffffea00045a0488 ffff888100042c00 [ 59.688140][ T2510] raw: ffff88812d291700 000000000010000f 00000001ffffffff 0000000000000000 [ 59.696554][ T2510] page dumped because: kasan: bad access detected [ 59.702807][ T2510] page_owner tracks the page as allocated [ 59.708357][ T2510] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x112cc0(GFP_USER|__GFP_NOWARN|__GFP_NORETRY), pid 999, tgid 999 (syz-executor), ts 34571287670, free_ts 34565624886 [ 59.726239][ T2510] post_alloc_hook+0x213/0x220 [ 59.730837][ T2510] prep_new_page+0x1b/0x110 [ 59.735177][ T2510] get_page_from_freelist+0x27ea/0x2870 [ 59.740560][ T2510] __alloc_pages+0x3a1/0x780 [ 59.744991][ T2510] alloc_slab_page+0x6c/0xf0 [ 59.749410][ T2510] new_slab+0x90/0x3e0 [ 59.753317][ T2510] ___slab_alloc+0x6f9/0xb80 [ 59.757744][ T2510] __slab_alloc+0x5d/0xa0 [ 59.761910][ T2510] __kmem_cache_alloc_node+0x1af/0x250 [ 59.767203][ T2510] __kmalloc_node_track_caller+0xa2/0x1e0 [ 59.772758][ T2510] kmemdup+0x29/0x60 [ 59.776490][ T2510] neigh_parms_alloc+0x81/0x530 [ 59.781177][ T2510] inetdev_init+0x146/0x4e0 [ 59.785518][ T2510] inetdev_event+0x205/0x1110 [ 59.790118][ T2510] raw_notifier_call_chain+0x8c/0xf0 [ 59.795324][ T2510] call_netdevice_notifiers+0x145/0x1b0 [ 59.800708][ T2510] page last free stack trace: [ 59.805220][ T2510] free_unref_page_prepare+0x83d/0x850 [ 59.810513][ T2510] free_unref_page_list+0xf1/0x7b0 [ 59.815460][ T2510] release_pages+0xf7f/0xfe0 [ 59.819886][ T2510] free_pages_and_swap_cache+0x8a/0xa0 [ 59.825180][ T2510] tlb_finish_mmu+0x1e0/0x3f0 [ 59.829694][ T2510] exit_mmap+0x460/0xbe0 [ 59.833773][ T2510] __mmput+0x95/0x310 [ 59.837593][ T2510] mmput+0x56/0x170 [ 59.841237][ T2510] do_exit+0xb29/0x2b80 [ 59.845231][ T2510] do_group_exit+0x21a/0x2d0 [ 59.849656][ T2510] get_signal+0x169d/0x1820 [ 59.853998][ T2510] arch_do_signal_or_restart+0xb0/0x16f0 [ 59.859465][ T2510] exit_to_user_mode_loop+0x74/0xa0 [ 59.864501][ T2510] exit_to_user_mode_prepare+0x5a/0xa0 [ 59.869794][ T2510] syscall_exit_to_user_mode+0x26/0x130 [ 59.875175][ T2510] do_syscall_64+0x47/0xb0 [ 59.879430][ T2510] [ 59.881598][ T2510] Memory state around the buggy address: [ 59.887071][ T2510] ffff88812d291900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 59.894967][ T2510] ffff88812d291980: 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc [ 59.902866][ T2510] >ffff88812d291a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.910760][ T2510] ^ [ 59.914930][ T2510] ffff88812d291a80: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 59.922828][ T2510] ffff88812d291b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 59.930723][ T2510] ================================================================== [ 59.938676][ T2510] Disabling lock debugging due to kernel taint [ 59.944674][ T2510] general protection fault, probably for non-canonical address 0xe0b78d2f1edc0017: 0000 [#1] PREEMPT SMP KASAN [ 59.956160][ T2510] KASAN: maybe wild-memory-access in range [0x05bc8978f6e000b8-0x05bc8978f6e000bf] [ 59.965273][ T2510] CPU: 0 PID: 2510 Comm: syz.3.935 Tainted: G B 6.1.99-syzkaller-00048-g299cc91948f1 #0 [ 59.976202][ T2510] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 59.986098][ T2510] RIP: 0010:cpu_map_enqueue+0x113/0x370 [ 59.991480][ T2510] Code: e8 03 42 80 3c 30 00 74 08 48 89 df e8 16 d6 24 00 4c 8b 23 4f 8d 74 3c 58 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 44 05 00 84 c0 0f 85 a8 01 00 00 4d 01 fc 41 8b 1e bf 08 [ 60.010918][ T2510] RSP: 0018:ffffc9000bbcf7a8 EFLAGS: 00010207 [ 60.016821][ T2510] RAX: dffffc0000000000 RBX: ffffffff86745880 RCX: 0000000000040000 [ 60.024634][ T2510] RDX: ffffc9000133a000 RSI: 000000000003ffff RDI: 0000000000040000 [ 60.032444][ T2510] RBP: ffffc9000bbcf7e0 R08: ffffffff81980e8e R09: fffffbfff0f6dafd [ 60.040257][ T2510] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6e00000 [ 60.048066][ T2510] R13: 00b7912f1edc0017 R14: 05bc8978f6e000bf R15: 05bd00f700000067 [ 60.055879][ T2510] FS: 00007f0fc1be66c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 60.064644][ T2510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.071067][ T2510] CR2: 00007f0fc1be5f98 CR3: 000000012bae2000 CR4: 00000000003506b0 [ 60.078881][ T2510] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.086693][ T2510] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.094501][ T2510] Call Trace: [ 60.097628][ T2510] [ 60.100404][ T2510] ? __die_body+0x62/0xb0 [ 60.104572][ T2510] ? die_addr+0x9f/0xd0 [ 60.108568][ T2510] ? exc_general_protection+0x317/0x4c0 [ 60.113948][ T2510] ? __kasan_check_write+0x14/0x20 [ 60.118890][ T2510] ? cpu_map_enqueue+0xb4/0x370 [ 60.123581][ T2510] ? asm_exc_general_protection+0x27/0x30 [ 60.129132][ T2510] ? cpu_map_enqueue+0xce/0x370 [ 60.133819][ T2510] ? cpu_map_enqueue+0x113/0x370 [ 60.138595][ T2510] ? cpu_map_enqueue+0xdc/0x370 [ 60.143279][ T2510] xdp_do_redirect+0x5b0/0xc60 [ 60.147882][ T2510] tun_xdp_act+0xdb/0xc00 [ 60.152046][ T2510] ? avc_denied+0x1b0/0x1b0 [ 60.156384][ T2510] ? finish_task_switch+0x207/0x7b0 [ 60.161420][ T2510] ? tun_flow_update+0x560/0x560 [ 60.166303][ T2510] ? copy_page_from_iter+0x23b/0x2b0 [ 60.171424][ T2510] tun_get_user+0xb35/0x3a90 [ 60.175851][ T2510] ? tun_get_user+0x7e6/0x3a90 [ 60.180451][ T2510] ? tun_do_read+0x2000/0x2000 [ 60.185047][ T2510] ? ref_tracker_alloc+0x31d/0x450 [ 60.189995][ T2510] ? file_has_perm+0x508/0x6c0 [ 60.194614][ T2510] ? futex_wait_setup+0x330/0x330 [ 60.199463][ T2510] ? tun_get+0xe9/0x120 [ 60.203451][ T2510] tun_chr_write_iter+0x129/0x210 [ 60.208311][ T2510] vfs_write+0xaf6/0xed0 [ 60.212390][ T2510] ? file_end_write+0x1c0/0x1c0 [ 60.217075][ T2510] ? do_futex+0x55a/0x9a0 [ 60.221242][ T2510] ? __fget_files+0x2cb/0x330 [ 60.225755][ T2510] ? __fdget_pos+0x204/0x390 [ 60.230186][ T2510] ? ksys_write+0x77/0x2c0 [ 60.234434][ T2510] ksys_write+0x199/0x2c0 [ 60.238602][ T2510] ? __ia32_sys_read+0x90/0x90 [ 60.243202][ T2510] ? fpregs_restore_userregs+0x130/0x290 [ 60.248668][ T2510] __x64_sys_write+0x7b/0x90 [ 60.253094][ T2510] x64_sys_call+0x2f/0x9a0 [ 60.257346][ T2510] do_syscall_64+0x3b/0xb0 [ 60.261601][ T2510] ? clear_bhb_loop+0x55/0xb0 [ 60.266112][ T2510] entry_SYSCALL_64_after_hwframe+0x68/0xd2 [ 60.271841][ T2510] RIP: 0033:0x7f0fc0d7cadf [ 60.276095][ T2510] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 60.295543][ T2510] RSP: 002b:00007f0fc1be6000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 60.303786][ T2510] RAX: ffffffffffffffda RBX: 00007f0fc0f35f80 RCX: 00007f0fc0d7cadf [ 60.311594][ T2510] RDX: 000000000000003e RSI: 0000000020002340 RDI: 00000000000000c8 [ 60.319404][ T2510] RBP: 00007f0fc0df0296 R08: 0000000000000000 R09: 0000000000000000 [ 60.327218][ T2510] R10: 000000000000003e R11: 0000000000000293 R12: 0000000000000000 [ 60.335028][ T2510] R13: 0000000000000000 R14: 00007f0fc0f35f80 R15: 00007ffd9434a2a8 [ 60.342846][ T2510] [ 60.345703][ T2510] Modules linked in: [ 60.349464][ T2510] ---[ end trace 0000000000000000 ]--- [ 60.354754][ T2510] RIP: 0010:cpu_map_enqueue+0x113/0x370 [ 60.360114][ T2510] Code: e8 03 42 80 3c 30 00 74 08 48 89 df e8 16 d6 24 00 4c 8b 23 4f 8d 74 3c 58 4d 89 f5 49 c1 ed 03 48 b8 00 00 00 00 00 fc ff df <41> 0f b6 44 05 00 84 c0 0f 85 a8 01 00 00 4d 01 fc 41 8b 1e bf 08 [ 60.379580][ T2510] RSP: 0018:ffffc9000bbcf7a8 EFLAGS: 00010207 [ 60.385477][ T2510] RAX: dffffc0000000000 RBX: ffffffff86745880 RCX: 0000000000040000 [ 60.393268][ T2510] RDX: ffffc9000133a000 RSI: 000000000003ffff RDI: 0000000000040000 [ 60.401123][ T2510] RBP: ffffc9000bbcf7e0 R08: ffffffff81980e8e R09: fffffbfff0f6dafd [ 60.408908][ T2510] R10: 0000000000000000 R11: dffffc0000000001 R12: ffff8881f6e00000 [ 60.416720][ T2510] R13: 00b7912f1edc0017 R14: 05bc8978f6e000bf R15: 05bd00f700000067 [ 60.424515][ T2510] FS: 00007f0fc1be66c0(0000) GS:ffff8881f6e00000(0000) knlGS:0000000000000000 [ 60.433305][ T2510] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 60.439715][ T2510] CR2: 00007f0fc1be5f98 CR3: 000000012bae2000 CR4: 00000000003506b0 [ 60.447552][ T2510] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 60.455352][ T2510] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 60.456366][ T2514] EXT4-fs (loop2): Test dummy encryption mode enabled [ 60.463161][ T2510] Kernel panic - not syncing: Fatal exception in interrupt [ 60.463380][ T2510] Kernel Offset: disabled [ 60.481127][ T2510] Rebooting in 86400 seconds..